update references to env var GITHUB_TOKEN to GITHUB_ACCESS_TOKEN

.github/workflows/create-debugging-artifact.yml

@@ -40,7 +40,6 @@ jobs:
         env:
           RELEEN_GITHUB_TOKEN: ${{ secrets.RELEEN_GITHUB_TOKEN }}
         run: |
-          export GITHUB_TOKEN="${RELEEN_GITHUB_TOKEN}"
           export GITHUB_ACCESS_TOKEN="${RELEEN_GITHUB_TOKEN}"
           go test ./...
 
@@ -50,7 +49,7 @@ jobs:
           RELEEN_GITHUB_TOKEN: ${{ secrets.RELEEN_GITHUB_TOKEN }}
         run: |
           set -euo pipefail
-          export GITHUB_TOKEN="${RELEEN_GITHUB_TOKEN}"
+          export GITHUB_ACCESS_TOKEN="${RELEEN_GITHUB_TOKEN}"
               
           set -x
           go test --run '(using_kiln|baking_a_tile|generating_release_notes|updating_)' \

.github/workflows/release.yml

@@ -37,7 +37,6 @@ jobs:
         env:
           RELEEN_GITHUB_TOKEN: ${{ secrets.RELEEN_GITHUB_TOKEN }}
         run: |
-          export GITHUB_TOKEN="${RELEEN_GITHUB_TOKEN}"
           export GITHUB_ACCESS_TOKEN="${RELEEN_GITHUB_TOKEN}"
           go test --covermode=atomic --coverprofile=kiln-${{github.sha}}-unit-test-code-coverage.out ./...
 
@@ -53,7 +52,6 @@ jobs:
           RELEEN_GITHUB_TOKEN: ${{ secrets.RELEEN_GITHUB_TOKEN }}
         run: |
           set -euo pipefail
-          export GITHUB_TOKEN="${RELEEN_GITHUB_TOKEN}"
           export GITHUB_ACCESS_TOKEN="${RELEEN_GITHUB_TOKEN}"
 
           set -x
@@ -81,6 +79,5 @@ jobs:
           version: latest
           args: release --rm-dist
         env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          GITHUB_ACCESS_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          GITHUB_ACCESS_TOKEN: ${{ secrets.GITHUB_ACCESS_TOKEN }}
 

.github/workflows/test.yml

@@ -50,7 +50,6 @@ jobs:
           RELEEN_GITHUB_TOKEN: ${{ secrets.RELEEN_GITHUB_TOKEN }}
         run: |
           set -euo pipefail
-          export GITHUB_TOKEN="${RELEEN_GITHUB_TOKEN}"
           export GITHUB_ACCESS_TOKEN="${RELEEN_GITHUB_TOKEN}"
 
           set -x

.goreleaser.yml

@@ -33,7 +33,7 @@ brews:
     tap:
       owner: pivotal-cf
       name: kiln
-      token: "{{ .Env.GITHUB_TOKEN }}"
+      token: "{{ .Env.GITHUB_ACCESS_TOKEN }}"
     folder: HomebrewFormula
     ids:
       - homebrew

TILE_AUTHOR_GUIDE.md

@@ -358,7 +358,7 @@ release_sources:
   - type: "github"
     id: crhntr # (optional) the default ID in this case is the value of org
     org: "crhntr"
-    github_token: $(variable "github_token")
+    github_token: $(variable "github_access_token")
 ```
 
 **`github_token` is always required even for public repositories because we make API requests**
@@ -371,10 +371,10 @@ You will need to add the following flag to most commands:
 
 ```
 # Optional helper
-export GITHUB_TOKEN="$(gh auth status --show-token 2>&1 | grep 'Token:' | awk '{print $NF}')"
+export GITHUB_ACCESS_TOKEN="$(gh auth status --show-token 2>&1 | grep 'Token:' | awk '{print $NF}')"
 
 # Example Kiln variable flag
-kiln fetch --variable="github_token=${GITHUB_TOKEN}"
+kiln fetch --variable="github_access_token=${GITHUB_ACCESS_TOKEN}"
 ```
 
 The value of `remote_path` in the BOSH release tarball lock is a URL.

internal/acceptance/README.md

@@ -25,11 +25,11 @@ go run github.com/onsi/ginkgo/ginkgo
 ### Workflows
 These are written in Go and use [godog](https://github.com/cucumber/godog) (a Cucumber test framework).
 
-> PS: Export GITHUB_TOKEN as an env var before running the acceptance tests
+> PS: Export GITHUB_ACCESS_TOKEN as an env var before running the acceptance tests
 
 ```bash
 # from anywhere in the repo you can run:
-export GITHUB_TOKEN="$(gh auth token)"
+export GITHUB_ACCESS_TOKEN="$(gh auth token)"
 go test -v --tags acceptance --timeout=1h github.com/pivotal-cf/kiln/internal/acceptance/workflows
 ```
 

internal/acceptance/workflows/baking_a_tile.feature

@@ -5,19 +5,19 @@ Feature: As a developer, I want to bake a tile
     When I invoke kiln
       | bake                                      |
       | --final                                   |
-      | --variable=github_token="${GITHUB_TOKEN}" |
+      | --variable=github_access_token="${GITHUB_ACCESS_TOKEN}" |
     Then a Tile is created
     And the Tile contains
       | metadata/metadata.yml             |
       | migrations/v1                     |
       | releases/bpm-1.2.12.tgz           |
       | releases/hello-release-0.2.3.tgz |
     And "bake_records/0.2.0-dev.json" contains substring: "version": "0.2.0-dev"
-    And "bake_records/0.2.0-dev.json" contains substring: "source_revision": "6d5069f9dfb954ff77bb16c5aee670b9909f154a"
+    And "bake_records/0.2.0-dev.json" contains substring: "source_revision": "896c44a006a24d8601ed09fd871b1a4423636d77"
     And "bake_records/0.2.0-dev.json" contains substring: "tile_directory": "."
     And "bake_records/0.2.0-dev.json" contains substring: "kiln_version": "0.0.0+acceptance-tests"
-    And "bake_records/0.2.0-dev.json" contains substring: "file_checksum": "c94e5749bf676f03ff10539956e9445d309647c5299b16dfe71cb522e9258f0d"
-    And "tile-0.2.0-dev.pivotal" has sha256 sum "c94e5749bf676f03ff10539956e9445d309647c5299b16dfe71cb522e9258f0d"
+    And "bake_records/0.2.0-dev.json" contains substring: "file_checksum": "6754bb95193e42cd5706f810c3fdb1beead88e2a01601bb222e3e98818f90e8a"
+    And "tile-0.2.0-dev.pivotal" has sha256 sum "6754bb95193e42cd5706f810c3fdb1beead88e2a01601bb222e3e98818f90e8a"
 
   Scenario: it reads directory configuration from Kilnfile
     Given I have a tile source directory "testdata/tiles/non-standard-paths"

internal/acceptance/workflows/generating_release_notes.feature

@@ -10,7 +10,7 @@ Feature: As a robot, I want to generate release notes
       | --name=hello-release                      |
       | --version=v0.1.5                          |
       | --without-download                        |
-      | --variable=github_access_token="${GITHUB_TOKEN}" |
+      | --variable=github_access_token="${GITHUB_ACCESS_TOKEN}" |
     And I write file "version"
       | 0.1.4 |
     And I execute git add Kilnfile.lock version
@@ -25,7 +25,7 @@ Feature: As a robot, I want to generate release notes
       | version |
       | 0.1.3   |
 
-    And the environment variable "GITHUB_TOKEN" is set
+    And the environment variable "GITHUB_ACCESS_TOKEN" is set
 
     When I invoke kiln
       | release-notes                             |

internal/acceptance/workflows/scenario/shared_state.go

@@ -107,7 +107,7 @@ func loadGithubToken(ctx context.Context) (context.Context, error) {
 		return ctx, nil
 	}
 
-	token := os.Getenv("GITHUB_TOKEN")
+	token := os.Getenv("GITHUB_ACCESS_TOKEN")
 	if token == "" {
 		token, err = getGithubTokenFromCLI()
 		if err != nil {

internal/acceptance/workflows/scenario/step_funcs_github.go

@@ -13,7 +13,7 @@ func githubRepoHasReleaseWithTag(ctx context.Context, repoOrg, repoName, tag str
 	if err != nil {
 		return err
 	}
-	ghAPI, err := gh.Client(ctx, "", accessToken, accessToken)
+	ghAPI, err := gh.Client(ctx, accessToken)
 	if err != nil {
 		return fmt.Errorf("failed to setup github client: %w", err)
 	}

internal/acceptance/workflows/scenario/step_funcs_kiln.go

@@ -19,7 +19,7 @@ func iTryToInvokeKiln(ctx context.Context, table *godog.Table) (context.Context,
 }
 
 func kilnValidateSucceeds(ctx context.Context) (context.Context, error) {
