From 8700f1102504c2ca20c17e93cd49328217025331 Mon Sep 17 00:00:00 2001 From: Chris Farhood Date: Fri, 10 Apr 2026 16:40:23 -0400 Subject: [PATCH] Delete get-github-token.sh --- get-github-token.sh | 59 --------------------------------------------- 1 file changed, 59 deletions(-) delete mode 100755 get-github-token.sh diff --git a/get-github-token.sh b/get-github-token.sh deleted file mode 100755 index 629d3d4..0000000 --- a/get-github-token.sh +++ /dev/null @@ -1,59 +0,0 @@ -#!/usr/bin/env bash -set -euo pipefail -# -# Generates a GitHub App installation access token. -# Reads credentials from env vars set in each agent's adapter config: -# GITHUB_APP_ID_ — the GitHub App ID -# GITHUB_PEM_PATH_ — path to the private key PEM file -# -# Usage: export GH_TOKEN=$(bash /paperclip/privilegedescalation/agents/get-github-token.sh) - -# Auto-detect credentials from env (each agent has exactly one of each) -APP_ID=$(printenv | grep '^GITHUB_APP_ID_' | head -1 | cut -d= -f2) -PEM_PATH=$(printenv | grep '^GITHUB_PEM_PATH_' | head -1 | cut -d= -f2) - -if [[ -z "${APP_ID:-}" || -z "${PEM_PATH:-}" ]]; then - echo "Error: GITHUB_APP_ID_* and GITHUB_PEM_PATH_* env vars must be set" >&2 - exit 1 -fi - -if [[ ! -f "$PEM_PATH" ]]; then - echo "Error: PEM file not found at $PEM_PATH" >&2 - exit 1 -fi - -# --- Build JWT (RS256) --- -b64url() { openssl base64 -e -A | tr '+/' '-_' | tr -d '='; } - -NOW=$(date +%s) -HEADER=$(printf '{"alg":"RS256","typ":"JWT"}' | b64url) -PAYLOAD=$(printf '{"iat":%d,"exp":%d,"iss":"%s"}' "$((NOW - 60))" "$((NOW + 600))" "$APP_ID" | b64url) -SIGNATURE=$(printf '%s.%s' "$HEADER" "$PAYLOAD" \ - | openssl dgst -sha256 -sign "$PEM_PATH" | b64url) -JWT="${HEADER}.${PAYLOAD}.${SIGNATURE}" - -# --- Get installation ID (first installation for this app) --- -INSTALLATION_ID=$(curl -sf \ - -H "Authorization: Bearer $JWT" \ - -H "Accept: application/vnd.github+json" \ - https://api.github.com/app/installations \ - | python3 -c "import sys,json; print(json.load(sys.stdin)[0]['id'])") - -if [[ -z "$INSTALLATION_ID" ]]; then - echo "Error: Could not get installation ID for app $APP_ID" >&2 - exit 1 -fi - -# --- Exchange for installation access token --- -TOKEN=$(curl -sf -X POST \ - -H "Authorization: Bearer $JWT" \ - -H "Accept: application/vnd.github+json" \ - "https://api.github.com/app/installations/${INSTALLATION_ID}/access_tokens" \ - | python3 -c "import sys,json; print(json.load(sys.stdin)['token'])") - -if [[ -z "$TOKEN" ]]; then - echo "Error: Could not get installation access token" >&2 - exit 1 -fi - -echo "$TOKEN"