Skip to content

Commit 69c049b

Browse files
yhakbaryhakbar
authored
Merge pull request #70 from gruntwork-io/feat-custom-org
feat: support additional GitHub Action parameters
2 parents ec83ca1 + f69d40d commit 69c049b

File tree

8 files changed

+10881
-5883
lines changed

8 files changed

+10881
-5883
lines changed

.github/workflows/ci.yml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -52,7 +52,7 @@ jobs:
5252
with:
5353
github_token: ${{ secrets.PATCHER_FULL_REPO }}
5454
patcher_command: report
55-
patcher_version: v0.15.1
55+
patcher_version: v0.15.2
5656
working_dir: infrastructure-live
5757
spec_file: spec.json
5858
include_dirs: "{*dev*}/**"
@@ -82,7 +82,7 @@ jobs:
8282
with:
8383
github_token: ${{ secrets.PATCHER_FULL_REPO }}
8484
patcher_command: update
85-
patcher_version: v0.15.1
85+
patcher_version: v0.15.2
8686
working_dir: infrastructure-live
8787
spec_file: spec.json
8888
pull_request_title: "[Patcher] [dev] Update ${{ matrix.ID }}"

.github/workflows/validate-github-access.yml

Lines changed: 322 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,322 @@
1+
name: Validate GitHub Access Token
2+
3+
on:
4+
workflow_dispatch:
5+
inputs:
6+
github_base_url:
7+
description: 'GitHub Base URL (use https://github.com for GitHub.com or your GitHub Enterprise URL)'
8+
required: true
9+
default: 'https://github.com'
10+
type: string
11+
github_org:
12+
description: 'Organization name where your repositories are located'
13+
required: true
14+
default: 'gruntwork-io'
15+
type: string
16+
test_repo:
17+
description: 'Repository name to test access (should be accessible with your token)'
18+
required: true
19+
default: 'patcher-cli'
20+
type: string
21+
test_version:
22+
description: 'Release version to test (optional, defaults to latest)'
23+
required: false
24+
default: 'v0.15.2'
25+
type: string
26+
github_token_secret:
27+
description: 'Name of the secret containing your GitHub token (defaults to GITHUB_TOKEN)'
28+
required: false
29+
default: 'GITHUB_TOKEN'
30+
type: string
31+
32+
jobs:
33+
validate-access:
34+
name: Validate GitHub Access
35+
runs-on: ubuntu-latest
36+
37+
steps:
38+
- name: Validate Inputs
39+
env:
40+
GITHUB_BASE_URL: ${{ inputs.github_base_url }}
41+
GITHUB_ORG: ${{ inputs.github_org }}
42+
TEST_REPO: ${{ inputs.test_repo }}
43+
TEST_VERSION: ${{ inputs.test_version }}
44+
GITHUB_TOKEN_SECRET: ${{ inputs.github_token_secret }}
45+
run: |
46+
echo "🔍 Validating GitHub Access Token"
47+
echo "=================================="
48+
echo "GitHub Base URL: ${GITHUB_BASE_URL}"
49+
echo "Organization: ${GITHUB_ORG}"
50+
echo "Test Repository: ${TEST_REPO}"
51+
echo "Test Version: ${TEST_VERSION}"
52+
echo "Token Secret: ${GITHUB_TOKEN_SECRET}"
53+
echo ""
54+
55+
# Validate URL format
56+
if [[ "${GITHUB_BASE_URL}" != http* ]]; then
57+
echo "❌ ERROR: GitHub Base URL must start with http:// or https://"
58+
exit 1
59+
fi
60+
61+
- name: Test Repository Access
62+
env:
63+
GH_TOKEN: ${{ secrets[inputs.github_token_secret] }}
64+
GITHUB_BASE_URL: ${{ inputs.github_base_url }}
65+
GITHUB_ORG: ${{ inputs.github_org }}
66+
