Skip to content

Commit

Permalink
feat: Add explicit encode and decode email commands, validate when is…
Browse files Browse the repository at this point in the history 
…sue opened
  • Loading branch information
@jcfr
jcfr committed Jul 30, 2024
1 parent d46d9f2 commit 9a27204
Show file tree
Hide file tree
Showing 4 changed files with 280 additions and 63 deletions.
50 changes: 50 additions & 0 deletions .github/actions/encode-decode-string/action.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,50 @@
name: "Encode or decode string"
description: "Encode or decode string"
inputs:
input_string:
description: "String to encode or decode"
required: true
encryption_key:
description: "Encryption key used for encoding or decoding"
required: true
operation:
description: Operation to perform 'decode' or 'encode'
required: true
skip:
description: Whether to skip the selected operation.
default: "false"
outputs:
output_string:
description:
"Encoded or decoded string. If skip is true, set to input string."
value: ${{ steps.encode_decode.outputs.output_string }}
runs:
using: "composite"
steps:
- name: "Encode or decode string"
id: encode_decode
shell: bash
run: |
if [[ ! $SKIP =~ ^(false|true)$ ]]; then
echo "::error ::Invalid skip value '$SKIP'. Supported values are 'true' or 'false'"
exit 1
fi
if [[ ! $OPERATION =~ ^(encode|decode)$ ]]; then
echo "::error ::Invalid operation value '$OPERATION'. Supported values are 'encode' or 'decode'"
exit 1
fi
if [[ $SKIP == "false" ]]; then
if [[ $OPERATION == "encode" ]]; then
output_string=$(echo "$INPUT_STRING" | openssl enc -base64 -e -aes-256-cbc -salt -pass pass:$ENCRYPTION_KEY -pbkdf2)
else
output_string=$(echo "$INPUT_STRING" | openssl enc -base64 -d -aes-256-cbc -salt -pass pass:$ENCRYPTION_KEY -pbkdf2)
fi
else
output_string=$INPUT_STRING
fi
echo "output_string=$output_string" >> $GITHUB_OUTPUT
env:
INPUT_STRING: ${{ inputs.input_string }}
ENCRYPTION_KEY: ${{ inputs.encryption_key }}
OPERATION: ${{ inputs.operation }}
SKIP: ${{ fromJSON(inputs.skip) }}
172 changes: 172 additions & 0 deletions .github/workflows/update-issue.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,172 @@
name: Update Issue

on:
issue_comment:
types: [created]

# Permissions needed for reacting to IssueOps commands on issues
permissions:
issues: write
checks: read

jobs:
update-issue:
runs-on: ubuntu-latest
if:
${{ !github.event.issue.pull_request && (
contains(github.event.comment.body, '/encode_email') ||
contains(github.event.comment.body, '/decode_email') ) }}
steps:
- name: encode_email command
id: encode_email_command
uses: github/[email protected]
with:
command: "/encode_email"
reaction: "rocket"
allowed_contexts: "issue"
permissions: "read,triage,write,maintain,admin"
allowlist: "jcfr,muratmaga,${{ github.event.issue.user.login }}"

- name: decode_email command
id: decode_email_command
uses: github/[email protected]
with:
command: "/decode_email"
reaction: "rocket"
allowed_contexts: "issue"
permissions: "read,triage,write,maintain,admin"
allowlist: "jcfr,muratmaga,${{ github.event.issue.user.login }}"

- name: Set command metadata
id: command
if:
${{ steps.encode_email_command.outputs.continue == 'true' ||
steps.decode_email_command.outputs.continue == 'true' }}
run: |
if [[ "$ENCODE_EMAIL_COMMAND_CONTINUE" == "true" ]]; then
continue="$ENCODE_EMAIL_COMMAND_CONTINUE"
command_name="encode_email"
comment_id="${{ steps.encode_email_command.outputs.comment_id }}"
elif [[ "$DECODE_EMAIL_COMMAND_CONTINUE" == "true" ]]; then
continue="$DECODE_EMAIL_COMMAND_CONTINUE"
command_name="decode_email"
comment_id="${{ steps.decode_email_command.outputs.comment_id }}"
else
continue="false"
command_name=""
comment_id=""
fi
echo "continue=$continue" >> $GITHUB_OUTPUT
echo "command_name=$command_name" >> $GITHUB_OUTPUT
echo "comment_id=$comment_id" >> $GITHUB_OUTPUT
env:
ENCODE_EMAIL_COMMAND_CONTINUE:
${{ steps.encode_email_command.outputs.continue }}
DECODE_EMAIL_COMMAND_CONTINUE:
${{ steps.decode_email_command.outputs.continue }}

