build: migrate patch-up to use app creds (#36817)

2023-01-10 21:56:50 -08:00 · 2023-01-10 21:56:50 -08:00 · b3d16e727c
commit b3d16e727c
parent dfe501941c
3 changed files with 271 additions and 20 deletions
--- a/script/push-patch.js
+++ b/script/push-patch.js
@ -1,4 +1,4 @@
-const { createAppAuth } = require('@octokit/auth-app');
+const { appCredentialsFromString, getTokenForRepo } = require('@electron/github-app-auth');
 const cp = require('child_process');

 if (!process.env.CIRCLE_BRANCH) {
@ -11,17 +11,15 @@ if (process.env.CIRCLE_PR_NUMBER) {
  process.exit(1);
 }

-const auth = createAppAuth({
-  appId: process.env.PATCH_UP_APP_ID,
-  privateKey: Buffer.from(process.env.PATCH_UP_PRIVATE_KEY, 'base64').toString('utf8'),
-  installationId: process.env.PATCH_UP_INSTALLATION_ID,
-  clientId: process.env.PATCH_UP_CLIENT_ID,
-  clientSecret: process.env.PATCH_UP_CLIENT_SECRET
-});
-
 async function main () {
-  const installationAuth = await auth({ type: 'installation' });
-  const remoteURL = `https://x-access-token:${installationAuth.token}@github.com/electron/electron.git`;
+  const token = await getTokenForRepo(
+    {
+      name: 'electron',
+      owner: 'electron'
+    },
+    appCredentialsFromString(process.env.PATCH_UP_APP_CREDS)
+  );
+  const remoteURL = `https://x-access-token:${token}@github.com/electron/electron.git`;
  // NEVER LOG THE OUTPUT OF THIS COMMAND
  // GIT LEAKS THE ACCESS CREDENTIALS IN CONSOLE LOGS
  const { status } = cp.spawnSync('git', ['push', '--set-upstream', remoteURL], {