REPO_NAME: ${{ inputs.test_repo }}
67+
TEST_VERSION: ${{ inputs.test_version }}
68+
run: |
69+
echo "🔍 Testing Repository Access"
70+
echo "============================"
71+
72+
# Check if token is provided
73+
if [[ -z "$GH_TOKEN" ]]; then
74+
echo "❌ ERROR: GitHub token not found in secrets.${GITHUB_TOKEN_SECRET}"
75+
echo ""
76+
echo "💡 SOLUTION: Add your GitHub token to repository secrets with name '${GITHUB_TOKEN_SECRET}'"
77+
echo " For GitHub.com: Create a Personal Access Token with 'repo' scope"
78+
echo " For GitHub Enterprise: Create a token with 'repo' scope on your enterprise instance"
79+
exit 1
80+
fi
81+
82+
# Determine API URL (same logic as patcher-action)
83+
if [ "$GITHUB_BASE_URL" = "https://github.com" ]; then
84+
API_URL="https://api.github.com"
85+
echo "🌐 Using GitHub.com API: $API_URL"
86+
else
87+
API_URL="${GITHUB_BASE_URL}/api/v3"
88+
echo "🏢 Using GitHub Enterprise API: $API_URL"
89+
fi
90+
91+
echo ""
92+
echo "📋 Testing access to: ${GITHUB_BASE_URL}/${GITHUB_ORG}/${REPO_NAME}"
93+
94+
# Test repository access
95+
response=$(curl -s -w "%{http_code}" \
96+
-H "Authorization: Bearer ${GH_TOKEN}" \
97+
-H "Accept: application/vnd.github.v3+json" \
98+
-H "User-Agent: patcher-action-validator" \
99+
"${API_URL}/repos/${GITHUB_ORG}/${REPO_NAME}" \
100+
-o /tmp/repo_response.json)
101+
102+
http_code="${response: -3}"
103+
echo "📡 Repository API Response: $http_code"
104+
105+
if [ "$http_code" = "200" ]; then
106+
echo "✅ SUCCESS: Repository access granted!"
107+
echo ""
108+
echo "📊 Repository Details:"
109+
if command -v jq >/dev/null 2>&1; then
110+
cat /tmp/repo_response.json | jq -r '" Name: " + .name, " Full Name: " + .full_name, " Private: " + (.private | tostring), " Default Branch: " + .default_branch'
111+
else
112+
echo " (jq not available for detailed parsing)"
113+
fi
114+
elif [ "$http_code" = "404" ]; then
115+
echo "❌ ERROR: Repository not found (404)"
116+
echo ""
117+
echo "💡 POSSIBLE CAUSES:"
118+
echo " 1. Repository '${GITHUB_ORG}/${REPO_NAME}' does not exist"
119+
echo " 2. Repository is private and your token doesn't have access"
120+
echo " 3. Organization name '${GITHUB_ORG}' is incorrect"
121+
echo " 4. Repository name '${REPO_NAME}' is incorrect"
122+
echo ""
123+
echo "🔧 SOLUTIONS:"
124+
echo " 1. Verify the repository exists at: ${GITHUB_BASE_URL}/${GITHUB_ORG}/${REPO_NAME}"
125+
echo " 2. Ensure your token has 'repo' scope for private repositories"
126+
echo " 3. Check that you have access to the organization/repository"
127+
echo ""
128+
echo "📄 API Response:"
129+
cat /tmp/repo_response.json
130+
exit 1
131+
elif [ "$http_code" = "401" ]; then
132+
echo "❌ ERROR: Authentication failed (401)"
133+
echo ""
134+
echo "💡 POSSIBLE CAUSES:"
135+
echo " 1. Invalid or expired GitHub token"
136+
echo " 2. Token format is incorrect"
137+
echo ""
138+
echo "🔧 SOLUTIONS:"
139+
echo " 1. Generate a new Personal Access Token"
140+
echo " 2. Ensure token has 'repo' scope"
141+
echo " 3. For GitHub Enterprise: Verify token was created on the correct instance"
142+
echo ""
143+
echo "📄 API Response:"
144+
cat /tmp/repo_response.json
145+