- uses: actions/checkout@v4

- name: Extract fields
id: extract
uses: ./.github/actions/extract-issue-fields
with:
token: ${{ secrets.GITHUB_TOKEN }}
repository: ${{ github.repository }}
issue_number: ${{ github.event.issue.number }}

- name: Check if email is encoded
id: check_email_encryption
run: |
if [[ "$EMAIL" != *"@"* ]]; then
encoded="true"
else
encoded="false"
fi
echo "encoded=$encoded" >> $GITHUB_OUTPUT
env:
EMAIL: ${{ steps.extract.outputs.email }}

- name: Encode email
id: encode_email
if: ${{ steps.encode_email_command.outputs.continue == 'true' }}
uses: ./.github/actions/encode-decode-string
with:
input_string: ${{ steps.extract.outputs.email }}
encryption_key: ${{ secrets.STRING_ENCRYPTION_KEY }}
operation: "encode"
skip: ${{ steps.check_email_encryption.outputs.encoded == 'true' }}

- name: Decode email
id: decode_email
if: ${{ steps.decode_email_command.outputs.continue == 'true' }}
uses: ./.github/actions/encode-decode-string
with:
input_string: ${{ steps.extract.outputs.email }}
encryption_key: ${{ secrets.STRING_ENCRYPTION_KEY }}
operation: "decode"
skip: ${{ steps.check_email_encryption.outputs.encoded == 'false' }}

- name: Set updated email
id: set_updated_email
if: ${{ steps.command.outputs.continue == 'true' }}
run: |
updated_email=""
if [[ "$ENCODE_EMAIL_COMMAND_CONTINUE" == "true" ]]; then
updated_email="$ENCODED_EMAIL"
elif [[ "$DECODE_EMAIL_COMMAND_CONTINUE" == "true" ]]; then
updated_email="$DECODED_EMAIL"
fi
echo "updated_email=$updated_email" >> $GITHUB_OUTPUT
env:
ENCODE_EMAIL_COMMAND_CONTINUE:
${{ steps.encode_email_command.outputs.continue }}
ENCODED_EMAIL: ${{ steps.encode_email.outputs.output_string }}
DECODE_EMAIL_COMMAND_CONTINUE:
${{ steps.decode_email_command.outputs.continue }}
DECODED_EMAIL: ${{ steps.decode_email.outputs.output_string }}

- name: Update issue body
id: update_issue_body
if: ${{ steps.command.outputs.continue == 'true' }}
shell: bash
run: |
gh issue view $ISSUE_NUMBER \
--repo $GH_REPO \
--json body \
--jq .body > ./body.md
# Replace email
sed "s#$OLD_EMAIL#$NEW_EMAIL#" ./body.md > ./updated_body.md
gh issue edit $ISSUE_NUMBER \
--repo $GH_REPO \
--body-file ./updated_body.md
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
GH_REPO: ${{ github.repository }}
ISSUE_NUMBER: ${{ github.event.issue.number }}
OLD_EMAIL: ${{ steps.extract.outputs.email }}
NEW_EMAIL: ${{ steps.set_updated_email.outputs.updated_email }}

- name: command results comment (success)
if: ${{ steps.command.outputs.continue == 'true' && success() }}
uses: peter-evans/[email protected]
with:
issue-number: ${{ github.event.issue.number }}
body: |
### Command Results ✅
`${{ steps.command.outputs.command_name }}` command successfully applied to this issue.
- name: command results comment (failure)
if: ${{ steps.command.outputs.continue == 'true' && failure() }}
uses: peter-evans/[email protected]
with:
issue-number: ${{ github.event.issue.number }}
body: |
### Command Results ❌
`${{ steps.command.outputs.command_name }}` command failed to be applied to this issue.
See details at https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}
105 changes: 49 additions & 56 deletions .github/workflows/validate-request.yml
View file
Original file line number Diff line number Diff line change
@@ -1,30 +1,39 @@
name: Validate Request

on:
issue_comment:
types: [created]
issues:
types:
- opened
workflow_dispatch:
inputs:
issue_number:
description: "Issue number"
required: true

# Permissions needed for reacting to IssueOps commands on issues
permissions:
issues: write
checks: read

jobs:
control:
validate:
runs-on: ubuntu-latest
if:
${{ !github.event.issue.pull_request && (
contains(github.event.comment.body, '/validate') ) }}
steps:
- name: validate command
id: validate_command
uses: github/[email protected]
with:
command: "/validate"
reaction: "rocket"
allowed_contexts: "issue"
permissions: "read,triage,write,maintain,admin"
allowlist: "jcfr,muratmaga,${{ github.event.issue.user.login }}"
- name: Collect Inputs
id: collect_inputs
run: |
echo "EVENT_NAME [$EVENT_NAME]"
if [[ "$EVENT_NAME" == "issues" ]]; then
issue_number=${{ github.event.issue.number }}
elif [[ "$EVENT_NAME" == "workflow_dispatch" ]]; then
issue_number=${{ github.event.inputs.issue_number }}
else
echo "::error ::Unsupported EVENT_NAME [$EVENT_NAME]"
exit 1
fi
echo "issue_number=$issue_number" >> $GITHUB_OUTPUT
env:
EVENT_NAME: ${{ github.event_name }}

