-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathgenerate-jwt.py
57 lines (40 loc) · 1.78 KB
/
generate-jwt.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
#!/usr/bin/env python3
import sys
import jwt
import time
import os
import requests
from cryptography.hazmat.primitives.serialization import load_pem_private_key
from cryptography.hazmat.backends import default_backend
current_time = int(time.time())
app_id = sys.argv[1]
organization = sys.argv[2]
payload = {
# issued at time
'iat': current_time,
# JWT expiration time (10 minute maximum)
'exp': current_time + (10 * 60),
# GitHub App's identifier – you can get it from the github application dashboard
'iss': app_id,
}
private_key_file_content = sys.argv[3]
if private_key_file_content is not None:
private_key_file_content=private_key_file_content.encode()
cert_obj = load_pem_private_key(private_key_file_content, password=None, backend=default_backend())
app_jwt = jwt.encode(payload, private_key_file_content, algorithm='RS256')
headers_app_installations = {
"Authorization": "Bearer " + app_jwt,
"Accept": "application/vnd.github+json"
}
response_app_installations = requests.request("GET","https://api.github.com/app/installations", headers=headers_app_installations)
for app_installation in response_app_installations.json():
if(app_installation['account']['login'] == organization):
app_installation_id = app_installation['id']
headers_app_token = {
"Authorization": "Bearer " + app_jwt,
"Accept": "application/vnd.github+json"
}
resp_token = requests.request("POST","https://api.github.com/app/installations/" + str(app_installation_id) + "/access_tokens", headers=headers_app_token)
encoded_app_token = resp_token.json()['token']
with open(os.environ['GITHUB_OUTPUT'], 'a') as fh:
print(f'token={encoded_app_token}', file=fh)