github-app-forge 0.1.1

Declarative GitHub App lifecycle management via Manifest flow
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330

//! Typed GitHub App Manifest.
//!
//! Mirrors GitHub's App Manifest schema:
//! https://docs.github.com/en/apps/sharing-github-apps/registering-a-github-app-from-a-manifest
//!
//! Authoring surface is YAML — same shape as Slack's manifest, K8s manifests,
//! Akeyless DSL items, etc. Loaded into this typed struct then serialized as
//! the JSON payload GitHub expects.

use anyhow::{anyhow, Context, Result};
use serde::{Deserialize, Serialize};
use std::collections::BTreeMap;
use std::path::Path;

/// Top-level YAML structure consumed by `github-app-forge create`.
///
/// Combines the GitHub manifest itself with `github-app-forge`-specific knobs:
/// where to install (org or user), where to write credentials, what label/path
/// to use in the chosen sink. Manifest fields are nested under `github` so the
/// outer keys remain stable as the GitHub schema grows.
#[derive(Debug, Clone, Deserialize)]
pub struct ManifestFile {
    /// Friendly name used for filenames + log lines (e.g. `pleme-arc-rio`).
    pub name: String,

    /// `org` for org-installed apps, `user` for personal-account apps.
    pub install_target: InstallTarget,

    /// GitHub org or username the app belongs to.
    pub owner: String,

    /// Optional initial install scope. After app creation, the tool will open
    /// the install URL pre-selecting these repos.
    #[serde(default)]
    pub install_repos: Vec<String>,

    /// Sink config. Default = stdout.
    #[serde(default)]
    pub sink: SinkConfig,

    /// The GitHub manifest body — fields here are sent to GitHub verbatim.
    pub github: GitHubManifest,
}

#[derive(Debug, Clone, Copy, Deserialize, Serialize)]
#[serde(rename_all = "lowercase")]
pub enum InstallTarget {
    Org,
    User,
}

#[derive(Debug, Clone, Default, Deserialize)]
#[serde(rename_all = "snake_case", tag = "kind")]
pub enum SinkConfig {
    /// Print credentials as JSON to stdout. Default.
    #[default]
    Stdout,
    /// Write credentials as plaintext YAML to a file. Testing only.
    File { path: String },
    /// Render a K8s Secret YAML matching pleme-arc-controller's expected shape,
    /// then run `sops --encrypt --in-place` on it. Requires sops + a configured
    /// `.sops.yaml` rule for the target path.
    Sops {
        path: String,
        secret_name: String,
        secret_namespace: String,
    },
    /// Write credentials to Akeyless as a static secret item. (Stub for now;
    /// will use the akeyless CLI under the hood once impl lands.)
    #[allow(dead_code)]
    Akeyless { item_path: String },
}

/// The GitHub manifest body. Field names match GitHub's expected JSON keys
/// exactly (renamed via serde where Rust naming differs).
///
/// **Optional fields use `skip_serializing_if = "Option::is_none"`** — GitHub's
/// manifest validator rejects `null` where it expects "string-or-omitted".
/// Empty values must be omitted from the JSON, not serialized as `null`.
#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct GitHubManifest {
    /// Display name of the app (visible in GitHub UI).
    pub name: String,

    /// Homepage URL.
    pub url: String,

    /// One-paragraph description shown to repo admins during install.
    #[serde(default, skip_serializing_if = "Option::is_none")]
    pub description: Option<String>,

    /// `false` (default) = single-account app; `true` = installable by anyone.
    #[serde(default)]
    pub public: bool,

    /// Webhook config. ARC apps don't use webhooks (long-poll instead) — leave
    /// the default with `active: false` to disable.
    #[serde(default)]
    pub hook_attributes: HookAttributes,

    /// Permissions GitHub will grant to installations.
    /// Map of permission key → access level (`read` | `write` | `admin`).
    #[serde(default, skip_serializing_if = "BTreeMap::is_empty")]
    pub default_permissions: BTreeMap<String, Permission>,

    /// Webhook events the app subscribes to. Empty for ARC.
    #[serde(default, skip_serializing_if = "Vec::is_empty")]
    pub default_events: Vec<String>,

    /// OAuth callback URLs. Not used by ARC apps.
    #[serde(default, skip_serializing_if = "Vec::is_empty")]
    pub callback_urls: Vec<String>,

    /// Setup URL shown after install. Optional.
    #[serde(default, skip_serializing_if = "Option::is_none")]
    pub setup_url: Option<String>,

    /// If true, app gets re-redirected through setup_url on every update.
    #[serde(default)]
    pub setup_on_update: bool,
}

#[derive(Debug, Clone, Default, Serialize, Deserialize)]
pub struct HookAttributes {
    #[serde(default, skip_serializing_if = "Option::is_none")]
    pub url: Option<String>,
    /// Default `false` — ARC apps don't use webhooks.
    #[serde(default)]
    pub active: bool,
}

#[derive(Debug, Clone, Copy, Serialize, Deserialize)]
#[serde(rename_all = "lowercase")]
pub enum Permission {
    Read,
    Write,
    Admin,
}

