[WIP] Add helper to wrap 'gh' calls using Exec

pkg/cli/.github/aw/actions-lock.json

@@ -0,0 +1,3 @@
+{
+  "entries": {}
+}

pkg/workflow/action_resolver.go

@@ -2,7 +2,6 @@ package workflow
 
 import (
 	"fmt"
-	"os/exec"
 	"strings"
 
 	"github.com/githubnext/gh-aw/pkg/logger"
@@ -61,7 +60,7 @@ func (r *ActionResolver) resolveFromGitHub(repo, version string) (string, error)
 	apiPath := fmt.Sprintf("/repos/%s/git/ref/tags/%s", baseRepo, version)
 	resolverLog.Printf("Querying GitHub API: %s", apiPath)
 
-	cmd := exec.Command("gh", "api", apiPath, "--jq", ".object.sha")
+	cmd := ExecGH("api", apiPath, "--jq", ".object.sha")
 	output, err := cmd.Output()
 	if err != nil {
 		// Try without "refs/tags/" prefix in case version is already a ref

pkg/workflow/gh_helper.go

@@ -0,0 +1,41 @@
+package workflow
+
+import (
+	"os"
+	"os/exec"
+
+	"github.com/githubnext/gh-aw/pkg/logger"
+)
+
+var ghHelperLog = logger.New("workflow:gh_helper")
+
+// ExecGH wraps exec.Command for "gh" CLI calls and ensures proper token configuration.
+// It sets GH_TOKEN from GITHUB_TOKEN if GH_TOKEN is not already set.
+// This ensures gh CLI commands work in environments where GITHUB_TOKEN is set but GH_TOKEN is not.
+//
+// Usage:
+//
+//	cmd := ExecGH("api", "/user")
+//	output, err := cmd.Output()
+func ExecGH(args ...string) *exec.Cmd {
+	cmd := exec.Command("gh", args...)
+
+	// Check if GH_TOKEN is already set
+	ghToken := os.Getenv("GH_TOKEN")
+	if ghToken != "" {
+		ghHelperLog.Printf("GH_TOKEN is set, using it for gh CLI")
+		return cmd
+	}
+
+	// Fall back to GITHUB_TOKEN if available
+	githubToken := os.Getenv("GITHUB_TOKEN")
+	if githubToken != "" {
+		ghHelperLog.Printf("GH_TOKEN not set, using GITHUB_TOKEN as fallback for gh CLI")
+		// Set GH_TOKEN in the command's environment
+		cmd.Env = append(os.Environ(), "GH_TOKEN="+githubToken)
+	} else {
+		ghHelperLog.Printf("Neither GH_TOKEN nor GITHUB_TOKEN is set, gh CLI will use default authentication")
+	}
+
+	return cmd
+}

