GitHub secrets created using API REST but returned empty

By -

I created GitHub secrets using the GitHub REST API as it's given in the folowing documentation: https://docs.github.com/en/rest/actions/secrets

The code that I used to crypt and then create my list of GitHub environnment secrets is te following :

from github import Github
import requests

access_token = base["TOKEN"]
user = gitLogin["user"]

api_url = f"https://api.github.com/users/"+user+"/repos"
response = requests.get(api_url, auth=(user, access_token))
print(response)

dev_secrets_names = [...]
dev_secrets_list = [...]
dev_encrypted_secrets_list = []

def encrypt(public_key: str, secret_value: str) -> str:
   """Encrypt a Unicode string using the public key."""
   public_key = public.PublicKey(public_key.encode("utf-8"), encoding.Base64Encoder())
   sealed_box = public.SealedBox(public_key)
   encrypted = sealed_box.encrypt(secret_value.encode("utf-8"))
   return b64encode(encrypted).decode("utf-8")

for i in range(len(dev_secrets_list)):
   encrypted_secret = encrypt(public_key, dev_secrets_list[i])
   dev_encrypted_secrets_list.append(encrypted_secret)

for i in range(len(dev_secrets_list)):
   url = f"https://api.github.com/repositories/"+"$"+"/environments/"+environnments["dev"]+"/secrets/"+dev_secrets_names[i]
   print(url)
   body = {"encrypted_value": f"{dev_encrypted_secrets_list[i]}", "key_id": "$"}
   response = requests.put(url, json=body, auth=(user, access_token))

The code executes correctly and when I go to check the secrets are well created in GitHub. Only, when I try to retrieve the secrets in a task, they are not read as if they were empty. The folowing code is where I'm trying to use the secrets :

on:
  workflow_call:
    inputs:
      Organization:
        required: true
        type: string
      Repository:
        required: true
        type: string
      devEnv:
        required: true
        type: string
      uatEnv: 
        required: true
        type: string
      prodEnv:
        required: true
        type: string
      devBranch:
        required: true
        type: string
      uatBranch:
        required: true
        type: string
      prodBranch:
        required: true
        type: string
      releaseBranch:
        required: true
        type: string
      rootFolder:
        required: true
        type: string
    
    secrets:
      DEV_SF_ACCOUNT:
        required: true
      DEV_SF_USERNAME:
        required: true
      DEV_SNOWFLAKE_PASSWORD:
        required: true
      DEV_SF_ROLE:
        required: true
      DEV_SF_WAREHOUSE:
        required: true

deploy-snowflake-changes-dev:
    name: deploy schamas changes to dev
    needs: ShitTest 
    if: needs.ShitTest.outputs.output == 'true'
    environment: 
      name: $
    runs-on: ubuntu-latest
    steps:
      - name: Checkout repository
        uses: actions/checkout@v2

      - name: Use Python 3.8.x
        uses: actions/setup-python@v2.2.1
        with:
          python-version: 3.8.x

      - name: Run schemachange
        shell: pwsh
        run: |
          python --version
          echo "Step 1: Installing schemachange"
          pip install schemachange

          echo "Step 3: Running schemachange"
          schemachange deploy -f ./$ -a $ -u $ -r $ -w $ -d DEV_$ -c DEV_$.$.$ --vars $varsString --create-change-history-table -v  
        env:
          SNOWFLAKE_PASSWORD: $

I voluntarily removed some part of the code to keep it simple.

Can you help to understand why secrets are returned as empty ?

note: when I update the secrets manually, everything works.

The following code is the one from witch I call the previous workflow :

jobs:
  snowflake-devops:
    uses: ./.github/workflows/snowflake-devops.yml
    with:
      Organization: $($parametersFileContent.organization)
      Repository: $($parametersFileContent.repository)
      devEnv: $($parametersFileContent.environnments.dev)
      uatEnv: $($parametersFileContent.environnments.uat)
      prodEnv: $($parametersFileContent.environnments.prod)
      devBranch: $
      uatBranch: $
      prodBranch: $
      releaseBranch: $
      rootFolder: $($parametersFileContent.rootFolder)
     secrets:
      TOKEN: $TOKEN
      SF_DATABASE: $SF_DATABASE
      SF_SCHEMA: $SF_SCHEMA
      SF_HISTORY_TABLE: $SF_HISTORY_TABLE
                
      DEV_SF_ACCOUNT: $DEV_SF_ACCOUNT
      DEV_SF_USERNAME: $DEV_SF_USERNAME
      DEV_SF_ROLE: $DEV_SF_ROLE
      DEV_SF_WAREHOUSE: $DEV_SF_WAREHOUSE
      DEV_SNOWFLAKE_PASSWORD: $DEV_SNOWFLAKE_PASSWORD


Comments

Post a Comment

Popular posts from this blog

Spring Elasticsearch Operations

By -
Elasticsearch Operations Spring Data Elasticsearch uses two interfaces to define the operations that can be called against an Elasticsearch index. These are ElasticsearchOperations and ReactiveElasticsearchOperations. Whereas the first is used with the classic synchronous implementations, the second one uses reactive infrastructure. The default implementations of the interfaces offer: Read/Write mapping support for domain types. A rich query and criteria api. Resource management and Exception translation. ElasticsearchTemplate The ElasticsearchTemplate is an implementation of the ElasticsearchOperations interface using the Transport Client. @Configuration public class TransportClientConfig extends ElasticsearchConfigurationSupport {   @Bean   public Client elasticsearchClient() throws UnknownHostException {                      Settings settings = Settings.builder().put("cluster.name", "elasticsearch")....
Read more

Network Error and Timeout on Authorize.net JS

By -
i am using authorize.net acceptUI.js in order to create a hosted payment form for credit card acceptance. The problem arising now is that, going on the checkout page, I have the following console message: GET https://js.authorize.net/v3/AcceptUI.js net::ERR_NAME_NOT_RESOLVED Which is weird, cause I cannot ping the domain or anything, as my computer cannot resolve the domain. However, this issue is also reported by individual customers and it seems to be sporadically and not happening the entire time, cause i can see other orders going through. Does anyone know how such an error can be caused, or any ideas how it can be resolved? Thanks for your help EDIT: I just checked the A DNS record for js.authorize.net and am getting the following result only: js.authorize.net. 100 IN CNAME js.authorize.net.cdn.cloudflare.net. Doing the same for js.authorize.net.cdn.cloudflare.net. does not return an A Record, unless I specifically instruct to use 1.1.1.1 as DNS server I...
Read more

Object oriented programming concepts (OOPs)

By -
Object-oriented programming (OOP) is a programming paradigm based on the concept of "objects". Re-usability is the main concept of Oops. There are few major principles of object-oriented paradigm. If any programming Language supports this principles that programming language called Object-oriented programming. Below are object oriented programming concepts : 1. Object        Read More about Object     http://theprogrammersfirst.blogspot.in/2016/07/java-object-concept.html
Read more