Skip to content
Merged
Show file tree
Hide file tree
Changes from 1 commit
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion .github/linters/.markdown-lint.yml
Original file line number Diff line number Diff line change
Expand Up @@ -8,4 +8,4 @@ MD024: false
# MD033/no-inline-html - Inline HTML
MD033:
# Allowed elements
allowed_elements: [br, li, ul]
allowed_elements: [br, li, ul]
14 changes: 8 additions & 6 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -79,11 +79,12 @@ This action can be configured to authenticate with GitHub App Installation or Pe

##### GitHub App Installation

| field | required | default | description |
| ------------------------ | -------- | ------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| `GH_APP_ID` | True | `""` | GitHub Application ID. See [documentation](https://docs.github.com/en/apps/creating-github-apps/authenticating-with-a-github-app/about-authentication-with-a-github-app) for more details. |
| `GH_APP_INSTALLATION_ID` | True | `""` | GitHub Application Installation ID. See [documentation](https://docs.github.com/en/apps/creating-github-apps/authenticating-with-a-github-app/about-authentication-with-a-github-app) for more details. |
| `GH_APP_PRIVATE_KEY` | True | `""` | GitHub Application Private Key. See [documentation](https://docs.github.com/en/apps/creating-github-apps/authenticating-with-a-github-app/about-authentication-with-a-github-app) for more details. |
| field | required | default | description |
| ---------------------------- | -------- | ------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| `GH_APP_ID` | True | `""` | GitHub Application ID. See [documentation](https://docs.github.com/en/apps/creating-github-apps/authenticating-with-a-github-app/about-authentication-with-a-github-app) for more details. |
| `GH_APP_INSTALLATION_ID` | True | `""` | GitHub Application Installation ID. See [documentation](https://docs.github.com/en/apps/creating-github-apps/authenticating-with-a-github-app/about-authentication-with-a-github-app) for more details. |
| `GH_APP_PRIVATE_KEY` | True | `""` | GitHub Application Private Key. See [documentation](https://docs.github.com/en/apps/creating-github-apps/authenticating-with-a-github-app/about-authentication-with-a-github-app) for more details. |
| `GITHUB_APP_ENTERPRISE_ONLY` | False | false | Set this input to `true` if your app is created in GHE and communicates with GHE. |

The needed GitHub app permissions are the following:

Expand Down Expand Up @@ -221,8 +222,9 @@ jobs:
GH_APP_ID: ${{ secrets.GH_APP_ID }}
GH_APP_INSTALLATION_ID: ${{ secrets.GH_APP_INSTALLATION_ID }}
GH_APP_PRIVATE_KEY: ${{ secrets.GH_APP_PRIVATE_KEY }}
# GITHUB_APP_ENTERPRISE_ONLY: True --> Set to true when created GHE App needs to communicate with GHE api
GH_ENTERPRISE_URL: ${{ github.server_url }}
# GH_TOKEN: ${{ steps.app-token.outputs.token }} the token input is not used if the github app inputs are set
# GH_TOKEN: ${{ steps.app-token.outputs.token }} --> the token input is not used if the github app inputs are set
ORGANIZATION: your_organization
UPDATE_EXISTING: True
GROUP_DEPENDENCIES: True
Expand Down
9 changes: 8 additions & 1 deletion auth.py
Original file line number Diff line number Diff line change
@@ -1,15 +1,21 @@
"""This is the module that contains functions related to authenticating to GitHub with a personal access token."""

import logging
import logging.config

import github3
import requests

logging.basicConfig(level=logging.DEBUG)


def auth_to_github(
token: str,
gh_app_id: int | None,
gh_app_installation_id: int | None,
gh_app_private_key_bytes: bytes,
ghe: str,
gh_app_enterprise_only: bool,
) -> github3.GitHub:
"""
Connect to GitHub.com or GitHub Enterprise, depending on env variables.
Expand All @@ -20,12 +26,13 @@ def auth_to_github(
gh_app_installation_id (int | None): the GitHub App Installation ID
gh_app_private_key_bytes (bytes): the GitHub App Private Key
ghe (str): the GitHub Enterprise URL
gh_app_enterprise_only (bool): Set this to true if the GH APP is created on GHE and needs to communicate with GHE api only

