From daed80353076d51dee516922350b2d4f375b1358 Mon Sep 17 00:00:00 2001
From: Garrett Delfosse <garrett@delfosse.dev>
Date: Thu, 2 May 2024 12:50:36 -0400
Subject: [PATCH] pr review

---
 github-upload-public-key/main.test.ts | 32 ++++++++++++++++++-------
 github-upload-public-key/main.tf      | 17 ++------------
 github-upload-public-key/run.sh       | 34 ++++++++-------------------
 3 files changed, 35 insertions(+), 48 deletions(-)

diff --git a/github-upload-public-key/main.test.ts b/github-upload-public-key/main.test.ts
index 45e1b5a..316f50f 100644
--- a/github-upload-public-key/main.test.ts
+++ b/github-upload-public-key/main.test.ts
@@ -19,19 +19,37 @@ describe("github-upload-public-key", async () => {
   });
 
   it("creates new key if one does not exist", async () => {
-    const { instance, id } = await setupContainer();
+    const { instance, id, server } = await setupContainer();
     await writeCoder(id, "echo foo");
-    let exec = await execContainer(id, ["bash", "-c", instance.script]);
+    let exec = await execContainer(id, [
+      "env",
+      "CODER_ACCESS_URL=" + server.url.toString().slice(0, -1),
+      "GITHUB_API_URL=" + server.url.toString().slice(0, -1),
+      "CODER_OWNER_SESSION_TOKEN=foo",
+      "CODER_EXTERNAL_AUTH_ID=github",
+      "bash",
+      "-c",
+      instance.script,
+    ]);
     expect(exec.stdout).toContain("Coder public SSH key uploaded to GitHub!");
     expect(exec.exitCode).toBe(0);
     // we need to increase timeout to pull the container
   }, 15000);
 
   it("does nothing if one already exists", async () => {
-    const { instance, id } = await setupContainer();
+    const { instance, id, server } = await setupContainer();
     // use keyword to make server return a existing key
     await writeCoder(id, "echo findkey");
-    let exec = await execContainer(id, ["bash", "-c", instance.script]);
+    let exec = await execContainer(id, [
+      "env",
+      "CODER_ACCESS_URL=" + server.url.toString().slice(0, -1),
+      "GITHUB_API_URL=" + server.url.toString().slice(0, -1),
+      "CODER_OWNER_SESSION_TOKEN=foo",
+      "CODER_EXTERNAL_AUTH_ID=github",
+      "bash",
+      "-c",
+      instance.script,
+    ]);
     expect(exec.stdout).toContain(
       "Coder public SSH key is already uploaded to GitHub!",
     );
@@ -46,15 +64,11 @@ const setupContainer = async (
   const server = await setupServer();
   const state = await runTerraformApply(import.meta.dir, {
     agent_id: "foo",
-    // trim the trailing slash on the URL
-    access_url: server.url.toString().slice(0, -1),
-    owner_session_token: "bar",
-    github_api_url: server.url.toString().slice(0, -1),
     ...vars,
   });
   const instance = findResourceInstance(state, "coder_script");
   const id = await runContainer(image);
-  return { id, instance };
+  return { id, instance, server };
 };
 
 const setupServer = async (): Promise<Server> => {
diff --git a/github-upload-public-key/main.tf b/github-upload-public-key/main.tf
index 5c6501e..b35d246 100644
--- a/github-upload-public-key/main.tf
+++ b/github-upload-public-key/main.tf
@@ -26,26 +26,13 @@ variable "github_api_url" {
   default     = "https://api.github.com"
 }
 
-// Optional variables mostly for testing purposes, will normally come from data.coder_workspace.me
-variable "access_url" {
-  type        = string
-  description = "The access URL of the workspace."
-  default     = ""
-}
-
-variable "owner_session_token" {
-  type        = string
-  description = "The owner session token of the workspace."
-  default     = ""
-}
-
 data "coder_workspace" "me" {}
 
