-
Notifications
You must be signed in to change notification settings - Fork 580
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
chore(scripts): auto authenticate gh CLI in scripts on dogfood #13107
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
When I saw this PR title, I thought gh
must have added some new functionality.
This made me think of a solution where we just alias gh
to your script that always sets the env var.
Regardless, this is fine for us. Just trying to think of a general solution 🤔
I thought about aliasing too. That's another approach but we will be making an API call on each use then. And this only works within a coder workspace given the user is also authenticated with coder. |
We can probably create a module that authenticates the user to Coder deployment and then creates an alias for alias gh='GITHUB_TOKEN=$(coder external-auth access-token github) gh' |
@matifali The alias does cost a RTT on the api call, but that is what we do for I've thought before about exposing an api call to force an early refresh, because then you could trigger on some cron interval or something to keep the env var for new shell sessions up to date. A long running shell would eventually become stale... The alias could marry these two ideas. One thing to consider though is all workspaces share the same auth token. So if workspace 1 refreshes, it would break workspace 2 😢. So all these ideas might be for naught. |
But with alias, each call to |
You are right. If we alias each call, only the fresh token should be shared by all workspaces. I was thinking if we forced early refreshes. I think the alias to auth each time is a decent solution then. |
Merging this as it is because configuring aliases for each of the shells would need some thinking. |
Continuing #13106, This PR automatically authenticates gh CLI in scripts with a fresh access_token. This only works in a dogfood workspace where the users are already authenticated with Coder.