Merge pull request #38 from neongreen/copilot/update-authentication-methods

Add transparent authentication support for private repositories in prrun

Author: neongreen

prrun/README.md

@@ -64,6 +64,36 @@ curl -fsSL https://raw.githubusercontent.com/neongreen/mono/main/install.sh | ba
 4. **Cache**: Downloads to `~/.cache/prrun/<release-tag>/<binary-name>`
 5. **Execute**: Runs the cached binary with your arguments
 
+## Authentication
+
+`prrun` transparently supports authentication for accessing private repositories. It tries multiple authentication methods in order:
+
+1. **GITHUB_TOKEN** environment variable
+2. **MISE_GITHUB_TOKEN** environment variable
+3. **gh CLI** tool (if authenticated via `gh auth login`)
+
+If any of these are available, `prrun` will use them to authenticate GitHub API requests. This allows you to:
+
+- Access releases from private repositories
+- Avoid GitHub API rate limits
+- Download private release assets
+
+### Examples
+
+```bash
+# Using GITHUB_TOKEN
+export GITHUB_TOKEN="ghp_your_token_here"
+prrun https://github.com/private-org/private-repo/pull/123 tool
+
+# Using MISE_GITHUB_TOKEN
+export MISE_GITHUB_TOKEN="ghp_your_token_here"
+prrun https://github.com/private-org/private-repo/pull/123 tool
+
+# Using gh CLI (if already authenticated)
+gh auth login
+prrun https://github.com/private-org/private-repo/pull/123 tool
+```
+
 ## Caching
 
 Binaries are cached at `~/.cache/prrun/` organized by release tag:

prrun/main.go

@@ -66,11 +66,56 @@ func getCacheDir() (string, error) {
 	return cacheDir, nil
 }
 
+// getGitHubToken attempts to get a GitHub token from multiple sources
+// It tries in order: GITHUB_TOKEN, MISE_GITHUB_TOKEN, gh CLI tool
+func getGitHubToken() string {
+	// Try GITHUB_TOKEN environment variable first
+	if token := os.Getenv("GITHUB_TOKEN"); token != "" {
+		return token
+	}
+
+	// Try MISE_GITHUB_TOKEN environment variable
+	if token := os.Getenv("MISE_GITHUB_TOKEN"); token != "" {
+		return token
+	}
+
+	// Try gh CLI tool
+	cmd := exec.Command("gh", "auth", "token")
+	output, err := cmd.Output()
+	if err == nil && len(output) > 0 {
+		return strings.TrimSpace(string(output))
+	}
+
+	// No token found
+	return ""
+}
+
+// createAuthenticatedRequest creates an HTTP request with authentication if available
+func createAuthenticatedRequest(method, url string) (*http.Request, error) {
+	req, err := http.NewRequest(method, url, nil)
+	if err != nil {
+		return nil, err
+	}
+
+	// Add authentication token if available
+	if token := getGitHubToken(); token != "" {
+		req.Header.Set("Authorization", "Bearer "+token)
+	}
+
+	return req, nil
+}
+
 // findPRRelease finds the latest release for a specific PR
 func findPRRelease(owner, repo string, prNum int, project string) (*GitHubRelease, error) {
 	apiURL := fmt.Sprintf("https://api.github.com/repos/%s/%s/releases", owner, repo)
 
-	resp, err := http.Get(apiURL)
+	req, err := createAuthenticatedRequest("GET", apiURL)
+	if err != nil {
+		return nil, fmt.Errorf("failed to create request: %w", err)
+	}
+
+	client := &http.Client{}
+	resp, err := client.Do(req)
 	if err != nil {
 		return nil, fmt.Errorf("failed to fetch releases: %w", err)
 	}
@@ -157,7 +202,13 @@ func getPlatformBinaryName(release *GitHubRelease, projectName string) (string,
 func downloadBinary(downloadURL, destPath string) error {
 	fmt.Printf("Downloading binary from %s...\n", downloadURL)
 
