diff --git a/ci-operator/config/openshift-eng/oape-ai-e2e/openshift-eng-oape-ai-e2e-main.yaml b/ci-operator/config/openshift-eng/oape-ai-e2e/openshift-eng-oape-ai-e2e-main.yaml index 166ef78592eef..fce1370f113a9 100644 --- a/ci-operator/config/openshift-eng/oape-ai-e2e/openshift-eng-oape-ai-e2e-main.yaml +++ b/ci-operator/config/openshift-eng/oape-ai-e2e/openshift-eng-oape-ai-e2e-main.yaml @@ -46,37 +46,15 @@ tests: - as: mint-gh-token commands: | set -euo pipefail - GH_APP_ID=$(cat /var/run/github-app/app-id) - PEM_PATH="/var/run/github-app/private-key.pem" - - HEADER=$(printf '{"alg":"RS256","typ":"JWT"}' | openssl base64 -e -A | tr '+/' '-_' | tr -d '=') - NOW=$(date +%s) - EXP=$((NOW + 300)) - PAYLOAD=$(printf '{"iat":%d,"exp":%d,"iss":"%s"}' "$NOW" "$EXP" "$GH_APP_ID" | openssl base64 -e -A | tr '+/' '-_' | tr -d '=') - UNSIGNED="${HEADER}.${PAYLOAD}" - SIGNATURE=$(printf '%s' "$UNSIGNED" | openssl dgst -sha256 -sign "$PEM_PATH" -binary | openssl base64 -e -A | tr '+/' '-_' | tr -d '=') - JWT="${UNSIGNED}.${SIGNATURE}" - - INST_ID=$(curl -sf \ - -H "Authorization: Bearer ${JWT}" \ - -H "Accept: application/vnd.github+json" \ - -H "X-GitHub-Api-Version: 2022-11-28" \ - https://api.github.com/app/installations \ - | python3 -c "import sys,json; print(json.load(sys.stdin)[0]['id'])") - + export GH_APP_ID=$(cat /var/run/github-app/app-id) + export GH_APP_PEM_FILE_PATH="/var/run/github-app/private-key.pem" set +x - TOKEN=$(curl -sf -X POST \ - -H "Authorization: Bearer ${JWT}" \ - -H "Accept: application/vnd.github+json" \ - -H "X-GitHub-Api-Version: 2022-11-28" \ - "https://api.github.com/app/installations/${INST_ID}/access_tokens" \ - | python3 -c "import sys,json; print(json.load(sys.stdin)['token'])") - echo "${TOKEN}" > "${SHARED_DIR}/gh-token" + python /app/ghpat_server.py > "${SHARED_DIR}/gh-token" credentials: - mount_path: /var/run/github-app name: openshift-app-platform-shift-github-bot namespace: test-credentials - from: agent-worker + from: gh-token-minter resources: requests: cpu: 100m