update references to env var GITHUB_TOKEN to GITHUB_ACCESS_TOKEN

jajita · rizwanreza · commit a0544f59fab4 · 2024-10-29T15:14:07.000-05:00
diff --git a/.github/workflows/create-debugging-artifact.yml b/.github/workflows/create-debugging-artifact.yml
@@ -40,7 +40,6 @@ jobs:
         env:
           RELEEN_GITHUB_TOKEN: ${{ secrets.RELEEN_GITHUB_TOKEN }}
         run: |
-          export GITHUB_TOKEN="${RELEEN_GITHUB_TOKEN}"
           export GITHUB_ACCESS_TOKEN="${RELEEN_GITHUB_TOKEN}"
           go test ./...
 
@@ -50,7 +49,7 @@ jobs:
           RELEEN_GITHUB_TOKEN: ${{ secrets.RELEEN_GITHUB_TOKEN }}
         run: |
           set -euo pipefail
-          export GITHUB_TOKEN="${RELEEN_GITHUB_TOKEN}"
+          export GITHUB_ACCESS_TOKEN="${RELEEN_GITHUB_TOKEN}"
               
           set -x
           go test --run '(using_kiln|baking_a_tile|generating_release_notes|updating_)' \
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -37,7 +37,6 @@ jobs:
         env:
           RELEEN_GITHUB_TOKEN: ${{ secrets.RELEEN_GITHUB_TOKEN }}
         run: |
-          export GITHUB_TOKEN="${RELEEN_GITHUB_TOKEN}"
           export GITHUB_ACCESS_TOKEN="${RELEEN_GITHUB_TOKEN}"
           go test --covermode=atomic --coverprofile=kiln-${{github.sha}}-unit-test-code-coverage.out ./...
 
@@ -53,7 +52,6 @@ jobs:
           RELEEN_GITHUB_TOKEN: ${{ secrets.RELEEN_GITHUB_TOKEN }}
         run: |
           set -euo pipefail
-          export GITHUB_TOKEN="${RELEEN_GITHUB_TOKEN}"
           export GITHUB_ACCESS_TOKEN="${RELEEN_GITHUB_TOKEN}"
 
           set -x
@@ -81,6 +79,5 @@ jobs:
           version: "~> v1"
           args: release --clean
         env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          GITHUB_ACCESS_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          GITHUB_ACCESS_TOKEN: ${{ secrets.GITHUB_ACCESS_TOKEN }}
 
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
@@ -50,7 +50,6 @@ jobs:
           RELEEN_GITHUB_TOKEN: ${{ secrets.RELEEN_GITHUB_TOKEN }}
         run: |
           set -euo pipefail
-          export GITHUB_TOKEN="${RELEEN_GITHUB_TOKEN}"
           export GITHUB_ACCESS_TOKEN="${RELEEN_GITHUB_TOKEN}"
 
           set -x
diff --git a/.goreleaser.yml b/.goreleaser.yml
@@ -33,7 +33,7 @@ brews:
     tap:
       owner: pivotal-cf
       name: kiln
-      token: "{{ .Env.GITHUB_TOKEN }}"
+      token: "{{ .Env.GITHUB_ACCESS_TOKEN }}"
     folder: HomebrewFormula
     ids:
       - homebrew
diff --git a/TILE_AUTHOR_GUIDE.md b/TILE_AUTHOR_GUIDE.md
@@ -358,7 +358,7 @@ release_sources:
   - type: "github"
     id: crhntr # (optional) the default ID in this case is the value of org
     org: "crhntr"
-    github_token: $(variable "github_token")
+    github_token: $(variable "github_access_token")
 ```
 
 **`github_token` is always required even for public repositories because we make API requests**
@@ -371,10 +371,10 @@ You will need to add the following flag to most commands:
 
 ```
 # Optional helper
-export GITHUB_TOKEN="$(gh auth status --show-token 2>&1 | grep 'Token:' | awk '{print $NF}')"
+export GITHUB_ACCESS_TOKEN="$(gh auth status --show-token 2>&1 | grep 'Token:' | awk '{print $NF}')"
 
 # Example Kiln variable flag
-kiln fetch --variable="github_token=${GITHUB_TOKEN}"
+kiln fetch --variable="github_access_token=${GITHUB_ACCESS_TOKEN}"
 ```
 
 The value of `remote_path` in the BOSH release tarball lock is a URL.
diff --git a/internal/acceptance/README.md b/internal/acceptance/README.md
@@ -25,11 +25,11 @@ go run github.com/onsi/ginkgo/ginkgo
 ### Workflows
 These are written in Go and use [godog](https://github.com/cucumber/godog) (a Cucumber test framework).
