chore(scripts): auto authenticate gh CLI in scripts on dogfood #13107
Conversation
|
I thought about aliasing too. That's another approach but we will be making an API call on each use then. And this only works within a coder workspace given the user is also authenticated with coder. |
|
We can probably create a module that authenticates the user to Coder deployment and then creates an alias for alias gh='GITHUB_TOKEN=$(coder external-auth access-token github) gh' |
|
@matifali The alias does cost a RTT on the api call, but that is what we do for I've thought before about exposing an api call to force an early refresh, because then you could trigger on some cron interval or something to keep the env var for new shell sessions up to date. A long running shell would eventually become stale... The alias could marry these two ideas. One thing to consider though is all workspaces share the same auth token. So if workspace 1 refreshes, it would break workspace 2 😢. So all these ideas might be for naught. |
But with alias, each call to |
You are right. If we alias each call, only the fresh token should be shared by all workspaces. I was thinking if we forced early refreshes. I think the alias to auth each time is a decent solution then. |
|
Merging this as it is because configuring aliases for each of the shells would need some thinking. |
Continuing #13106, This PR automatically authenticates gh CLI in scripts with a fresh access_token. This only works in a dogfood workspace where the users are already authenticated with Coder.