每次修改secrets都得去actions修改很麻烦,想外部修改,以下是根据参考链接修改的py代码
import base64
from nacl import encoding, public
import requests
# GitHub API 基础 URL
GITHUB_API = "https://api.github.com"
# 替换为你的 GitHub token
GITHUB_TOKEN = 'ghp_xxxxxxxxxxxxx'
# 请求头
headers = {
'Authorization': f'token {GITHUB_TOKEN}',
'Accept': 'application/vnd.github.v3+json',
}
# 获取存储库公用密钥
def get_a_repository_public_key(owner: str, repo: str):
url = f"{GITHUB_API}/repos/{owner}/{repo}/actions/secrets/public-key"
response = requests.get(url, headers=headers, timeout=10)
response.raise_for_status()
return response.json()
def create_or_update_a_repository_secret(
owner: str,
repo: str,
secret_name: str,
secret_value: str
):
# 获取公钥
public_key = get_a_repository_public_key(owner, repo)
key = public_key['key']
key_id = public_key['key_id']
# 使用 LibSodium 加密
pk = public.PublicKey(key.encode('utf-8'), encoding.Base64Encoder())
sealed_box = public.SealedBox(pk)
encrypted = sealed_box.encrypt(secret_value.encode('utf-8'))
encrypted_value = base64.b64encode(encrypted).decode('utf-8')
# 创建或更新 secret
url = f"{GITHUB_API}/repos/{owner}/{repo}/actions/secrets/{secret_name}"
data = {
'encrypted_value': encrypted_value,
'key_id': key_id,
}
response = requests.put(url, json=data, headers=headers, timeout=10)
response.raise_for_status()
# 检查是否有响应内容,204 No Content 表示成功
if response.status_code == 204:
print(f"✅ Secret '{secret_name}' 已成功创建/更新!")
return {'status': 'success'}
else:
return response.json()
def start():
create_or_update_a_repository_secret(
owner='xxxx', # 你的 GitHub 用户名
repo='xxxx', # 仓库的名称
secret_name='xxxx', # 要更改的 secret
secret_value='xxxx', # 这里是 secret 的原始值
)
if __name__ == '__main__':
start()
参考链接:参考链接:2023-01-07 使用 GitHub REST API 修改 GitHub Actions Secrets | 草梅友仁的博客
