diff --git a/.github/workflows/create-debugging-artifact.yml b/.github/workflows/create-debugging-artifact.yml index f95e553d..3a1bde75 100644 --- a/.github/workflows/create-debugging-artifact.yml +++ b/.github/workflows/create-debugging-artifact.yml @@ -40,7 +40,6 @@ jobs: env: RELEEN_GITHUB_TOKEN: ${{ secrets.RELEEN_GITHUB_TOKEN }} run: | - export GITHUB_TOKEN="${RELEEN_GITHUB_TOKEN}" export GITHUB_ACCESS_TOKEN="${RELEEN_GITHUB_TOKEN}" go test ./... @@ -50,7 +49,7 @@ jobs: RELEEN_GITHUB_TOKEN: ${{ secrets.RELEEN_GITHUB_TOKEN }} run: | set -euo pipefail - export GITHUB_TOKEN="${RELEEN_GITHUB_TOKEN}" + export GITHUB_ACCESS_TOKEN="${RELEEN_GITHUB_TOKEN}" set -x go test --run '(using_kiln|baking_a_tile|generating_release_notes|updating_)' \ diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index e084ff40..2497785b 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -37,7 +37,6 @@ jobs: env: RELEEN_GITHUB_TOKEN: ${{ secrets.RELEEN_GITHUB_TOKEN }} run: | - export GITHUB_TOKEN="${RELEEN_GITHUB_TOKEN}" export GITHUB_ACCESS_TOKEN="${RELEEN_GITHUB_TOKEN}" go test --covermode=atomic --coverprofile=kiln-${{github.sha}}-unit-test-code-coverage.out ./... @@ -53,7 +52,6 @@ jobs: RELEEN_GITHUB_TOKEN: ${{ secrets.RELEEN_GITHUB_TOKEN }} run: | set -euo pipefail - export GITHUB_TOKEN="${RELEEN_GITHUB_TOKEN}" export GITHUB_ACCESS_TOKEN="${RELEEN_GITHUB_TOKEN}" set -x @@ -81,6 +79,5 @@ jobs: version: latest args: release --rm-dist env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - GITHUB_ACCESS_TOKEN: ${{ secrets.GITHUB_TOKEN }} + GITHUB_ACCESS_TOKEN: ${{ secrets.GITHUB_ACCESS_TOKEN }} diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 3fde5151..fe11e43d 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -50,7 +50,6 @@ jobs: RELEEN_GITHUB_TOKEN: ${{ secrets.RELEEN_GITHUB_TOKEN }} run: | set -euo pipefail - export GITHUB_TOKEN="${RELEEN_GITHUB_TOKEN}" export GITHUB_ACCESS_TOKEN="${RELEEN_GITHUB_TOKEN}" set -x diff --git a/.goreleaser.yml b/.goreleaser.yml index 837baf7c..f99fe458 100644 --- a/.goreleaser.yml +++ b/.goreleaser.yml @@ -33,7 +33,7 @@ brews: tap: owner: pivotal-cf name: kiln - token: "{{ .Env.GITHUB_TOKEN }}" + token: "{{ .Env.GITHUB_ACCESS_TOKEN }}" folder: HomebrewFormula ids: - homebrew diff --git a/TILE_AUTHOR_GUIDE.md b/TILE_AUTHOR_GUIDE.md index 1893bc01..0a2ce3da 100644 --- a/TILE_AUTHOR_GUIDE.md +++ b/TILE_AUTHOR_GUIDE.md @@ -358,7 +358,7 @@ release_sources: - type: "github" id: crhntr # (optional) the default ID in this case is the value of org org: "crhntr" - github_token: $(variable "github_token") + github_token: $(variable "github_access_token") ``` **`github_token` is always required even for public repositories because we make API requests** @@ -371,10 +371,10 @@ You will need to add the following flag to most commands: ``` # Optional helper -export GITHUB_TOKEN="$(gh auth status --show-token 2>&1 | grep 'Token:' | awk '{print $NF}')" +export GITHUB_ACCESS_TOKEN="$(gh auth status --show-token 2>&1 | grep 'Token:' | awk '{print $NF}')" # Example Kiln variable flag -kiln fetch --variable="github_token=${GITHUB_TOKEN}" +kiln fetch --variable="github_access_token=${GITHUB_ACCESS_TOKEN}" ``` The value of `remote_path` in the BOSH release tarball lock is a URL. diff --git a/internal/acceptance/README.md b/internal/acceptance/README.md index 243de771..d830cc4a 100644 --- a/internal/acceptance/README.md +++ b/internal/acceptance/README.md @@ -25,11 +25,11 @@ go run github.com/onsi/ginkgo/ginkgo ### Workflows These are written in Go and use [godog](https://github.com/cucumber/godog) (a Cucumber test framework). -> PS: Export GITHUB_TOKEN as an env var before running the acceptance tests +> PS: Export GITHUB_ACCESS_TOKEN as an env var before running the acceptance tests ```bash # from anywhere in the repo you can run: -export GITHUB_TOKEN="$(gh auth token)" +export GITHUB_ACCESS_TOKEN="$(gh auth token)" go test -v --tags acceptance --timeout=1h github.com/pivotal-cf/kiln/internal/acceptance/workflows ``` diff --git a/internal/acceptance/workflows/baking_a_tile.feature b/internal/acceptance/workflows/baking_a_tile.feature index 77cd1658..1dc2c637 100644 --- a/internal/acceptance/workflows/baking_a_tile.feature +++ b/internal/acceptance/workflows/baking_a_tile.feature @@ -5,7 +5,7 @@ Feature: As a developer, I want to bake a tile When I invoke kiln | bake | | --final | - | --variable=github_token="${GITHUB_TOKEN}" | + | --variable=github_access_token="${GITHUB_ACCESS_TOKEN}" | Then a Tile is created And the Tile contains | metadata/metadata.yml | @@ -13,11 +13,11 @@ Feature: As a developer, I want to bake a tile | releases/bpm-1.2.12.tgz | | releases/hello-release-0.2.3.tgz | And "bake_records/0.2.0-dev.json" contains substring: "version": "0.2.0-dev" - And "bake_records/0.2.0-dev.json" contains substring: "source_revision": "6d5069f9dfb954ff77bb16c5aee670b9909f154a" + And "bake_records/0.2.0-dev.json" contains substring: "source_revision": "896c44a006a24d8601ed09fd871b1a4423636d77" And "bake_records/0.2.0-dev.json" contains substring: "tile_directory": "." And "bake_records/0.2.0-dev.json" contains substring: "kiln_version": "0.0.0+acceptance-tests" - And "bake_records/0.2.0-dev.json" contains substring: "file_checksum": "c94e5749bf676f03ff10539956e9445d309647c5299b16dfe71cb522e9258f0d" - And "tile-0.2.0-dev.pivotal" has sha256 sum "c94e5749bf676f03ff10539956e9445d309647c5299b16dfe71cb522e9258f0d" + And "bake_records/0.2.0-dev.json" contains substring: "file_checksum": "6754bb95193e42cd5706f810c3fdb1beead88e2a01601bb222e3e98818f90e8a" + And "tile-0.2.0-dev.pivotal" has sha256 sum "6754bb95193e42cd5706f810c3fdb1beead88e2a01601bb222e3e98818f90e8a" Scenario: it reads directory configuration from Kilnfile Given I have a tile source directory "testdata/tiles/non-standard-paths" diff --git a/internal/acceptance/workflows/generating_release_notes.feature b/internal/acceptance/workflows/generating_release_notes.feature index 798b3e43..d257d859 100644 --- a/internal/acceptance/workflows/generating_release_notes.feature +++ b/internal/acceptance/workflows/generating_release_notes.feature @@ -10,7 +10,7 @@ Feature: As a robot, I want to generate release notes | --name=hello-release | | --version=v0.1.5 | | --without-download | - | --variable=github_access_token="${GITHUB_TOKEN}" | + | --variable=github_access_token="${GITHUB_ACCESS_TOKEN}" | And I write file "version" | 0.1.4 | And I execute git add Kilnfile.lock version @@ -25,7 +25,7 @@ Feature: As a robot, I want to generate release notes | version | | 0.1.3 | - And the environment variable "GITHUB_TOKEN" is set + And the environment variable "GITHUB_ACCESS_TOKEN" is set When I invoke kiln | release-notes | diff --git a/internal/acceptance/workflows/scenario/shared_state.go b/internal/acceptance/workflows/scenario/shared_state.go index f79444f2..4784ba0c 100644 --- a/internal/acceptance/workflows/scenario/shared_state.go +++ b/internal/acceptance/workflows/scenario/shared_state.go @@ -107,7 +107,7 @@ func loadGithubToken(ctx context.Context) (context.Context, error) { return ctx, nil } - token := os.Getenv("GITHUB_TOKEN") + token := os.Getenv("GITHUB_ACCESS_TOKEN") if token == "" { token, err = getGithubTokenFromCLI() if err != nil { diff --git a/internal/acceptance/workflows/scenario/step_funcs_github.go b/internal/acceptance/workflows/scenario/step_funcs_github.go index 6d2b9cdc..2589102e 100644 --- a/internal/acceptance/workflows/scenario/step_funcs_github.go +++ b/internal/acceptance/workflows/scenario/step_funcs_github.go @@ -13,7 +13,7 @@ func githubRepoHasReleaseWithTag(ctx context.Context, repoOrg, repoName, tag str if err != nil { return err } - ghAPI, err := gh.Client(ctx, "", accessToken, accessToken) + ghAPI, err := gh.Client(ctx, accessToken) if err != nil { return fmt.Errorf("failed to setup github client: %w", err) } diff --git a/internal/acceptance/workflows/scenario/step_funcs_kiln.go b/internal/acceptance/workflows/scenario/step_funcs_kiln.go index bf457fdc..5e9cad2b 100644 --- a/internal/acceptance/workflows/scenario/step_funcs_kiln.go +++ b/internal/acceptance/workflows/scenario/step_funcs_kiln.go @@ -19,7 +19,7 @@ func iTryToInvokeKiln(ctx context.Context, table *godog.Table) (context.Context, } func kilnValidateSucceeds(ctx context.Context) (context.Context, error) { - return invokeKiln(ctx, true, "validate", "--variable=github_token=banana") + return invokeKiln(ctx, true, "validate", "--variable=github_access_token=banana") } func invokeKiln(ctx context.Context, requireSuccess bool, args ...string) (context.Context, error) { diff --git a/internal/acceptance/workflows/scenario/utilities.go b/internal/acceptance/workflows/scenario/utilities.go index 905c03c2..568768ae 100644 --- a/internal/acceptance/workflows/scenario/utilities.go +++ b/internal/acceptance/workflows/scenario/utilities.go @@ -81,11 +81,11 @@ func getGithubTokenFromCLI() (string, error) { cmd.Stderr = &out err := cmd.Run() if err != nil { - return "", fmt.Errorf("login to github using the CLI or set GITHUB_TOKEN") + return "", fmt.Errorf("login to github using the CLI or set GITHUB_ACCESS_TOKEN") } matches := regexp.MustCompile("(?m)^.*Token: (gho_.*)$").FindStringSubmatch(out.String()) if len(matches) == 0 { - return "", fmt.Errorf("login to github using the CLI or set GITHUB_TOKEN") + return "", fmt.Errorf("login to github using the CLI or set GITHUB_ACCESS_TOKEN") } return matches[1], nil } diff --git a/internal/acceptance/workflows/testdata/tiles/v1/.github/workflows/release.yml b/internal/acceptance/workflows/testdata/tiles/v1/.github/workflows/release.yml index f8678197..2fa68e87 100644 --- a/internal/acceptance/workflows/testdata/tiles/v1/.github/workflows/release.yml +++ b/internal/acceptance/workflows/testdata/tiles/v1/.github/workflows/release.yml @@ -20,7 +20,7 @@ jobs: - name: Bake Tile env: KILN_VERSION: 0.68.3 - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + GITHUB_ACCESS_TOKEN: ${{ secrets.GITHUB_TOKEN }} TILE_VERSION: ${{ steps.vars.outputs.tag_name }} run: | cd "${GITHUB_WORKSPACE}" || exit 1 @@ -36,8 +36,8 @@ jobs: echo "${TILE_VERSION}" > version - kiln fetch --variable github_token="${GITHUB_TOKEN}" - kiln validate --variable github_token="${GITHUB_TOKEN}" + kiln fetch --variable github_access_token="${GITHUB_ACCESS_TOKEN}" + kiln validate --variable github_access_token="${GITHUB_ACCESS_TOKEN}" kiln bake - name: Create GitHub Release diff --git a/internal/acceptance/workflows/updating_releases.feature b/internal/acceptance/workflows/updating_releases.feature index 7f60254b..ac2bef48 100644 --- a/internal/acceptance/workflows/updating_releases.feature +++ b/internal/acceptance/workflows/updating_releases.feature @@ -6,7 +6,7 @@ Feature: As a dependabot, I want to update a BOSH Release When I invoke kiln | find-release-version | | --release=hello-release | - | --variable=github_token="${GITHUB_TOKEN}" | + | --variable=github_access_token="${GITHUB_ACCESS_TOKEN}" | Then stdout contains substring: "0.2.3" Scenario: Find a version on bosh.io @@ -15,7 +15,7 @@ Feature: As a dependabot, I want to update a BOSH Release When I invoke kiln | find-release-version | | --release=bpm | - | --variable=github_token="${GITHUB_TOKEN}" | + | --variable=github_access_token="${GITHUB_ACCESS_TOKEN}" | Then stdout contains substring: "1.1.18" Scenario: Update a component to a new release @@ -27,6 +27,6 @@ Feature: As a dependabot, I want to update a BOSH Release | --name=hello-release | | --version=v0.2.3 | | --without-download | - | --variable=github_token="${GITHUB_TOKEN}" | + | --variable=github_access_token="${GITHUB_ACCESS_TOKEN}" | Then the Kilnfile.lock specifies version "0.2.3" for release "hello-release" And kiln validate succeeds diff --git a/internal/acceptance/workflows/updating_stemcell.feature b/internal/acceptance/workflows/updating_stemcell.feature index 6f9365a9..c206e208 100644 --- a/internal/acceptance/workflows/updating_stemcell.feature +++ b/internal/acceptance/workflows/updating_stemcell.feature @@ -10,7 +10,7 @@ Feature: As a dependabot, I want to update a stemcell And I set the Kilnfile stemcell version constraint to "=< 1.341" When I invoke kiln | find-stemcell-version | - | --variable=github_token="${GITHUB_TOKEN}" | + | --variable=github_access_token="${GITHUB_ACCESS_TOKEN}" | Then stdout contains substring: "1.340" Scenario: Update the stemcell @@ -20,5 +20,5 @@ Feature: As a dependabot, I want to update a stemcell When I invoke kiln | update-stemcell | | --version=1.340 | - | --variable=github_token="${GITHUB_TOKEN}" | + | --variable=github_access_token="${GITHUB_ACCESS_TOKEN}" | Then "Kilnfile.lock" contains substring: version: "1.340" diff --git a/internal/commands/generate_osm_manifest.go b/internal/commands/generate_osm_manifest.go index e7bdb141..064daf6a 100644 --- a/internal/commands/generate_osm_manifest.go +++ b/internal/commands/generate_osm_manifest.go @@ -29,7 +29,7 @@ type OSM struct { Options struct { flags.Standard NoDownload bool `short:"nd" long:"no-download" default:"false" description:"Do not download & zip the packages"` - GithubToken string `short:"g" long:"github-token" description:"Auth token for fetching specified Github packages" env:"GITHUB_TOKEN"` + GithubToken string `short:"g" long:"github_access_token" description:"Auth token for fetching specified Github packages" env:"GITHUB_ACCESS_TOKEN"` Only string `short:"o" long:"only" default:"" description:"Only download the specified package name, must be used with --url to specify package Github URL"` Url string `short:"u" long:"url" default:"" description:"Github URL for package specified by --only"` } diff --git a/internal/commands/release_notes.go b/internal/commands/release_notes.go index 3e13a8ee..7cb1f3b4 100644 --- a/internal/commands/release_notes.go +++ b/internal/commands/release_notes.go @@ -107,7 +107,7 @@ func (r ReleaseNotes) Execute(args []string) error { var client *github.Client - client, err = gh.Client(ctx, r.repoHost, r.Options.GithubAccessToken, r.Options.GithubEnterpriseAccessToken) + client, err = gh.GitClient(ctx, r.repoHost, r.Options.GithubAccessToken, r.Options.GithubEnterpriseAccessToken) if err != nil { return