 
-> PS: Export GITHUB_TOKEN as an env var before running the acceptance tests
+> PS: Export GITHUB_ACCESS_TOKEN as an env var before running the acceptance tests
 
 ```bash
 # from anywhere in the repo you can run:
-export GITHUB_TOKEN="$(gh auth token)"
+export GITHUB_ACCESS_TOKEN="$(gh auth token)"
 go test -v --tags acceptance --timeout=1h github.com/pivotal-cf/kiln/internal/acceptance/workflows
 ```
 
diff --git a/internal/acceptance/workflows/baking_a_tile.feature b/internal/acceptance/workflows/baking_a_tile.feature
@@ -5,19 +5,19 @@ Feature: As a developer, I want to bake a tile
     When I invoke kiln
       | bake                                      |
       | --final                                   |
-      | --variable=github_token="${GITHUB_TOKEN}" |
+      | --variable=github_access_token="${GITHUB_ACCESS_TOKEN}" |
     Then a Tile is created
     And the Tile contains
       | metadata/metadata.yml             |
       | migrations/v1                     |
       | releases/bpm-1.2.12.tgz           |
       | releases/hello-release-0.2.3.tgz |
     And "bake_records/0.2.0-dev.json" contains substring: "version": "0.2.0-dev"
-    And "bake_records/0.2.0-dev.json" contains substring: "source_revision": "6d5069f9dfb954ff77bb16c5aee670b9909f154a"
+    And "bake_records/0.2.0-dev.json" contains substring: "source_revision": "896c44a006a24d8601ed09fd871b1a4423636d77"
     And "bake_records/0.2.0-dev.json" contains substring: "tile_directory": "."
     And "bake_records/0.2.0-dev.json" contains substring: "kiln_version": "0.0.0+acceptance-tests"
-    And "bake_records/0.2.0-dev.json" contains substring: "file_checksum": "c94e5749bf676f03ff10539956e9445d309647c5299b16dfe71cb522e9258f0d"
-    And "tile-0.2.0-dev.pivotal" has sha256 sum "c94e5749bf676f03ff10539956e9445d309647c5299b16dfe71cb522e9258f0d"
+    And "bake_records/0.2.0-dev.json" contains substring: "file_checksum": "6754bb95193e42cd5706f810c3fdb1beead88e2a01601bb222e3e98818f90e8a"
+    And "tile-0.2.0-dev.pivotal" has sha256 sum "6754bb95193e42cd5706f810c3fdb1beead88e2a01601bb222e3e98818f90e8a"
 
   Scenario: it reads directory configuration from Kilnfile
     Given I have a tile source directory "testdata/tiles/non-standard-paths"
diff --git a/internal/acceptance/workflows/generating_release_notes.feature b/internal/acceptance/workflows/generating_release_notes.feature
@@ -10,7 +10,7 @@ Feature: As a robot, I want to generate release notes
       | --name=hello-release                      |
       | --version=v0.1.5                          |
       | --without-download                        |
-      | --variable=github_access_token="${GITHUB_TOKEN}" |
+      | --variable=github_access_token="${GITHUB_ACCESS_TOKEN}" |
     And I write file "version"
       | 0.1.4 |
     And I execute git add Kilnfile.lock version
@@ -25,7 +25,7 @@ Feature: As a robot, I want to generate release notes
       | version |
       | 0.1.3   |
 
-    And the environment variable "GITHUB_TOKEN" is set
+    And the environment variable "GITHUB_ACCESS_TOKEN" is set
 
     When I invoke kiln
       | release-notes                             |
diff --git a/internal/acceptance/workflows/scenario/shared_state.go b/internal/acceptance/workflows/scenario/shared_state.go
@@ -107,7 +107,7 @@ func loadGithubToken(ctx context.Context) (context.Context, error) {
 		return ctx, nil
 	}
 
-	token := os.Getenv("GITHUB_TOKEN")
+	token := os.Getenv("GITHUB_ACCESS_TOKEN")
