From 773f9b97bea7615e29d9350e83aab9c1d1a61c6b Mon Sep 17 00:00:00 2001
From: Rovanion Luckey <rovanion.luckey@gmail.com>
Date: Wed, 16 Aug 2023 18:54:50 +0200
Subject: [PATCH 1/4] Add support for fine grained Github tokens

---
 easybuild/tools/github.py | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/easybuild/tools/github.py b/easybuild/tools/github.py
index bc3a6b3e27..3bb21a6b95 100644
--- a/easybuild/tools/github.py
+++ b/easybuild/tools/github.py
@@ -2243,15 +2243,16 @@ def install_github_token(github_user, silent=False):
 def validate_github_token(token, github_user):
     """
     Check GitHub token:
-    * see if it conforms expectations (only [a-f]+[0-9] characters, length of 40)
-    * see if it can be used for authenticated access
+    * see if it conforms expectations (character classes depending on type, length of 40-93),
+    * see if it can be used for authenticated access.
     """
     # cfr. https://github.blog/2021-04-05-behind-githubs-new-authentication-token-formats/
     token_regex = re.compile('^ghp_[a-zA-Z0-9]{36}$')
     token_regex_old_format = re.compile('^[0-9a-f]{40}$')
+    # https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/about-authentication-to-github#githubs-token-formats
+    token_regex_fine_grained = re.compile('github_pat_[a-zA-Z0-9_]{82}')
 
-    # token should be 40 characters long, and only contain characters in [0-9a-f]
-    sanity_check = bool(token_regex.match(token))
+    sanity_check = bool(token_regex.match(token)) or bool(token_regex_fine_grained.match(token))
     if sanity_check:
         _log.info("Sanity check on token passed")
     else:

From ad3d411e80adb91dfa2bd754aca1dc5eb1f2b80b Mon Sep 17 00:00:00 2001
From: Kenneth Hoste <kenneth.hoste@ugent.be>
Date: Wed, 30 Aug 2023 14:40:28 +0200
Subject: [PATCH 2/4] improve docstring for validate_github_token to cover both
 classic and fine-grained GitHub tokens

---
 easybuild/tools/github.py | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/easybuild/tools/github.py b/easybuild/tools/github.py
index 3bb21a6b95..6feb86284d 100644
--- a/easybuild/tools/github.py
+++ b/easybuild/tools/github.py
@@ -2243,7 +2243,8 @@ def install_github_token(github_user, silent=False):
 def validate_github_token(token, github_user):
     """
     Check GitHub token:
-    * see if it conforms expectations (character classes depending on type, length of 40-93),
+    * see if it conforms expectations (classic GitHub token with only [0-9a-f] characters and length of 40 starting with 'ghp_'),
+      or fine-grained GitHub token with only alphanumeric ([a-zA-Z0-9]) + '_' and length of 93 starting with 'github_pat_'),
     * see if it can be used for authenticated access.
     """
     # cfr. https://github.blog/2021-04-05-behind-githubs-new-authentication-token-formats/

From 4ab0b76e656450ef2ed7ee5001e9aae867dfb9af Mon Sep 17 00:00:00 2001
From: Kenneth Hoste <kenneth.hoste@ugent.be>
Date: Wed, 30 Aug 2023 14:42:52 +0200
Subject: [PATCH 3/4] fix excessively long lines in docstring for
 validate_github_token

---
 easybuild/tools/github.py | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/easybuild/tools/github.py b/easybuild/tools/github.py
index 6feb86284d..d6093a9df3 100644
--- a/easybuild/tools/github.py
+++ b/easybuild/tools/github.py
@@ -2243,8 +2243,9 @@ def install_github_token(github_user, silent=False):
 def validate_github_token(token, github_user):
     """
     Check GitHub token:
-    * see if it conforms expectations (classic GitHub token with only [0-9a-f] characters and length of 40 starting with 'ghp_'),
-      or fine-grained GitHub token with only alphanumeric ([a-zA-Z0-9]) + '_' and length of 93 starting with 'github_pat_'),
+   * see if it conforms expectations (classic GitHub token with only [0-9a-f] characters
+     and length of 40 starting with 'ghp_', or fine-grained GitHub token with only
+     alphanumeric ([a-zA-Z0-9]) characters + '_' and length of 93 starting with 'github_pat_'),
     * see if it can be used for authenticated access.
     """
     # cfr. https://github.blog/2021-04-05-behind-githubs-new-authentication-token-formats/

From 3e94aafd744851847c976cd145bfbde4a4d24e0a Mon Sep 17 00:00:00 2001
From: Kenneth Hoste <kenneth.hoste@ugent.be>
Date: Wed, 30 Aug 2023 14:59:30 +0200
Subject: [PATCH 4/4] enhance test for validate_github_token so testing with
 fine-grained GitHub token can also be done

---
 test/framework/github.py | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/test/framework/github.py b/test/framework/github.py
index 9df53736e4..fb0d59cc49 100644
--- a/test/framework/github.py
+++ b/test/framework/github.py
@@ -583,6 +583,11 @@ def test_validate_github_token(self):
         if token_old_format:
             self.assertTrue(gh.validate_github_token(token_old_format, GITHUB_TEST_ACCOUNT))
 
+        # if a fine-grained token is available, test with that too
+        finegrained_token = os.getenv('TEST_GITHUB_TOKEN_FINEGRAINED')
+        if finegrained_token:
+            self.assertTrue(gh.validate_github_token(finegrained_token, GITHUB_TEST_ACCOUNT))
+
     def test_github_find_easybuild_easyconfig(self):
         """Test for find_easybuild_easyconfig function"""
         if self.skip_github_tests: