You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When using a custom policy located in a private repository with a GitHub App API token, the ghascompliance tool is not able to clone the repository containing the policy.
This is due to loadFromRepo function which is directly using the API token with https:// scheme, to retrieve the content of the repository containing the custom policy.
Add a command line parameter to indicate that a GitHub App token is used, so that the x-access-tokenusername is added in the clone HTTPS URL. Here is a quick example of a code that could do so:
Description
When using a custom policy located in a private repository with a GitHub App API token, the ghascompliance tool is not able to clone the repository containing the policy.
This is due to
loadFromRepo
function which is directly using the API token withhttps://
scheme, to retrieve the content of the repository containing the custom policy.However, GitHub App API token needs to set
x-access-token
as username when usinghttps://
scheme to clone a repository (see https://docs.github.com/en/developers/apps/building-github-apps/authenticating-with-github-apps#http-based-git-access-by-an-installation). Thus the clone is failing, when the custom policy is placed in a private repository (when using GitHub App generated API token)Propose Solution
Add a command line parameter to indicate that a GitHub App token is used, so that the
x-access-token
username is added in the clone HTTPS URL. Here is a quick example of a code that could do so:The text was updated successfully, but these errors were encountered: