Browse Source

Check for bad token permissions when install via PR (#10387)

* Check for bad token permissions when install via PR

Signed-off-by: Derek Nola <derek.nola@suse.com>
pull/10466/head
Derek Nola 5 months ago committed by GitHub
parent
commit
4204248bc3
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
  1. 10
      install.sh
  2. 2
      install.sh.sha256sum

10
install.sh

@ -482,11 +482,15 @@ get_pr_artifact_url() {
fi
if [ -z "${GITHUB_TOKEN}" ]; then
fatal "Installing PR builds requires GITHUB_TOKEN with k3s-io/k3s repo authorization"
fatal "Installing PR builds requires GITHUB_TOKEN with k3s-io/k3s repo permissions"
fi
# GET request to the GitHub API to retrieve the latest commit SHA from the pull request
commit_id=$(curl -s -H "Authorization: Bearer $GITHUB_TOKEN" "$github_api_url/pulls/$INSTALL_K3S_PR" | jq -r '.head.sha')
pr_raw=$(curl -s -H "Authorization: Bearer $GITHUB_TOKEN" "$github_api_url/pulls/$INSTALL_K3S_PR")
if ! echo "$pr_raw" | grep -q "Bad credentials.*401" ; then
fatal "Installing PR builds requires GITHUB_TOKEN with k3s-io/k3s repo permissions"
fi
commit_id=$( echo "$pr_raw" | jq -r '.head.sha')
# GET request to the GitHub API to retrieve the Build workflow associated with the commit
wf_raw=$(curl -s -H "Authorization: Bearer $GITHUB_TOKEN" "$github_api_url/commits/$commit_id/check-runs")

2
install.sh.sha256sum

@ -1 +1 @@
696c6a93262b3e1f06a78841b8a82c238a8f17755824c024baad652b18bc92bc install.sh
2e2469498e1d6a5dcd97d0eeae342298500b27fe0768527ea8039a3295cdbce9 install.sh

Loading…
Cancel
Save