22
22
import java .time .Instant ;
23
23
import java .util .Date ;
24
24
25
+
25
26
public class GithubAppCheck {
26
27
private static final Logger log = LoggerFactory .getLogger (GithubAppCheck .class );
27
28
@@ -30,6 +31,8 @@ public class GithubAppCheck {
30
31
private String jwt ;
31
32
private Instant jwtExpiry ;
32
33
private GitHub gitHub ;
34
+ private Integer jwtRefreshBuffer = 60 ;
35
+ private Integer jwtExpiryTime = 600 ;
33
36
34
37
public GithubAppCheck (final Namespace ns ){
35
38
this .appId = ns .get (Constants .SKIP_GITHUB_APP_ID );
@@ -62,9 +65,11 @@ public GithubAppCheck(final Namespace ns){
62
65
* @param fullRepoName = The repository full name, i.e, of the format "owner/repoName". Eg: "Salesforce/dockerfile-image-update"
63
66
* @return True if github app is installed, false otherwise.
64
67
*/
65
- protected boolean isGithubAppEnabledOnRepository (String fullRepoName ){
68
+ protected boolean isGithubAppEnabledOnRepository (String fullRepoName ) {
66
69
refreshJwtIfNeeded (appId , privateKeyPath );
67
70
try {
71
+ // Return true if the app is found on the repository via JWT token and API call
72
+ // Reference: https://docs.github.com/en/apps/creating-github-apps/authenticating-with-a-github-app/generating-a-json-web-token-jwt-for-a-github-app
68
73
gitHub .getApp ().getInstallationByRepository (fullRepoName .split ("/" )[0 ], fullRepoName .split ("/" )[1 ]);
69
74
return true ;
70
75
} catch (HttpException exception ) {
@@ -85,9 +90,10 @@ protected boolean isGithubAppEnabledOnRepository(String fullRepoName){
85
90
* @param appId = The id of the Github App to generate the JWT for
86
91
* @param privateKeyPath = The path to the private key of the Github App to generate the JWT for
87
92
*/
88
- private void refreshJwtIfNeeded (String appId , String privateKeyPath ){
89
- if (jwt == null || jwtExpiry .isBefore (Instant .now ().minusSeconds (60 ))) { // Adding a buffer to ensure token validity
93
+ private void refreshJwtIfNeeded (String appId , String privateKeyPath ) {
94
+ if (jwt == null || jwtExpiry .isBefore (Instant .now ().minusSeconds (jwtRefreshBuffer ))) { // Adding a buffer to ensure token validity
90
95
try {
96
+ // Generate JWT token 60 seconds before the expiry to continue Github app check
91
97
generateJWT (appId , privateKeyPath );
92
98
} catch (IOException | GeneralSecurityException exception ) {
93
99
log .warn ("Could not refresh the JWT due to exception: {}" , exception .getMessage ());
@@ -112,9 +118,9 @@ private void generateJWT(String appId, String privateKeyPath) throws IOException
112
118
jwt = JWT .create ()
113
119
.withIssuer (appId )
114
120
.withIssuedAt (Date .from (now ))
115
- .withExpiresAt (Date .from (now .plusSeconds (600 ))) // 10 minutes expiration
121
+ .withExpiresAt (Date .from (now .plusSeconds (jwtExpiryTime ))) // 10 minutes expiration
116
122
.sign (algorithm );
117
- jwtExpiry = now .plusSeconds (600 );
123
+ jwtExpiry = now .plusSeconds (jwtExpiryTime );
118
124
}
119
125
120
126
/**
0 commit comments