 	if token == "" {
 		token, err = getGithubTokenFromCLI()
 		if err != nil {
diff --git a/internal/acceptance/workflows/scenario/step_funcs_github.go b/internal/acceptance/workflows/scenario/step_funcs_github.go
@@ -13,7 +13,7 @@ func githubRepoHasReleaseWithTag(ctx context.Context, repoOrg, repoName, tag str
 	if err != nil {
 		return err
 	}
-	ghAPI, err := gh.Client(ctx, "", accessToken, accessToken)
+	ghAPI, err := gh.Client(ctx, accessToken)
 	if err != nil {
 		return fmt.Errorf("failed to setup github client: %w", err)
 	}
diff --git a/internal/acceptance/workflows/scenario/step_funcs_kiln.go b/internal/acceptance/workflows/scenario/step_funcs_kiln.go
@@ -19,7 +19,7 @@ func iTryToInvokeKiln(ctx context.Context, table *godog.Table) (context.Context,
 }
 
 func kilnValidateSucceeds(ctx context.Context) (context.Context, error) {
-	return invokeKiln(ctx, true, "validate", "--variable=github_token=banana")
+	return invokeKiln(ctx, true, "validate", "--variable=github_access_token=banana")
 }
 
 func invokeKiln(ctx context.Context, requireSuccess bool, args ...string) (context.Context, error) {
diff --git a/internal/acceptance/workflows/scenario/utilities.go b/internal/acceptance/workflows/scenario/utilities.go
@@ -81,11 +81,11 @@ func getGithubTokenFromCLI() (string, error) {
 	cmd.Stderr = &out
 	err := cmd.Run()
 	if err != nil {
-		return "", fmt.Errorf("login to github using the CLI or set GITHUB_TOKEN")
+		return "", fmt.Errorf("login to github using the CLI or set GITHUB_ACCESS_TOKEN")
 	}
 	matches := regexp.MustCompile("(?m)^.*Token: (gho_.*)$").FindStringSubmatch(out.String())
 	if len(matches) == 0 {
-		return "", fmt.Errorf("login to github using the CLI or set GITHUB_TOKEN")
+		return "", fmt.Errorf("login to github using the CLI or set GITHUB_ACCESS_TOKEN")
 	}
 	return matches[1], nil
 }
diff --git a/internal/acceptance/workflows/testdata/tiles/v1/.github/workflows/release.yml b/internal/acceptance/workflows/testdata/tiles/v1/.github/workflows/release.yml
@@ -20,7 +20,7 @@ jobs:
       - name: Bake Tile
         env:
           KILN_VERSION: 0.68.3
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          GITHUB_ACCESS_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           TILE_VERSION: ${{ steps.vars.outputs.tag_name }}
         run: |          
           cd "${GITHUB_WORKSPACE}" || exit 1
@@ -36,8 +36,8 @@ jobs:
           
           echo "${TILE_VERSION}" > version
 
-          kiln fetch --variable github_token="${GITHUB_TOKEN}"
-          kiln validate --variable github_token="${GITHUB_TOKEN}"
+          kiln fetch --variable github_access_token="${GITHUB_ACCESS_TOKEN}"
+          kiln validate --variable github_access_token="${GITHUB_ACCESS_TOKEN}"
           kiln bake
 
       - name: Create GitHub Release
diff --git a/internal/acceptance/workflows/updating_releases.feature b/internal/acceptance/workflows/updating_releases.feature
@@ -6,7 +6,7 @@ Feature: As a dependabot, I want to update a BOSH Release
     When I invoke kiln
       | find-release-version                      |
       | --release=hello-release                   |
-      | --variable=github_token="${GITHUB_TOKEN}" |
+      | --variable=github_access_token="${GITHUB_ACCESS_TOKEN}" |
     Then stdout contains substring: "0.2.3"
 
   Scenario: Find a version on bosh.io
@@ -15,7 +15,7 @@ Feature: As a dependabot, I want to update a BOSH Release
     When I invoke kiln
       | find-release-version                      |
       | --release=bpm                             |
-      | --variable=github_token="${GITHUB_TOKEN}" |
+      | --variable=github_access_token="${GITHUB_ACCESS_TOKEN}" |
     Then stdout contains substring: "1.1.18"
 
   Scenario: Update a component to a new release
@@ -27,6 +27,6 @@ Feature: As a dependabot, I want to update a BOSH Release
       | --name=hello-release                      |
       | --version=v0.2.3                          |
       | --without-download                        |
-      | --variable=github_token="${GITHUB_TOKEN}" |
+      | --variable=github_access_token="${GITHUB_ACCESS_TOKEN}" |
     Then the Kilnfile.lock specifies version "0.2.3" for release "hello-release"
     And kiln validate succeeds
diff --git a/internal/acceptance/workflows/updating_stemcell.feature b/internal/acceptance/workflows/updating_stemcell.feature
@@ -10,7 +10,7 @@ Feature: As a dependabot, I want to update a stemcell
     And I set the Kilnfile stemcell version constraint to "=< 1.341"
     When I invoke kiln
       | find-stemcell-version                     |
-      | --variable=github_token="${GITHUB_TOKEN}" |
+      | --variable=github_access_token="${GITHUB_ACCESS_TOKEN}" |
     Then stdout contains substring: "1.340"
 
   Scenario: Update the stemcell
@@ -20,5 +20,5 @@ Feature: As a dependabot, I want to update a stemcell
     When I invoke kiln
       | update-stemcell                           |
       | --version=1.340                         |
-      | --variable=github_token="${GITHUB_TOKEN}" |
+      | --variable=github_access_token="${GITHUB_ACCESS_TOKEN}" |
     Then "Kilnfile.lock" contains substring: version: "1.340"
diff --git a/internal/commands/generate_osm_manifest.go b/internal/commands/generate_osm_manifest.go
@@ -29,7 +29,7 @@ type OSM struct {
 	Options struct {
 		flags.Standard
 		NoDownload  bool   `short:"nd" long:"no-download" default:"false" description:"Do not download & zip the packages"`
-		GithubToken string `short:"g" long:"github-token" description:"Auth token for fetching specified Github packages" env:"GITHUB_TOKEN"`
+		GithubToken string `short:"g" long:"github_access_token" description:"Auth token for fetching specified Github packages" env:"GITHUB_ACCESS_TOKEN"`
 		Only        string `short:"o" long:"only" default:"" description:"Only download the specified package name, must be used with --url to specify package Github URL"`
 		Url         string `short:"u" long:"url" default:"" description:"Github URL for package specified by --only"`
 	}
diff --git a/internal/commands/release_notes.go b/internal/commands/release_notes.go
@@ -107,7 +107,7 @@ func (r ReleaseNotes) Execute(args []string) error {
 
 	var client *github.Client
 
-	client, err = gh.Client(ctx, r.repoHost, r.Options.GithubAccessToken, r.Options.GithubEnterpriseAccessToken)
+	client, err = gh.GitClient(ctx, r.repoHost, r.Options.GithubAccessToken, r.Options.GithubEnterpriseAccessToken)
 	if err != nil {
 		return fmt.Errorf("failed to setup github client: %w", err)
 	}
diff --git a/internal/component/github_release_source.go b/internal/component/github_release_source.go
@@ -43,7 +43,7 @@ func NewGithubReleaseSource(c cargo.ReleaseSourceConfig) *GithubReleaseSource {
 	if c.Org == "" {
 		panic("no github org passed for github release source")
 	}
-	githubClient, err := gh.Client(context.TODO(), "", c.GithubToken, c.GithubToken) // host is github.com by default
