Init

n0vad3v · n0vad3v · commit be371792cf58 · 2022-04-14T20:14:14.000+08:00
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -0,0 +1,62 @@
+name: Build Image
+
+on:
+  push:
+    branches:
+      - master
+jobs:
+  build-image:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+      
+      - name: Login to GitHub Container Registry
+        uses: docker/login-action@v1
+        with:
+          registry: ghcr.io
+          username: knatnetwork
+          password: ${{ secrets.GITHUB_TOKEN }}
+    
+      - name: Login to Docker Hub
+        uses: docker/login-action@v1
+        with:
+          username: knatnetwork
+          password: ${{ secrets.DOCKERHUB_PASSWD }}
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v1
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v1
+
+      - name: Login to Docker Hub
+        uses: docker/login-action@v1
+        with:
+          username: knatnetwork
+          password: ${{ secrets.DOCKERHUB_PASSWD }}
+
+      - name: Cache Docker layers
+        uses: actions/cache@v3
+        with:
+          path: /tmp/.buildx-cache
+          key: ${{ runner.os }}-buildx-${{ github.sha }}
+          restore-keys: |
+            ${{ runner.os }}-buildx
+
+      - name: Build and push ARM64 Version
+        uses: docker/build-push-action@v2
+        with:
+          context: .
+          platforms: linux/arm64,linux/amd64
+          push: true
+          tags: |
+            ghcr.io/knatnetwork/github-runner-kms
+            knatnetwork/github-runner-kms
+
+          cache-from: type=local,src=/tmp/.buildx-cache
+          cache-to: type=local,dest=/tmp/.buildx-cache-new,mode=max
+          
+      - name: Move cache
+        run: |
+          rm -rf /tmp/.buildx-cache
+          mv /tmp/.buildx-cache-new /tmp/.buildx-cache
diff --git a/.gitignore b/.gitignore
@@ -0,0 +1,2 @@
+node_modules
+config.json
diff --git a/Dockerfile b/Dockerfile
@@ -0,0 +1,15 @@
+FROM node:16.13.1-alpine3.14
+
+USER root
+
+WORKDIR /usr/src/app
+
+COPY package*.json ./
+
+RUN npm ci
+
+COPY . .
+
+EXPOSE 3000
+
+CMD ["node","index.js"]
diff --git a/README.md b/README.md
@@ -0,0 +1,5 @@
+# GitHub Runner KMS
+
+The fake KMS that dynamically generate Runner registration token from PAT, without the use of PAT inside Runner container.
+
+Usage can be seen on https://github.com/knatnetwork/github-runner.
diff --git a/config.json.example b/config.json.example
@@ -0,0 +1,4 @@
+{
+	"cloudflare": "ghp_bFLPOxxxxxxxxxxxxxxxxxxxxxxx",
+	"rust-lang": "ghp_JGIGxxxxxxxxxxxxxxxxxxxOij4"
+}
diff --git a/index.js b/index.js
@@ -0,0 +1,56 @@
+const express = require('express')
+const app = express()
+const axios = require('axios');
+const org_pat_map = require('./config.json')
+const port = 3000
+
+app.get('/repo/:github_repo_owner/:github_repo_name/registration-token', (req, res) => {
+    const registration_token_url= `https://api.github.com/repos/${req.params.github_repo_owner}/${req.params.github_repo_name}/actions/runners/registration-token`
+    const github_pat = org_pat_map[`${req.params.github_repo_owner}`]
+    const headers = {
+        'Authorization': `token ${github_pat}`
+    }
+    axios.post(registration_token_url,{},{headers: headers})
+    .then((github_res) => {
+        res.send(github_res['data']['token'])
+    })
+})
+
+app.get('/repo/:github_repo_owner/:github_repo_name/remove-token', (req, res) => {
+    const remove_token_url= `https://api.github.com/repos/${req.params.github_repo_owner}/${req.params.github_repo_name}/actions/runners/remove-token`
+    console.log(remove_token_url)
+    const github_pat = org_pat_map[`${req.params.github_repo_owner}`]
+    const headers = {
+        'Authorization': `token ${github_pat}`
+    }
+    axios.post(remove_token_url,{},{headers: headers})
+    .then((github_res) => {
+        res.send(github_res['data']['token'])
+    })
+})
+
+app.get('/:github_org_name/registration-token', (req, res) => {
+    const registration_token_url= `https://api.github.com/orgs/${req.params.github_org_name}/actions/runners/registration-token`
+    const github_pat = org_pat_map[`${req.params.github_org_name}`]
+    const headers = {
+        'Authorization': `token ${github_pat}`
+    }
+    axios.post(registration_token_url,{},{headers: headers})
+    .then((github_res) => {
+        res.send(github_res['data']['token'])
+    })
+})
+
+app.get('/:github_org_name/remove-token', (req, res) => {
+    const remove_token_url= `https://api.github.com/orgs/${req.params.github_org_name}/actions/runners/remove-token`
+    const github_pat = org_pat_map[`${req.params.github_org_name}`]
+    const headers = {
+        'Authorization': `token ${github_pat}`
+    }
+    axios.post(remove_token_url,{},{headers: headers})
+    .then((github_res) => {
+        res.send(github_res['data']['token'])
+    })
+})
+
+app.listen(3000);
diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json

-Original file line number
+Diff line change
@@ @@ -0,0 +1,4 @@ @@
 +{
 +	"cloudflare": "ghp_bFLPOxxxxxxxxxxxxxxxxxxxxxxx",
 +	"rust-lang": "ghp_JGIGxxxxxxxxxxxxxxxxxxxOij4"
 +}