Special case setting dependabot org secrets (#6941)

2023-02-02 07:12:22 +11:00 · 2023-02-02 07:12:22 +11:00 · 1233bd4439
commit 1233bd4439
parent 1786ece4a4
2 changed files with 63 additions and 15 deletions
--- a/pkg/cmd/secret/set/http.go
+++ b/pkg/cmd/secret/set/http.go
@ -5,6 +5,7 @@ import (
 	"encoding/json"
 	"fmt"
 	"sort"
+	"strconv"
 	"strings"

 	"github.com/cli/cli/v2/api"
@ -19,6 +20,13 @@ type SecretPayload struct {
 	KeyID          string  `json:"key_id"`
 }

+type DependabotSecretPayload struct {
+	EncryptedValue string   `json:"encrypted_value"`
+	Visibility     string   `json:"visibility,omitempty"`
+	Repositories   []string `json:"selected_repository_ids,omitempty"`
+	KeyID          string   `json:"key_id"`
+}
+
 type PubKey struct {
 	ID  string `json:"key_id"`
 	Key string
@ -51,7 +59,7 @@ func getEnvPubKey(client *api.Client, repo ghrepo.Interface, envName string) (*P
 		ghrepo.FullName(repo), envName))
 }

-func putSecret(client *api.Client, host, path string, payload SecretPayload) error {
+func putSecret(client *api.Client, host, path string, payload interface{}) error {
 	payloadBytes, err := json.Marshal(payload)
 	if err != nil {
 		return fmt.Errorf("failed to serialize: %w", err)
@ -62,13 +70,30 @@ func putSecret(client *api.Client, host, path string, payload SecretPayload) err
 }

 func putOrgSecret(client *api.Client, host string, pk *PubKey, orgName, visibility, secretName, eValue string, repositoryIDs []int64, app shared.App) error {
+	path := fmt.Sprintf("orgs/%s/%s/secrets/%s", orgName, app, secretName)
+
+	if app == shared.Dependabot {
+		repos := make([]string, len(repositoryIDs))
+		for i, id := range repositoryIDs {
+			repos[i] = strconv.FormatInt(id, 10)
+		}
+
+		payload := DependabotSecretPayload{
+			EncryptedValue: eValue,
+			KeyID:          pk.ID,
+			Repositories:   repos,
+			Visibility:     visibility,
+		}
+
+		return putSecret(client, host, path, payload)
+	}
+
 	payload := SecretPayload{
 		EncryptedValue: eValue,
 		KeyID:          pk.ID,
 		Repositories:   repositoryIDs,
 		Visibility:     visibility,
 	}
-	path := fmt.Sprintf("orgs/%s/%s/secrets/%s", orgName, app, secretName)

 	return putSecret(client, host, path, payload)
 }
--- a/pkg/cmd/secret/set/set_test.go
+++ b/pkg/cmd/secret/set/set_test.go
@ -333,11 +333,12 @@ func Test_setRun_env(t *testing.T) {

 func Test_setRun_org(t *testing.T) {
 	tests := []struct {
-		name             string
-		opts             *SetOptions
-		wantVisibility   shared.Visibility
-		wantRepositories []int64
-		wantApp          string
+		name                       string
+		opts                       *SetOptions
+		wantVisibility             shared.Visibility
+		wantRepositories           []int64
+		wantDependabotRepositories []string
+		wantApp                    string
 	}{
 		{
 			name: "all vis",
@ -362,10 +363,21 @@ func Test_setRun_org(t *testing.T) {
 			opts: &SetOptions{
 				OrgName:     "UmbrellaCorporation",
 				Visibility:  shared.All,
-				Application: "dependabot",
+				Application: shared.Dependabot,
 			},
 			wantApp: "dependabot",
 		},
+		{
+			name: "Dependabot selected visibility",
+			opts: &SetOptions{
+				OrgName:         "UmbrellaCorporation",
+				Visibility:      shared.Selected,
+				Application:     shared.Dependabot,
+				RepositoryNames: []string{"birkin", "UmbrellaCorporation/wesker"},
+			},
+			wantDependabotRepositories: []string{"1", "2"},
+			wantApp:                    "dependabot",
+		},
 	}

 	for _, tt := range tests {
@ -410,13 +422,24 @@ func Test_setRun_org(t *testing.T) {

 			data, err := io.ReadAll(reg.Requests[len(reg.Requests)-1].Body)
 			assert.NoError(t, err)
-			var payload SecretPayload
-			err = json.Unmarshal(data, &payload)
-			assert.NoError(t, err)
-			assert.Equal(t, payload.KeyID, "123")
-			assert.Equal(t, payload.EncryptedValue, "UKYUCbHd0DJemxa3AOcZ6XcsBwALG9d4bpB8ZT0gSV39vl3BHiGSgj8zJapDxgB2BwqNqRhpjC4=")
-			assert.Equal(t, payload.Visibility, tt.opts.Visibility)
-			assert.ElementsMatch(t, payload.Repositories, tt.wantRepositories)
+
+			if tt.opts.Application == shared.Dependabot {
+				var payload DependabotSecretPayload
+				err = json.Unmarshal(data, &payload)
+				assert.NoError(t, err)
+				assert.Equal(t, payload.KeyID, "123")
+				assert.Equal(t, payload.EncryptedValue, "UKYUCbHd0DJemxa3AOcZ6XcsBwALG9d4bpB8ZT0gSV39vl3BHiGSgj8zJapDxgB2BwqNqRhpjC4=")
+				assert.Equal(t, payload.Visibility, tt.opts.Visibility)
+				assert.ElementsMatch(t, payload.Repositories, tt.wantDependabotRepositories)
+			} else {
+				var payload SecretPayload
+				err = json.Unmarshal(data, &payload)
+				assert.NoError(t, err)
+				assert.Equal(t, payload.KeyID, "123")
+				assert.Equal(t, payload.EncryptedValue, "UKYUCbHd0DJemxa3AOcZ6XcsBwALG9d4bpB8ZT0gSV39vl3BHiGSgj8zJapDxgB2BwqNqRhpjC4=")
+				assert.Equal(t, payload.Visibility, tt.opts.Visibility)
+				assert.ElementsMatch(t, payload.Repositories, tt.wantRepositories)
+			}
 		})
 	}
 }