Spaces:
Sleeping
Sleeping
Commit ·
c3c0560
1
Parent(s): 46e55d0
Support PEM key from env var for cloud deployment (Railway/Render)
Browse files- app/config.py +1 -0
- app/github/auth.py +9 -4
app/config.py
CHANGED
|
@@ -13,6 +13,7 @@ class Settings(BaseSettings):
|
|
| 13 |
# GitHub App
|
| 14 |
github_app_id: str = ""
|
| 15 |
github_app_private_key_path: str = "./keys/app.pem"
|
|
|
|
| 16 |
github_webhook_secret: str = ""
|
| 17 |
|
| 18 |
# Database
|
|
|
|
| 13 |
# GitHub App
|
| 14 |
github_app_id: str = ""
|
| 15 |
github_app_private_key_path: str = "./keys/app.pem"
|
| 16 |
+
github_app_private_key: str = "" # PEM content directly (for cloud deployment)
|
| 17 |
github_webhook_secret: str = ""
|
| 18 |
|
| 19 |
# Database
|
app/github/auth.py
CHANGED
|
@@ -62,12 +62,17 @@ def _generate_jwt() -> str:
|
|
| 62 |
"""
|
| 63 |
now = int(time.time())
|
| 64 |
|
| 65 |
-
# Cache the private key in memory after first read
|
| 66 |
global _private_key
|
| 67 |
if _private_key is None:
|
| 68 |
-
|
| 69 |
-
|
| 70 |
-
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 71 |
|
| 72 |
payload = {
|
| 73 |
# iat = "issued at" — when this token was created
|
|
|
|
| 62 |
"""
|
| 63 |
now = int(time.time())
|
| 64 |
|
| 65 |
+
# Cache the private key in memory after first read
|
| 66 |
global _private_key
|
| 67 |
if _private_key is None:
|
| 68 |
+
if settings.github_app_private_key:
|
| 69 |
+
# Cloud deployment: key content passed directly via env var
|
| 70 |
+
_private_key = settings.github_app_private_key
|
| 71 |
+
else:
|
| 72 |
+
# Local development: read from .pem file
|
| 73 |
+
project_root = Path(__file__).resolve().parent.parent.parent
|
| 74 |
+
private_key_path = project_root / settings.github_app_private_key_path
|
| 75 |
+
_private_key = private_key_path.read_text()
|
| 76 |
|
| 77 |
payload = {
|
| 78 |
# iat = "issued at" — when this token was created
|