-	return invokeKiln(ctx, true, "validate", "--variable=github_token=banana")
+	return invokeKiln(ctx, true, "validate", "--variable=github_access_token=banana")
 }
 
 func invokeKiln(ctx context.Context, requireSuccess bool, args ...string) (context.Context, error) {

internal/acceptance/workflows/scenario/utilities.go

@@ -81,11 +81,11 @@ func getGithubTokenFromCLI() (string, error) {
 	cmd.Stderr = &out
 	err := cmd.Run()
 	if err != nil {
-		return "", fmt.Errorf("login to github using the CLI or set GITHUB_TOKEN")
+		return "", fmt.Errorf("login to github using the CLI or set GITHUB_ACCESS_TOKEN")
 	}
 	matches := regexp.MustCompile("(?m)^.*Token: (gho_.*)$").FindStringSubmatch(out.String())
 	if len(matches) == 0 {
-		return "", fmt.Errorf("login to github using the CLI or set GITHUB_TOKEN")
+		return "", fmt.Errorf("login to github using the CLI or set GITHUB_ACCESS_TOKEN")
 	}
 	return matches[1], nil
 }

internal/acceptance/workflows/testdata/tiles/v1/.github/workflows/release.yml

@@ -20,7 +20,7 @@ jobs:
       - name: Bake Tile
         env:
           KILN_VERSION: 0.68.3
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          GITHUB_ACCESS_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           TILE_VERSION: ${{ steps.vars.outputs.tag_name }}
         run: |          
           cd "${GITHUB_WORKSPACE}" || exit 1
@@ -36,8 +36,8 @@ jobs:
           
           echo "${TILE_VERSION}" > version
 
-          kiln fetch --variable github_token="${GITHUB_TOKEN}"
-          kiln validate --variable github_token="${GITHUB_TOKEN}"
+          kiln fetch --variable github_access_token="${GITHUB_ACCESS_TOKEN}"
+          kiln validate --variable github_access_token="${GITHUB_ACCESS_TOKEN}"
           kiln bake
 
       - name: Create GitHub Release

internal/acceptance/workflows/updating_releases.feature

@@ -6,7 +6,7 @@ Feature: As a dependabot, I want to update a BOSH Release
     When I invoke kiln
       | find-release-version                      |
       | --release=hello-release                   |
-      | --variable=github_token="${GITHUB_TOKEN}" |
+      | --variable=github_access_token="${GITHUB_ACCESS_TOKEN}" |
     Then stdout contains substring: "0.2.3"
 
   Scenario: Find a version on bosh.io
@@ -15,7 +15,7 @@ Feature: As a dependabot, I want to update a BOSH Release
     When I invoke kiln
       | find-release-version                      |
       | --release=bpm                             |
-      | --variable=github_token="${GITHUB_TOKEN}" |
+      | --variable=github_access_token="${GITHUB_ACCESS_TOKEN}" |
     Then stdout contains substring: "1.1.18"
 
   Scenario: Update a component to a new release
@@ -27,6 +27,6 @@ Feature: As a dependabot, I want to update a BOSH Release
       | --name=hello-release                      |
       | --version=v0.2.3                          |
       | --without-download                        |
-      | --variable=github_token="${GITHUB_TOKEN}" |
+      | --variable=github_access_token="${GITHUB_ACCESS_TOKEN}" |
     Then the Kilnfile.lock specifies version "0.2.3" for release "hello-release"
     And kiln validate succeeds

internal/acceptance/workflows/updating_stemcell.feature

@@ -10,7 +10,7 @@ Feature: As a dependabot, I want to update a stemcell
     And I set the Kilnfile stemcell version constraint to "=< 1.341"
     When I invoke kiln
       | find-stemcell-version                     |
-      | --variable=github_token="${GITHUB_TOKEN}" |
+      | --variable=github_access_token="${GITHUB_ACCESS_TOKEN}" |
     Then stdout contains substring: "1.340"
 
   Scenario: Update the stemcell
@@ -20,5 +20,5 @@ Feature: As a dependabot, I want to update a stemcell
     When I invoke kiln
       | update-stemcell                           |
       | --version=1.340                         |
