Merge pull request #107 from DeterminateSystems/code-splitting

Do some code splitting to make future work on flakehub-push more joyful

src/graphql/mod.rs → src/github/graphql/mod.rs

@@ -10,8 +10,8 @@ const MAX_NUM_EXTRA_TOPICS: i64 = 20;
 
 #[derive(GraphQLQuery)]
 #[graphql(
-    schema_path = "src/graphql/github_schema.graphql",
-    query_path = "src/graphql/query/github_graphql_data_query.graphql",
+    schema_path = "src/github/graphql/github_schema.graphql",
+    query_path = "src/github/graphql/query/github_graphql_data_query.graphql",
     response_derives = "Debug",
     variables_derives = "Debug"
 )]
@@ -40,7 +40,7 @@ impl GithubGraphqlDataQuery {
             };
             let query = GithubGraphqlDataQuery::build_query(variables);
             let reqwest_response = reqwest_client
-                .post(crate::graphql::GITHUB_ENDPOINT)
+                .post(GITHUB_ENDPOINT)
                 .bearer_auth(bearer_token)
                 .json(&query)
                 .send()
@@ -49,7 +49,7 @@ impl GithubGraphqlDataQuery {
 
             let response_status = reqwest_response.status();
             let response: graphql_client::Response<
-                <crate::graphql::GithubGraphqlDataQuery as GraphQLQuery>::ResponseData,
+                <crate::github::graphql::GithubGraphqlDataQuery as GraphQLQuery>::ResponseData,
             > = reqwest_response
                 .json()
                 .await

src/github/mod.rs

@@ -0,0 +1,47 @@
+pub(crate) mod graphql;
+
+use color_eyre::eyre::{eyre, WrapErr};
+
+use crate::build_http_client;
+
+#[tracing::instrument(skip_all)]
+pub(crate) async fn get_actions_id_bearer_token() -> color_eyre::Result<String> {
+    let actions_id_token_request_token = std::env::var("ACTIONS_ID_TOKEN_REQUEST_TOKEN")
+        // We do want to preserve the whitespace here  
+        .wrap_err("\
+No `ACTIONS_ID_TOKEN_REQUEST_TOKEN` found, `flakehub-push` requires a JWT. To provide this, add `permissions` to your job, eg:
+
+# ...
+jobs:
+    example:
+    runs-on: ubuntu-latest
+    permissions:
+        id-token: write # Authenticate against FlakeHub
+        contents: read
+    steps:
+    - uses: actions/checkout@v3
+    # ...\n\
+        ")?;
+    let actions_id_token_request_url = std::env::var("ACTIONS_ID_TOKEN_REQUEST_URL").wrap_err("`ACTIONS_ID_TOKEN_REQUEST_URL` required if `ACTIONS_ID_TOKEN_REQUEST_TOKEN` is also present")?;
+    let actions_id_token_client = build_http_client().build()?;
+    let response = actions_id_token_client
+        .get(format!(
+            "{actions_id_token_request_url}&audience=api.flakehub.com"
+        ))
+        .bearer_auth(actions_id_token_request_token)
+        .send()
+        .await
+        .wrap_err("Getting Actions ID bearer token")?;
+
+    let response_json: serde_json::Value = response
+        .json()
+        .await
+        .wrap_err("Getting JSON from Actions ID bearer token response")?;
+
+    let response_bearer_token = response_json
+        .get("value")
+        .and_then(serde_json::Value::as_str)
+        .ok_or_else(|| eyre!("Getting value from Actions ID bearer token response"))?;
+
+    Ok(response_bearer_token.to_string())
+}

src/main.rs

@@ -5,7 +5,8 @@ use error::Error;
 mod cli;
 mod error;
 mod flake_info;
-mod graphql;
+mod github;
+mod push;
 mod release_metadata;
 
 #[tokio::main]
@@ -66,3 +67,7 @@ impl Display for Visibility {
         }
     }
 }
+
+pub(crate) fn build_http_client() -> reqwest::ClientBuilder {
+    reqwest::Client::builder().user_agent("flakehub-push")
+}