add_sonarcloud_key.js

const sodium = require('tweetsodium');
const { Octokit } = require("octokit");
const fs = require('fs');
const util = require('util');
const path = require("path");
const readFile = util.promisify(fs.readFile);

(async () => {
    const githubAuth = "use your own"
    const sonarCloudConfigFileName = "sonarcloud-runner.yml"
    const sonarCloudConfigPath = path.join(__dirname, sonarCloudConfigFileName)
    const content = await readFile(sonarCloudConfigPath)
    const contentEncoded = content.toString('base64')
    const organization = "your org"
    const repoName = "your repo"
    const secretName = "SONAR_TOKEN"
    const value = "your sonar token"

    const octokit = new Octokit({ auth: githubAuth })

    const publicKeyResponse = await octokit.request('GET /repos/{owner}/{repo}/actions/secrets/public-key', {
        owner: organization,
        repo: repoName,
    })

    const keyBytes = Buffer.from(publicKeyResponse.data.key, 'base64')
    const messageBytes = Buffer.from(value)
    const encryptedBytes = sodium.seal(messageBytes, keyBytes);
    const encrypted = Buffer.from(encryptedBytes).toString('base64')

    await octokit.request('PUT /repos/{owner}/{repo}/actions/secrets/{secret_name}', {
        owner: organization,
        repo: repoName,
        secret_name: secretName,
        key_id: publicKeyResponse.data.key_id,
        encrypted_value: encrypted,
    })

    const { data } = await octokit.rest.repos.createOrUpdateFileContents({
        owner: organization,
        repo: repoName,
        path: `.github/workflows/${sonarCloudConfigFileName}`,
        message: "SonarCloud Analysis",
        content: contentEncoded
    });

    console.log(data)
})();