FilesExpand file tree

 develop

/

permission.ts

Copy path

Blame

More file actions

Blame

More file actions

Latest commit

 

History

History

History

87 lines (79 loc) · 2.75 KB

 develop

/

permission.ts

Top

File metadata and controls

• Code
• Blame

87 lines (79 loc) · 2.75 KB

Raw

Copy raw file

Download raw file

Open symbols panel

Edit and raw actions

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

29

30

31

32

33

34

35

36

37

38

39

40

41

42

43

44

45

46

47

48

49

50

51

52

53

54

55

56

57

58

59

60

61

62

63

64

65

66

67

68

69

70

71

72

73

74

75

76

77

78

79

80

81

82

83

84

85

86

87

import * as core from '@actions/core';

import { ActionConfig } from './config.js';

import { Octokit } from 'octokit';

/**

* Checks if the user has appropriate permissions.

* @param config Action configuration

* @returns true if the user has permission, false otherwise

*/

export async function checkPermission(config: ActionConfig): Promise<boolean> {

const { context, octokit, repo } = config;

const actor = context.actor;

if (!actor) {

core.warning('Actor not found. Permission check failed.');

return false;

}

try {

return await checkUserPermissionGithub(octokit, repo, actor);

} catch (error) {

core.warning(`Exception occurred during permission check: ${error}`);

return false;

}

}

/**

* Asynchronously checks if a user has appropriate permissions for a repository.

* This function is used internally and primarily for logging permission information.

* @param octokit GitHub API client

* @param repo Repository information

* @param username Username to check

* @returns true if the user has permissions, false otherwise

*/

async function checkUserPermissionGithub(

octokit: Octokit,

repo: { owner: string; repo: string },

username: string

): Promise<boolean> {

try {

// Check user's permissions as a repository collaborator

const { data: collaboratorPermission } = await octokit.rest.repos.getCollaboratorPermissionLevel({

...repo,

username,

});

const permission = collaboratorPermission.permission;

core.info(`User Permission level: ${permission}`);

// Determine based on permission level

// Permission levels include `admin, write, read, none`

return ['admin', 'write'].includes(permission);

} catch (error) {

core.warning(`Error checking user permission: ${error}`);

return false;

}

}

/**

* Masks sensitive information (GitHub token and Anthropic API key) in a given string.

* @param text The text to mask.

* @param config Action configuration containing sensitive keys.

* @returns The masked text.

*/

export function maskSensitiveInfo(text: string, config: ActionConfig): string {

let maskedText = text;

if (config.githubToken) {

maskedText = maskedText.replaceAll(config.githubToken, '***');

}

if (config.anthropicApiKey) {

maskedText = maskedText.replaceAll(config.anthropicApiKey, '***');

}

if (config.awsAccessKeyId) {

maskedText = maskedText.replaceAll(config.awsAccessKeyId, '***');

}

if (config.awsSecretAccessKey) {

maskedText = maskedText.replaceAll(config.awsSecretAccessKey, '***');

}

if (config.anthropicBaseUrl) {

maskedText = maskedText.replaceAll(config.anthropicBaseUrl, '***');

}

if (config.anthropicBedrockBaseUrl) {

maskedText = maskedText.replaceAll(config.anthropicBedrockBaseUrl, '***');

}

return maskedText;

}