+	githubClient, err := gh.Client(context.TODO(), c.GithubToken)
 	if err != nil {
 		panic(err)
 	}
diff --git a/internal/component/github_release_source_test.go b/internal/component/github_release_source_test.go
@@ -24,7 +24,7 @@ func TestListAllOfTheCrap(t *testing.T) {
 
 	grs := component.NewGithubReleaseSource(cargo.ReleaseSourceConfig{
 		Type:        component.ReleaseSourceTypeGithub,
-		GithubToken: os.Getenv("GITHUB_TOKEN"),
+		GithubToken: os.Getenv("GITHUB_ACCESS_TOKEN"),
 		Org:         "cloudfoundry",
 	})
 	// grs.ListAllOfTheCrap(context.TODO(), "cloudfoundry")
@@ -535,7 +535,7 @@ func TestDownloadReleaseAsset(t *testing.T) {
 
 	grs := component.NewGithubReleaseSource(cargo.ReleaseSourceConfig{
 		Type:        component.ReleaseSourceTypeGithub,
-		GithubToken: os.Getenv("GITHUB_TOKEN"),
+		GithubToken: os.Getenv("GITHUB_ACCESS_TOKEN"),
 		Org:         "cloudfoundry",
 	})
 	testLock, err := grs.GetMatchedRelease(cargo.BOSHReleaseTarballSpecification{Name: "routing", Version: "0.226.0", GitHubRepository: "https://github.com/cloudfoundry/routing-release"})
diff --git a/internal/gh/client.go b/internal/gh/client.go
@@ -11,17 +11,35 @@ import (
 )
 
 /* Client
+
+This method doesn't support creating a GitHub Client based on the host and is soon to be deprecated. Kindly use the GitClient
+method below
+*/
+
+func Client(ctx context.Context, githubAccessToken string) (*github.Client, error) {
+	client, err := GitClient(ctx, "", githubAccessToken, githubAccessToken)
+	if err != nil {
+		return nil, err
+	}
+	return client, nil
+}
+
+/* GitClient
+
 Creates a GitHub client based on the host.
 If host = GitHub Enterprise Host, uses githubEnterpriseAccessToken
 Else it assumes host as GitHub.com and uses githubAccessToken
 */
 
-func Client(ctx context.Context, host, githubAccessToken string, githubEnterpriseAccessToken string) (*github.Client, error) {
+func GitClient(ctx context.Context, host, githubAccessToken string, githubEnterpriseAccessToken string) (*github.Client, error) {
 	if host != "" && strings.HasSuffix(host, "broadcom.net") {
 		if githubEnterpriseAccessToken == "" {
 			return nil, errors.New("github enterprise access token is absent")
 		}
 		client := oauth2.NewClient(ctx, oauth2.StaticTokenSource(&oauth2.Token{AccessToken: githubEnterpriseAccessToken}))
+		if !strings.HasPrefix(host, "http") {
+			host = "https://" + host
+		}
 		return github.NewEnterpriseClient(host, host, client)
 	} else if host == "" || host == "github.com" {
 		if githubAccessToken == "" {
diff --git a/internal/gh/client_test.go b/internal/gh/client_test.go
@@ -10,10 +10,10 @@ import (
 )
 
 func TestClient(t *testing.T) {
-	t.Run("when the host is empty", func(t *testing.T) {
+	t.Run("when the host is empty - backward compatibility", func(t *testing.T) {
 		ctx := context.Background()
 		token := "xxx"
-		ghClient, err := gh.Client(ctx, "", token, token)
+		ghClient, err := gh.Client(ctx, token)
 		require.NoError(t, err)
 		require.NotNil(t, ghClient.Client())
 		assert.Contains(t, ghClient.BaseURL.String(), "https://api.github.com")
@@ -22,7 +22,7 @@ func TestClient(t *testing.T) {
 	t.Run("when the host point to enterprise github", func(t *testing.T) {
 		ctx := context.Background()
 		token := "xxx"
-		ghClient, err := gh.Client(ctx, "https://broadcom.net", token, token)
+		ghClient, err := gh.GitClient(ctx, "https://broadcom.net", token, token)
 		require.NoError(t, err)
