Reapply "feat(server): allow configuring client ID and installation ID vial env vars" (#1886)"

krzema12 · krzema12 · commit 4f501bd7236b · 2025-04-03T08:26:06.000+02:00
diff --git a/.github/workflows/bindings-server.main.kts b/.github/workflows/bindings-server.main.kts
@@ -52,6 +52,8 @@ workflow(
         runsOn = UbuntuLatest,
         env = mapOf(
             "APP_PRIVATE_KEY" to expr { APP_PRIVATE_KEY },
+            "APP_INSTALLATION_ID" to "62885502",
+            "APP_CLIENT_ID" to "Iv23liIZ17VJKUpjacBs",
         ),
     ) {
         uses(action = Checkout())
diff --git a/.github/workflows/bindings-server.yaml b/.github/workflows/bindings-server.yaml
@@ -49,6 +49,8 @@ jobs:
     - 'check_yaml_consistency'
     env:
       APP_PRIVATE_KEY: '${{ secrets.APP_PRIVATE_KEY }}'
+      APP_INSTALLATION_ID: '62885502'
+      APP_CLIENT_ID: 'Iv23liIZ17VJKUpjacBs'
     steps:
     - id: 'step-0'
       uses: 'actions/checkout@v4'
diff --git a/shared-internal/src/main/kotlin/io/github/typesafegithub/workflows/shared/internal/GitHubApp.kt b/shared-internal/src/main/kotlin/io/github/typesafegithub/workflows/shared/internal/GitHubApp.kt
@@ -31,18 +31,17 @@ private val logger = logger { }
 suspend fun getInstallationAccessToken(): String? {
     if (cachedAccessToken?.isExpired() == false) return cachedAccessToken!!.token
     val jwtToken = generateJWTToken() ?: return null
+    val appInstallationId = System.getenv("APP_INSTALLATION_ID") ?: return null
     cachedAccessToken =
         httpClient
-            .post("https://api.github.com/app/installations/$INSTALLATION_ID/access_tokens") {
+            .post("https://api.github.com/app/installations/$appInstallationId/access_tokens") {
                 header("Accept", "application/vnd.github+json")
                 header("Authorization", "Bearer $jwtToken")
                 header("X-GitHub-Api-Version", "2022-11-28")
             }.body()
     return cachedAccessToken!!.token
 }
 
-private const val INSTALLATION_ID = "62885502"
-
 private var cachedAccessToken: Token? = null
 
 @Serializable
@@ -77,15 +76,14 @@ private val httpClient =
         }
     }
 
-private const val GITHUB_CLIENT_ID = "Iv23liIZ17VJKUpjacBs"
-
 private fun generateJWTToken(): String? {
     val key = loadRsaKey() ?: return null
+    val appClientId = System.getenv("APP_CLIENT_ID") ?: return null
     val algorithm = Algorithm.RSA256(null, key)
     val now = Instant.now()
     return JWT
         .create()
-        .withIssuer(GITHUB_CLIENT_ID)
+        .withIssuer(appClientId)
         .withIssuedAt(now.minusMinutes(1))
         .withExpiresAt(now.plusMinutes(9))
         .sign(algorithm)