exit 1
146+
elif [ "$http_code" = "403" ]; then
147+
echo "❌ ERROR: Access forbidden (403)"
148+
echo ""
149+
echo "💡 POSSIBLE CAUSES:"
150+
echo " 1. Token lacks required permissions (needs 'repo' scope)"
151+
echo " 2. Organization has restricted access policies"
152+
echo " 3. Repository access is restricted"
153+
echo ""
154+
echo "🔧 SOLUTIONS:"
155+
echo " 1. Regenerate token with 'repo' scope"
156+
echo " 2. Contact organization admin for repository access"
157+
echo " 3. Verify you're a member of the organization"
158+
echo ""
159+
echo "📄 API Response:"
160+
cat /tmp/repo_response.json
161+
exit 1
162+
else
163+
echo "❌ ERROR: Unexpected response code ($http_code)"
164+
echo ""
165+
echo "💡 This might indicate:"
166+
echo " 1. Network connectivity issues"
167+
echo " 2. GitHub Enterprise server problems"
168+
echo " 3. API endpoint changes"
169+
echo ""
170+
echo "📄 API Response:"
171+
cat /tmp/repo_response.json
172+
exit 1
173+
fi
174+
175+
- name: Test Release Access
176+
env:
177+
GH_TOKEN: ${{ secrets[inputs.github_token_secret] }}
178+
GITHUB_BASE_URL: ${{ inputs.github_base_url }}
179+
GITHUB_ORG: ${{ inputs.github_org }}
180+
REPO_NAME: ${{ inputs.test_repo }}
181+
TEST_VERSION: ${{ inputs.test_version }}
182+
run: |
183+
echo ""
184+
echo "🔍 Testing Release Access"
185+
echo "========================"
186+
187+
# Determine API URL
188+
if [ "$GITHUB_BASE_URL" = "https://github.com" ]; then
189+
API_URL="https://api.github.com"
190+
else
191+
API_URL="${GITHUB_BASE_URL}/api/v3"
192+
fi
193+
194+
echo "📋 Testing release access for version: ${TEST_VERSION}"
195+
196+
# Test release access
197+
release_response=$(curl -s -w "%{http_code}" \
198+
-H "Authorization: Bearer ${GH_TOKEN}" \
199+
-H "Accept: application/vnd.github.v3+json" \
200+
-H "User-Agent: patcher-action-validator" \
201+
"${API_URL}/repos/${GITHUB_ORG}/${REPO_NAME}/releases/tags/${TEST_VERSION}" \
202+
-o /tmp/release_response.json)
203+
204+
release_http_code="${release_response: -3}"
205+
echo "📡 Release API Response: $release_http_code"
206+
207+
if [ "$release_http_code" = "200" ]; then
208+
echo "✅ SUCCESS: Release access granted!"
209+
echo ""
210+
echo "📊 Release Details:"
211+
if command -v jq >/dev/null 2>&1; then
212+
cat /tmp/release_response.json | jq -r '" Tag: " + .tag_name, " Name: " + .name, " Published: " + .published_at, " Assets: " + (.assets | length | tostring)'
213+
else
214+
echo " (jq not available for detailed parsing)"
215+
fi
216+
elif [ "$release_http_code" = "404" ]; then
217+
echo "⚠️ WARNING: Release not found (404)"
218+
echo ""
219+
echo "💡 This might mean:"
220+
echo " 1. Version '${TEST_VERSION}' doesn't exist"
221+
echo " 2. Release exists but is private/draft"
222+
echo ""
223+
echo "🔧 SOLUTIONS:"
224+
echo " 1. Check available releases at: ${GITHUB_BASE_URL}/${GITHUB_ORG}/${REPO_NAME}/releases"
225+
echo " 2. Try with a different version number"
226+
echo " 3. This may not affect patcher-action if using latest releases"
227+
echo ""
228+
echo "📄 API Response:"
229+
cat /tmp/release_response.json
230+
else
231+
echo "❌ ERROR: Release access failed ($release_http_code)"