 		require.NotNil(t, ghClient.Client())
 		assert.Contains(t, ghClient.BaseURL.String(), "https://broadcom.net")
@@ -31,7 +31,7 @@ func TestClient(t *testing.T) {
 	t.Run("when the host point to non-enterprise random github", func(t *testing.T) {
 		ctx := context.Background()
 		token := "xxx"
-		ghClient, err := gh.Client(ctx, "https://example.com", token, token)
+		ghClient, err := gh.GitClient(ctx, "https://example.com", token, token)
 		require.Error(t, err, "github host not recognized")
 		require.Nil(t, ghClient)
 	})
diff --git a/pkg/cargo/bump.go b/pkg/cargo/bump.go
@@ -204,7 +204,7 @@ func getGithubRepositoryClientForRelease(kf Kilnfile) func(ctx context.Context,
 		// client.Repositories
 		for _, releaseSourceConfig := range kf.ReleaseSources {
 			if releaseSourceConfig.Type == BOSHReleaseTarballSourceTypeGithub && releaseSourceConfig.Org == owner {
-				client, err := gh.Client(ctx, host, releaseSourceConfig.GithubToken, releaseSourceConfig.GithubToken)
+				client, err := gh.GitClient(ctx, host, releaseSourceConfig.GithubToken, releaseSourceConfig.GithubToken)
 				if err != nil {
 					return nil, err
 				}
diff --git a/pkg/notes/notes_data.go b/pkg/notes/notes_data.go
@@ -330,7 +330,7 @@ type issuesService interface {
 // manual test to ensure it continues to behave as expected during refactors.
 //
 // The function can be tested by generating release notes for a tile with issue ids and a milestone set. The happy path
-// test for Execute does not set GithubToken intentionally so this code is not triggered and Execute does not actually
+// test for Execute does not set GithubAccessToken/GithubEnterprisesAccessToken intentionally so this code is not triggered and Execute does not actually
 // reach out to GitHub.
 func (r fetchNotesData) fetchIssuesAndReleaseNotes(ctx context.Context, finalKF, wtKF cargo.Kilnfile, bumpList cargo.BumpList, issuesQuery IssuesQuery) ([]*github.Issue, cargo.BumpList, error) {
 	if r.issuesService == nil {
diff --git a/pkg/notes/notes_data_test.go b/pkg/notes/notes_data_test.go
@@ -25,7 +25,7 @@ import (
 func Test_fetch_for_ist_tas(t *testing.T) {
 	please := NewWithT(t)
 
-	t.Setenv("GITHUB_TOKEN", "")
+	t.Setenv("GITHUB_ACCESS_TOKEN", "")
 
 	repo, _ := git.Init(memory.NewStorage(), memfs.New())
 
@@ -152,7 +152,7 @@ func Test_fetch_for_ist_tas(t *testing.T) {
 func Test_fetch_for_tasw(t *testing.T) {
 	please := NewWithT(t)
 
-	t.Setenv("GITHUB_TOKEN", "")
+	t.Setenv("GITHUB_ACCESS_TOKEN", "")
 
 	repo, _ := git.Init(memory.NewStorage(), memfs.New())
 
diff --git a/scripts/test.sh b/scripts/test.sh

Original file line number	Diff line number	Diff line change
`@@ -107,7 +107,7 @@ func loadGithubToken(ctx context.Context) (context.Context, error) {`
`107`	`107`	`return ctx, nil`
`108`	`108`	`}`
`109`	`109`
`110`		`- token := os.Getenv("GITHUB_TOKEN")`
	`110`	`+ token := os.Getenv("GITHUB_ACCESS_TOKEN")`
`111`	`111`	`if token == "" {`
`112`	`112`	`token, err = getGithubTokenFromCLI()`
`113`	`113`	`if err != nil {`
Original file line number	Diff line number	Diff line change
`@@ -13,7 +13,7 @@ func githubRepoHasReleaseWithTag(ctx context.Context, repoOrg, repoName, tag str`
`13`	`13`	`if err != nil {`
`14`	`14`	`return err`
`15`	`15`	`}`
`16`		`- ghAPI, err := gh.Client(ctx, "", accessToken, accessToken)`
	`16`	`+ ghAPI, err := gh.Client(ctx, accessToken)`
`17`	`17`	`if err != nil {`
`18`	`18`	`return fmt.Errorf("failed to setup github client: %w", err)`
`19`	`19`	`}`