pkg/workflow/gh_helper_test.go

@@ -0,0 +1,149 @@
+package workflow
+
+import (
+	"os"
+	"strings"
+	"testing"
+)
+
+func TestExecGH(t *testing.T) {
+	tests := []struct {
+		name          string
+		ghToken       string
+		githubToken   string
+		expectGHToken bool
+		expectValue   string
+	}{
+		{
+			name:          "GH_TOKEN is set",
+			ghToken:       "gh-token-123",
+			githubToken:   "",
+			expectGHToken: false, // Should use existing GH_TOKEN from environment
+			expectValue:   "",
+		},
+		{
+			name:          "GITHUB_TOKEN is set, GH_TOKEN is not",
+			ghToken:       "",
+			githubToken:   "github-token-456",
+			expectGHToken: true,
+			expectValue:   "github-token-456",
+		},
+		{
+			name:          "Both GH_TOKEN and GITHUB_TOKEN are set",
+			ghToken:       "gh-token-123",
+			githubToken:   "github-token-456",
+			expectGHToken: false, // Should prefer existing GH_TOKEN
+			expectValue:   "",
+		},
+		{
+			name:          "Neither GH_TOKEN nor GITHUB_TOKEN is set",
+			ghToken:       "",
+			githubToken:   "",
+			expectGHToken: false,
+			expectValue:   "",
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			// Save original environment
+			originalGHToken := os.Getenv("GH_TOKEN")
+			originalGitHubToken := os.Getenv("GITHUB_TOKEN")
+			defer func() {
+				os.Setenv("GH_TOKEN", originalGHToken)
+				os.Setenv("GITHUB_TOKEN", originalGitHubToken)
+			}()
+
+			// Set up test environment
+			if tt.ghToken != "" {
+				os.Setenv("GH_TOKEN", tt.ghToken)
+			} else {
+				os.Unsetenv("GH_TOKEN")
+			}
+			if tt.githubToken != "" {
+				os.Setenv("GITHUB_TOKEN", tt.githubToken)
+			} else {
+				os.Unsetenv("GITHUB_TOKEN")
+			}
+
+			// Execute the helper
+			cmd := ExecGH("api", "/user")
+
+			// Verify the command
+			if cmd.Path != "gh" && !strings.HasSuffix(cmd.Path, "/gh") {
+				t.Errorf("Expected command path to be 'gh', got: %s", cmd.Path)
+			}
+
+			// Verify arguments
+			if len(cmd.Args) != 3 || cmd.Args[1] != "api" || cmd.Args[2] != "/user" {
+				t.Errorf("Expected args [gh api /user], got: %v", cmd.Args)
+			}
+
+			// Verify environment
+			if tt.expectGHToken {
+				found := false
+				expectedEnv := "GH_TOKEN=" + tt.expectValue
+				for _, env := range cmd.Env {
+					if env == expectedEnv {
+						found = true
+						break
+					}
+				}
+				if !found {
+					t.Errorf("Expected environment to contain %s, but it wasn't found", expectedEnv)
+				}
+			} else {
+				// When GH_TOKEN is already set or neither token is set, cmd.Env should be nil (uses parent process env)
+				if cmd.Env != nil {
+					t.Errorf("Expected cmd.Env to be nil (inherit parent environment), got: %v", cmd.Env)
+				}
+			}
+		})
+	}
+}
+
+func TestExecGHWithMultipleArgs(t *testing.T) {
+	// Save original environment
+	originalGHToken := os.Getenv("GH_TOKEN")
+	originalGitHubToken := os.Getenv("GITHUB_TOKEN")
+	defer func() {
+		os.Setenv("GH_TOKEN", originalGHToken)
+		os.Setenv("GITHUB_TOKEN", originalGitHubToken)
+	}()
+
+	// Set up test environment
+	os.Unsetenv("GH_TOKEN")
+	os.Setenv("GITHUB_TOKEN", "test-token")
+
+	// Test with multiple arguments
+	cmd := ExecGH("api", "repos/owner/repo/git/ref/tags/v1.0", "--jq", ".object.sha")
+
+	// Verify command
+	if cmd.Path != "gh" && !strings.HasSuffix(cmd.Path, "/gh") {
+		t.Errorf("Expected command path to be 'gh', got: %s", cmd.Path)
+	}
+
+	// Verify all arguments are preserved
+	expectedArgs := []string{"gh", "api", "repos/owner/repo/git/ref/tags/v1.0", "--jq", ".object.sha"}
+	if len(cmd.Args) != len(expectedArgs) {
+		t.Errorf("Expected %d args, got %d: %v", len(expectedArgs), len(cmd.Args), cmd.Args)
+	}
+
+	for i, expected := range expectedArgs {
+		if i >= len(cmd.Args) || cmd.Args[i] != expected {
+			t.Errorf("Arg %d: expected %s, got %s", i, expected, cmd.Args[i])
+		}
+	}
+
+	// Verify environment contains GH_TOKEN
+	found := false
+	for _, env := range cmd.Env {
+		if env == "GH_TOKEN=test-token" {
+			found = true
+			break
+		}
+	}
+	if !found {
+		t.Errorf("Expected environment to contain GH_TOKEN=test-token")
+	}
+}