new: added some initial tests.

go.mod

@@ -5,17 +5,20 @@ go 1.17
 require (
 	github.com/1Password/connect-sdk-go v1.5.0
 	github.com/google/go-github/v49 v49.1.0
-	github.com/google/go-querystring v1.1.0
 	github.com/jamesruan/sodium v1.0.14
 	github.com/sirupsen/logrus v1.9.0
+	github.com/stretchr/testify v1.7.1
 	golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be
 	gopkg.in/yaml.v3 v3.0.1
 )
 
 require (
+	github.com/davecgh/go-spew v1.1.1 // indirect
 	github.com/golang/protobuf v1.3.2 // indirect
+	github.com/google/go-querystring v1.1.0 // indirect
 	github.com/opentracing/opentracing-go v1.2.0 // indirect
 	github.com/pkg/errors v0.9.1 // indirect
+	github.com/pmezard/go-difflib v1.0.0 // indirect
 	github.com/uber/jaeger-client-go v2.30.0+incompatible // indirect
 	github.com/uber/jaeger-lib v2.4.1+incompatible // indirect
 	go.uber.org/atomic v1.9.0 // indirect

main.go

@@ -32,10 +32,16 @@ orgs:
             - TEST_SECRET_KEY
 `
 
-func syncSecrets(ctx context.Context, client *poiana.Client, provider poiana.SecretsProvider, orgName, repoName string, secrets []string) error {
+func syncSecrets(ctx context.Context,
+	service poiana.ActionsSecretsService,
+	provider poiana.SecretsProvider,
+	pKey *github.PublicKey,
+	orgName, repoName string,
+	secrets []string) error {
+
 	// Step 1: load repo secrets
 	logrus.Infof("listing secrets for repo '%s/%s'...", orgName, repoName)
-	secs, _, err := client.Actions.ListRepoSecrets(ctx, orgName, repoName, nil)
+	secs, err := service.ListRepoSecrets(ctx, orgName, repoName)
 	if err != nil {
 		return err
 	}
@@ -51,26 +57,19 @@ func syncSecrets(ctx context.Context, client *poiana.Client, provider poiana.Sec
 		}
 		if !found {
 			logrus.Infof("deleting secret '%s' for repo '%s/%s'...", existentSec.Name, orgName, repoName)
-			_, err = client.Actions.DeleteRepoSecret(ctx, orgName, repoName, existentSec.Name)
+			err = service.DeleteRepoSecret(ctx, orgName, repoName, existentSec.Name)
 			if err != nil {
 				return err
 			}
 		}
 	}
 
-	// Step 3: fetch encryption key
-	logrus.Infof("retrieving public key for repo '%s/%s'...", orgName, repoName)
-	pKey, _, err := client.Actions.GetRepoPublicKey(ctx, orgName, repoName)
-	if err != nil {
-		return err
-	}
-
 	keyBytes, err := base64.StdEncoding.DecodeString(pKey.GetKey())
 	if err != nil {
 		return err
 	}
 
-	// Step 4: add or update all conf-listed secrets
+	// Step 3: add or update all conf-listed secrets
 	for _, secName := range secrets {
 		logrus.Infof("adding/updating secret '%s' in repo '%s/%s'...", secName, orgName, repoName)
 		secValue, err := provider.GetSecret(secName)
@@ -84,7 +83,7 @@ func syncSecrets(ctx context.Context, client *poiana.Client, provider poiana.Sec
 		if err != nil {
 			return err
 		}
-		_, err = client.Actions.CreateOrUpdateRepoSecret(ctx, orgName, repoName, &github.EncryptedSecret{
+		err = service.CreateOrUpdateRepoSecret(ctx, orgName, repoName, &github.EncryptedSecret{
 			Name:           secName,
 			KeyID:          pKey.GetKeyID(),
 			EncryptedValue: encSecBytesB64,
@@ -96,10 +95,10 @@ func syncSecrets(ctx context.Context, client *poiana.Client, provider poiana.Sec
 	return nil
 }
 
-func syncVariables(ctx context.Context, client *poiana.Client, orgName, repoName string, variables map[string]string) error {
+func syncVariables(ctx context.Context, service poiana.ActionsVarsService, orgName, repoName string, variables map[string]string) error {
 	// Step 1: load repo variables
 	logrus.Infof("listing variables for repo '%s/%s'...", orgName, repoName)
-	vars, _, err := client.Actions.ListRepoVariables(ctx, orgName, repoName, nil)
+	vars, err := service.ListRepoVariables(ctx, orgName, repoName)
 	if err != nil {
 		return err
 	}
@@ -109,7 +108,7 @@ func syncVariables(ctx context.Context, client *poiana.Client, orgName, repoName
 		_, ok := variables[existentVar.Name]
 		if !ok {
 			logrus.Infof("deleting variable '%s' for repo '%s/%s'...", existentVar.Name, orgName, repoName)
-			_, err = client.Actions.DeleteRepoVariable(ctx, orgName, repoName, existentVar.Name)
+			err = service.DeleteRepoVariable(ctx, orgName, repoName, existentVar.Name)
 			if err != nil {
 				return err
 			}
@@ -119,7 +118,7 @@ func syncVariables(ctx context.Context, client *poiana.Client, orgName, repoName
 	// Step 3: add or update all conf-listed variables
 	for newVarName, newVarValue := range variables {
 		logrus.Infof("adding/updating variable '%s' in repo '%s/%s'...", newVarName, orgName, repoName)
-		_, err = client.Actions.CreateOrUpdateRepoVariable(ctx, orgName, repoName, &poiana.Variable{
+		err = service.CreateOrUpdateRepoVariable(ctx, orgName, repoName, &poiana.Variable{
 			Name:  newVarName,
 			Value: newVarValue,
 		})
@@ -160,13 +159,18 @@ func main() {
 		// todo: also remove all secrets and vars for all repos not present
 		// in the YAML config
 		for repoName, repo := range org.Repos {
-			err = syncSecrets(ctx, client, provider, orgName, repoName, repo.Actions.Secrets)
+			// fetch encryption key
+			logrus.Infof("retrieving public key for repo '%s/%s'...", orgName, repoName)
+			pKey, _, err := client.Actions.GetRepoPublicKey(ctx, orgName, repoName)
+			if err == nil {
+				err = syncSecrets(ctx, client.Actions, provider, pKey, orgName, repoName, repo.Actions.Secrets)
+			}
 			if err != nil {
 				fail(err.Error())
 			}
 			logrus.Infof("secrets synced for %s/%s\n", orgName, repoName)
 
-			err = syncVariables(ctx, client, orgName, repoName, repo.Actions.Variables)
+			err = syncVariables(ctx, client.Actions, orgName, repoName, repo.Actions.Variables)
 			if err != nil {
 				fail(err.Error())
 			}

pkg/poiana/client.go

@@ -0,0 +1,38 @@
+package poiana
+
+import (
+	"github.com/google/go-github/v49/github"
+)
+
+// Variable represents a repository action variable.
+type Variable struct {
+	Name      string           `json:"name"`
+	Value     string           `json:"value"`
+	CreatedAt github.Timestamp `json:"created_at"`
+	UpdatedAt github.Timestamp `json:"updated_at"`
+}
+
+type Variables struct {
+	TotalCount int         `json:"total_count"`
+	Variables  []*Variable `json:"variables"`
+}
+
+type actionsService struct {
+	*github.ActionsService
+	client *github.Client
+}
+
+type Client struct {
+	*github.Client
+	Actions *actionsService
+}
+
+func NewClient(c *github.Client) *Client {
+	return &Client{
+		Client: c,
+		Actions: &actionsService{
+			ActionsService: c.Actions,
+			client:         c,
+		},
+	}
+}

pkg/poiana/secrets.go

@@ -1,8 +1,34 @@
 package poiana
 
+import (
+	"context"
+	"github.com/google/go-github/v49/github"
+)
+
 // SecretsProvider retrieves secrets with a given key
 type SecretsProvider interface {
 	// GetSecret returns a secret with the given key.
 	// Returns a non-nil error in case of failure
 	GetSecret(string) (string, error)
 }
+
+type ActionsSecretsService interface {
+	ListRepoSecrets(ctx context.Context, owner, repo string) (*github.Secrets, error)
+	DeleteRepoSecret(ctx context.Context, owner, repo, name string) error
+	CreateOrUpdateRepoSecret(ctx context.Context, owner, repo string, eSecret *github.EncryptedSecret) error
+}
+
+func (s *actionsService) ListRepoSecrets(ctx context.Context, owner, repo string) (*github.Secrets, error) {
+	secrets, _, err := s.ActionsService.ListRepoSecrets(ctx, owner, repo, nil)
+	return secrets, err
+}
+
+func (s *actionsService) DeleteRepoSecret(ctx context.Context, owner, repo, name string) error {
+	_, err := s.ActionsService.DeleteRepoSecret(ctx, owner, repo, name)
+	return err
+}
+
+func (s *actionsService) CreateOrUpdateRepoSecret(ctx context.Context, owner, repo string, eSecret *github.EncryptedSecret) error {
+	_, err := s.ActionsService.CreateOrUpdateRepoSecret(ctx, owner, repo, eSecret)
+	return err
+}