Made "github:deployKey:create" action idempotent

Signed-off-by: Bogdan Nechyporenko <bnechyporenko@bol.com>
2025-03-18 20:15:45 +01:00
parent 403bb43d3d
commit 79dc5accff
2 changed files with 40 additions and 15 deletions
@@ -0,0 +1,5 @@
+---
+'@backstage/plugin-scaffolder-backend-module-github': patch
+---
+
+Made "github:deployKey:create" action idempotent
@@ -126,20 +126,35 @@ export function createGithubDeployKeyAction(options: {

      const client = new Octokit(octokitOptions);

-      await client.rest.repos.createDeployKey({
-        owner: owner,
-        repo: repo,
-        title: deployKeyName,
-        key: publicKey,
+      await ctx.checkpoint({
+        key: `create.deploy.key.${owner}.${repo}.${publicKey}`,
+        fn: async () => {
+          await client.rest.repos.createDeployKey({
+            owner: owner,
+            repo: repo,
+            title: deployKeyName,
+            key: publicKey,
+          });
+        },
      });
-      const publicKeyResponse = await client.rest.actions.getRepoPublicKey({
-        owner: owner,
-        repo: repo,
+
+      const { key, keyId } = await ctx.checkpoint({
+        key: `get.repo.public.key.${owner}.${repo}`,
+        fn: async () => {
+          const publicKeyResponse = await client.rest.actions.getRepoPublicKey({
+            owner: owner,
+            repo: repo,
+          });
+          return {
+            key: publicKeyResponse.data.key,
+            keyId: publicKeyResponse.data.key_id,
+          };
+        },
      });

      await Sodium.ready;
      const binaryKey = Sodium.from_base64(
-        publicKeyResponse.data.key,
+        key,
        Sodium.base64_variants.ORIGINAL,
      );
      const binarySecret = Sodium.from_string(privateKey);
@@ -152,12 +167,17 @@ export function createGithubDeployKeyAction(options: {
        Sodium.base64_variants.ORIGINAL,
      );

-      await client.rest.actions.createOrUpdateRepoSecret({
-        owner: owner,
-        repo: repo,
-        secret_name: privateKeySecretName,
-        encrypted_value: encryptedBase64Secret,
-        key_id: publicKeyResponse.data.key_id,
+      await ctx.checkpoint({
+        key: `create.or.update.repo.secret.${owner}.${repo}.${keyId}`,
+        fn: async () => {
+          await client.rest.actions.createOrUpdateRepoSecret({
+            owner: owner,
+            repo: repo,
+            secret_name: privateKeySecretName,
+            encrypted_value: encryptedBase64Secret,
+            key_id: keyId,
+          });
+        },
      });

      ctx.output('privateKeySecretName', privateKeySecretName);