1
0
mirror of https://github.com/woodpecker-ci/woodpecker.git synced 2024-12-24 10:07:21 +02:00

Add flag to only access public repositories on GitHub (#3566)

This commit is contained in:
Aumetra Weisman 2024-03-29 14:36:48 +01:00 committed by GitHub
parent e1b574a4bc
commit 20b84a1aee
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
4 changed files with 24 additions and 1 deletions

View File

@ -340,6 +340,12 @@ var flags = append([]cli.Flag{
Usage: "github pull requests use merge ref",
Value: true,
},
&cli.BoolFlag{
EnvVars: []string{"WOODPECKER_GITHUB_PUBLIC_ONLY"},
Name: "github-public-only",
Usage: "github tokens should only get access to public repos",
Value: false,
},
&cli.BoolFlag{
EnvVars: []string{"WOODPECKER_GITHUB_SKIP_VERIFY"},
Name: "github-skip-verify",

View File

@ -200,6 +200,7 @@ func setupGitHub(c *cli.Context) (forge.Forge, error) {
Secret: c.String("github-secret"),
SkipVerify: c.Bool("github-skip-verify"),
MergeRef: c.Bool("github-merge-ref"),
OnlyPublic: c.Bool("github-public-only"),
}
log.Trace().Msgf("forge (github) opts: %#v", opts)
return github.New(opts)

View File

@ -81,3 +81,9 @@ Read the value for `WOODPECKER_GITHUB_SECRET` from the specified filepath.
> Default: `false`
Configure if SSL verification should be skipped.
### `WOODPECKER_GITHUB_PUBLIC_ONLY`
> Default: `false`
Configures the GitHub OAuth client to only obtain a token that can manage public repositories.

View File

@ -51,6 +51,7 @@ type Opts struct {
Secret string // GitHub oauth client secret.
SkipVerify bool // Skip ssl verification.
MergeRef bool // Clone pull requests using the merge ref.
OnlyPublic bool // Only obtain OAuth tokens with access to public repos.
}
// New returns a Forge implementation that integrates with a GitHub Cloud or
@ -63,6 +64,7 @@ func New(opts Opts) (forge.Forge, error) {
Secret: opts.Secret,
SkipVerify: opts.SkipVerify,
MergeRef: opts.MergeRef,
OnlyPublic: opts.OnlyPublic,
}
if opts.URL != defaultURL {
r.url = strings.TrimSuffix(opts.URL, "/")
@ -79,6 +81,7 @@ type client struct {
Secret string
SkipVerify bool
MergeRef bool
OnlyPublic bool
}
// Name returns the string name of this driver
@ -405,10 +408,17 @@ func (c *client) newContext(ctx context.Context) context.Context {
// helper function to return the GitHub oauth2 config
func (c *client) newConfig() *oauth2.Config {
scopes := []string{"user:email", "read:org"}
if c.OnlyPublic {
scopes = append(scopes, []string{"admin:repo_hook", "repo:status"}...)
} else {
scopes = append(scopes, "repo")
}
return &oauth2.Config{
ClientID: c.Client,
ClientSecret: c.Secret,
Scopes: []string{"repo", "user:email", "read:org"},
Scopes: scopes,
Endpoint: oauth2.Endpoint{
AuthURL: fmt.Sprintf("%s/login/oauth/authorize", c.url),
TokenURL: fmt.Sprintf("%s/login/oauth/access_token", c.url),