actions/setup-php
1
0
Fork 0
mirror of https://github.com/shivammathur/setup-php.git synced 2025-09-16 09:44:08 +07:00
Code Issues Packages Projects Releases Wiki Activity

Check github-token on enterprise

Browse Source 
On GitHub enterprise we may get a Personal Access token or a default token generated by GitHub that maybe not have the permissions required to access public GitHub, so we check and add it only if it can authenticate with the public GitHub API
This commit is contained in:
Shivam Mathur
2025-08-02 12:12:58 +05:30
parent dcec1cf0b4
commit 89b2566bb0
3 changed files with 39 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
README.md
View File

@ -465,6 +465,7 @@ Disable coverage for these reasons:
- Specify the GitHub token to use for authentication. - Specify the GitHub token to use for authentication.
- Accepts a `string`. - Accepts a `string`.
- By default, `GITHUB_TOKEN` secret provided by GitHub Actions is used. - By default, `GITHUB_TOKEN` secret provided by GitHub Actions is used.
- For GitHub Enterprise users, it is recommended to use a Personal Access Token (PAT).
### Outputs ### Outputs
@ -797,8 +798,6 @@ restore-keys: ${{ runner.os }}-composer-${{ matrix.prefer }}-
By default, setup-php uses the `GITHUB_TOKEN` secret that is generated for each workflow run. In case you want to use a Personal Access Token (PAT) instead, you can set the `github-token` input. By default, setup-php uses the `GITHUB_TOKEN` secret that is generated for each workflow run. In case you want to use a Personal Access Token (PAT) instead, you can set the `github-token` input.
The `COMPOSER_TOKEN` and `GITHUB_TOKEN` environment variables have been deprecated in favor of the `github-token` input and will be removed in the next major version.
```yaml ```yaml
- name: Setup PHP - name: Setup PHP
uses: shivammathur/setup-php@v2 uses: shivammathur/setup-php@v2
@ -807,6 +806,10 @@ The `COMPOSER_TOKEN` and `GITHUB_TOKEN` environment variables have been deprecat
github-token: ${{ secrets.YOUR_PAT_TOKEN }} github-token: ${{ secrets.YOUR_PAT_TOKEN }}
``` ```
The `COMPOSER_TOKEN` and `GITHUB_TOKEN` environment variables have been deprecated in favor of the `github-token` input and will be removed in the next major version.
For GitHub Enterprise users, the `github-token` input does not default to the `GITHUB_TOKEN` secret. Therefore, it's recommended to set the `github-token` input to a Personal Access Token (PAT).
### Private Packagist Authentication ### Private Packagist Authentication
If you use Private Packagist for your private composer dependencies, you can set the `PACKAGIST_TOKEN` environment variable to authenticate. If you use Private Packagist for your private composer dependencies, you can set the `PACKAGIST_TOKEN` environment variable to authenticate.

19
src/scripts/tools/add_tools.ps1
View File

@ -61,6 +61,19 @@ Function Update-AuthJson {
Set-Content -Path $composer_home\auth.json -Value ($existing | ConvertTo-Json -Depth 5) Set-Content -Path $composer_home\auth.json -Value ($existing | ConvertTo-Json -Depth 5)
} }
function Test-GitHubPublicAccess {
param(
[Parameter(Mandatory=$true)]
[string]$Token
)
try {
Invoke-RestMethod -Uri 'https://api.github.com/' -Headers @{ Authorization = "token $Token" } -ErrorAction Stop | Out-Null
return $true
} catch {
return $false
}
}
# Function to setup authentication in composer. # Function to setup authentication in composer.
Function Set-ComposerAuth() { Function Set-ComposerAuth() {
if(Test-Path env:COMPOSER_AUTH_JSON) { if(Test-Path env:COMPOSER_AUTH_JSON) {
@ -74,10 +87,16 @@ Function Set-ComposerAuth() {
if(Test-Path env:PACKAGIST_TOKEN) { if(Test-Path env:PACKAGIST_TOKEN) {
$composer_auth += '"http-basic": {"repo.packagist.com": { "username": "token", "password": "' + $env:PACKAGIST_TOKEN + '"}}' $composer_auth += '"http-basic": {"repo.packagist.com": { "username": "token", "password": "' + $env:PACKAGIST_TOKEN + '"}}'
} }
$write_token = $true
$token = if ($env:COMPOSER_TOKEN) { $env:COMPOSER_TOKEN } else { $env:GITHUB_TOKEN } $token = if ($env:COMPOSER_TOKEN) { $env:COMPOSER_TOKEN } else { $env:GITHUB_TOKEN }
if ($token) { if ($token) {
if ($env:GITHUB_SERVER_URL -ne "https://github.com" -and -not(Test-GitHubPublicAccess $token)) {
$write_token = $false
}
if($write_token) {
$composer_auth += '"github-oauth": {"github.com": "' + $token + '"}' $composer_auth += '"github-oauth": {"github.com": "' + $token + '"}'
} }
}
if($composer_auth.length) { if($composer_auth.length) {
Update-AuthJson $composer_auth Update-AuthJson $composer_auth
} }

16
src/scripts/tools/add_tools.sh
View File

@ -65,6 +65,11 @@ update_auth_json() {
printf '%s' "$merged" > "$composer_home/auth.json" printf '%s' "$merged" > "$composer_home/auth.json"
} }
# Function to check if public GitHub token authentication is possible.
can_access_public_github() {
curl --fail -s -H "Authorization: token $1" 'https://api.github.com/' >/dev/null 2>&1
}
# Function to setup authentication in composer. # Function to setup authentication in composer.
set_composer_auth() { set_composer_auth() {
if [ -n "$COMPOSER_AUTH_JSON" ]; then if [ -n "$COMPOSER_AUTH_JSON" ]; then
@ -78,8 +83,15 @@ set_composer_auth() {
if [ -n "$PACKAGIST_TOKEN" ]; then if [ -n "$PACKAGIST_TOKEN" ]; then
composer_auth+=( '"http-basic": {"repo.packagist.com": { "username": "token", "password": "'"$PACKAGIST_TOKEN"'"}}' ) composer_auth+=( '"http-basic": {"repo.packagist.com": { "username": "token", "password": "'"$PACKAGIST_TOKEN"'"}}' )
fi fi
if [ -n "${COMPOSER_TOKEN:-$GITHUB_TOKEN}" ]; then token="${COMPOSER_TOKEN:-$GITHUB_TOKEN}"
composer_auth+=( '"github-oauth": {"github.com": "'"${COMPOSER_TOKEN:-$GITHUB_TOKEN}"'"}' ) if [ -n "$token" ]; then
write_token=true
if [ "$GITHUB_SERVER_URL" != "https://github.com" ]; then
can_access_public_github "$token" || write_token=false
fi
if [ "$write_token" = 'true' ]; then
composer_auth+=( '"github-oauth": {"github.com": "'"$token"'"}' )
fi
fi fi
if ((${#composer_auth[@]})); then if ((${#composer_auth[@]})); then
update_auth_json "${composer_auth[@]}" update_auth_json "${composer_auth[@]}"