-      | --variable=github_token="${GITHUB_TOKEN}" |
+      | --variable=github_access_token="${GITHUB_ACCESS_TOKEN}" |
     Then "Kilnfile.lock" contains substring: version: "1.340"

internal/commands/generate_osm_manifest.go

@@ -29,7 +29,7 @@ type OSM struct {
 	Options struct {
 		flags.Standard
 		NoDownload  bool   `short:"nd" long:"no-download" default:"false" description:"Do not download & zip the packages"`
-		GithubToken string `short:"g" long:"github-token" description:"Auth token for fetching specified Github packages" env:"GITHUB_TOKEN"`
+		GithubToken string `short:"g" long:"github_access_token" description:"Auth token for fetching specified Github packages" env:"GITHUB_ACCESS_TOKEN"`
 		Only        string `short:"o" long:"only" default:"" description:"Only download the specified package name, must be used with --url to specify package Github URL"`
 		Url         string `short:"u" long:"url" default:"" description:"Github URL for package specified by --only"`
 	}

internal/commands/release_notes.go

@@ -107,7 +107,7 @@ func (r ReleaseNotes) Execute(args []string) error {
 
 	var client *github.Client
 
-	client, err = gh.Client(ctx, r.repoHost, r.Options.GithubAccessToken, r.Options.GithubEnterpriseAccessToken)
+	client, err = gh.GitClient(ctx, r.repoHost, r.Options.GithubAccessToken, r.Options.GithubEnterpriseAccessToken)
 	if err != nil {
 		return fmt.Errorf("failed to setup github client: %w", err)
 	}

internal/component/github_release_source.go

@@ -43,7 +43,7 @@ func NewGithubReleaseSource(c cargo.ReleaseSourceConfig) *GithubReleaseSource {
 	if c.Org == "" {
 		panic("no github org passed for github release source")
 	}
-	githubClient, err := gh.Client(context.TODO(), "", c.GithubToken, c.GithubToken) // host is github.com by default
+	githubClient, err := gh.Client(context.TODO(), c.GithubToken)
 	if err != nil {
 		panic(err)
 	}

internal/component/github_release_source_test.go

@@ -24,7 +24,7 @@ func TestListAllOfTheCrap(t *testing.T) {
 
 	grs := component.NewGithubReleaseSource(cargo.ReleaseSourceConfig{
 		Type:        component.ReleaseSourceTypeGithub,
-		GithubToken: os.Getenv("GITHUB_TOKEN"),
+		GithubToken: os.Getenv("GITHUB_ACCESS_TOKEN"),
 		Org:         "cloudfoundry",
 	})
 	// grs.ListAllOfTheCrap(context.TODO(), "cloudfoundry")
@@ -535,7 +535,7 @@ func TestDownloadReleaseAsset(t *testing.T) {
 
 	grs := component.NewGithubReleaseSource(cargo.ReleaseSourceConfig{
 		Type:        component.ReleaseSourceTypeGithub,
-		GithubToken: os.Getenv("GITHUB_TOKEN"),
+		GithubToken: os.Getenv("GITHUB_ACCESS_TOKEN"),
 		Org:         "cloudfoundry",
 	})
 	testLock, err := grs.GetMatchedRelease(cargo.BOSHReleaseTarballSpecification{Name: "routing", Version: "0.226.0", GitHubRepository: "https://github.com/cloudfoundry/routing-release"})

internal/gh/client.go

@@ -11,12 +11,27 @@ import (
 )
 
 /* Client
+
+This method doesn't support creating a GitHub Client based on the host and is soon to be deprecated. Kindly use the GitClient
+method below
+*/
+
+func Client(ctx context.Context, githubAccessToken string) (*github.Client, error) {
+	client, err := GitClient(ctx, "", githubAccessToken, githubAccessToken)
+	if err != nil {
+		return nil, err
+	}
+	return client, nil
+}
+
+/* GitClient
+
 Creates a GitHub client based on the host.
 If host = GitHub Enterprise Host, uses githubEnterpriseAccessToken
 Else it assumes host as GitHub.com and uses githubAccessToken
 */
 
-func Client(ctx context.Context, host, githubAccessToken string, githubEnterpriseAccessToken string) (*github.Client, error) {
+func GitClient(ctx context.Context, host, githubAccessToken string, githubEnterpriseAccessToken string) (*github.Client, error) {
 	if host != "" && strings.HasSuffix(host, "broadcom.net") {