fmt.Errorf("failed to setup github client: %w", err) } diff --git a/internal/component/github_release_source.go b/internal/component/github_release_source.go index 759d42a8..793d38d8 100644 --- a/internal/component/github_release_source.go +++ b/internal/component/github_release_source.go @@ -43,7 +43,7 @@ func NewGithubReleaseSource(c cargo.ReleaseSourceConfig) *GithubReleaseSource { if c.Org == "" { panic("no github org passed for github release source") } - githubClient, err := gh.Client(context.TODO(), "", c.GithubToken, c.GithubToken) // host is github.com by default + githubClient, err := gh.Client(context.TODO(), c.GithubToken) if err != nil { panic(err) } diff --git a/internal/component/github_release_source_test.go b/internal/component/github_release_source_test.go index d121429c..a94180b0 100644 --- a/internal/component/github_release_source_test.go +++ b/internal/component/github_release_source_test.go @@ -24,7 +24,7 @@ func TestListAllOfTheCrap(t *testing.T) { grs := component.NewGithubReleaseSource(cargo.ReleaseSourceConfig{ Type: component.ReleaseSourceTypeGithub, - GithubToken: os.Getenv("GITHUB_TOKEN"), + GithubToken: os.Getenv("GITHUB_ACCESS_TOKEN"), Org: "cloudfoundry", }) // grs.ListAllOfTheCrap(context.TODO(), "cloudfoundry") @@ -535,7 +535,7 @@ func TestDownloadReleaseAsset(t *testing.T) { grs := component.NewGithubReleaseSource(cargo.ReleaseSourceConfig{ Type: component.ReleaseSourceTypeGithub, - GithubToken: os.Getenv("GITHUB_TOKEN"), + GithubToken: os.Getenv("GITHUB_ACCESS_TOKEN"), Org: "cloudfoundry", }) testLock, err := grs.GetMatchedRelease(cargo.BOSHReleaseTarballSpecification{Name: "routing", Version: "0.226.0", GitHubRepository: "https://github.com/cloudfoundry/routing-release"}) diff --git a/internal/gh/client.go b/internal/gh/client.go index cea9962a..cf8e3234 100644 --- a/internal/gh/client.go +++ b/internal/gh/client.go @@ -11,12 +11,27 @@ import ( ) /* Client + +This method doesn't support creating a GitHub Client based on the host and is soon to be deprecated. Kindly use the GitClient +method below +*/ + +func Client(ctx context.Context, githubAccessToken string) (*github.Client, error) { + client, err := GitClient(ctx, "", githubAccessToken, githubAccessToken) + if err != nil { + return nil, err + } + return client, nil +} + +/* GitClient + Creates a GitHub client based on the host. If host = GitHub Enterprise Host, uses githubEnterpriseAccessToken Else it assumes host as GitHub.com and uses githubAccessToken */ -func Client(ctx context.Context, host, githubAccessToken string, githubEnterpriseAccessToken string) (*github.Client, error) { +func GitClient(ctx context.Context, host, githubAccessToken string, githubEnterpriseAccessToken string) (*github.Client, error) { if host != "" && strings.HasSuffix(host, "broadcom.net") { if githubEnterpriseAccessToken == "" { return nil, errors.New("github enterprise access token is absent") diff --git a/internal/gh/client_test.go b/internal/gh/client_test.go index fe7b996a..5b449595 100644 --- a/internal/gh/client_test.go +++ b/internal/gh/client_test.go @@ -10,10 +10,10 @@ import ( ) func TestClient(t *testing.T) { - t.Run("when the host is empty", func(t *testing.T) { + t.Run("when the host is empty - backward compatibility", func(t *testing.T) { ctx := context.Background() token := "xxx" - ghClient, err := gh.Client(ctx, "", token, token) + ghClient, err := gh.Client(ctx, token) require.NoError(t, err) require.NotNil(t, ghClient.Client()) assert.Contains(t, ghClient.BaseURL.String(), "https://api.github.com") @@ -22,7 +22,7 @@ func TestClient(t *testing.T) { t.Run("when the host point to enterprise github", func(t *testing.T) { ctx := context.Background() token := "xxx" - ghClient, err := gh.Client(ctx, "https://broadcom.net", token, token) + ghClient, err := gh.GitClient(ctx, "https://broadcom.net", token, token) require.NoError(t, err) require.NotNil(t, ghClient.Client()) assert.Contains(t, ghClient.BaseURL.String(), "https://broadcom.net") @@ -31,7 +31,7 @@ func TestClient(t *testing.T) { t.Run("when the host point to non-enterprise random github", func(t *testing.T) { ctx := context.Background() token := "xxx" - ghClient, err := gh.Client(ctx, "https://example.com", token, token) + ghClient, err := gh.GitClient(ctx, "https://example.com", token, token) require.Error(t, err, "github host not recognized") require.Nil(t, ghClient) }) diff --git a/pkg/cargo/bump.go b/pkg/cargo/bump.go index 0f80bc68..231295e0 100644 --- a/pkg/cargo/bump.go +++ b/pkg/cargo/bump.go @@ -204,7 +204,7 @@ func getGithubRepositoryClientForRelease(kf Kilnfile) func(ctx context.Context, // client.Repositories for _, releaseSourceConfig := range kf.ReleaseSources { if releaseSourceConfig.Type == BOSHReleaseTarballSourceTypeGithub && releaseSourceConfig.Org == owner { - client, err := gh.Client(ctx, host, releaseSourceConfig.GithubToken, releaseSourceConfig.GithubToken) + client, err := gh.Client(ctx, releaseSourceConfig.GithubToken) if err != nil { return nil, err } diff --git a/pkg/notes/notes_data.go b/pkg/notes/notes_data.go index de8ee221..3be42c20 100644 --- a/pkg/notes/notes_data.go +++ b/pkg/notes/notes_data.go @@ -330,7 +330,7 @@ type issuesService interface { // manual test to ensure it continues to behave as expected during refactors. // // The function can be tested by generating release notes for a tile with issue ids and a milestone set. The happy path -// test for Execute does not set GithubToken intentionally so this code is not triggered and Execute does not actually +// test for Execute does not set GithubAccessToken/GithubEnterprisesAccessToken intentionally so this code is not triggered and Execute does not actually // reach out to GitHub. func (r fetchNotesData) fetchIssuesAndReleaseNotes(ctx context.Context, finalKF, wtKF cargo.Kilnfile, bumpList cargo.BumpList, issuesQuery IssuesQuery) ([]*github.Issue, cargo.BumpList, error) { if r.issuesService == nil { diff --git a/pkg/notes/notes_data_test.go b/pkg/notes/notes_data_test.go index 6a2c5141..ed397b8a 100644 --- a/pkg/notes/notes_data_test.go +++ b/pkg/notes/notes_data_test.go @@ -25,7 +25,7 @@ import ( func Test_fetch_for_ist_tas(t *testing.T) { please := NewWithT(t) - t.Setenv("GITHUB_TOKEN", "") + t.Setenv("GITHUB_ACCESS_TOKEN", "") repo, _ := git.Init(memory.NewStorage(), memfs.New()) @@ -152,7 +152,7 @@ func Test_fetch_for_ist_tas(t *testing.T) { func Test_fetch_for_tasw(t *testing.T) { please := NewWithT(t) - t.Setenv("GITHUB_TOKEN", "") + t.Setenv("GITHUB_ACCESS_TOKEN", "") repo, _ := git.Init(memory.NewStorage(), memfs.New()) diff --git a/scripts/test.sh b/scripts/test.sh index d75addda..81cc83d9 100755 --- a/scripts/test.sh +++ b/scripts/test.sh @@ -19,9 +19,9 @@ function main() { golangci-lint run ./... set +x - echo "Setting GITHUB_TOKEN with 'gh auth token'" - export GITHUB_TOKEN - GITHUB_TOKEN="$(gh auth token)" + echo "Setting GITHUB_ACCESS_TOKEN with 'gh auth token'" + export GITHUB_ACCESS_TOKEN + GITHUB_ACCESS_TOKEN="$(gh auth token)" set -x go test -v -count=1 -tags acceptance --timeout=25m ./internal/acceptance/workflows