Refactor the inconsistent access token resolution between ENV and CLI args #1410
Refactor the inconsistent access token resolution between ENV and CLI args #1410theztefan wants to merge 2 commits intogithub:mainfrom
Conversation
There was a problem hiding this comment.
Pull Request Overview
This pull request standardizes GitHub Personal Access Token (PAT) resolution across all CLI commands by refactoring the inconsistent handling between command-line arguments and environment variables. The primary goal is to ensure CLI-provided tokens take precedence without requiring environment variables to be set.
Key changes include:
- Unified token resolution strategy with CLI args taking precedence over environment variables
- Consistent error handling with
throwIfNotFound=falsefor environment variable resolution - Centralized validation in factory classes with descriptive error messages
Reviewed Changes
Copilot reviewed 11 out of 11 changed files in this pull request and generated 4 comments.
Show a summary per file
| File | Description |
|---|---|
src/gei/Factories/SecretScanningAlertServiceFactory.cs |
Added consistent token resolution with fallback and validation logic |
src/gei/Factories/CodeScanningAlertServiceFactory.cs |
Added consistent token resolution with fallback and validation logic |
src/gei/Commands/MigrateSecretAlerts/MigrateSecretAlertsCommand.cs |
Removed redundant environment variable resolution from command handler |
src/gei/Commands/MigrateRepo/MigrateRepoCommandHandler.cs |
Updated to use throwIfNotFound=false for environment variable resolution |
src/gei/Commands/MigrateOrg/MigrateOrgCommandHandler.cs |
Updated to use throwIfNotFound=false for environment variable resolution |
src/gei/Commands/MigrateCodeScanningAlerts/MigrateCodeScanningAlertsCommand.cs |
Removed redundant environment variable resolution from command handler |
src/bbs2gh/Commands/MigrateRepo/MigrateRepoCommandHandler.cs |
Updated to use throwIfNotFound=false for environment variable resolution |
src/ado2gh/Commands/MigrateRepo/MigrateRepoCommandHandler.cs |
Updated to use throwIfNotFound=false for environment variable resolution |
src/ado2gh/Commands/IntegrateBoards/IntegrateBoardsCommandHandler.cs |
Updated to use throwIfNotFound=false for environment variable resolution |
src/Octoshift/Factories/GithubApiFactory.cs |
Updated to use throwIfNotFound=false for environment variable resolution |
RELEASENOTES.md |
Added user-friendly description of the fix |
| ? _sourceGithubApiFactory.CreateClientNoSsl(sourceApi, sourceToken) | ||
| : _sourceGithubApiFactory.Create(sourceApi, sourceToken); | ||
| ? _sourceGithubApiFactory.CreateClientNoSsl(sourceApi, null, sourceToken) | ||
| : _sourceGithubApiFactory.Create(sourceApi, null, sourceToken); |
There was a problem hiding this comment.
[nitpick] The null parameter being passed as the second argument appears to be for uploadsUrl. Consider using a named parameter or constant to make the intent clearer, such as uploadsUrl: null or defining a constant for the default uploads URL.
| : _sourceGithubApiFactory.Create(sourceApi, null, sourceToken); | |
| : _sourceGithubApiFactory.Create(sourceApi, uploadsUrl: null, sourceToken); |
| : _sourceGithubApiFactory.Create(sourceApi, null, sourceToken); | ||
|
|
||
| return new(sourceGithubApi, _targetGithubApiFactory.Create(targetApi, targetToken), _octoLogger); | ||
| return new(sourceGithubApi, _targetGithubApiFactory.Create(targetApi, null, targetToken), _octoLogger); |
There was a problem hiding this comment.
[nitpick] The null parameter being passed as the second argument appears to be for uploadsUrl. Consider using a named parameter or constant to make the intent clearer, such as uploadsUrl: null or defining a constant for the default uploads URL.
