Skip to content

Commit

Permalink
GitHub: allow using different tokens for GHCR and API
Browse files Browse the repository at this point in the history
  • Loading branch information
@malt3
malt3 committed Jan 3, 2025
1 parent db824ea commit 07e23d9
Show file tree
Hide file tree
Showing 2 changed files with 20 additions and 5 deletions.
1 change: 1 addition & 0 deletions .github/workflows/ci.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -59,6 +59,7 @@ jobs:
run: bazelisk test "//examples:integration_tests"
env:
GH_TOKEN: ${{ secrets.GH_TOKEN }}
GHCR_TOKEN: ${{ secrets.GITHUB_TOKEN }}
R2_ACCESS_KEY_ID: ${{ secrets.R2_ACCESS_KEY_ID }}
R2_SECRET_ACCESS_KEY: ${{ secrets.R2_SECRET_ACCESS_KEY }}

Expand Down
24 changes: 19 additions & 5 deletions authenticate/github/github.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@ import (
type GitHub struct{}

func (g *GitHub) Resolver(ctx context.Context) (api.Resolver, error) {
source, err := selectTokenSource()
source, err := selectTokenSource(tokenPurposeAPI)
if err != nil {
return nil, err
}
Expand All @@ -48,7 +48,7 @@ func GitHubContainerRegistry() *oci.OCI {
},
}
resolver := func(ctx context.Context) (map[string]func(registry, service, realm string) (oci.AuthConfig, error), error) {
source, err := selectTokenSource()
source, err := selectTokenSource(tokenPurposeGHCR)
if err != nil {
return nil, err
}
Expand Down Expand Up @@ -149,7 +149,14 @@ type GitHubTokenSource struct {
token string
}

func NewGitHubTokenSourceFromEnv() (*GitHubTokenSource, error) {
func NewGitHubTokenSourceFromEnv(purpose tokenPurpose) (*GitHubTokenSource, error) {
if purpose == tokenPurposeGHCR {
token, ok := os.LookupEnv("GHCR_TOKEN")
if ok {
return &GitHubTokenSource{token: token}, nil
}
}

token, ok := os.LookupEnv("GH_TOKEN")
if ok {
return &GitHubTokenSource{token: token}, nil
Expand Down Expand Up @@ -216,8 +223,15 @@ type HostConfig struct {
OAuthToken string `json:"oauth_token"`
}

func selectTokenSource() (oauth2.TokenSource, error) {
if tokenSource, err := NewGitHubTokenSourceFromEnv(); err == nil {
type tokenPurpose string

const (
tokenPurposeAPI tokenPurpose = "api"
tokenPurposeGHCR tokenPurpose = "ghcr"
)

func selectTokenSource(purpose tokenPurpose) (oauth2.TokenSource, error) {
if tokenSource, err := NewGitHubTokenSourceFromEnv(purpose); err == nil {
logging.Basicf("using GitHub token from environment")
return tokenSource, nil
}
Expand Down

0 comments on commit 07e23d9

Please # to comment.