codedog/codedog/utils/github_utils.py at 451550dcb604c05f05e1a762100a8c6ac823beea · codedog-ai/codedog · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
import time

import jwt
import requests
from cryptography.hazmat.backends import default_backend
from cryptography.hazmat.primitives import serialization
from github import Github

default_url = "https://api.github.com"


def load_github_client(
    *,
    token: str = None,
    installation_id: int = None,
    private_key: str = None,
    app_id: str = None,
    base_url: str = default_url,
):
    if installation_id is not None and private_key is not None and app_id is not None:
        _token = get_token_by_installation(installation_id, private_key, app_id, base_url)
        client = Github(_token)
    elif token:
        client = Github(token)
    else:
        raise RuntimeError("Could not find a valid way to initiate Github Client.")
    return client


def get_token_by_installation(installation_id: int, private_key: str, app_id: str, base_url: str) -> str:
    jwt_token = get_jwt_token(private_key, app_id)
    access_token = get_access_token_by_installation_id(installation_id, jwt_token, base_url)
    return access_token


def get_jwt_token(private_key: str, app_id: str):
    # 获取当前时间
    now = int(time.time())

    # 准备 JWT 的 payload
    payload = {
        # 发行人
        "iat": now,
        # JWT 的过期时间，这里设置为1分钟后
        "exp": now + (10 * 60),
        # GitHub App 的 ID
        "iss": app_id,
    }

    # 生成JWT
    jwt_token = jwt.encode(payload, private_key, algorithm="RS256")
    return jwt_token


def get_access_token_by_installation_id(installation_id: int, jwt_token: str, base_url: str):
    if installation_id is None:
        return None
    # 使用installation_id生成访问令牌
    # TODO: dynatic github base url
    token_url = f"{base_url}/app/installations/{installation_id}/access_tokens"
    headers = {
        "Authorization": "Bearer {}".format(jwt_token),
        "Accept": "application/vnd.github.machine-man-preview+json",
    }
    response = requests.post(token_url, headers=headers)
    response.raise_for_status()
    token_info = response.json()
    return token_info["token"]


def load_private_key(filename):
    # 从文件中读取你的私钥
    with open(filename, "rb") as key_file:
        private_key = serialization.load_pem_private_key(key_file.read(), password=None, backend=default_backend())
    return private_key