Note: See the diff below for a potential fix:
@@ -43,9 +43,9 @@
}
var sourceGithubApi = sourceApiNoSsl
- ? _sourceGithubApiFactory.CreateClientNoSsl(sourceApi, null, sourceToken)
- : _sourceGithubApiFactory.Create(sourceApi, null, sourceToken);
+ ? _sourceGithubApiFactory.CreateClientNoSsl(sourceApi, uploadsUrl: null, sourceToken)
+ : _sourceGithubApiFactory.Create(sourceApi, uploadsUrl: null, sourceToken);
- return new(sourceGithubApi, _targetGithubApiFactory.Create(targetApi, null, targetToken), _octoLogger);
+ return new(sourceGithubApi, _targetGithubApiFactory.Create(targetApi, uploadsUrl: null, targetToken), _octoLogger);
}
}
| ? _sourceGithubApiFactory.CreateClientNoSsl(sourceApi, sourceToken) | ||
| : _sourceGithubApiFactory.Create(sourceApi, sourceToken); | ||
| ? _sourceGithubApiFactory.CreateClientNoSsl(sourceApi, null, sourceToken) | ||
| : _sourceGithubApiFactory.Create(sourceApi, null, sourceToken); |
There was a problem hiding this comment.
[nitpick] The null parameter being passed as the second argument appears to be for uploadsUrl. Consider using a named parameter or constant to make the intent clearer, such as uploadsUrl: null or defining a constant for the default uploads URL.
| : _sourceGithubApiFactory.Create(sourceApi, null, sourceToken); | |
| : _sourceGithubApiFactory.Create(sourceApi, uploadsUrl: null, sourceToken); |
| : _sourceGithubApiFactory.Create(sourceApi, null, sourceToken); | ||
|
|
||
| return new(sourceGithubApi, _targetGithubApiFactory.Create(targetApi, targetToken), _octoLogger); | ||
| return new(sourceGithubApi, _targetGithubApiFactory.Create(targetApi, null, targetToken), _octoLogger); |
There was a problem hiding this comment.
[nitpick] The null parameter being passed as the second argument appears to be for uploadsUrl. Consider using a named parameter or constant to make the intent clearer, such as uploadsUrl: null or defining a constant for the default uploads URL.
| return new(sourceGithubApi, _targetGithubApiFactory.Create(targetApi, null, targetToken), _octoLogger); | |
| return new(sourceGithubApi, _targetGithubApiFactory.Create(targetApi, uploadsUrl: null, targetToken), _octoLogger); |
Unit Test Results 1 files 1 suites 20s ⏱️ Results for commit 5a71721. |
|
| @@ -72,7 +72,7 @@ public async Task Handle(MigrateOrgCommandArgs args) | |||
| } | |||
|
|
|||
| private string GetSourceToken(MigrateOrgCommandArgs args) => | |||
There was a problem hiding this comment.
Don't we want to throw here? If we can't find a source PAT we can't continue with this command.
|
|
||
| var sourceRepoUrl = GetSourceRepoUrl(args); | ||
| var sourceToken = GetSourceToken(args); | ||
| var targetToken = args.GithubTargetPat ?? _environmentVariableProvider.TargetGithubPersonalAccessToken(); |
There was a problem hiding this comment.
Don't we want to throw here? If we can't find a target PAT we can't continue with this command.
| _log.LogInformation($"Migration log available at {migrationLogUrl} or by running `gh {CliContext.RootCommand} download-logs --github-target-org {args.GithubTargetOrg} --target-repo {args.TargetRepo}`"); | ||
| } | ||
|
|
||
| private string GetSourceToken(MigrateRepoCommandArgs args) => args.GithubSourcePat ?? _environmentVariableProvider.SourceGithubPersonalAccessToken(); |
There was a problem hiding this comment.
Don't we want to throw here? If we can't find a source PAT we can't continue with this command.
|
@theztefan thanks for your contributions, closing in favor of #1481 to ship. |
This pull request improves how GitHub Personal Access Tokens (PATs) are resolved throughout the codebase.
The issue was identified in the #1409. After investigating it turned out there were inconsistencies on how we resolve PATs CLI provided and ENV provided ones.
The following issues were identified:
This PR tries to consolidate to one solution and uses the same pattern everywhere. The order is as follows:
Improvements from user perspective:
Code perspective:
ThirdPartyNotices.txt(if applicable)