Skip to content

Commit 6deaf20

Browse files
authored
feat(docker): Allow authenticated calls to GitHub API (#947)
Accept build arg `GITHUB_TOKEN` to authenticate calls made to GitHub API in `common::install_from_gh_release` function.
1 parent 57a9bdc commit 6deaf20

File tree

3 files changed

+15
-2
lines changed

3 files changed

+15
-2
lines changed

Dockerfile

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -65,6 +65,8 @@ RUN if [ "$INSTALL_ALL" != "false" ]; then \
6565
echo "TRIVY_VERSION=latest" >> /.env \
6666
; fi
6767

68+
ARG GITHUB_TOKEN=${GITHUB_TOKEN:-""}
69+
6870
# Docker `RUN`s shouldn't be consolidated here
6971
# hadolint global ignore=DL3059
7072
RUN /install/opentofu.sh

README.md

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -136,6 +136,12 @@ docker build -t pre-commit-terraform \
136136

137137
Set `-e PRE_COMMIT_COLOR=never` to disable the color output in `pre-commit`.
138138

139+
> **NOTE**
140+
> The build install scripts are calling the GitHub API to resolve the release URL. If you need to authenticate those calls, you can pass a GitHub token (the `GITHUB_TOKEN` environment variable is expected to be set with an [access token](https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/managing-your-personal-access-tokens)):
141+
> ```bash
142+
> docker build -t pre-commit-terraform --build-arg GITHUB_TOKEN .
143+
> ```
144+
139145
</details>
140146
141147

tools/install/_common.sh

Lines changed: 7 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -60,11 +60,16 @@ function common::install_from_gh_release {
6060

6161
# Download tool
6262
local -r RELEASES="https://api.github.com/repos/${GH_ORG}/${TOOL}/releases"
63+
local CURL_OPTS=()
64+
65+
[[ $GITHUB_TOKEN ]] && CURL_OPTS+=('-H' "Authorization: Bearer $GITHUB_TOKEN")
66+
67+
local -r CURL_CMD=("curl" "${CURL_OPTS[@]}")
6368

6469
if [[ $VERSION == latest ]]; then
65-
curl -L "$(curl -s "${RELEASES}/latest" | grep -o -E -i -m 1 "$GH_RELEASE_REGEX_LATEST")" > "$PKG"
70+
"${CURL_CMD[@]}" -L "$("${CURL_CMD[@]}" -s "${RELEASES}/latest" | grep -o -E -i -m 1 "$GH_RELEASE_REGEX_LATEST")" > "$PKG"
6671
else
67-
curl -L "$(curl -s "$RELEASES" | grep -o -E -i -m 1 "$GH_RELEASE_REGEX_SPECIFIC_VERSION")" > "$PKG"
72+
"${CURL_CMD[@]}" -L "$("${CURL_CMD[@]}" -s "$RELEASES" | grep -o -E -i -m 1 "$GH_RELEASE_REGEX_SPECIFIC_VERSION")" > "$PKG"
6873
fi
6974

7075
# Make tool ready to use

0 commit comments

Comments
 (0)