diff --git a/src/handler/secrets/action-environment-secrets/action-environment-secret-handler.lambda.ts b/src/handler/secrets/action-environment-secrets/action-environment-secret-handler.lambda.ts index ab9ec1a..020a899 100644 --- a/src/handler/secrets/action-environment-secrets/action-environment-secret-handler.lambda.ts +++ b/src/handler/secrets/action-environment-secrets/action-environment-secret-handler.lambda.ts @@ -72,7 +72,6 @@ const createOrUpdateEnvironmentSecret = async ( ) => { const { repositoryOwner, - repositoryName: repo, repositorySecretName: secret_name, environment: environment_name, sourceSecretArn: secretId, @@ -82,12 +81,12 @@ const createOrUpdateEnvironmentSecret = async ( const secretString = await getSecretString(secretId, smClient, sourceSecretJsonField); const owner = await getOwner(octokit, repositoryOwner); - const { data } = await octokit.request('GET /repos/{owner}/{repo}/actions/secrets/public-key', { owner, repo }); + const repository_id = await getRepositoryId(event, octokit, owner); + const { data } = await octokit.request('GET /repositories/{repository_id}/environments/{environment_name}/secrets/public-key', { repository_id, environment_name }); const encryptedSecret = await encryptValue(secretString, data.key); console.log('Encrypted secret, attempting to create/update github secret'); - const repository_id = await getRepositoryId(event, octokit, owner); const secretResponse = await octokit.request('PUT /repositories/{repository_id}/environments/{environment_name}/secrets/{secret_name}', { repository_id, environment_name, diff --git a/test/handler/secrets/action-environment-secrets/action-environment-secret-handler.test.ts b/test/handler/secrets/action-environment-secrets/action-environment-secret-handler.test.ts index 0ce9682..f335aed 100644 --- a/test/handler/secrets/action-environment-secrets/action-environment-secret-handler.test.ts +++ b/test/handler/secrets/action-environment-secrets/action-environment-secret-handler.test.ts @@ -57,7 +57,7 @@ describe('action-environment-secret-handler', () => { const ghNock = nock('https://api.github.com') .get('/repos/WtfJoke/cdk-github') .reply(200, { id: '1337' }) - .get('/repos/WtfJoke/cdk-github/actions/secrets/public-key') + .get('/repositories/1337/environments/dev/secrets/public-key') .reply(200, { key_id: '568250167242549743', key: 'v0dSAu/BswbG2uUYeKnO0aX//Ibts7ItmFRvy6tfP2s=', @@ -95,7 +95,7 @@ describe('action-environment-secret-handler', () => { .reply(200, { login: 'WtfJoke' }) .get('/repos/WtfJoke/cdk-github') .reply(200, { id: '1337' }) - .get('/repos/WtfJoke/cdk-github/actions/secrets/public-key') + .get('/repositories/1337/environments/dev/secrets/public-key') .reply(200, { key_id: '568250167242549743', key: 'v0dSAu/BswbG2uUYeKnO0aX//Ibts7ItmFRvy6tfP2s=', @@ -139,7 +139,7 @@ describe('action-environment-secret-handler', () => { SecretString: 'mySecretToStore', }); nock('https://api.github.com') - .get('/repos/WtfJoke/cdk-github/actions/secrets/public-key').reply(403, { + .get('/repos/WtfJoke/cdk-github').reply(403, { message: 'Must have admin rights to Repository.', documentation_url: 'https://docs.github.com/rest/reference/actions#get-a-repository-public-key', }); @@ -170,7 +170,7 @@ describe('action-environment-secret-handler', () => { const ghNock = nock('https://api.github.com') .get('/repos/WtfJoke/cdk-github') .reply(200, { id: '1337' }) - .get('/repos/WtfJoke/cdk-github/actions/secrets/public-key') + .get('/repositories/1337/environments/dev/secrets/public-key') .reply(200, { key_id: '568250167242549743', key: 'v0dSAu/BswbG2uUYeKnO0aX//Ibts7ItmFRvy6tfP2s=', @@ -214,7 +214,7 @@ describe('action-environment-secret-handler', () => { SecretString: 'mySecretToStore', }); nock('https://api.github.com') - .get('/repos/WtfJoke/cdk-github/actions/secrets/public-key').reply(403, { + .get('/repos/WtfJoke/cdk-github').reply(403, { message: 'Must have admin rights to Repository.', documentation_url: 'https://docs.github.com/rest/reference/actions#get-a-repository-public-key', });