Refactor hardcoded values and add comments

hanelliotphan · hanelliotphan · commit b3261ce11943 · 2024-08-19T14:57:02.000-07:00
diff --git a/dockerfile-image-update/src/main/java/com/salesforce/dockerfileimageupdate/utils/GithubAppCheck.java b/dockerfile-image-update/src/main/java/com/salesforce/dockerfileimageupdate/utils/GithubAppCheck.java
@@ -22,6 +22,7 @@
 import java.time.Instant;
 import java.util.Date;
 
+
 public class GithubAppCheck {
     private static final Logger log = LoggerFactory.getLogger(GithubAppCheck.class);
 
@@ -30,6 +31,8 @@ public class GithubAppCheck {
     private String jwt;
     private Instant jwtExpiry;
     private GitHub gitHub;
+    private Integer jwtRefreshBuffer = 60;
+    private Integer jwtExpiryTime = 600;
 
     public GithubAppCheck(final Namespace ns){
         this.appId = ns.get(Constants.SKIP_GITHUB_APP_ID);
@@ -62,9 +65,11 @@ public GithubAppCheck(final Namespace ns){
      * @param fullRepoName = The repository full name, i.e, of the format "owner/repoName". Eg: "Salesforce/dockerfile-image-update"
      * @return True if github app is installed, false otherwise. 
      */
-    protected boolean isGithubAppEnabledOnRepository(String fullRepoName){
+    protected boolean isGithubAppEnabledOnRepository(String fullRepoName) {
         refreshJwtIfNeeded(appId, privateKeyPath);
         try {
+            // Return true if the app is found on the repository via JWT token and API call
+            // Reference: https://docs.github.com/en/apps/creating-github-apps/authenticating-with-a-github-app/generating-a-json-web-token-jwt-for-a-github-app
             gitHub.getApp().getInstallationByRepository(fullRepoName.split("/")[0], fullRepoName.split("/")[1]);
             return true;
         } catch (HttpException exception) {
@@ -85,9 +90,10 @@ protected boolean isGithubAppEnabledOnRepository(String fullRepoName){
      * @param appId = The id of the Github App to generate the JWT for
      * @param privateKeyPath = The path to the private key of the Github App to generate the JWT for
      */
-    private void refreshJwtIfNeeded(String appId, String privateKeyPath){
-        if (jwt == null || jwtExpiry.isBefore(Instant.now().minusSeconds(60))) {  // Adding a buffer to ensure token validity
+    private void refreshJwtIfNeeded(String appId, String privateKeyPath) {
+        if (jwt == null || jwtExpiry.isBefore(Instant.now().minusSeconds(jwtRefreshBuffer))) {  // Adding a buffer to ensure token validity
             try {
+                // Generate JWT token 60 seconds before the expiry to continue Github app check
                 generateJWT(appId, privateKeyPath);
             } catch (IOException | GeneralSecurityException exception) {
                 log.warn("Could not refresh the JWT due to exception: {}", exception.getMessage());
@@ -112,9 +118,9 @@ private void generateJWT(String appId, String privateKeyPath) throws IOException
         jwt = JWT.create()
                 .withIssuer(appId)
                 .withIssuedAt(Date.from(now))
-                .withExpiresAt(Date.from(now.plusSeconds(600))) // 10 minutes expiration
+                .withExpiresAt(Date.from(now.plusSeconds(jwtExpiryTime))) // 10 minutes expiration
                 .sign(algorithm);
-        jwtExpiry = now.plusSeconds(600);
+        jwtExpiry = now.plusSeconds(jwtExpiryTime);
     }
 
     /**