 resource "coder_script" "github_upload_public_key" {
   agent_id = var.agent_id
   script = templatefile("${path.module}/run.sh", {
-    CODER_OWNER_SESSION_TOKEN : var.owner_session_token != "" ? var.owner_session_token : data.coder_workspace.me.owner_session_token,
-    CODER_ACCESS_URL : var.access_url != "" ? var.access_url : data.coder_workspace.me.access_url,
+    CODER_OWNER_SESSION_TOKEN : data.coder_workspace.me.owner_session_token,
+    CODER_ACCESS_URL : data.coder_workspace.me.access_url,
     CODER_EXTERNAL_AUTH_ID : var.external_auth_id,
     GITHUB_API_URL : var.github_api_url,
   })
diff --git a/github-upload-public-key/run.sh b/github-upload-public-key/run.sh
index 6dabefa..9083040 100755
--- a/github-upload-public-key/run.sh
+++ b/github-upload-public-key/run.sh
@@ -2,44 +2,34 @@
 
 set -e
 
-CODER_ACCESS_URL="${CODER_ACCESS_URL}"
-CODER_OWNER_SESSION_TOKEN="${CODER_OWNER_SESSION_TOKEN}"
-CODER_EXTERNAL_AUTH_ID="${CODER_EXTERNAL_AUTH_ID}"
-GITHUB_API_URL="${GITHUB_API_URL}"
-
 if [ -z "$CODER_ACCESS_URL" ]; then
-  echo "No coder access url specified!"
+  echo "No CODER_ACCESS_URL specified!"
   exit 1
 fi
 
 if [ -z "$CODER_OWNER_SESSION_TOKEN" ]; then
-  echo "No coder owner session token specified!"
+  echo "No CODER_OWNER_SESSION_TOKEN specified!"
   exit 1
 fi
 
 if [ -z "$CODER_EXTERNAL_AUTH_ID" ]; then
-  echo "No GitHub external auth id specified!"
+  echo "No CODER_EXTERNAL_AUTH_ID specified!"
   exit 1
 fi
 
 if [ -z "$GITHUB_API_URL" ]; then
-  echo "No GitHub API URL specified!"
+  echo "No GITHUB_API_URL specified!"
   exit 1
 fi
 
 echo "Fetching GitHub token..."
 GITHUB_TOKEN=$(coder external-auth access-token $CODER_EXTERNAL_AUTH_ID)
 if [ $? -ne 0 ]; then
-  echo "Failed to fetch GitHub token!"
-  exit 1
-fi
-if [ -z "$GITHUB_TOKEN" ]; then
-  echo "No GitHub token found!"
+  printf "Authenticate with Github to automatically upload Coder public key:\n$GITHUB_TOKEN\n"
   exit 1
 fi
-echo "GitHub token found!"
 
-echo "Fetching Coder public SSH key..."
+echo "Fetching public key from Coder..."
 PUBLIC_KEY_RESPONSE=$(
   curl -L -s \
     -w "\n%%{http_code}" \
@@ -55,16 +45,13 @@ if [ "$PUBLIC_KEY_RESPONSE_STATUS" -ne 200 ]; then
   echo "$PUBLIC_KEY_BODY"
   exit 1
 fi
-
 PUBLIC_KEY=$(jq -r '.public_key' <<< "$PUBLIC_KEY_BODY")
-echo "Coder public SSH key found!"
-
 if [ -z "$PUBLIC_KEY" ]; then
   echo "No Coder public SSH key found!"
   exit 1
 fi
 
-echo "Fetching GitHub public SSH keys..."
+echo "Fetching public keys from GitHub..."
 GITHUB_KEYS_RESPONSE=$(
   curl -L -s \
     -w "\n%%{http_code}" \
@@ -85,12 +72,11 @@ fi
 GITHUB_MATCH=$(jq -r --arg PUBLIC_KEY "$PUBLIC_KEY" '.[] | select(.key == $PUBLIC_KEY) | .key' <<< "$GITHUB_KEYS_RESPONSE_BODY")
 
 if [ "$PUBLIC_KEY" = "$GITHUB_MATCH" ]; then
-  echo "Coder public SSH key is already uploaded to GitHub!"
+  echo "Your Coder public key is already on GitHub!"
   exit 0
 fi
 
-echo "Coder public SSH key not found in GitHub keys!"
-echo "Uploading Coder public SSH key to GitHub..."
+echo "Your Coder public key is not in GitHub. Adding it now..."
 CODER_PUBLIC_KEY_NAME="$CODER_ACCESS_URL Workspaces"
 UPLOAD_RESPONSE=$(
   curl -L -s \
@@ -111,4 +97,4 @@ if [ "$UPLOAD_RESPONSE_STATUS" -ne 201 ]; then
   exit 1
 fi
 
-echo "Coder public SSH key uploaded to GitHub!"
+echo "Your Coder public key has been added to GitHub!"