- uses: actions/checkout@v4

Expand All @@ -34,7 +43,7 @@ jobs:
with:
token: ${{ secrets.GITHUB_TOKEN }}
repository: ${{ github.repository }}
issue_number: ${{ github.event.issue.number }}
issue_number: ${{ steps.collect_inputs.outputs.issue_number }}

- name: Check ORCID iD format
id: check_orcid_format
Expand All @@ -51,65 +60,49 @@ jobs:
env:
ORCID: ${{ steps.extract.outputs.orcid }}

- name: Check email format
id: check_email_format
- name: Check if email is encoded
id: check_email_encryption
run: |
input_email=$EMAIL
if [[ "$input_email" != *"@"* ]]; then
# decrypt
email=$(echo "$input_email" | openssl enc -base64 -d -aes-256-cbc -salt -pass pass:$STRING_ENCRYPTION_KEY -pbkdf2)
if [[ "$EMAIL" != *"@"* ]]; then
encoded="true"
else
email=$input_email
encoded="false"
fi
echo "encoded=$encoded" >> $GITHUB_OUTPUT
env:
EMAIL: ${{ steps.extract.outputs.email }}

- name: Decode email
id: decode_email
uses: ./.github/actions/encode-decode-string
with:
input_string: ${{ steps.extract.outputs.email }}
encryption_key: ${{ secrets.STRING_ENCRYPTION_KEY }}
operation: "decode"
skip: ${{ steps.check_email_encryption.outputs.encoded == 'false' }}

- name: Check email format
id: check_email_format
run: |
# Adapted from https://gist.github.com/guessi/82a73ee7eb2b1216eb9db17bb8d65dd1
email_regex="^(([A-Za-z0-9]+((\.|\-|\_|\+)?[A-Za-z0-9]?)*[A-Za-z0-9]+)|[A-Za-z0-9]+)@(([A-Za-z0-9]+)+((\.|\-|\_)?([A-Za-z0-9]+)+)*)+\.([A-Za-z]{2,})+$"
if [[ "$email" =~ $email_regex ]]; then
if [[ "$EMAIL" =~ $email_regex ]]; then
valid="true"
emojii="✅"
else
valid="false"
emojii="❌"
fi
encrypted_email=$(echo "$email" | openssl enc -base64 -e -aes-256-cbc -salt -pass pass:$STRING_ENCRYPTION_KEY -pbkdf2)
echo "valid=$valid" >> $GITHUB_OUTPUT
echo "emojii=$emojii" >> $GITHUB_OUTPUT
echo "email=$email" >> $GITHUB_OUTPUT
echo "encrypted_email=$encrypted_email" >> $GITHUB_OUTPUT
env:
EMAIL: ${{ steps.extract.outputs.email }}
STRING_ENCRYPTION_KEY: ${{ secrets.STRING_ENCRYPTION_KEY }}

- name: Update issue body
id: update_issue_body
shell: bash
run: |
body=$(gh issue view $ISSUE_NUMBER \
--repo $GH_REPO \
--json body | \
jq '.body')
# Replace email
updated_body=$(echo "$body" | sed "s#$EMAIL#$ENCRYPTED_EMAIL#")
gh issue edit $ISSUE_NUMBER \
--repo $GH_REPO \
--body "${updated_body}"
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
GH_REPO: ${{ github.repository }}
ISSUE_NUMBER: ${{ github.event.issue.number }}
EMAIL: ${{ steps.check_email_format.outputs.email }}
ENCRYPTED_EMAIL:
${{ steps.check_email_format.outputs.encrypted_email }}
EMAIL: ${{ steps.decode_email.outputs.output_string }}

- name: command results comment (failure)
if: ${{ failure() }}
uses: peter-evans/[email protected]
with:
issue-number: ${{ github.event.issue.number }}
issue-number: ${{ steps.collect_inputs.outputs.issue_number }}
body: |
### Command Results ❌
Expand All @@ -120,7 +113,7 @@ jobs:
if: ${{ success() }}
uses: peter-evans/[email protected]
with:
issue-number: ${{ github.event.issue.number }}
issue-number: ${{ steps.collect_inputs.outputs.issue_number }}
body: |
### Validation Results
Expand Down
Loading

0 comments on commit 9a27204

Please sign in to comment.