mirror of
https://github.com/ossf/scorecard.git
synced 2024-09-19 04:57:14 +03:00
✨ Add more github token names for env variable (#694)
* draft * commit 1 * dead code * comments * merge fix * typo
This commit is contained in:
parent
ef2830ea98
commit
45ea97e502
@ -233,7 +233,7 @@ For example, `--checks=CI-Tests,Code-Review`.
|
||||
Before running Scorecard, you need to, either:
|
||||
|
||||
- [create a GitHub access token](https://docs.github.com/en/free-pro-team@latest/developers/apps/about-apps#personal-access-tokens)
|
||||
and set it in environment variable `GITHUB_AUTH_TOKEN`. This helps to avoid
|
||||
and set it in an environment variable called `GITHUB_AUTH_TOKEN`, `GITHUB_TOKEN`, `GH_AUTH_TOKEN` or `GH_TOKEN`. This helps to avoid
|
||||
the GitHub's
|
||||
[api rate limits](https://developer.github.com/v3/#rate-limiting) with
|
||||
unauthenticated requests.
|
||||
@ -241,14 +241,15 @@ Before running Scorecard, you need to, either:
|
||||
```shell
|
||||
# For posix platforms, e.g. linux, mac:
|
||||
export GITHUB_AUTH_TOKEN=<your access token>
|
||||
# Multiple tokens can be provided separated by comma to be utilized
|
||||
# in a round robin fashion.
|
||||
export GITHUB_AUTH_TOKEN=<your access token1>,<your access token2>
|
||||
|
||||
# For windows:
|
||||
set GITHUB_AUTH_TOKEN=<your access token>
|
||||
set GITHUB_AUTH_TOKEN=<your access token1>,<your access token2>
|
||||
```
|
||||
|
||||
Multiple `GITHUB_AUTH_TOKEN` can be provided separated by comma to be utilized
|
||||
in a round robin fashion.
|
||||
|
||||
- create a GitHub App Installations for higher rate-limit quotas. If you have
|
||||
an installed GitHub App and key file, you can use these three environment
|
||||
variables, following the commands shown above for your platform.
|
||||
|
@ -67,10 +67,6 @@ or ./scorecard --{npm,pypi,rubgems}=<package_name> [--checks=check1,...] [--show
|
||||
Short: "Security Scorecards",
|
||||
Long: "A program that shows security scorecard for an open source software.",
|
||||
Run: func(cmd *cobra.Command, args []string) {
|
||||
if token, exists := os.LookupEnv("GITHUB_AUTH_TOKEN"); !exists || token == "" {
|
||||
log.Fatalf("GITHUB_AUTH_TOKEN env var is not set. Please set this to your Github PAT before running this command.")
|
||||
}
|
||||
|
||||
cfg := zap.NewProductionConfig()
|
||||
cfg.Level.SetLevel(*logLevel)
|
||||
logger, err := cfg.Build()
|
||||
|
@ -28,9 +28,11 @@ import (
|
||||
"github.com/ossf/scorecard/clients/githubrepo"
|
||||
)
|
||||
|
||||
// GithubAuthTokens are for making requests to GiHub's API.
|
||||
var GithubAuthTokens = []string{"GITHUB_AUTH_TOKEN", "GITHUB_TOKEN", "GH_TOKEN", "GH_AUTH_TOKEN"}
|
||||
|
||||
const (
|
||||
// GithubAuthToken is for making requests to GiHub's API.
|
||||
GithubAuthToken = "GITHUB_AUTH_TOKEN" // #nosec G101
|
||||
|
||||
// GithubAppKeyPath is the path to file for GitHub App key.
|
||||
GithubAppKeyPath = "GITHUB_APP_KEY_PATH"
|
||||
// GithubAppID is the app ID for the GitHub App.
|
||||
@ -39,11 +41,21 @@ const (
|
||||
GithubAppInstallationID = "GITHUB_APP_INSTALLATION_ID"
|
||||
)
|
||||
|
||||
func readGitHubTokens() (string, bool) {
|
||||
for _, name := range GithubAuthTokens {
|
||||
if token, exists := os.LookupEnv(name); exists && token != "" {
|
||||
return token, exists
|
||||
}
|
||||
}
|
||||
return "", false
|
||||
}
|
||||
|
||||
// NewTransport returns a configured http.Transport for use with GitHub.
|
||||
func NewTransport(ctx context.Context, logger *zap.SugaredLogger) http.RoundTripper {
|
||||
transport := http.DefaultTransport
|
||||
|
||||
if token := os.Getenv(GithubAuthToken); token != "" {
|
||||
// nolint
|
||||
if token, exists := readGitHubTokens(); exists {
|
||||
// Use GitHub PAT
|
||||
transport = githubrepo.MakeGitHubTransport(transport, strings.Split(token, ","))
|
||||
} else if keyPath := os.Getenv(GithubAppKeyPath); keyPath != "" { // Also try a GITHUB_APP
|
||||
@ -59,6 +71,9 @@ func NewTransport(ctx context.Context, logger *zap.SugaredLogger) http.RoundTrip
|
||||
if err != nil {
|
||||
log.Panic(err)
|
||||
}
|
||||
} else {
|
||||
log.Fatalf("GitHub token env var is not set. " +
|
||||
"Please read https://github.com/ossf/scorecard#authentication")
|
||||
}
|
||||
|
||||
return MakeCensusTransport(MakeRateLimitedTransport(transport, logger))
|
||||
|
Loading…
Reference in New Issue
Block a user