From 077bb0af76e83630655d3e92cd1b4b52a08492f5 Mon Sep 17 00:00:00 2001
From: Karl Haworth <58607256+karlhaworth@users.noreply.github.com>
Date: Thu, 1 Aug 2024 19:18:06 -0400
Subject: [PATCH] fix: environment variable app secret (#432)

fix: environment variable app secret

when testing locally the cert file option was used. When using this in
Kubernetes, I realized this wasn't working as expected.

New tests were added to ensure that this is working properly. This was
tested Kubernetes and works as expected.

Signed-off-by: Karl Haworth <karl.haworth@aa.com>
---
 pkg/ghtransport/ghtransport.go      | 3 ++-
 pkg/ghtransport/ghtransport_test.go | 4 +++-
 2 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/pkg/ghtransport/ghtransport.go b/pkg/ghtransport/ghtransport.go
index 2621e40..f4fb7f5 100644
--- a/pkg/ghtransport/ghtransport.go
+++ b/pkg/ghtransport/ghtransport.go
@@ -7,6 +7,7 @@ import (
 	"context"
 	"fmt"
 	"net/http"
+	"os"
 
 	kms "cloud.google.com/go/kms/apiv1"
 	"github.com/bradleyfalzon/ghinstallation/v2"
@@ -17,7 +18,7 @@ import (
 func New(ctx context.Context, env *envConfig.EnvConfig, kmsClient *kms.KeyManagementClient) (*ghinstallation.AppsTransport, error) {
 	switch {
 	case env.AppSecretCertificateEnvVar != "":
-		atr, err := ghinstallation.NewAppsTransport(http.DefaultTransport, env.AppID, []byte(env.AppSecretCertificateEnvVar))
+		atr, err := ghinstallation.NewAppsTransport(http.DefaultTransport, env.AppID, []byte(os.Getenv(env.AppSecretCertificateEnvVar)))
 
 		if err != nil {
 			return nil, err
diff --git a/pkg/ghtransport/ghtransport_test.go b/pkg/ghtransport/ghtransport_test.go
index 173cdf3..3f1544e 100644
--- a/pkg/ghtransport/ghtransport_test.go
+++ b/pkg/ghtransport/ghtransport_test.go
@@ -52,12 +52,14 @@ func TestGCPKMS(t *testing.T) {
 func TestCertEnvVar(t *testing.T) {
 	ctx := context.Background()
 
+	t.Setenv("GITHUB_APP_SECRET", generateTestCertificateString())
+
 	testConfig := &envconfig.EnvConfig{
 		Port:                       8080,
 		Domain:                     "example.com",
 		AppID:                      123456,
 		EventingIngress:            "https://event.ingress.uri",
-		AppSecretCertificateEnvVar: generateTestCertificateString(),
+		AppSecretCertificateEnvVar: "GITHUB_APP_SECRET",
 		Metrics:                    true,
 	}