Resolved Comments

packages/core/README.md

@@ -233,7 +233,8 @@ async function getIDTokenAction(): Promise<void> {
       aud = `${audience}`
    const id_token = await core.getIDToken(aud)
    const val = `ID token is ${id_token}`
-   core.setOutput('id_token', id_token);
+   core.setSecret(id_token)
+   core.setOutput('id_token', id_token)
       
 }
 getIDTokenAction()

packages/core/package-lock.json

@@ -1,12 +1,12 @@
 {
   "name": "@actions/core",
-  "version": "1.4.1",
+  "version": "1.5.0",
   "lockfileVersion": 2,
   "requires": true,
   "packages": {
     "": {
       "name": "@actions/core",
-      "version": "1.4.1",
+      "version": "1.5.0",
       "license": "MIT",
       "devDependencies": {
         "@actions/http-client": "^1.0.11",

packages/core/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@actions/core",
-  "version": "1.4.1",
+  "version": "1.5.0",
   "description": "Actions core lib",
   "keywords": [
     "github",

packages/core/src/core.ts

@@ -5,7 +5,7 @@ import {toCommandValue} from './utils'
 import * as os from 'os'
 import * as path from 'path'
 
-import {getIDTokenUrl, parseJson, postCall} from './oidc-utils'
+import {OidcClient} from './oidc-utils'
 
 /**
  * Interface for getInput options
@@ -287,19 +287,7 @@ export function getState(name: string): string {
   return process.env[`STATE_${name}`] || ''
 }
 
-export async function getIDToken(audience: string): Promise<string> {
+export function getIDToken(aud: string): Promise<string> {
-  try {
+  let oidcClient = new OidcClient()
-    // New ID Token is requested from action service
+  return oidcClient.getIDToken(aud)
-    let id_token_url: string = getIDTokenUrl()
-
-    debug(`ID token url is ${id_token_url}`)
-
-    let body: string = await postCall(id_token_url, audience)
-    let id_token = parseJson(body)
-    return id_token
-
-  } catch (error) {
-    setFailed(error.message)
-    return error.message
-  }
 }

packages/core/src/oidc-utils.ts

@@ -1,79 +1,119 @@
 import * as actions_http_client from '@actions/http-client'
-import {IHeaders} from '@actions/http-client/interfaces'
+import {IHeaders,IRequestOptions} from '@actions/http-client/interfaces'
 import {HttpClient} from '@actions/http-client'
 import {BearerCredentialHandler} from '@actions/http-client/auth'
 import {debug} from './core'
 
+interface IOidcClient {
 
-export function createHttpClient() {
+  createHttpClient(): actions_http_client.HttpClient
-  return new HttpClient('actions/oidc-client', [
+
-    new BearerCredentialHandler(getRuntimeToken())
+  getApiVersion(): string
-  ])
+
+  getRuntimeToken(): string
+
+  getIDTokenUrl(): string
+
+  isSuccessStatusCode(statusCode?: number): boolean
+
+  postCall(id_token_url: string, audience: string): Promise<string>
+
+  parseJson(body: string): string
+
+  getIDToken(audience: string): Promise<string>
 }
 
-export function getApiVersion(): string {
+export class OidcClient implements IOidcClient {
-  return '2.0'
-}
 
-export function getRuntimeToken(){
+  createHttpClient(allowRetry = true, maxRetry = 10) {
-  const token = process.env['ACTIONS_RUNTIME_TOKEN']
+    let requestOptions : IRequestOptions = {}
-  if (!token) {
+    requestOptions.allowRetries = allowRetry
-    throw new Error('Unable to get ACTIONS_RUNTIME_TOKEN env variable')
+    requestOptions.maxRetries = maxRetry
-  }
+    return new HttpClient('actions/oidc-client', [
-  return token
+      new BearerCredentialHandler(this.getRuntimeToken())],
-}
+      requestOptions)
-
-export function getIDTokenUrl(){
-  let runtimeUrl = process.env['ACTIONS_ID_TOKEN_REQUEST_URL']
-  if (!runtimeUrl) {
-    throw new Error('Unable to get ACTIONS_ID_TOKEN_REQUEST_URL env variable')
-  }
-  return runtimeUrl + '?api-version=' + getApiVersion()
-}
-
-export function isSuccessStatusCode(statusCode?: number): boolean {
-  if (!statusCode) {
-    return false
-  }
-  return statusCode >= 200 && statusCode < 300
-}
-
-export async function postCall(id_token_url: string, audience: string): Promise<string> {
-
-  const httpclient = createHttpClient()
-  if (httpclient === undefined) {
-    throw new Error(`Failed to get Httpclient `)
   }
 