-	resp, err := http.Get(downloadURL)
+	req, err := createAuthenticatedRequest("GET", downloadURL)
+	if err != nil {
+		return fmt.Errorf("failed to create request: %w", err)
+	}
+
+	client := &http.Client{}
+	resp, err := client.Do(req)
 	if err != nil {
 		return fmt.Errorf("failed to download binary: %w", err)
 	}

prrun/main_test.go

@@ -120,3 +120,94 @@ func TestGetPlatformBinaryName(t *testing.T) {
 	t.Logf("Platform binary: %s", binaryName)
 	t.Logf("Download URL: %s", downloadURL)
 }
+
+func TestGetGitHubToken(t *testing.T) {
+	// Save original environment variables
+	origGithubToken := os.Getenv("GITHUB_TOKEN")
+	origMiseToken := os.Getenv("MISE_GITHUB_TOKEN")
+
+	// Clean up after test
+	defer func() {
+		if origGithubToken != "" {
+			os.Setenv("GITHUB_TOKEN", origGithubToken)
+		} else {
+			os.Unsetenv("GITHUB_TOKEN")
+		}
+		if origMiseToken != "" {
+			os.Setenv("MISE_GITHUB_TOKEN", origMiseToken)
+		} else {
+			os.Unsetenv("MISE_GITHUB_TOKEN")
+		}
+	}()
+
+	t.Run("GITHUB_TOKEN takes precedence", func(t *testing.T) {
+		os.Setenv("GITHUB_TOKEN", "github_token")
+		os.Setenv("MISE_GITHUB_TOKEN", "mise_token")
+
+		token := getGitHubToken()
+		if token != "github_token" {
+			t.Errorf("getGitHubToken() = %v, want %v", token, "github_token")
+		}
+	})
+
+	t.Run("MISE_GITHUB_TOKEN used when GITHUB_TOKEN not set", func(t *testing.T) {
+		os.Unsetenv("GITHUB_TOKEN")
+		os.Setenv("MISE_GITHUB_TOKEN", "mise_token")
+
+		token := getGitHubToken()
+		if token != "mise_token" {
+			t.Errorf("getGitHubToken() = %v, want %v", token, "mise_token")
+		}
+	})
+
+	t.Run("returns empty string when no tokens available", func(t *testing.T) {
+		os.Unsetenv("GITHUB_TOKEN")
+		os.Unsetenv("MISE_GITHUB_TOKEN")
+
+		token := getGitHubToken()
+		// Token might be empty or come from gh CLI
+		// We just verify the function doesn't crash
+		t.Logf("getGitHubToken() = %q", token)
+	})
+}
+
+func TestCreateAuthenticatedRequest(t *testing.T) {
+	// Save original environment variable
+	origGithubToken := os.Getenv("GITHUB_TOKEN")
+	defer func() {
+		if origGithubToken != "" {
+			os.Setenv("GITHUB_TOKEN", origGithubToken)
+		} else {
+			os.Unsetenv("GITHUB_TOKEN")
+		}
+	}()
+
+	t.Run("adds authorization header when token available", func(t *testing.T) {
+		os.Setenv("GITHUB_TOKEN", "test_token_123")
+
+		req, err := createAuthenticatedRequest("GET", "https://api.github.com/repos/test/test")
+		if err != nil {
+			t.Fatalf("createAuthenticatedRequest() error = %v", err)
+		}
+
+		authHeader := req.Header.Get("Authorization")
+		expectedHeader := "Bearer test_token_123"
+		if authHeader != expectedHeader {
+			t.Errorf("Authorization header = %v, want %v", authHeader, expectedHeader)
+		}
+	})
+
+	t.Run("creates request without authorization when token not available", func(t *testing.T) {
+		os.Unsetenv("GITHUB_TOKEN")
+		os.Unsetenv("MISE_GITHUB_TOKEN")
+
+		req, err := createAuthenticatedRequest("GET", "https://api.github.com/repos/test/test")
+		if err != nil {
+			t.Fatalf("createAuthenticatedRequest() error = %v", err)
+		}
+
+		authHeader := req.Header.Get("Authorization")
+		// If gh CLI is available, there might be a token; otherwise it should be empty
+		t.Logf("Authorization header = %q", authHeader)
+	})
+}