chore(scripts): auto authenticate gh CLI in scripts on dogfood (#13107)

* chore: auto authenticate gh CLI in scripts * fix shellcheck issues
coder · Apr 30, 2024 · 3ff9cef · 3ff9cef
1 parent 53f7e9e
commit 3ff9cef
Show file tree

Hide file tree

Showing 6 changed files with 34 additions and 1 deletion.
diff --git a/scripts/deploy-pr.sh b/scripts/deploy-pr.sh
@@ -4,6 +4,9 @@
 # [#pr-deployments](https://codercom.slack.com/archives/C05DNE982E8) Slack channel
 
 set -euo pipefail
+# shellcheck source=scripts/lib.sh
+source "$(dirname "${BASH_SOURCE[0]}")/lib.sh"
+cdroot
 
 # default settings
 dryRun=false
@@ -64,6 +67,9 @@ if $confirm; then
 	fi
 fi
 
+# Authenticate gh CLI
+gh_auth
+
 # get branch name and pr number
 branchName=$(gh pr view --json headRefName | jq -r .headRefName)
 prNumber=$(gh pr view --json number | jq -r .number)

diff --git a/scripts/lib.sh b/scripts/lib.sh
@@ -130,6 +130,22 @@ requiredenvs() {
 	fi
 }
 
+gh_auth() {
+	local fail=0
+	if [[ "${CODER:-}" == "true" ]]; then
+		if ! output=$(coder external-auth access-token github 2>&1); then
+			log "ERROR: Could not authenticate with GitHub."
+			log "$output"
+			fail=1
+		else
+			GITHUB_TOKEN=$(coder external-auth access-token github)
+			export GITHUB_TOKEN
+		fi
+	else
+		log "Please authenticate gh CLI by running 'gh auth login'"
+	fi
+}
+
 # maybedryrun prints the given program and flags, and then, if the first
 # argument is 0, executes it. The reason the first argument should be 0 is that
 # it is expected that you have a dry_run variable in your script that is set to

diff --git a/scripts/release.sh b/scripts/release.sh
@@ -113,6 +113,9 @@ done
 # Check dependencies.
 dependencies gh jq sort
 
+# Authenticate gh CLI
+gh_auth
+
 if [[ -z $increment ]]; then
 	# Default to patch versions.
 	increment="patch"

diff --git a/scripts/release/check_commit_metadata.sh b/scripts/release/check_commit_metadata.sh
@@ -31,6 +31,9 @@ range="${from_ref}..${to_ref}"
 # Check dependencies.
 dependencies gh
 
+# Authenticate gh CLI
+gh_auth
+
 COMMIT_METADATA_BREAKING=0
 declare -a COMMIT_METADATA_COMMITS
 declare -A COMMIT_METADATA_TITLE COMMIT_METADATA_HUMAN_TITLE COMMIT_METADATA_CATEGORY COMMIT_METADATA_AUTHORS
@@ -145,7 +148,6 @@ main() {
 			done
 		} | sort -t- -n | head -n 1
 	)
-
 	# Get the labels for all PRs merged since the last release, this is
 	# inexact based on date, so a few PRs part of the previous release may
 	# be included.

diff --git a/scripts/release/generate_release_notes.sh b/scripts/release/generate_release_notes.sh
@@ -57,6 +57,9 @@ done
 # Check dependencies.
 dependencies gh sort
 
+# Authticate gh CLI
+gh_auth
+
 if [[ -z ${old_version} ]]; then
 	error "No old version specified"
 fi

diff --git a/scripts/release/publish.sh b/scripts/release/publish.sh
@@ -71,6 +71,9 @@ done
 # Check dependencies
 dependencies gh
 
+# Authenticate gh CLI
+gh_auth
+
 # Remove the "v" prefix.
 version="${version#v}"
 if [[ "$version" == "" ]]; then