Zenn
Open4

github curl

ishikawaishikawa

GitHub App JIT取得

import time
import jwt
import requests

# GitHub App設定
APP_ID =''
PRIVATE_KEY_PATH = ''

# JWT 作成
with open(PRIVATE_KEY_PATH, 'r') as f:
    private_key = f.read()

payload = {
    'iat': int(time.time()),
    'exp': int(time.time()) + 600,
    'iss': APP_ID
}

jwt_token = jwt.encode(payload, private_key, algorithm='RS256')

# Installation ID を取得
headers = {
    'Authorization': f'Bearer {jwt_token}',
    'Accept': 'application/vnd.github+json'
}
res = requests.get('https://api.github.com/app/installations', headers=headers)
installation_id = res.json()[0]['id']

# JIT token を取得
res = requests.post(
    f'https://api.github.com/app/installations/{installation_id}/access_tokens',
    headers=headers
)

print('✅ Installation Token:')
print(res.json()['token'])
ishikawaishikawa

Repositories

GitHub Appがインストールされているリポジトリ情報を取得

curl -H "Authorization: token ${JIT}" \
-H "Accept: application/vnd.github+json" \
https://api.github.com/installation/repositories
ishikawaishikawa

GitHub Api Request Header

Authorization

tokenかbeare

-H "Authorization: token ${JIT}"
# or
-H "Authorization: Bearer ${JIT}"

Accept

とりあえず以下のValueが推奨らしい。

-H "Accept: application/vnd.github+json"

X-GitHub-Api-Version

githubのapi versionを固定する。cicdとかではつけた方が良さそう。

-H "X-GitHub-Api-Version: 2022-11-28"

Beare 意味

保有者・持参人

そもそもcurlについて

基本

curl -X <HTTPメソッド> \
    -H "Header名: 値" \
    -d 'リクエストボディ' \
    https://api.example.com/エンドポイント
ishikawaishikawa

Dispatch Workflow

  1. dispatch
  2. 呼び出したrun-id取得
  3. runのステータスチェック ポーリング
#!/bin/bash
JIT_TOKEN=
OWNER=
REPO=
WORKFLOW_FILE=
POLL_INTERVAL=5  

# dispatch
curl -X POST \
  -H "Authorization: token $JIT_TOKEN" \
  -H "Accept: application/vnd.github+json" \
  https://api.github.com/repos/$OWNER/$REPO/actions/workflows/$WORKFLOW_FILE/dispatches \
  -d '{"ref":"main"}'

# wait runs update
sleep 2

# get run-id
RUN_ID=$(curl -s -H "Authorization: token $JIT_TOKEN" \
  https://api.github.com/repos/$OWNER/$REPO/actions/runs \
  | jq '.workflow_runs[0].id')


echo "⏳ Waiting for workflow run $RUN_ID to finish..."

while true; do
	# workflow status
  RESPONSE=$(curl -s -H "Authorization: token $JIT_TOKEN" \
    -H "Accept: application/vnd.github+json" \
    "https://api.github.com/repos/$OWNER/$REPO/actions/runs/$RUN_ID")

  STATUS=$(echo "$RESPONSE" | jq -r '.status')
  CONCLUSION=$(echo "$RESPONSE" | jq -r '.conclusion')

  echo "Status: $STATUS, Conclusion: $CONCLUSION"

  if [ "$STATUS" == "completed" ]; then
    if [ "$CONCLUSION" == "success" ]; then
      echo "✅ Workflow succeeded!"
      exit 0
    elif [ "$CONCLUSION" == "failure" ] || [ "$CONCLUSION" == "cancelled" ]; then
      echo "❌ Workflow failed or cancelled!"
      exit 1
    fi
  fi

  sleep $POLL_INTERVAL
done