 		if githubEnterpriseAccessToken == "" {
 			return nil, errors.New("github enterprise access token is absent")

internal/gh/client_test.go

@@ -10,10 +10,10 @@ import (
 )
 
 func TestClient(t *testing.T) {
-	t.Run("when the host is empty", func(t *testing.T) {
+	t.Run("when the host is empty - backward compatibility", func(t *testing.T) {
 		ctx := context.Background()
 		token := "xxx"
-		ghClient, err := gh.Client(ctx, "", token, token)
+		ghClient, err := gh.Client(ctx, token)
 		require.NoError(t, err)
 		require.NotNil(t, ghClient.Client())
 		assert.Contains(t, ghClient.BaseURL.String(), "https://api.github.com")
@@ -22,7 +22,7 @@ func TestClient(t *testing.T) {
 	t.Run("when the host point to enterprise github", func(t *testing.T) {
 		ctx := context.Background()
 		token := "xxx"
-		ghClient, err := gh.Client(ctx, "https://broadcom.net", token, token)
+		ghClient, err := gh.GitClient(ctx, "https://broadcom.net", token, token)
 		require.NoError(t, err)
 		require.NotNil(t, ghClient.Client())
 		assert.Contains(t, ghClient.BaseURL.String(), "https://broadcom.net")
@@ -31,7 +31,7 @@ func TestClient(t *testing.T) {
 	t.Run("when the host point to non-enterprise random github", func(t *testing.T) {
 		ctx := context.Background()
 		token := "xxx"
-		ghClient, err := gh.Client(ctx, "https://example.com", token, token)
+		ghClient, err := gh.GitClient(ctx, "https://example.com", token, token)
 		require.Error(t, err, "github host not recognized")
 		require.Nil(t, ghClient)
 	})

pkg/cargo/bump.go

@@ -204,7 +204,7 @@ func getGithubRepositoryClientForRelease(kf Kilnfile) func(ctx context.Context,
 		// client.Repositories
 		for _, releaseSourceConfig := range kf.ReleaseSources {
 			if releaseSourceConfig.Type == BOSHReleaseTarballSourceTypeGithub && releaseSourceConfig.Org == owner {
-				client, err := gh.Client(ctx, host, releaseSourceConfig.GithubToken, releaseSourceConfig.GithubToken)
+				client, err := gh.Client(ctx, releaseSourceConfig.GithubToken)
 				if err != nil {
 					return nil, err
 				}

pkg/notes/notes_data.go

@@ -330,7 +330,7 @@ type issuesService interface {
 // manual test to ensure it continues to behave as expected during refactors.
 //
 // The function can be tested by generating release notes for a tile with issue ids and a milestone set. The happy path
-// test for Execute does not set GithubToken intentionally so this code is not triggered and Execute does not actually
+// test for Execute does not set GithubAccessToken/GithubEnterprisesAccessToken intentionally so this code is not triggered and Execute does not actually
 // reach out to GitHub.
 func (r fetchNotesData) fetchIssuesAndReleaseNotes(ctx context.Context, finalKF, wtKF cargo.Kilnfile, bumpList cargo.BumpList, issuesQuery IssuesQuery) ([]*github.Issue, cargo.BumpList, error) {
 	if r.issuesService == nil {

pkg/notes/notes_data_test.go

@@ -25,7 +25,7 @@ import (
 func Test_fetch_for_ist_tas(t *testing.T) {
 	please := NewWithT(t)
 
-	t.Setenv("GITHUB_TOKEN", "")
+	t.Setenv("GITHUB_ACCESS_TOKEN", "")
 
 	repo, _ := git.Init(memory.NewStorage(), memfs.New())
 
@@ -152,7 +152,7 @@ func Test_fetch_for_ist_tas(t *testing.T) {
 func Test_fetch_for_tasw(t *testing.T) {
 	please := NewWithT(t)
 
-	t.Setenv("GITHUB_TOKEN", "")
+	t.Setenv("GITHUB_ACCESS_TOKEN", "")
 
 	repo, _ := git.Init(memory.NewStorage(), memfs.New())
 

scripts/test.sh

@@ -19,9 +19,9 @@ function main() {
     golangci-lint run ./...
 
     set +x
-    echo "Setting GITHUB_TOKEN with 'gh auth token'"
-    export GITHUB_TOKEN
-    GITHUB_TOKEN="$(gh auth token)"
+    echo "Setting GITHUB_ACCESS_TOKEN with 'gh auth token'"
+    export GITHUB_ACCESS_TOKEN
+    GITHUB_ACCESS_TOKEN="$(gh auth token)"
     set -x
 
     go test -v -count=1 -tags acceptance --timeout=25m ./internal/acceptance/workflows