-  debug(`Httpclient created ${httpclient} `) // debug is only output if you set the secret `ACTIONS_RUNNER_DEBUG` to true
+  getApiVersion(): string {
-
+    return '2.0'
-  const additionalHeaders: IHeaders = {}
-  additionalHeaders[actions_http_client.Headers.ContentType] = actions_http_client.MediaTypes.ApplicationJson
-  additionalHeaders[actions_http_client.Headers.Accept] = actions_http_client.MediaTypes.ApplicationJson
-
-  debug(`audience is ${audience !== null ? audience : 'null'}`)
-
-  const data: string = audience !== null ? JSON.stringify({aud: audience}) : ''
-  const response = await httpclient.post(id_token_url, data, additionalHeaders)
-
-  if (!isSuccessStatusCode(response.message.statusCode)) {
-    throw new Error(
-      `Failed to get ID Token. Error Code : ${response.message.statusCode}  Error message : ${response.message.statusMessage}`
-    )
   }
-  let body: string = await response.readBody()
 
-  return body
+  getRuntimeToken(){
-}
+    const token = process.env['ACTIONS_RUNTIME_TOKEN']
-
+    if (!token) {
-export function parseJson(body: string): string {
+      throw new Error('Unable to get ACTIONS_RUNTIME_TOKEN env variable')
-  const val = JSON.parse(body)
+    }
-  let id_token = ''
+    return token
-  if ('value' in val) {
-    id_token = val['value']
-  } else {
-    throw new Error('Response json body do not have ID Token field')
   }
-  debug(`id_token : ${id_token}`)
+
-  return id_token
+  getIDTokenUrl(){
+    let runtimeUrl = process.env['ACTIONS_ID_TOKEN_REQUEST_URL']
+    if (!runtimeUrl) {
+      throw new Error('Unable to get ACTIONS_ID_TOKEN_REQUEST_URL env variable')
+    }
+    return runtimeUrl + '?api-version=' + this.getApiVersion()
+  }
+
+  isSuccessStatusCode(statusCode?: number): boolean {
+    if (!statusCode) {
+      return false
+    }
+    return statusCode >= 200 && statusCode < 300
+  }
+
+  async postCall(id_token_url: string, audience: string): Promise<string> {
+
+    const httpclient = this.createHttpClient()
+    if (httpclient === undefined) {
+      throw new Error(`Failed to get Httpclient `)
+    }
+
+    debug(`Httpclient created ${httpclient} `) // debug is only output if you set the secret `ACTIONS_RUNNER_DEBUG` to true
+
+    let additionalHeaders: IHeaders = {}
+    additionalHeaders[actions_http_client.Headers.ContentType] = actions_http_client.MediaTypes.ApplicationJson
+    additionalHeaders[actions_http_client.Headers.Accept] = actions_http_client.MediaTypes.ApplicationJson
+
+    debug(`audience is ${audience !== null ? audience : 'null'}`)
+
+    const data: string = audience !== null ? JSON.stringify({aud: audience}) : ''
+    const response = await httpclient.post(id_token_url, data, additionalHeaders)
+
+    if (!this.isSuccessStatusCode(response.message.statusCode)) {
+      throw new Error(
+        `Failed to get ID Token. Error Code : ${response.message.statusCode}  Error message : ${response.message.statusMessage}`
+      )
+    }
+    let body: string = await response.readBody()
+
+    return body
+  }
+
+  parseJson(body: string): string {
+    const val = JSON.parse(body)
+    let id_token = ''
+    if ('value' in val) {
+      id_token = val['value']
+    } else {
+      throw new Error('Response json body do not have ID Token field')
+    }
+    return id_token
+  }
+
+  async getIDToken(audience: string): Promise<string> {
+    try {
+      // New ID Token is requested from action service
+      let id_token_url: string = this.getIDTokenUrl()
+
+      debug(`ID token url is ${id_token_url}`)
+
+      let body: string = await this.postCall(id_token_url, audience)
+      let id_token = this.parseJson(body)
+      return id_token
+
+    } catch (error) {
+      throw new Error(`Error message: ${error.message}`)
+    }
+  }
+
 }