-
Notifications
You must be signed in to change notification settings - Fork 2
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #107 from DeterminateSystems/code-splitting
Do some code splitting to make future work on flakehub-push more joyful
- Loading branch information
Showing
8 changed files
with
441 additions
and
423 deletions.
There are no files selected for viewing
Large diffs are not rendered by default.
Oops, something went wrong.
File renamed without changes.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
File renamed without changes.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,47 @@ | ||
pub(crate) mod graphql; | ||
|
||
use color_eyre::eyre::{eyre, WrapErr}; | ||
|
||
use crate::build_http_client; | ||
|
||
#[tracing::instrument(skip_all)] | ||
pub(crate) async fn get_actions_id_bearer_token() -> color_eyre::Result<String> { | ||
let actions_id_token_request_token = std::env::var("ACTIONS_ID_TOKEN_REQUEST_TOKEN") | ||
// We do want to preserve the whitespace here | ||
.wrap_err("\ | ||
No `ACTIONS_ID_TOKEN_REQUEST_TOKEN` found, `flakehub-push` requires a JWT. To provide this, add `permissions` to your job, eg: | ||
# ... | ||
jobs: | ||
example: | ||
runs-on: ubuntu-latest | ||
permissions: | ||
id-token: write # Authenticate against FlakeHub | ||
contents: read | ||
steps: | ||
- uses: actions/checkout@v3 | ||
# ...\n\ | ||
")?; | ||
let actions_id_token_request_url = std::env::var("ACTIONS_ID_TOKEN_REQUEST_URL").wrap_err("`ACTIONS_ID_TOKEN_REQUEST_URL` required if `ACTIONS_ID_TOKEN_REQUEST_TOKEN` is also present")?; | ||
let actions_id_token_client = build_http_client().build()?; | ||
let response = actions_id_token_client | ||
.get(format!( | ||
"{actions_id_token_request_url}&audience=api.flakehub.com" | ||
)) | ||
.bearer_auth(actions_id_token_request_token) | ||
.send() | ||
.await | ||
.wrap_err("Getting Actions ID bearer token")?; | ||
|
||
let response_json: serde_json::Value = response | ||
.json() | ||
.await | ||
.wrap_err("Getting JSON from Actions ID bearer token response")?; | ||
|
||
let response_bearer_token = response_json | ||
.get("value") | ||
.and_then(serde_json::Value::as_str) | ||
.ok_or_else(|| eyre!("Getting value from Actions ID bearer token response"))?; | ||
|
||
Ok(response_bearer_token.to_string()) | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.