feat: add dual-auth support (GITHUB_TOKEN + gh CLI) across all scripts#21
Merged
Conversation
- Auto-resolve GITHUB_TOKEN from active gh CLI session at source time so curl-based scripts work with either a PAT or gh CLI auth - Add configure_gh_auth() to bridge GITHUB_TOKEN→GH_TOKEN for scripts that use the gh CLI directly - Add gh_api_paginate() — paginated REST helper that follows Link headers, streams items through a jq filter, handles 404/422 silently, and supports a custom API version header for Copilot endpoints Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
- Change github-token from required to optional in all 16 existing action.yml files; env mapping uses inputs.github-token || github.token so the built-in Actions token is used automatically when no PAT is provided - Add new action.yml for github-repo-permissions-report - Add new action.yml for github-copilot-report (with no-entra, credits, enterprise, and upn-domain inputs) Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
github-organize-stars: - Now sources lib/github-common.sh for shared helpers - Calls configure_gh_auth to bridge GITHUB_TOKEN→GH_TOKEN; kept as gh-CLI-based since it uses GraphQL mutations not available via REST github-repo-permissions-report: - Removed gh CLI dependency; now uses curl via lib's gh_api and gh_api_paginate for all API calls - Branch protection and ruleset 404s handled via __404__ sentinel github-copilot-report: - Removed gh CLI dependency; added local _copilot_api() using curl with X-GitHub-Api-Version: 2026-03-10 - fetch_seats() now uses gh_api_paginate with the Copilot API version - az CLI is now truly optional: if not installed or not logged in, Entra ID enrichment is silently skipped (--no-entra also works on runners without az installed) - Added missing API_URL_PREFIX default to fix validate_github_token Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
- README: prerequisites for repo-permissions-report and copilot-report updated from gh CLI to curl; az marked as optional; available actions table includes both new scripts; usage examples updated - AGENTS.md: shared library table adds configure_gh_auth and gh_api_paginate; tech stack row for gh CLI updated to only list github-organize-stars; error handling sequence documents the auto-resolution side-effect - copilot-instructions.md: script descriptions for repo-permissions-report and copilot-report updated to reflect curl usage; copilot-report az requirement noted as optional/runtime-checked Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
All scripts now support both
GITHUB_TOKENenv var and an activeghCLI auth session interchangeably, and all work in GitHub Actions without extra configuration.Changes
lib/github-common.shGITHUB_TOKENis unset andghis available, the token is resolved viagh auth tokenand exported — zero changes needed in curl-based scriptsconfigure_gh_auth(): bridgesGITHUB_TOKEN→GH_TOKENfor scripts that use theghCLI directly, or verifies an activeghsessiongh_api_paginate(): new paginated REST helper that followsLinkheaders, streams items through ajqfilter, handles 404/422 silently, and accepts a custom API version headerAll
action.ymlfiles (16 existing + 2 new)github-tokenchanged fromrequired: truetorequired: false${{ inputs.github-token || github.token }}so the built-in Actions token is used when no PAT is providedaction.ymladded forgithub-repo-permissions-reportaction.ymladded forgithub-copilot-reportScripts converted from
ghCLI tocurlgithub-repo-permissions-report.sh: removedghCLI dependency; uses lib'sgh_api+gh_api_paginatefor all calls; branch protection 404s handled via__404__sentinelgithub-copilot-report.sh: removedghCLI dependency; added local_copilot_api()with API version2026-03-10;fetch_seats()usesgh_api_paginate;azCLI is now truly optional (silently skipped if not installed/logged in, even without--no-entra); fixed missingAPI_URL_PREFIXdefault that causedvalidate_github_tokento always failgithub-organize-stars.sh(kept asgh-based)lib/github-common.shfor shared helpersconfigure_gh_authfor consistent auth handlingghCLI-based since it uses GraphQL mutationsDocumentation
README.md: prerequisites, usage examples, and available actions table updatedAGENTS.md: shared library table, tech stack, and error handling sequence updated.github/copilot-instructions.md: script descriptions updated to reflect new toolingTesting
.shfiles passbash -nsyntax check