ci: troubleshooting token validation error (#1699)

This verbose logging will clarify the root cause of this 403 error:
"curl: (22) The requested URL returned error: 403"

Also, the entire script returned success because the "exit 1" was called
within the piped while loop. For it to work, we need `-o pipefail`.

Author: suztomo

infra/test/token-access-test.yaml

@@ -22,6 +22,10 @@ steps:
     waitFor: ['-']
     script: |
       #!/usr/bin/env bash
+
+      # "-o pipefail" stops execution of the piped command fails, especially
+      # the body of the while loop in this case.
+      set -eo pipefail
       echo "Your project ID is $PROJECT_ID"
       echo "gcloud config get-value core/account:"
       gcloud config get-value core/account
@@ -36,11 +40,16 @@ steps:
         exit 1
       fi
       cat infra/prod/repositories.yaml | grep '^\s*-\s*name:' |awk '{print $NF}' |tr -d '"' | while read -r repo_name; do
-        echo "Validating credentials for repository: $repo_name"
+        echo "Validating credentials for repository: ${repo_name}"
         GITHUB_TOKEN=$(gcloud secrets versions access latest --secret="${repo_name}-github-token")
-        curl --fail -H "Authorization: token ${GITHUB_TOKEN}" "https://api.github.com/repos/googleapis/${repo_name}/collaborators/${ROBOT_ACCOUNT}/permission"
+        if [[ -z "${GITHUB_TOKEN}" ]]; then
+          echo "GitHub token for repository ${repo_name} is not set."
+          exit 1
+        fi
+        permission_url="https://api.github.com/repos/googleapis/${repo_name}/collaborators/${ROBOT_ACCOUNT}/permission"
+        curl --fail -H "Authorization: token ${GITHUB_TOKEN}" "${permission_url}"
         if [[ $? -ne 0 ]]; then
-          echo "Failed to validate credentials for repository: $repo_name"
+          echo "Failed to validate credentials for repository: ${repo_name} via ${permission_url}"
           exit 1
         fi
       done