/// Load and validate a manifest YAML file.
pub fn load(path: &Path) -> Result<ManifestFile> {
    let content = std::fs::read_to_string(path)
        .with_context(|| format!("failed to read manifest at {}", path.display()))?;
    let manifest: ManifestFile = serde_yaml_ng::from_str(&content)
        .with_context(|| format!("failed to parse manifest at {}", path.display()))?;
    validate(&manifest)?;
    Ok(manifest)
}

fn validate(m: &ManifestFile) -> Result<()> {
    if m.name.is_empty() {
        return Err(anyhow!("manifest.name is required"));
    }
    if m.owner.is_empty() {
        return Err(anyhow!("manifest.owner is required"));
    }
    if m.github.name.is_empty() {
        return Err(anyhow!("manifest.github.name is required"));
    }
    if m.github.url.is_empty() {
        return Err(anyhow!("manifest.github.url is required"));
    }
    Ok(())
}

impl ManifestFile {
    /// URL for opening the manifest creation UI on GitHub.
    /// `redirect_url` is appended to the manifest body so GitHub redirects
    /// the operator's browser back to our localhost listener after they click
    /// "Create from manifest".
    pub fn manifest_url(&self) -> String {
        match self.install_target {
            InstallTarget::Org => format!(
                "https://github.com/organizations/{}/settings/apps/new",
                self.owner
            ),
            InstallTarget::User => "https://github.com/settings/apps/new".to_string(),
        }
    }

    /// Render the GitHub-facing manifest JSON, embedding the redirect URL.
    pub fn manifest_json(&self, redirect_url: &str) -> Result<String> {
        // GitHub expects redirect_url at the TOP of the manifest, not inside `github:`.
        let mut value = serde_json::to_value(&self.github)?;
        if let serde_json::Value::Object(ref mut obj) = value {
            obj.insert(
                "redirect_url".to_string(),
                serde_json::Value::String(redirect_url.to_string()),
            );
        }
        Ok(serde_json::to_string(&value)?)
    }
}

#[cfg(test)]
mod tests {
    use super::*;
    use std::io::Write;
    use tempfile::NamedTempFile;

    fn write_manifest(content: &str) -> NamedTempFile {
        let mut f = NamedTempFile::new().unwrap();
        f.write_all(content.as_bytes()).unwrap();
        f
    }

    #[test]
    fn rio_manifest_loads() {
        let f = write_manifest(
            r#"
name: pleme-arc-rio
install_target: org
owner: pleme-io
sink:
  kind: stdout
github:
  name: pleme-arc-rio
  url: https://github.com/pleme-io
  default_permissions:
    contents: read
    metadata: read
"#,
        );
        let m = load(f.path()).unwrap();
        assert_eq!(m.name, "pleme-arc-rio");
        assert!(matches!(m.install_target, InstallTarget::Org));
        assert_eq!(m.owner, "pleme-io");
        assert!(matches!(m.sink, SinkConfig::Stdout));
        assert_eq!(m.github.default_permissions.len(), 2);
    }

    #[test]
    fn missing_owner_fails_validation() {
        let f = write_manifest(
            r#"
name: x
install_target: org
owner: ""
sink:
  kind: stdout
github:
  name: x
  url: https://example.com
"#,
        );
        let err = load(f.path()).unwrap_err();
        assert!(err.to_string().contains("manifest.owner is required"));
    }

    #[test]
    fn manifest_json_embeds_redirect_url() {
        let f = write_manifest(
            r#"
name: x
install_target: user
owner: alice
sink:
  kind: stdout
github:
  name: x
  url: https://example.com
"#,
        );
        let m = load(f.path()).unwrap();
        let json = m.manifest_json("http://localhost:1234/callback").unwrap();
        let v: serde_json::Value = serde_json::from_str(&json).unwrap();
        assert_eq!(
            v["redirect_url"].as_str().unwrap(),
            "http://localhost:1234/callback"
        );
        assert_eq!(v["name"].as_str().unwrap(), "x");
    }

    #[test]
    fn manifest_json_omits_unset_optional_fields() {
        // GitHub's manifest validator rejects `null` for fields that should
        // be string-or-omitted. Verify the serializer skips them.
        let f = write_manifest(
            r#"
name: x
install_target: org
owner: alice
sink:
  kind: stdout
github:
  name: x
  url: https://example.com
  default_permissions:
    contents: read
"#,
        );
        let m = load(f.path()).unwrap();
        let json = m.manifest_json("http://localhost:1234/cb").unwrap();
        let v: serde_json::Value = serde_json::from_str(&json).unwrap();
        // Required fields present
        assert_eq!(v["name"], "x");
        assert_eq!(v["url"], "https://example.com");
        // Optional fields with no value: must be ABSENT, not null
        assert!(v.get("description").is_none(), "description should be omitted, got {:?}", v.get("description"));
        assert!(v.get("setup_url").is_none(), "setup_url should be omitted, got {:?}", v.get("setup_url"));
        // Inside hook_attributes
        let ha = &v["hook_attributes"];
        assert!(ha.get("url").is_none(), "hook_attributes.url should be omitted, got {:?}", ha.get("url"));
        // Empty collections also omitted
        assert!(v.get("default_events").is_none() || v["default_events"].as_array().unwrap().is_empty());
        // Required: redirect_url present
        assert_eq!(v["redirect_url"], "http://localhost:1234/cb");
    }

    #[test]
    fn org_manifest_url_is_org_scoped() {
        let f = write_manifest(
            r#"
name: x
install_target: org
owner: pleme-io
sink:
  kind: stdout
github:
  name: x
  url: https://example.com
"#,
        );
        let m = load(f.path()).unwrap();
        assert_eq!(
            m.manifest_url(),
            "https://github.com/organizations/pleme-io/settings/apps/new"
        );
    }
}