fixed: env issue

punitkashyup · Feb 3, 2024 · 2bbe8ff · 2bbe8ff
1 parent 20a1761
commit 2bbe8ff
Showing 1 changed file with 19 additions and 18 deletions.
diff --git a/app/update_secret_action.py b/app/update_secret_action.py
@@ -1,24 +1,25 @@
 import os
-import base64
-import nacl.secret
-import nacl.utils
+from base64 import b64encode
+from nacl import encoding, public, secret
 import requests
 import logging
 import sys
 
-def encrypt_secret(secret_value, public_key):
+def encrypt_secret(secret_value, public_key_base64):
     try:
-        box = nacl.secret.SecretBox(public_key, encoder=nacl.encoding.Base64Encoder)
-        encrypted = box.encrypt(secret_value.encode())
-        return base64.b64encode(encrypted).decode()
+        public_key = public.PublicKey(public_key_base64, encoding.Base64Encoder())
+        sealed_box = public.SealedBox(public_key)
+        encrypted = sealed_box.encrypt(secret_value.encode())
+        return b64encode(encrypted).decode()
     except Exception as e:
         logging.error(f"Encryption failed: {e}")
         sys.exit(1)
 
-def decrypt_secret(encrypted_secret, private_key):
+def decrypt_secret(encrypted_secret, private_key_base64):
     try:
-        box = nacl.secret.SecretBox(private_key, encoder=nacl.encoding.Base64Encoder)
-        decrypted = box.decrypt(base64.b64decode(encrypted_secret)).decode()
+        private_key = secret.SecretKey(private_key_base64, encoding.Base64Encoder())
+        box = public.SealedBox(private_key.public_key)
+        decrypted = box.decrypt(b64encode(encrypted_secret).decode()).decode()
         return decrypted
     except Exception as e:
         logging.error(f"Decryption failed: {e}")
@@ -29,20 +30,20 @@ def update_github_secret(repository_owner, repository_name, secret_name, new_sec
         url = f"https://api.github.com/repos/{repository_owner}/{repository_name}/actions/secrets/{secret_name}"
 
         # Get the public key for encryption
-        response = requests.get(f"https://api.github.com/repos/{repository_owner}/{repository_name}/actions/secrets/public-key", headers={"Authorization": f"Bearer {token}"})
-        response.raise_for_status()  # Raise an error for bad responses
-        public_key = response.json()['key']
-        public_key = base64.b64decode(public_key)
+        public_key_info = requests.get(f"https://api.github.com/repos/{repository_owner}/{repository_name}/actions/secrets/public-key", headers={"Authorization": f"Bearer {token}"})
+        public_key_info = public_key_info.json()
+        key_id = public_key_info['key_id']
+        public_key_base64 = public_key_info['key']
 
         # Encrypt the new secret value
-        encrypted_secret = encrypt_secret(new_secret_value, public_key)
+        encrypted_secret = encrypt_secret(new_secret_value, public_key_base64)
 
         # Update the secret on GitHub
-        response = requests.put(url, json={"encrypted_value": encrypted_secret}, headers={"Authorization": f"Bearer {token}"})
+        response = requests.put(url, json={"encrypted_value": encrypted_secret, "key_id": key_id}, headers={"Authorization": f"Bearer {token}"})
 
         response.raise_for_status()  # Raise an error for bad responses
 
-        if response.status_code == 200:
+        if response.status_code == 204:
             logging.info(f"Secret '{secret_name}' updated successfully.")
         else:
             logging.error(f"Failed to update secret '{secret_name}'. Status code: {response.status_code}, Response: {response.text}")
@@ -64,4 +65,4 @@ def update_github_secret(repository_owner, repository_name, secret_name, new_sec
         logging.error("Missing required environment variables.")
         sys.exit(1)
 
-    update_github_secret(repository_owner, repository_name, secret_name, new_secret_value, github_token)
+    update_github_secret(repository_owner, repository_name, secret_name, new_secret_value, github_token)