fix: change the public key used for environment secrets (#33)

When encrypting environment secrets, we need to encrypt it with repository environment public key instead of the action repositories public key

src/handler/secrets/action-environment-secrets/action-environment-secret-handler.lambda.ts

@@ -72,7 +72,6 @@ const createOrUpdateEnvironmentSecret = async (
 ) => {
   const {
     repositoryOwner,
-    repositoryName: repo,
     repositorySecretName: secret_name,
     environment: environment_name,
     sourceSecretArn: secretId,
@@ -82,12 +81,12 @@ const createOrUpdateEnvironmentSecret = async (
 
   const secretString = await getSecretString(secretId, smClient, sourceSecretJsonField);
   const owner = await getOwner(octokit, repositoryOwner);
-  const { data } = await octokit.request('GET /repos/{owner}/{repo}/actions/secrets/public-key', { owner, repo });
+  const repository_id = await getRepositoryId(event, octokit, owner);
+  const { data } = await octokit.request('GET /repositories/{repository_id}/environments/{environment_name}/secrets/public-key', { repository_id, environment_name });
 
   const encryptedSecret = await encryptValue(secretString, data.key);
   console.log('Encrypted secret, attempting to create/update github secret');
 
-  const repository_id = await getRepositoryId(event, octokit, owner);
   const secretResponse = await octokit.request('PUT /repositories/{repository_id}/environments/{environment_name}/secrets/{secret_name}', {
     repository_id,
     environment_name,

test/handler/secrets/action-environment-secrets/action-environment-secret-handler.test.ts

@@ -57,7 +57,7 @@ describe('action-environment-secret-handler', () => {
       const ghNock = nock('https://api.github.com')
         .get('/repos/WtfJoke/cdk-github')
         .reply(200, { id: '1337' })
-        .get('/repos/WtfJoke/cdk-github/actions/secrets/public-key')
+        .get('/repositories/1337/environments/dev/secrets/public-key')
         .reply(200, {
           key_id: '568250167242549743',
           key: 'v0dSAu/BswbG2uUYeKnO0aX//Ibts7ItmFRvy6tfP2s=',
@@ -95,7 +95,7 @@ describe('action-environment-secret-handler', () => {
         .reply(200, { login: 'WtfJoke' })
         .get('/repos/WtfJoke/cdk-github')
         .reply(200, { id: '1337' })
-        .get('/repos/WtfJoke/cdk-github/actions/secrets/public-key')
+        .get('/repositories/1337/environments/dev/secrets/public-key')
         .reply(200, {
           key_id: '568250167242549743',
           key: 'v0dSAu/BswbG2uUYeKnO0aX//Ibts7ItmFRvy6tfP2s=',
@@ -139,7 +139,7 @@ describe('action-environment-secret-handler', () => {
         SecretString: 'mySecretToStore',
       });
       nock('https://api.github.com')
-        .get('/repos/WtfJoke/cdk-github/actions/secrets/public-key').reply(403, {
+        .get('/repos/WtfJoke/cdk-github').reply(403, {
           message: 'Must have admin rights to Repository.',
           documentation_url: 'https://docs.github.com/rest/reference/actions#get-a-repository-public-key',
         });
@@ -170,7 +170,7 @@ describe('action-environment-secret-handler', () => {
       const ghNock = nock('https://api.github.com')
         .get('/repos/WtfJoke/cdk-github')
         .reply(200, { id: '1337' })
-        .get('/repos/WtfJoke/cdk-github/actions/secrets/public-key')
+        .get('/repositories/1337/environments/dev/secrets/public-key')
         .reply(200, {
           key_id: '568250167242549743',
           key: 'v0dSAu/BswbG2uUYeKnO0aX//Ibts7ItmFRvy6tfP2s=',
@@ -214,7 +214,7 @@ describe('action-environment-secret-handler', () => {
         SecretString: 'mySecretToStore',
       });
       nock('https://api.github.com')
-        .get('/repos/WtfJoke/cdk-github/actions/secrets/public-key').reply(403, {
+        .get('/repos/WtfJoke/cdk-github').reply(403, {
           message: 'Must have admin rights to Repository.',
           documentation_url: 'https://docs.github.com/rest/reference/actions#get-a-repository-public-key',
         });