232+
echo ""
233+
echo "💡 This could indicate permission issues with release assets"
234+
echo ""
235+
echo "📄 API Response:"
236+
cat /tmp/release_response.json
237+
exit 1
238+
fi
239+
240+
- name: Test Token Permissions
241+
env:
242+
GH_TOKEN: ${{ secrets[inputs.github_token_secret] }}
243+
GITHUB_BASE_URL: ${{ inputs.github_base_url }}
244+
run: |
245+
echo ""
246+
echo "🔍 Testing Token Permissions"
247+
echo "==========================="
248+
249+
# Determine API URL
250+
if [ "$GITHUB_BASE_URL" = "https://github.com" ]; then
251+
API_URL="https://api.github.com"
252+
else
253+
API_URL="${GITHUB_BASE_URL}/api/v3"
254+
fi
255+
256+
echo "📋 Testing token user information access"
257+
258+
# Test user/token info
259+
user_response=$(curl -s -w "%{http_code}" \
260+
-H "Authorization: Bearer ${GH_TOKEN}" \
261+
-H "Accept: application/vnd.github.v3+json" \
262+
-H "User-Agent: patcher-action-validator" \
263+
"${API_URL}/user" \
264+
-o /tmp/user_response.json)
265+
266+
user_http_code="${user_response: -3}"
267+
echo "📡 User API Response: $user_http_code"
268+
269+
if [ "$user_http_code" = "200" ]; then
270+
echo "✅ SUCCESS: Token permissions validated!"
271+
echo ""
272+
echo "👤 Token Details:"
273+
if command -v jq >/dev/null 2>&1; then
274+
cat /tmp/user_response.json | jq -r '" User: " + .login, " Type: " + .type, " Name: " + (.name // "Not set")'
275+
else
276+
echo " (jq not available for detailed parsing)"
277+
fi
278+
elif [ "$user_http_code" = "403" ]; then
279+
echo "⚠️ WARNING: Limited token permissions (403)"
280+
echo ""
281+
echo "💡 This means:"
282+
echo " 1. Token works but has restricted user info access"
283+
echo " 2. Common with GitHub App tokens or restricted PATs"
284+
echo " 3. May still work for repository operations"
285+
echo ""
286+
echo "🔧 If patcher-action fails:"
287+
echo " 1. Try using a Personal Access Token instead"
288+
echo " 2. Ensure token has 'user' scope if user info is needed"
289+
echo ""
290+
echo "📄 API Response:"
291+
cat /tmp/user_response.json
292+
else
293+
echo "❌ ERROR: Token validation failed ($user_http_code)"
294+
echo ""
295+
echo "💡 This indicates fundamental token issues"
296+
echo ""
297+
echo "📄 API Response:"
298+
cat /tmp/user_response.json
299+
exit 1
300+
fi
301+
302+
- name: Validation Summary
303+
if: always()
304+
env:
305+
GITHUB_BASE_URL: ${{ inputs.github_base_url }}
306+
GITHUB_ORG: ${{ inputs.github_org }}
307+
run: |
308+
echo ""
309+
echo "🎯 Validation Summary"
310+
echo "===================="
311+
echo ""
312+
echo "✅ If all tests passed, your token should work with patcher-action!"
313+
echo ""
314+
echo "📋 Next Steps:"
315+
echo " 1. Use the same token in your patcher-action workflow"
316+
echo " 2. Use the same github_base_url: ${GITHUB_BASE_URL}"
317+
echo " 3. Use the same github_org: ${GITHUB_ORG}"
318+
echo ""
319+
echo "❓ If you encountered issues:"
320+
echo " 1. Review the error messages above"
321+
echo " 2. Check the Solutions sections for each failed test"
322+
echo " 3. Contact [email protected] if you're a Gruntwork customer"

0 commit comments

Comments
 (0)