Returns:
github3.GitHub: the GitHub connection object
"""
if gh_app_id and gh_app_private_key_bytes and gh_app_installation_id:
if ghe:
if ghe and gh_app_enterprise_only:
gh = github3.github.GitHubEnterprise(url=ghe)
else:
gh = github3.github.GitHub()
Expand Down
4 changes: 4 additions & 0 deletions env.py
Original file line number Diff line number Diff line change
Expand Up @@ -98,6 +98,7 @@ def get_env_vars(
int | None,
int | None,
bytes,
bool,
str,
str,
list[str],
Expand Down Expand Up @@ -132,6 +133,7 @@ def get_env_vars(
gh_app_id (int | None): The GitHub App ID to use for authentication
gh_app_installation_id (int | None): The GitHub App Installation ID to use for authentication
gh_app_private_key_bytes (bytes): The GitHub App Private Key as bytes to use for authentication
gh_app_enterprise_only (bool): Set this to true if the GH APP is created on GHE and needs to communicate with GHE api only
token (str): The GitHub token to use for authentication
ghe (str): The GitHub Enterprise URL to use for authentication
exempt_repositories_list (list[str]): A list of repositories to exempt from the action
Expand Down Expand Up @@ -183,6 +185,7 @@ def get_env_vars(
gh_app_id = get_int_env_var("GH_APP_ID")
gh_app_private_key_bytes = os.environ.get("GH_APP_PRIVATE_KEY", "").encode("utf8")
gh_app_installation_id = get_int_env_var("GH_APP_INSTALLATION_ID")
gh_app_enterprise_only = get_bool_env_var("GITHUB_APP_ENTERPRISE_ONLY")

if gh_app_id and (not gh_app_private_key_bytes or not gh_app_installation_id):
raise ValueError(
Expand Down Expand Up @@ -340,6 +343,7 @@ def get_env_vars(
gh_app_id,
gh_app_installation_id,
gh_app_private_key_bytes,
gh_app_enterprise_only,
token,
ghe,
exempt_repositories_list,
Expand Down
8 changes: 7 additions & 1 deletion evergreen.py
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,7 @@ def main(): # pragma: no cover
gh_app_id,
gh_app_installation_id,
gh_app_private_key,
gh_app_enterprise_only,
token,
ghe,
exempt_repositories_list,
Expand All @@ -46,7 +47,12 @@ def main(): # pragma: no cover

# Auth to GitHub.com or GHE
github_connection = auth.auth_to_github(
token, gh_app_id, gh_app_installation_id, gh_app_private_key, ghe
token,
gh_app_id,
gh_app_installation_id,
gh_app_private_key,
ghe,
gh_app_enterprise_only,
)

if not token and gh_app_id and gh_app_installation_id and gh_app_private_key:
Expand Down
34 changes: 31 additions & 3 deletions test_auth.py
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,7 @@ def test_auth_to_github_with_token(self, mock_login):
"""
mock_login.return_value = "Authenticated to GitHub.com"

result = auth.auth_to_github("token", "", "", b"", "")
result = auth.auth_to_github("token", "", "", b"", "", False)

self.assertEqual(result, "Authenticated to GitHub.com")

Expand All @@ -28,7 +28,7 @@ def test_auth_to_github_without_token(self):
Expect a ValueError to be raised.
"""
with self.assertRaises(ValueError) as context_manager:
auth.auth_to_github("", "", "", b"", "")
auth.auth_to_github("", "", "", b"", "", False)
the_exception = context_manager.exception
self.assertEqual(
str(the_exception),
Expand All @@ -41,10 +41,38 @@ def test_auth_to_github_with_ghe(self, mock_ghe):
Test the auth_to_github function when the GitHub Enterprise URL is provided.
"""
mock_ghe.return_value = "Authenticated to GitHub Enterprise"
result = auth.auth_to_github("token", "", "", b"", "https://github.example.com")
result = auth.auth_to_github(
"token", "", "", b"", "https://github.example.com", False
)

self.assertEqual(result, "Authenticated to GitHub Enterprise")

@patch("github3.github.GitHubEnterprise")
def test_auth_to_github_with_ghe_and_ghe_app(self, mock_ghe):
"""
Test the auth_to_github function when the GitHub Enterprise URL is provided and the app was created in GitHub Enterprise URL.
"""
mock = mock_ghe.return_value
mock.login_as_app_installation = MagicMock(return_value=True)
result = auth.auth_to_github(
"", "123", "123", b"123", "https://github.example.com", True
)
mock.login_as_app_installation.assert_called_once()
self.assertEqual(result, mock)

@patch("github3.github.GitHub")
def test_auth_to_github_with_app(self, mock_gh):
"""
Test the auth_to_github function when app credentials are provided
"""
mock = mock_gh.return_value
mock.login_as_app_installation = MagicMock(return_value=True)
result = auth.auth_to_github(
"", "123", "123", b"123", "https://github.example.com", False
)
mock.login_as_app_installation.assert_called_once()
self.assertEqual(result, mock)

@patch("github3.apps.create_jwt_headers", MagicMock(return_value="gh_token"))
@patch("requests.post")
def test_get_github_app_installation_token(self, mock_post):
Expand Down
Loading