Skip to content

feat: add dual-auth support (GITHUB_TOKEN + gh CLI) across all scripts#21

Merged
locus313 merged 4 commits into
mainfrom
feature/dual-auth-support
Jun 26, 2026
Merged

feat: add dual-auth support (GITHUB_TOKEN + gh CLI) across all scripts#21
locus313 merged 4 commits into
mainfrom
feature/dual-auth-support

Conversation

@locus313

Copy link
Copy Markdown
Owner

Summary

All scripts now support both GITHUB_TOKEN env var and an active gh CLI auth session interchangeably, and all work in GitHub Actions without extra configuration.

Changes

lib/github-common.sh

  • Auto-resolution block: at lib source time, if GITHUB_TOKEN is unset and gh is available, the token is resolved via gh auth token and exported — zero changes needed in curl-based scripts
  • configure_gh_auth(): bridges GITHUB_TOKEN→GH_TOKEN for scripts that use the gh CLI directly, or verifies an active gh session
  • gh_api_paginate(): new paginated REST helper that follows Link headers, streams items through a jq filter, handles 404/422 silently, and accepts a custom API version header

All action.yml files (16 existing + 2 new)

  • github-token changed from required: true to required: false
  • Env mapping uses ${{ inputs.github-token || github.token }} so the built-in Actions token is used when no PAT is provided
  • New action.yml added for github-repo-permissions-report
  • New action.yml added for github-copilot-report

Scripts converted from gh CLI to curl

  • github-repo-permissions-report.sh: removed gh CLI dependency; uses lib's gh_api + gh_api_paginate for all calls; branch protection 404s handled via __404__ sentinel
  • github-copilot-report.sh: removed gh CLI dependency; added local _copilot_api() with API version 2026-03-10; fetch_seats() uses gh_api_paginate; az CLI is now truly optional (silently skipped if not installed/logged in, even without --no-entra); fixed missing API_URL_PREFIX default that caused validate_github_token to always fail

github-organize-stars.sh (kept as gh-based)

  • Now sources lib/github-common.sh for shared helpers
  • Calls configure_gh_auth for consistent auth handling
  • Kept as gh CLI-based since it uses GraphQL mutations

Documentation

  • README.md: prerequisites, usage examples, and available actions table updated
  • AGENTS.md: shared library table, tech stack, and error handling sequence updated
  • .github/copilot-instructions.md: script descriptions updated to reflect new tooling

Testing

  • All modified .sh files pass bash -n syntax check
  • Pre-commit secret scan passed on all commits
  • Scripts should be tested against a non-production org/enterprise before production use

locus313 and others added 4 commits June 26, 2026 12:46
- Auto-resolve GITHUB_TOKEN from active gh CLI session at source time
  so curl-based scripts work with either a PAT or gh CLI auth
- Add configure_gh_auth() to bridge GITHUB_TOKEN→GH_TOKEN for scripts
  that use the gh CLI directly
- Add gh_api_paginate() — paginated REST helper that follows Link headers,
  streams items through a jq filter, handles 404/422 silently, and
  supports a custom API version header for Copilot endpoints

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
- Change github-token from required to optional in all 16 existing
  action.yml files; env mapping uses inputs.github-token || github.token
  so the built-in Actions token is used automatically when no PAT is provided
- Add new action.yml for github-repo-permissions-report
- Add new action.yml for github-copilot-report (with no-entra, credits,
  enterprise, and upn-domain inputs)

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
github-organize-stars:
- Now sources lib/github-common.sh for shared helpers
- Calls configure_gh_auth to bridge GITHUB_TOKEN→GH_TOKEN; kept as
  gh-CLI-based since it uses GraphQL mutations not available via REST

github-repo-permissions-report:
- Removed gh CLI dependency; now uses curl via lib's gh_api and
  gh_api_paginate for all API calls
- Branch protection and ruleset 404s handled via __404__ sentinel

github-copilot-report:
- Removed gh CLI dependency; added local _copilot_api() using curl
  with X-GitHub-Api-Version: 2026-03-10
- fetch_seats() now uses gh_api_paginate with the Copilot API version
- az CLI is now truly optional: if not installed or not logged in,
  Entra ID enrichment is silently skipped (--no-entra also works on
  runners without az installed)
- Added missing API_URL_PREFIX default to fix validate_github_token

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
- README: prerequisites for repo-permissions-report and copilot-report
  updated from gh CLI to curl; az marked as optional; available actions
  table includes both new scripts; usage examples updated
- AGENTS.md: shared library table adds configure_gh_auth and
  gh_api_paginate; tech stack row for gh CLI updated to only list
  github-organize-stars; error handling sequence documents the
  auto-resolution side-effect
- copilot-instructions.md: script descriptions for repo-permissions-report
  and copilot-report updated to reflect curl usage; copilot-report az
  requirement noted as optional/runtime-checked

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
@locus313 locus313 merged commit d45fe33 into main Jun 26, 2026
2 checks passed
@locus313 locus313 deleted the feature/dual-auth-support branch June 26, 2026 19:48
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant