diff --git a/action.yaml b/action.yaml index 882aa646..77cc2e39 100644 --- a/action.yaml +++ b/action.yaml @@ -37,6 +37,11 @@ inputs: required: false default: false + internal_default_token: + description: "INPUT: Default GitHub token. (Internal purpose only, not intended for developers to set. Used for pull requests configured with a PAT)." + required: false + default: ${{ github.token }} + branding: icon: "mic" color: "white" diff --git a/entrypoint.sh b/entrypoint.sh index 9b21942e..a756d492 100755 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -22,6 +22,14 @@ set -euo pipefail # GITHUB_EVENT_NAME contains the event name. # GITHUB_ACTIONS is true in GitHub env. +if [[ -z "$INPUT_REPO_TOKEN" ]]; then + INPUT_REPO_TOKEN="$INPUT_INTERNAL_DEFAULT_TOKEN" + if [[ -z "$INPUT_REPO_TOKEN" ]]; then + exit 2 + fi + echo "The repo_token was empty so GITHUB_TOKEN is used instead" +fi + export GITHUB_AUTH_TOKEN="$INPUT_REPO_TOKEN" export ENABLE_SARIF=1 export ENABLE_LICENSE=1 diff --git a/go.mod b/go.mod index 7a0e035e..998fa875 100644 --- a/go.mod +++ b/go.mod @@ -10,6 +10,7 @@ require ( github.com/sigstore/cosign v1.9.0 github.com/sirupsen/logrus v1.8.1 github.com/spf13/cobra v1.5.0 + golang.org/x/net v0.0.0-20220520000938-2e3eb7b945c2 sigs.k8s.io/release-sdk v0.8.0 sigs.k8s.io/release-utils v0.6.1-0.20220405215325-d4a2a2f0e8fd ) @@ -241,7 +242,6 @@ require ( gocloud.dev v0.25.0 // indirect golang.org/x/crypto v0.0.0-20220411220226-7b82a4e95df4 // indirect golang.org/x/mod v0.6.0-dev.0.20220106191415-9b9b3d81d5e3 // indirect - golang.org/x/net v0.0.0-20220520000938-2e3eb7b945c2 // indirect golang.org/x/sync v0.0.0-20220513210516-0976fa681c29 // indirect golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a // indirect golang.org/x/term v0.0.0-20210927222741-03fcf44c2211 // indirect diff --git a/options/env.go b/options/env.go index 84e202e8..e3e1f5bd 100644 --- a/options/env.go +++ b/options/env.go @@ -38,10 +38,11 @@ const ( // TODO(input): INPUT_ constants should be removed in a future release once // they have replacements in upstream scorecard. - EnvInputRepoToken = "INPUT_REPO_TOKEN" //nolint:gosec - EnvInputResultsFile = "INPUT_RESULTS_FILE" - EnvInputResultsFormat = "INPUT_RESULTS_FORMAT" - EnvInputPublishResults = "INPUT_PUBLISH_RESULTS" + EnvInputRepoToken = "INPUT_REPO_TOKEN" //nolint:gosec + EnvInputInternalRepoToken = "INPUT_INTERNAL_DEFAULT_TOKEN" //nolint:gosec + EnvInputResultsFile = "INPUT_RESULTS_FILE" + EnvInputResultsFormat = "INPUT_RESULTS_FORMAT" + EnvInputPublishResults = "INPUT_PUBLISH_RESULTS" ) // Errors diff --git a/options/options.go b/options/options.go index 5b9945db..34b66d95 100644 --- a/options/options.go +++ b/options/options.go @@ -105,8 +105,9 @@ func New() (*Options, error) { // Validate validates the scorecard configuration. func (o *Options) Validate() error { + fmt.Println("EnvGithubAuthToken:", EnvGithubAuthToken, os.Getenv(EnvGithubAuthToken)) if os.Getenv(EnvGithubAuthToken) == "" { - fmt.Printf("The 'repo_token' variable is empty.\n") + fmt.Printf("%s variable is empty.\n", EnvGithubAuthToken) if o.IsForkStr == trueStr { fmt.Printf("We have detected you are running on a fork.\n") } @@ -151,6 +152,14 @@ func (o *Options) Print() { func (o *Options) setScorecardOpts() { o.ScorecardOpts = scopts.New() + // Set GITHUB_AUTH_TOKEN + inputToken := os.Getenv(EnvInputRepoToken) + if inputToken == "" { + fmt.Printf("The 'repo_token' variable is empty.\n") + fmt.Printf("Using the '%s' variable instead.\n", EnvInputInternalRepoToken) + inputToken := os.Getenv(EnvInputInternalRepoToken) + os.Setenv(EnvGithubAuthToken, inputToken) + } // --repo= | --local // This section restores functionality that was removed in diff --git a/options/options_test.go b/options/options_test.go index 8b4fe802..6e6877b1 100644 --- a/options/options_test.go +++ b/options/options_test.go @@ -222,8 +222,12 @@ func TestNew(t *testing.T) { os.Setenv(EnvGithubAuthToken, testToken) defer os.Unsetenv(EnvGithubAuthToken) + os.Setenv(EnvInputRepoToken, "token-value-123456") + defer os.Unsetenv(EnvInputRepoToken) + if tt.unsetToken { os.Unsetenv(EnvGithubAuthToken) + os.Unsetenv(EnvInputRepoToken) } os.Setenv(EnvGithubEventPath, tt.githubEventPath)