Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

add support for using fine grained Github tokens #4332

Merged
merged 4 commits into from
Aug 30, 2023
Merged

add support for using fine grained Github tokens #4332

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
773f9b9
Add support for fine grained Github tokens
Rovanion Aug 16, 2023
ad3d411
improve docstring for validate_github_token to cover both classic and…
boegel Aug 30, 2023
4ab0b76
fix excessively long lines in docstring for validate_github_token
boegel Aug 30, 2023
3e94aaf
enhance test for validate_github_token so testing with fine-grained G…
boegel Aug 30, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
11 changes: 7 additions & 4 deletions easybuild/tools/github.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2243,15 +2243,18 @@ def install_github_token(github_user, silent=False):
def validate_github_token(token, github_user):
"""
Check GitHub token:
* see if it conforms expectations (only [a-f]+[0-9] characters, length of 40)
* see if it can be used for authenticated access
* see if it conforms expectations (classic GitHub token with only [0-9a-f] characters
and length of 40 starting with 'ghp_', or fine-grained GitHub token with only
alphanumeric ([a-zA-Z0-9]) characters + '_' and length of 93 starting with 'github_pat_'),
* see if it can be used for authenticated access.
"""
# cfr. https://github.blog/2021-04-05-behind-githubs-new-authentication-token-formats/
token_regex = re.compile('^ghp_[a-zA-Z0-9]{36}$')
token_regex_old_format = re.compile('^[0-9a-f]{40}$')
# https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/about-authentication-to-github#githubs-token-formats
token_regex_fine_grained = re.compile('github_pat_[a-zA-Z0-9_]{82}')

# token should be 40 characters long, and only contain characters in [0-9a-f]
sanity_check = bool(token_regex.match(token))
sanity_check = bool(token_regex.match(token)) or bool(token_regex_fine_grained.match(token))
if sanity_check:
_log.info("Sanity check on token passed")
else:
Expand Down
5 changes: 5 additions & 0 deletions test/framework/github.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -583,6 +583,11 @@ def test_validate_github_token(self):
if token_old_format:
self.assertTrue(gh.validate_github_token(token_old_format, GITHUB_TEST_ACCOUNT))

# if a fine-grained token is available, test with that too
finegrained_token = os.getenv('TEST_GITHUB_TOKEN_FINEGRAINED')
if finegrained_token:
self.assertTrue(gh.validate_github_token(finegrained_token, GITHUB_TEST_ACCOUNT))

def test_github_find_easybuild_easyconfig(self):
"""Test for find_easybuild_easyconfig function"""
if self.skip_github_tests:
Expand Down