fix: Final fix for Github (#812)

aws/eks-customer/providers.tf

@@ -21,9 +21,5 @@ terraform {
       source  = "hashicorp/random"
       version = ">= 3.6.2"
     }
-    github = {
-      source  = "integrations/github"
-      version = "~> 6.0"
-    }
   }
 }

aws/eks-customer/remove-utility.tf

@@ -5,11 +5,13 @@ resource "null_resource" "remove-utilities" {
     gitops_repo_url            = var.gitops_repo_url
     gitops_repo_username       = var.gitops_repo_username
     gitops_repo_email          = var.gitops_repo_email
-    github_token               = data.github_app_token.this.token
     github_app_installation_id = var.github_app_installation_id
+    github_app_id              = var.github_app_id
+    github_app_pem_file        = var.github_app_pem_key_path
     environment                = var.environment
     cluster_name               = module.eks.cluster_name
   }
+
   provisioner "local-exec" {
     when    = destroy
     command = <<EOT
@@ -20,12 +22,14 @@ resource "null_resource" "remove-utilities" {
       GIT_REPO_URL               = self.triggers.gitops_repo_url
       GIT_REPO_USERNAME          = self.triggers.gitops_repo_username
       GIT_REPO_EMAIL             = self.triggers.gitops_repo_email
-      GITHUB_TOKEN               = self.triggers.github_token
       GITHUB_APP_INSTALLATION_ID = self.triggers.github_app_installation_id
+      GITHUB_APP_ID              = self.triggers.github_app_id
+      GITHUB_APP_PEM_FILE        = self.triggers.github_app_pem_file
       CLUSTER_NAME               = self.triggers.cluster_name
       ENV                        = self.triggers.environment
     }
   }
+
 }
 
 resource "null_resource" "wait_before_destroy_node_group" {

aws/eks-customer/scripts/deploy-utility.sh

@@ -52,10 +52,12 @@ function deploy_utility() {
     add_utility_to_application_file $utility_name $cluster_label_type
     replace_custom_values $utility_name
     commit_changes "CLUSTER_NAME: ${CLUSTER_NAME} Adding utility ${utility_name}" $application_yaml
-    wait_for_healthy $utility_name
+    # wait_for_healthy $utility_name
 
 	done
 
+  push_changes_to_git
+
 }
 
 function add_utility_to_application_file() {

aws/eks-customer/scripts/remove-utility.sh

@@ -22,6 +22,8 @@ function remove_helm_values() {
     else
       echo "No helm values found for cluster ${CLUSTER_NAME}"
     fi
+
+    push_changes_to_git
 }
 
 function wait_for_argocd() {

aws/eks-customer/scripts/utils.sh

@@ -2,6 +2,51 @@
 
 set -o errexit
 
+function generate_token() {
+
+  client_id=${GITHUB_APP_ID} # Client ID as first argument
+
+  pem=$( cat ${GITHUB_APP_PEM_FILE} ) # file path of the private key as second argument
+
+  now=$(date +%s)
+  iat=$((${now} - 60)) # Issues 60 seconds in the past
+  exp=$((${now} + 600)) # Expires 10 minutes in the future
+
+  b64enc() { openssl base64 | tr -d '=' | tr '/+' '_-' | tr -d '\n'; }
+
+  header_json='{
+      "typ":"JWT",
+      "alg":"RS256"
+  }'
+  # Header encode
+  header=$( echo -n "${header_json}" | b64enc )
+
+  payload_json="{
+      \"iat\":${iat},
+      \"exp\":${exp},
+      \"iss\":\"${client_id}\"
+  }"
+  # Payload encode
+  payload=$( echo -n "${payload_json}" | b64enc )
+
+  # Signature
+  header_payload="${header}"."${payload}"
+  signature=$(
+      openssl dgst -sha256 -sign <(echo -n "${pem}") \
+      <(echo -n "${header_payload}") | b64enc
+  )
+
+  # Create JWT
+  JWT="${header_payload}"."${signature}"
+
+  curl --silent --request POST \
+    --url "https://api.github.com/app/installations/${GITHUB_APP_INSTALLATION_ID}/access_tokens" \
+    --header "Accept: application/vnd.github+json" \
+    --header "Authorization: Bearer ${JWT}" \
+    --header "X-GitHub-Api-Version: 2022-11-28" | jq .token --compact-output --raw-output
+}
+
+
 gitops_sre_dir="gitops-sre-${CLUSTER_NAME}"
 gitops_apps_dir="$gitops_sre_dir/apps"
 application_yaml="$gitops_apps_dir/${ENV}/application-values.yaml"
@@ -25,24 +70,16 @@ function while_repo_exists() { #This is to avoid github race condition errors wh
     done
 }
 
-function generate_token() {
-  curl --silent --request POST \
-    --url "https://api.github.com/app/installations/${GITHUB_APP_INSTALLATION_ID}/access_tokens" \
-    --header "Accept: application/vnd.github+json" \
-    --header "Authorization: Bearer ${GITHUB_TOKEN}" \
-    --header "X-GitHub-Api-Version: 2022-11-28" | jq .token --compact-output --raw-output
-}
-
 function clone_repo() {
     sleep $((5 + RANDOM % 50)) # Random sleep
     echo "Cloning repo https://${GIT_REPO_URL}/${GIT_REPO_PATH}"
-    if [ -z "$GIT_REPO_URL" || -z "$GIT_REPO_PATH" ]; then
+    if [[ -z "$GIT_REPO_URL" || -z "$GIT_REPO_PATH" ]]; then
         echo "GIT_REPO_URL and/or GIT_REPO_PATH  is empty"
         exit 1
     fi
     while_repo_exists
-    TEMP_TOKEN=$(generate_token)
-    git clone "https://x-access-token:${TEMP_TOKEN}@${GIT_REPO_URL}/${GIT_REPO_PATH}" $gitops_sre_dir
+    GITHUB_TOKEN=$(generate_token)
+    git clone "https://x-access-token:${GITHUB_TOKEN}@${GIT_REPO_URL}/${GIT_REPO_PATH}" $gitops_sre_dir
 
     current_dir=$(pwd)
     cd $gitops_sre_dir || exit
@@ -81,7 +118,6 @@ function commit_changes() {
 
     cd $current_dir || exit
 
-    push_changes_to_git
   else
     echo "No changes to commit"
   fi
@@ -100,4 +136,4 @@ function clean_up() {
     echo "Removing gitops-sre directory"
     rm -rf $gitops_sre_dir
     exit 0
-}
+}

aws/eks-customer/utility.tf

@@ -8,8 +8,9 @@ resource "null_resource" "deploy-utilites" {
       GIT_REPO_URL               = var.gitops_repo_url
       GIT_REPO_USERNAME          = var.gitops_repo_username
       GIT_REPO_EMAIL             = var.gitops_repo_email
-      GITHUB_TOKEN               = data.github_app_token.this.token
       GITHUB_APP_INSTALLATION_ID = var.github_app_installation_id
+      GITHUB_APP_ID              = var.github_app_id
+      GITHUB_APP_PEM_FILE        = var.github_app_pem_key_path
       CLUSTER_NAME               = module.eks.cluster_name
       ENV                        = var.environment
       CERTIFICATE_ARN            = var.lb_certificate_arn