Merge pull request #104 from github/joshmgross/env-secrets

Support creating and modifying environment secrets

Author: joshmgross

package.json

@@ -323,11 +323,11 @@
         {
           "command": "github-actions.settings.secret.add",
           "group": "inline",
-          "when": "viewItem == 'secrets'"
+          "when": "viewItem == 'secrets' || viewItem == 'environment-secrets'"
         },
         {
           "command": "github-actions.settings.secret.update",
-          "when": "viewItem == 'repo-secret'",
+          "when": "viewItem == 'repo-secret' || viewItem == 'env-secret'",
           "group": "inline@1"
         },
         {
@@ -337,7 +337,7 @@
         },
         {
           "command": "github-actions.settings.secret.delete",
-          "when": "viewItem == 'repo-secret'",
+          "when": "viewItem == 'repo-secret' || viewItem == 'env-secret' ",
           "group": "inline@2"
         },
         {

src/commands/secrets/addSecret.ts

@@ -1,15 +1,15 @@
 import * as vscode from "vscode";
-import {GitHubRepoContext} from "../../git/repository";
 import {encodeSecret} from "../../secrets";
+import {EnvironmentSecretsCommandArgs} from "../../treeViews/settings/environmentSecretsNode";
+import {RepoSecretsCommandArgs} from "../../treeViews/settings/repoSecretsNode";
+import {GitHubRepoContext} from "../../git/repository";
 
-interface AddSecretCommandArgs {
-  gitHubRepoContext: GitHubRepoContext;
-}
+type AddSecretCommandArgs = RepoSecretsCommandArgs | EnvironmentSecretsCommandArgs;
 
 export function registerAddSecret(context: vscode.ExtensionContext) {
   context.subscriptions.push(
     vscode.commands.registerCommand("github-actions.settings.secret.add", async (args: AddSecretCommandArgs) => {
-      const gitHubContext = args.gitHubRepoContext;
+      const {gitHubRepoContext} = args;
 
       const name = await vscode.window.showInputBox({
         prompt: "Enter name for new secret"
@@ -23,29 +23,56 @@ export function registerAddSecret(context: vscode.ExtensionContext) {
         prompt: "Enter the new secret value"
       });
 
-      if (value) {
-        try {
-          const keyResponse = await gitHubContext.client.actions.getRepoPublicKey({
-            owner: gitHubContext.owner,
-            repo: gitHubContext.name
-          });
-
-          const key_id = keyResponse.data.key_id;
-          const key = keyResponse.data.key;
-
-          await gitHubContext.client.actions.createOrUpdateRepoSecret({
-            owner: gitHubContext.owner,
-            repo: gitHubContext.name,
-            secret_name: name,
-            key_id: key_id,
-            encrypted_value: await encodeSecret(key, value)
-          });
-        } catch (e) {
-          await vscode.window.showErrorMessage((e as Error).message);
+      if (!value) {
+        return;
+      }
+
+      try {
+        if ("environment" in args) {
+          await createOrUpdateEnvSecret(gitHubRepoContext, args.environment.name, name, value);
+        } else {
+          await createOrUpdateRepoSecret(gitHubRepoContext, name, value);
         }
+      } catch (e) {
+        await vscode.window.showErrorMessage((e as Error).message);
       }
 
       await vscode.commands.executeCommand("github-actions.explorer.refresh");
     })
   );
 }
+
+export async function createOrUpdateRepoSecret(context: GitHubRepoContext, name: string, value: string) {
+  const keyResponse = await context.client.actions.getRepoPublicKey({
+    owner: context.owner,
+    repo: context.name
+  });
+
+  await context.client.actions.createOrUpdateRepoSecret({
+    owner: context.owner,
+    repo: context.name,
+    secret_name: name,
+    key_id: keyResponse.data.key_id,
+    encrypted_value: await encodeSecret(keyResponse.data.key, value)
+  });
+}
+
+export async function createOrUpdateEnvSecret(
+  context: GitHubRepoContext,
+  environment: string,
+  name: string,
+  value: string
+) {
+  const keyResponse = await context.client.actions.getEnvironmentPublicKey({
+    repository_id: context.id,
+    environment_name: environment
+  });
+
+  await context.client.actions.createOrUpdateEnvironmentSecret({
+    repository_id: context.id,
+    environment_name: environment,
+    secret_name: name,
+    key_id: keyResponse.data.key_id,
+    encrypted_value: await encodeSecret(keyResponse.data.key, value)
+  });
+}

