From 15669b0850e1142c9c84aa6fdbea101ea821b055 Mon Sep 17 00:00:00 2001 From: Peter Evans <18365890+peter-evans@users.noreply.github.com> Date: Thu, 20 Oct 2022 13:17:24 +0900 Subject: [PATCH 1/3] Set a token default and support private repos --- .github/workflows/test.yml | 2 -- README.md | 72 +++++++++++++++++--------------------- action.yml | 3 ++ lib/main.js | 21 +++++------ src/main.ts | 17 ++++----- 5 files changed, 53 insertions(+), 62 deletions(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 8e57ed65..4971a6fb 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -79,6 +79,4 @@ jobs: tag: ${{ matrix.version }} platform: ${{ matrix.platform }} arch: ${{ matrix.arch }} - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - run: tfsec --version diff --git a/README.md b/README.md index fbc8da7b..0c152f08 100644 --- a/README.md +++ b/README.md @@ -6,8 +6,6 @@ This is especially useful when installing arbitrary Go binaries. It can lookup t ## Usage -This action requires a Github Token (`GITHUB_TOKEN`) in the environment to authenticate with. - ### Grab the Latest Version ```yaml @@ -17,43 +15,43 @@ steps: uses: jaxxstorm/action-install-gh-release@v1.5.0 with: # Grab the latest version repo: go-task/task - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Github token scoped to step ``` ### Grab a Specific Tags ```yaml # ... -jobs: - my_job: - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Github token scoped to job - steps: - - name: Install tf2pulumi - uses: jaxxstorm/action-install-gh-release@v1.5.0 - with: # Grab a specific tag - repo: pulumi/tf2pulumi - tag: v0.7.0 +steps: + - name: Install tf2pulumi + uses: jaxxstorm/action-install-gh-release@v1.5.0 + with: # Grab a specific tag + repo: pulumi/tf2pulumi + tag: v0.7.0 ``` ### Grab a Specific Platform And/Or Architecture ```yaml -name: my_action - -env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Github token scoped to action - -jobs: - my_job: - steps: - - name: Install tfsec - uses: jaxxstorm/action-install-gh-release@v1.5.0 - with: # Grab a specific platform and/or architecture - repo: aquasecurity/tfsec - platform: linux - arch: x86-64 +steps: + - name: Install tfsec + uses: jaxxstorm/action-install-gh-release@v1.5.0 + with: # Grab a specific platform and/or architecture + repo: aquasecurity/tfsec + platform: linux + arch: x86-64 +``` + +### Grab from a private repository + +Use a `repo` scoped [Personal Access Token (PAT)](https://docs.github.com/en/github/authenticating-to-github/creating-a-personal-access-token) that has been created on a user with access to the private repository. + +```yaml +steps: + - name: Install go-task + uses: jaxxstorm/action-install-gh-release@v1.5.0 + with: # Grab from a private repository + token: ${{ secrets.MY_PAT }} + repo: go-task/task ``` ### Caching @@ -62,17 +60,13 @@ This action can use [actions/cache](https://github.com/actions/cache) under the ```yaml # ... -jobs: - my_job: - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Github token scoped to job - steps: - - name: Install tf2pulumi - uses: jaxxstorm/action-install-gh-release@v1.5.0 - with: # Grab a specific tag with caching - repo: pulumi/tf2pulumi - tag: v0.7.0 - cache: enable +steps: + - name: Install tf2pulumi + uses: jaxxstorm/action-install-gh-release@v1.5.0 + with: # Grab a specific tag with caching + repo: pulumi/tf2pulumi + tag: v0.7.0 + cache: enable ``` Caching helps avoid diff --git a/action.yml b/action.yml index 13f8c8e1..f48d0b47 100644 --- a/action.yml +++ b/action.yml @@ -2,6 +2,9 @@ name: "Install a binary from GitHub releases" description: "Install binaries from GitHub releases" author: "Lee Briggs" inputs: + token: + description: 'GITHUB_TOKEN or a `repo` scoped Personal Access Token (PAT)' + default: ${{ github.token }} repo: description: "GitHub repo where binary is located" required: true diff --git a/lib/main.js b/lib/main.js index f3c01200..f20059a1 100644 --- a/lib/main.js +++ b/lib/main.js @@ -1,11 +1,7 @@ "use strict"; var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) { if (k2 === undefined) k2 = k; - var desc = Object.getOwnPropertyDescriptor(m, k); - if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) { - desc = { enumerable: true, get: function() { return m[k]; } }; - } - Object.defineProperty(o, k2, desc); + Object.defineProperty(o, k2, { enumerable: true, get: function() { return m[k]; } }); }) : (function(o, m, k, k2) { if (k2 === undefined) k2 = k; o[k2] = m[k]; @@ -18,7 +14,7 @@ var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? ( var __importStar = (this && this.