Fix authorization method

[leonardbinet]

See https://circleci.com/docs/api/v2/#operation/listWorkflowJobs

api_key_query seems to be deprecated (since I kept receiving ``` { "message" : "Workflow not found" } ```)

[roopakv]

if we are changing this you need to use

Circle-Token

as the header name not basic i believe.

also this orb is used in production and works right now. interesting to see that you get not found 🤔

[leonardbinet]

I used the proposed method in documention here https://circleci.com/docs/api/v2/#operation/listWorkflowJobs

I'll try again next week and let you know, could it be linked somehow to using a different version of pipelines?
I was using version: 2.1.

[roopakv]

ah yeah the circleci docs arent great at the auth part. this PR will break the orb :)

[leonardbinet]

Sorry my message wasn't very clear, based on documentation there are three possible authentication methods:

• api_key_header using Circle-Token header key
• basic_auth using basic authentication (the one I implemented in this PR)
• api_key_query using circle-token key in query parameters (not in headers), which is the method your are currently using, and which will be deprecated at some point

I used basic_auth but api_key_header would work fine as well :)

Note: before making this PR I launched a CircleCi build with SSH session to test it, and it works for me, so I don't think it would break the orb (or is there something I missed 🤔 ?):

For some reason, in my case the api_key_query method doesn't work though.

This error wasn't covered and resulted in a 22 error code:

I investigated via SSH to understand where the issue came from, and to me it seems related to authentication method.

By the way, thanks a lot for making this orb, I don't understand how this feature isn't built-in in circleci, your orb is really appreciated :)

Cheers!

[leonardbinet]

note: I just noticed this issue #76 is related to a exit code 22 as well, it might be the same underlying issue

[leonardbinet]

Actually, there might be another issue.
When running the current script in ssh mode, circleci api authentication fails, resulting in job_status and job_number variables having "" value.
Which is equivalent to "the job we wait for doesn't exist", since we check "$job_status" == "":

if [[ "$job_status" == "success" || "$job_status" == "failed" || "$job_status" == "canceled" || "$job_status" == "" ]]; then
    echo "Its finally my turn. exiting"

This is an issue that will be solved by proper authentication, but I cannot reproduce the code 22 error though.

[leonardbinet]

I think I found the reason for the code 22 exit status:
https://curl.se/mail/archive-2003-03/0079.html

--fail will return 22 for any HTTP error that is 400 or above

For some reason the -s option in curl command hid it, but it seems to be the culprit.

Because circleci orbs run with #!/bin/bash -eo pipefail, even if script ends with a exit 0, the status will be the last failing.
https://stackoverflow.com/questions/68465355/what-is-the-meaning-of-set-o-pipefail-in-bash-script

Now, I've no idea why it occurs on some configuration, but not on yours (could you check if authentication really works, or if the failing auth is just silently ignored, resulting in thinking the job we wait for doesn't exist?)

[roopakv]

so i double checked this. the PR in the current state will not work.

=> Authorization header does not work with circle token.
=> to use the Circle token method you need to have header Circle-Token

i.e.

does not work

curl --location --request GET 'https://circleci.com/api/v2/pipeline?org-slug=gh/roopakv' \
--header 'Authorization: Basic TOKEN_HERE'

works

curl --location --request GET 'https://circleci.com/api/v2/pipeline?org-slug=gh/roopakv' \
--header 'Circle-Token: TOKEN_HERE'

[leonardbinet]

I don't have any preference so let's go with the Circle-Token header 👍

It's strange though, for me it works in both cases 🤷‍♂️