-
-
Notifications
You must be signed in to change notification settings - Fork 1
/
token.sh
executable file
·120 lines (101 loc) · 3.26 KB
/
token.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
#!/bin/sh
# Shell sanity. Stop on errors and undefined variables.
set -eu
# This is a readlink -f implementation so this script can (perhaps) run on MacOS
abspath() {
is_abspath() {
case "$1" in
/* | ~*) true;;
*) false;;
esac
}
if [ -d "$1" ]; then
( cd -P -- "$1" && pwd -P )
elif [ -L "$1" ]; then
if is_abspath "$(readlink "$1")"; then
abspath "$(readlink "$1")"
else
abspath "$(dirname "$1")/$(readlink "$1")"
fi
else
printf %s\\n "$(abspath "$(dirname "$1")")/$(basename "$1")"
fi
}
# Resolve the root directory hosting this script to an absolute path, symbolic
# links resolved.
TOKEN_ROOTDIR=$( cd -P -- "$(dirname -- "$(command -v -- "$(abspath "$0")")")" && pwd -P )
# Level of verbosity, the higher the more verbose. All messages are sent to the
# stderr.
TOKEN_VERBOSE=${TOKEN_VERBOSE:-0}
# Where to send logs
TOKEN_LOG=${TOKEN_LOG:-2}
# GitHub host, e.g. github.com or github.example.com
TOKEN_GITHUB=${TOKEN_GITHUB:-"github.com"}
# Version of the GitHub API to use
TOKEN_API_VERSION=${TOKEN_API_VERSION:-"v3"}
# PAT to acquire the runner token with
TOKEN_PAT=${TOKEN_PAT:-""}
# Scope of the runner, one of: repo, org or enterprise
TOKEN_SCOPE=${TOKEN_SCOPE:-"repo"}
# Name of organisation, enterprise or repo to attach the runner to, when
# relevant scope.
TOKEN_PRINCIPAL=${TOKEN_PRINCIPAL:-""}
# shellcheck source=../lib/common.sh
. "$TOKEN_ROOTDIR/../lib/common.sh"
# shellcheck disable=SC2034 # Used in sourced scripts
KRUNVM_RUNNER_DESCR="Acquire a runner token from GitHub API"
while getopts "g:l:p:s:T:vh-" opt; do
case "$opt" in
g) # GitHub host
TOKEN_GITHUB="$OPTARG";;
l) # Where to send logs
TOKEN_LOG="$OPTARG";;
p) # Principal to authorise the runner for, name of repo, org or enterprise
TOKEN_PRINCIPAL="$OPTARG";;
s) # Scope of the token, one of repo, org or enterprise
TOKEN_SCOPE="$OPTARG";;
T) # Authorization token at the GitHub API
TOKEN_PAT="$OPTARG";;
v) # Increase verbosity, will otherwise log on errors/warnings only
TOKEN_VERBOSE=$((TOKEN_VERBOSE+1));;
h) # Print help and exit
usage 0 "TOKEN";;
?)
usage 1;;
esac
done
shift $((OPTIND-1))
# Pass logging configuration and level to imported scripts
KRUNVM_RUNNER_LOG=$TOKEN_LOG
KRUNVM_RUNNER_VERBOSE=$TOKEN_VERBOSE
if [ -z "$TOKEN_PRINCIPAL" ]; then
error "Principal must be set to name of repo, org or enterprise"
fi
check_command jq
# Set the API URL based on the GitHub host
if [ "$TOKEN_GITHUB" = "github.com" ]; then
TOKEN_APIURL="https://api.${TOKEN_GITHUB}"
else
TOKEN_APIURL="https://${TOKEN_GITHUB}/api/${TOKEN_API_VERSION}"
fi
# Construct the URL to request the registration token from
case "$TOKEN_SCOPE" in
org*)
TOKEN_URL="${TOKEN_APIURL}/orgs";;
ent*)
TOKEN_URL="${TOKEN_APIURL}/enterprises";;
rep*)
TOKEN_URL="${TOKEN_APIURL}/repos";;
*)
error "Invalid scope, must be one of repo, org or enterprise";;
esac
TOKEN_URL=${TOKEN_URL}/${TOKEN_PRINCIPAL}/actions/runners/registration-token
verbose "Requesting runner token from ${TOKEN_URL}"
curl \
-fsSL \
-XPOST \
-H "Content-Length: 0" \
-H "Authorization: token ${TOKEN_PAT}" \
-H "Accept: application/vnd.github.${TOKEN_API_VERSION}+json" \
"$TOKEN_URL" |
jq -r '.token'