src/commands/secrets/deleteSecret.ts

@@ -4,8 +4,8 @@ import {SecretCommandArgs} from "../../treeViews/settings/secretNode";
 export function registerDeleteSecret(context: vscode.ExtensionContext) {
   context.subscriptions.push(
     vscode.commands.registerCommand("github-actions.settings.secret.delete", async (args: SecretCommandArgs) => {
-      const gitHubContext = args.gitHubRepoContext;
-      const secret = args.secret;
+      const {gitHubRepoContext, secret, environment} = args;
+
       const acceptText = "Yes, delete this secret";
       try {
         await vscode.window
@@ -16,11 +16,19 @@ export function registerDeleteSecret(context: vscode.ExtensionContext) {
           )
           .then(async answer => {
             if (answer === acceptText) {
-              await gitHubContext.client.actions.deleteRepoSecret({
-                owner: gitHubContext.owner,
-                repo: gitHubContext.name,
-                secret_name: secret.name
-              });
+              if (environment) {
+                await gitHubRepoContext.client.actions.deleteEnvironmentSecret({
+                  repository_id: gitHubRepoContext.id,
+                  environment_name: environment.name,
+                  secret_name: secret.name
+                });
+              } else {
+                await gitHubRepoContext.client.actions.deleteRepoSecret({
+                  owner: gitHubRepoContext.owner,
+                  repo: gitHubRepoContext.name,
+                  secret_name: secret.name
+                });
+              }
             }
           });
       } catch (e) {

src/commands/secrets/updateSecret.ts

@@ -1,12 +1,11 @@
 import * as vscode from "vscode";
-import {encodeSecret} from "../../secrets";
 import {SecretCommandArgs} from "../../treeViews/settings/secretNode";
+import {createOrUpdateEnvSecret, createOrUpdateRepoSecret} from "./addSecret";
 
 export function registerUpdateSecret(context: vscode.ExtensionContext) {
   context.subscriptions.push(
     vscode.commands.registerCommand("github-actions.settings.secret.update", async (args: SecretCommandArgs) => {
-      const gitHubContext = args.gitHubRepoContext;
-      const secret = args.secret;
+      const {gitHubRepoContext, secret, environment} = args;
 
       const value = await vscode.window.showInputBox({
         prompt: "Enter the new secret value"
@@ -17,21 +16,11 @@ export function registerUpdateSecret(context: vscode.ExtensionContext) {
       }
 
       try {
-        const keyResponse = await gitHubContext.client.actions.getRepoPublicKey({
-          owner: gitHubContext.owner,
-          repo: gitHubContext.name
-        });
-
-        const key_id = keyResponse.data.key_id;
-        const key = keyResponse.data.key;
-
-        await gitHubContext.client.actions.createOrUpdateRepoSecret({
-          owner: gitHubContext.owner,
-          repo: gitHubContext.name,
-          secret_name: secret.name,
-          key_id: key_id,
-          encrypted_value: await encodeSecret(key, value)
-        });
+        if (environment) {
+          await createOrUpdateEnvSecret(gitHubRepoContext, environment.name, secret.name, value);
+        } else {
+          await createOrUpdateRepoSecret(gitHubRepoContext, secret.name, value);
+        }
       } catch (e) {
         await vscode.window.showErrorMessage((e as Error).message);
       }

src/treeViews/settings/environmentSecretsNode.ts

@@ -4,11 +4,15 @@ import {Environment} from "../../model";
 import {EmptyNode} from "./emptyNode";
 import {SecretNode} from "./secretNode";
 
+export type EnvironmentSecretsCommandArgs = Pick<EnvironmentSecretsNode, "gitHubRepoContext" | "environment">;
+
 export class EnvironmentSecretsNode extends vscode.TreeItem {
   constructor(public readonly gitHubRepoContext: GitHubRepoContext, public readonly environment: Environment) {
     super("Secrets", vscode.TreeItemCollapsibleState.Collapsed);
 
     this.iconPath = new vscode.ThemeIcon("lock");
+
+    this.contextValue = "environment-secrets";
   }
 
   async getSecrets(): Promise<(SecretNode | EmptyNode)[]> {

src/treeViews/settings/repoSecretsNode.ts

@@ -3,6 +3,8 @@ import {GitHubRepoContext} from "../../git/repository";
 import {EmptyNode} from "./emptyNode";
 import {SecretNode} from "./secretNode";
 
+export type RepoSecretsCommandArgs = Pick<RepoSecretsNode, "gitHubRepoContext">;
+
 export class RepoSecretsNode extends vscode.TreeItem {
   constructor(public readonly gitHubRepoContext: GitHubRepoContext) {
     super("Repository Secrets", vscode.TreeItemCollapsibleState.Collapsed);