Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Custom policy clone in private repository does not work when using a GitHub App API token #50

Closed
4bg0P opened this issue Dec 21, 2021 · 2 comments
Closed

Custom policy clone in private repository does not work when using a GitHub App API token #50

4bg0P opened this issue Dec 21, 2021 · 2 comments
Assignees
@GeekMasher @4bg0P
Labels
enhancement New feature or request

Comments

@4bg0P
Copy link
Contributor

4bg0P commented Dec 21, 2021

Description

When using a custom policy located in a private repository with a GitHub App API token, the ghascompliance tool is not able to clone the repository containing the policy.

This is due to loadFromRepo function which is directly using the API token with https:// scheme, to retrieve the content of the repository containing the custom policy.

def loadFromRepo(self):
        instance = urlparse(self.instance).netloc
        if self.token:
            repo = "https://" + self.token + "@" + instance + "/" + self.repository
        else:
            repo = "https://" + instance + "/" + self.repository

However, GitHub App API token needs to set x-access-token as username when using https:// scheme to clone a repository (see https://docs.github.com/en/developers/apps/building-github-apps/authenticating-with-github-apps#http-based-git-access-by-an-installation). Thus the clone is failing, when the custom policy is placed in a private repository (when using GitHub App generated API token)

Propose Solution

Add a command line parameter to indicate that a GitHub App token is used, so that the x-access-tokenusername is added in the clone HTTPS URL. Here is a quick example of a code that could do so:

        def loadFromRepo(self):
        instance = urlparse(self.instance).netloc
        if self.token:
            if not self.isGitHubAppToken:
                repo = "https://" + self.token + "@" + instance + "/" + self.repository
            else:
                repo = "https://" + "x-access-token:" + self.token + "@" + instance + "/" + self.repository
        else:
            repo = "https://" + instance + "/" + self.repository
@4bg0P 4bg0P added the enhancement New feature or request label Dec 21, 2021
@4bg0P 4bg0P mentioned this issue Dec 22, 2021
Merged
@GeekMasher
Copy link
Owner

Merged and released in 1.6. @4bg0P If you can help create any documentation that would be great. I'll create an separate issue for this.

@4bg0P
Copy link
Contributor Author

4bg0P commented Jan 5, 2022

Merged and released in 1.6. @4bg0P If you can help create any documentation that would be great. I'll create an separate issue for this.

Hey @GeekMasher! Thank you for the merge. Sure, I will help you document this added feature in the following days.

Have a great day,
Théo

@GeekMasher GeekMasher mentioned this issue Jan 5, 2022
Closed
3 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@GeekMasher GeekMasher

@4bg0P 4bg0P

Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@GeekMasher @4bg0P