-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathentrypoint.sh
56 lines (42 loc) · 1.55 KB
/
entrypoint.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
#!/usr/bin/env bash
set -eu
# Check if ghost domain and api key as been set
if [ -z "${INPUT_GHOST_DOMAIN}" ]; then
echo "Unable to find the domain. Did you set with.domain?"
exit 1
fi
if [ -z "${INPUT_GHOST_API_KEY}" ]; then
echo "Unable to find the api key. Did you set with.api_key"
exit 1
fi
if [ -z "${INPUT_FILE}" ]; then
echo "Unable to find the file. Did you set with.file"
exit 1
fi
cd /github/workspace
# Admin API key goes here
KEY="${INPUT_GHOST_API_KEY}"
# Split the key into ID and SECRET
TMPIFS=$IFS
IFS=':' read ID SECRET <<< "$KEY"
IFS=$TMPIFS
# Prepare header and payload
NOW=$(date +'%s')
FIVE_MINS=$(($NOW + 300))
HEADER="{\"alg\": \"HS256\",\"typ\": \"JWT\", \"kid\": \"$ID\"}"
PAYLOAD="{\"iat\":$NOW,\"exp\":$FIVE_MINS,\"aud\": \"/v3/admin/\"}"
# Helper function for perfoming base64 URL encoding
base64_url_encode() {
declare input=${1:-$(</dev/stdin)}
# Use `tr` to URL encode the output from base64.
printf '%s' "${input}" | base64 -w 0 | tr -d '=' | tr '+' '-' | tr '/' '_'
}
# Prepare the token body
header_base64=$(base64_url_encode "$HEADER")
payload_base64=$(base64_url_encode "$PAYLOAD")
header_payload="${header_base64}.${payload_base64}"
# Create the signature
signature=$(printf '%s' "${header_payload}" | openssl dgst -binary -sha256 -mac HMAC -macopt hexkey:$SECRET | base64_url_encode)
# Concat payload and signature into a valid JWT token
TOKEN="${header_payload}.${signature}"
curl -X POST -v -F "file=@${INPUT_FILE}" -H "Authorization: Ghost $TOKEN" "${INPUT_GHOST_DOMAIN}/ghost/api/v3/admin/themes/upload"