Introduce support for looking up GH app installation ID

Signed-off-by: Matheus Pimenta <matheuscscp@gmail.com>
2026-02-13 13:06:56 +00:00 · 2026-01-19 10:15:53 +00:00
parent c125bcb1ca
commit d57313ae2c
10 changed files with 129 additions and 151 deletions
--- a/cmd/flux/create_secret_github_app.go
+++ b/cmd/flux/create_secret_github_app.go
@@ -46,16 +46,18 @@ var createSecretGitHubAppCmd = &cobra.Command{
 }

 type secretGitHubAppFlags struct {
-	appID             string
-	appInstallationID string
-	privateKeyFile    string
-	baseURL           string
+	appID                string
+	appInstallationOwner string
+	appInstallationID    string
+	privateKeyFile       string
+	baseURL              string
 }

 var secretGitHubAppArgs = secretGitHubAppFlags{}

 func init() {
 	createSecretGitHubAppCmd.Flags().StringVar(&secretGitHubAppArgs.appID, "app-id", "", "github app ID")
+	createSecretGitHubAppCmd.Flags().StringVar(&secretGitHubAppArgs.appInstallationOwner, "app-installation-owner", "", "github app installation owner (user or organization)")
 	createSecretGitHubAppCmd.Flags().StringVar(&secretGitHubAppArgs.appInstallationID, "app-installation-id", "", "github app installation ID")
 	createSecretGitHubAppCmd.Flags().StringVar(&secretGitHubAppArgs.privateKeyFile, "app-private-key", "", "github app private key file path")
 	createSecretGitHubAppCmd.Flags().StringVar(&secretGitHubAppArgs.baseURL, "app-base-url", "", "github app base URL")
@@ -70,33 +72,19 @@ func createSecretGitHubAppCmdRun(cmd *cobra.Command, args []string) error {

 	secretName := args[0]

-	if secretGitHubAppArgs.appID == "" {
-		return fmt.Errorf("--app-id is required")
-	}
-
-	if secretGitHubAppArgs.appInstallationID == "" {
-		return fmt.Errorf("--app-installation-id is required")
-	}
-
-	if secretGitHubAppArgs.privateKeyFile == "" {
-		return fmt.Errorf("--app-private-key is required")
-	}
-
 	privateKey, err := os.ReadFile(secretGitHubAppArgs.privateKeyFile)
 	if err != nil {
 		return fmt.Errorf("unable to read private key file: %w", err)
 	}

 	opts := sourcesecret.Options{
-		Name:                    secretName,
-		Namespace:               *kubeconfigArgs.Namespace,
-		GitHubAppID:             secretGitHubAppArgs.appID,
-		GitHubAppInstallationID: secretGitHubAppArgs.appInstallationID,
-		GitHubAppPrivateKey:     string(privateKey),
-	}
-
-	if secretGitHubAppArgs.baseURL != "" {
-		opts.GitHubAppBaseURL = secretGitHubAppArgs.baseURL
+		Name:                       secretName,
+		Namespace:                  *kubeconfigArgs.Namespace,
+		GitHubAppID:                secretGitHubAppArgs.appID,
+		GitHubAppInstallationOwner: secretGitHubAppArgs.appInstallationOwner,
+		GitHubAppInstallationID:    secretGitHubAppArgs.appInstallationID,
+		GitHubAppPrivateKey:        string(privateKey),
+		GitHubAppBaseURL:           secretGitHubAppArgs.baseURL,
 	}

 	secret, err := sourcesecret.GenerateGitHubApp(opts)
--- a/cmd/flux/create_secret_githubapp_test.go
+++ b/cmd/flux/create_secret_githubapp_test.go
@@ -31,21 +31,6 @@ func TestCreateSecretGitHubApp(t *testing.T) {
 			args:   "create secret githubapp",
 			assert: assertError("name is required"),
 		},
-		{
-			name:   "create githubapp secret with missing app-id",
-			args:   "create secret githubapp appinfo",
-			assert: assertError("--app-id is required"),
-		},
-		{
-			name:   "create githubapp secret with missing appInstallationID",
-			args:   "create secret githubapp appinfo --app-id 1",
-			assert: assertError("--app-installation-id is required"),
-		},
-		{
-			name:   "create githubapp secret with missing private key file",
-			args:   "create secret githubapp appinfo --app-id 1 --app-installation-id 2",
-			assert: assertError("--app-private-key is required"),
-		},
 		{
 			name:   "create githubapp secret with private key file that does not exist",
 			args:   "create secret githubapp appinfo --app-id 1 --app-installation-id 2 --app-private-key pk.pem",
@@ -53,7 +38,7 @@ func TestCreateSecretGitHubApp(t *testing.T) {
 		},
 		{
 			name:   "create githubapp secret with app info",
-			args:   "create secret githubapp appinfo --namespace my-namespace --app-id 1 --app-installation-id 2 --app-private-key ./testdata/create_secret/githubapp/test-private-key.pem --export",
+			args:   "create secret githubapp appinfo --namespace my-namespace --app-id 1 --app-installation-owner my-org --app-private-key ./testdata/create_secret/githubapp/test-private-key.pem --export",
 			assert: assertGoldenFile("testdata/create_secret/githubapp/secret.yaml"),
 		},
 		{
--- a/cmd/flux/main_test.go
+++ b/cmd/flux/main_test.go
@@ -454,6 +454,7 @@ func resetCmdArgs() {
 	rhrArgs = reconcileHelmReleaseFlags{}
 	rksArgs = reconcileKsFlags{}
 	secretGitArgs = NewSecretGitFlags()
+	secretGitHubAppArgs = secretGitHubAppFlags{}
 	secretProxyArgs = secretProxyFlags{}
 	secretHelmArgs = secretHelmFlags{}
 	secretTLSArgs = secretTLSFlags{}
--- a/cmd/flux/testdata/create_secret/githubapp/secret.yaml
+++ b/cmd/flux/testdata/create_secret/githubapp/secret.yaml
@@ -6,7 +6,7 @@ metadata:
  namespace: my-namespace
 stringData:
  githubAppID: "1"
-  githubAppInstallationID: "2"
+  githubAppInstallationOwner: my-org
  githubAppPrivateKey: |-
    -----BEGIN RSA PRIVATE KEY-----
    YcE2CgWILk+uiVNseHnOU2frG7k2RJZtdDo8GNI6pQWFlwU/NsQoJBrtEDyYVkap