__importStar) || function (mod) { if (mod && mod.__esModule) return mod; var result = {}; - if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k); + if (mod != null) for (var k in mod) if (k !== "default" && Object.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k); __setModuleDefault(result, mod); return result; }; @@ -44,10 +40,7 @@ function run() { return __awaiter(this, void 0, void 0, function* () { try { // set up auth/environment - const token = process.env['GITHUB_TOKEN']; - if (!token) { - throw new Error(`No GitHub token found`); - } + const token = process.env['GITHUB_TOKEN'] || core.getInput("token"); const octokit = new ThrottlingOctokit(Object.assign({ throttle: { onRateLimit: (retryAfter, options) => { core.warning(`RateLimit detected for request ${options.method} ${options.url}.`); @@ -59,7 +52,7 @@ function run() { core.info(`Retrying after ${retryAfter} seconds.`); return true; }, - } }, (0, utils_1.getOctokitOptions)(token))); + } }, utils_1.getOctokitOptions(token))); const repo = core.getInput("repo"); if (!repo) { throw new Error(`Repo was not specified`); @@ -156,9 +149,11 @@ function run() { throw new Error(`Could not find a release for ${tag}. Found: ${found}`); } const extractFn = getExtractFn(asset.name); - const url = asset.browser_download_url; + const url = asset.url; core.info(`Downloading ${project} from ${url}`); - const binPath = yield tc.downloadTool(url); + const binPath = yield tc.downloadTool(url, undefined, `token ${token}`, { + accept: 'application/octet-stream' + }); yield extractFn(binPath, dest); if (cacheEnabled && cacheKey !== undefined) { try { diff --git a/src/main.ts b/src/main.ts index 40739567..6f1633d8 100644 --- a/src/main.ts +++ b/src/main.ts @@ -21,12 +21,7 @@ async function run() { try { // set up auth/environment - const token = process.env['GITHUB_TOKEN'] - if (!token) { - throw new Error( - `No GitHub token found` - ) - } + const token = process.env['GITHUB_TOKEN'] || core.getInput("token") const octokit = new ThrottlingOctokit({ throttle: { onRateLimit: (retryAfter, options) => { @@ -160,10 +155,16 @@ async function run() { const extractFn = getExtractFn(asset.name); - const url = asset.browser_download_url + const url = asset.url core.info(`Downloading ${project} from ${url}`) - const binPath = await tc.downloadTool(url); + const binPath = await tc.downloadTool(url, + undefined, + `token ${token}`, + { + accept: 'application/octet-stream' + } + ); await extractFn(binPath, dest); if (cacheEnabled && cacheKey !== undefined) { From 28ac5f4e9ab641e416170e262a2d26cf58eb3c3f Mon Sep 17 00:00:00 2001 From: Peter Evans <18365890+peter-evans@users.noreply.github.com> Date: Thu, 20 Oct 2022 13:34:58 +0900 Subject: [PATCH 2/3] Fix the private repository example --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 0c152f08..88c9abde 100644 --- a/README.md +++ b/README.md @@ -47,11 +47,11 @@ Use a `repo` scoped [Personal Access Token (PAT)](https://docs.github.com/en/git ```yaml steps: - - name: Install go-task + - name: Install private tool uses: jaxxstorm/action-install-gh-release@v1.5.0 with: # Grab from a private repository token: ${{ secrets.MY_PAT }} - repo: go-task/task + repo: my-org/my-private-repo ``` ### Caching From 7bb0a2ebd36b723145ab0eda2bb31a0ed7c55174 Mon Sep 17 00:00:00 2001 From: Peter Evans <18365890+peter-evans@users.noreply.github.com> Date: Fri, 21 Oct 2022 11:19:23 +0900 Subject: [PATCH 3/3] Use the default token in ci --- .github/workflows/test.yml | 6 ------ 1 file changed, 6 deletions(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 4971a6fb..57fa906f 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -20,8 +20,6 @@ jobs: with: repo: pulumi/crd2pulumi tag: v1.0.10 - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} change-aws-credentials: strategy: matrix: @@ -35,8 +33,6 @@ jobs: with: repo: jaxxstorm/change-aws-credentials tag: v0.3.3 - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - run: change-aws-credentials version tf2pulumi: strategy: @@ -52,8 +48,6 @@ jobs: with: repo: pulumi/tf2pulumi tag: ${{ matrix.version }} - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - run: tf2pulumi version tfsec: strategy: