Skip to content

Commit

Permalink
Adding token based authentication for cloning repos.
Browse files Browse the repository at this point in the history
  • Loading branch information
mchurchward committed Aug 18, 2021
1 parent e7fca18 commit cc3eed4
Show file tree
Hide file tree
Showing 3 changed files with 17 additions and 2 deletions.
2 changes: 1 addition & 1 deletion composer.json
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
{
"name": "moodlehq/moodle-plugin-ci",
"name": "brickfield/moodle-plugin-ci",
"description": "Helps running Moodle plugins analysis checks and tests under various CI environments.",
"keywords": ["moodle", "travis", "ci", "testing", "github", "actions"],
"type": "project",
Expand Down
13 changes: 13 additions & 0 deletions docs/AddExtraPlugins.md
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,19 @@ install:
- moodle-plugin-ci install
```

If you need to add a plugin contained within a private repo, you can use a [Github encrypted secret](https://docs.github.com/en/actions/reference/encrypted-secrets).
In the example below, the secret is named 'REPO_TOKEN'. The value of the secret should be a [Personal access token](https://docs.github.com/en/github/authenticating-to-github/keeping-your-account-and-data-secure/creating-a-personal-access-token)
that has access to the repository you are adding.
NOTE - This is a security risk, as the PAT will be sent to moodle-plugin-ci. The PAT could be captured at this point, and allow
unwanted users any access the PAT grants. Storing the secret makes it less visible, but it could still be captured in the transfer
or in the moodle-plugin-ci script. For this reason, you will probably want to use your own fork of the plugin-ci script.

```yaml
install:
- moodle-plugin-ci add-plugin --branch main --token "${{ secrets.REPO_TOKEN }}" username/project
- moodle-plugin-ci install
```

If you are not using GitHub and want to provide your own Git clone URL, then you can use the `--clone` (`-c`) option.
Here is an example (Note, you can use the `--branch` option together with the `--clone` option if you need to):

Expand Down
4 changes: 3 additions & 1 deletion src/Command/AddPluginCommand.php
Original file line number Diff line number Diff line change
Expand Up @@ -49,6 +49,7 @@ protected function configure()
->setDescription('Queue up an additional plugin to be installed in the test site')
->addArgument('project', InputArgument::OPTIONAL, 'GitHub project, EG: moodlehq/moodle-local_hub, can\'t be used with --clone option')
->addOption('branch', 'b', InputOption::VALUE_REQUIRED, 'The branch to checkout in plugin repo (if non-default)', null)
->addOption('token', 't', InputOption::VALUE_REQUIRED, 'The PAT to login to the plugin repo (if non-default)', null)
->addOption('clone', 'c', InputOption::VALUE_REQUIRED, 'Git clone URL, can\'t be used with --project option')
->addOption('storage', null, InputOption::VALUE_REQUIRED, 'Plugin storage directory', 'moodle-plugin-ci-plugins');
}
Expand All @@ -66,13 +67,14 @@ protected function execute(InputInterface $input, OutputInterface $output)
$branch = $input->getOption('branch');
$clone = $input->getOption('clone');
$storage = $input->getOption('storage');
$token = $input->getOption('token');

if (!empty($project) && !empty($clone)) {
throw new \InvalidArgumentException('Cannot use both the project argument and the --clone option');
}
if (!empty($project)) {
/** @psalm-suppress PossiblyInvalidArgument */
$cloneUrl = sprintf('https://github.com/%s.git', $project);
$cloneUrl = sprintf('https://%s@github.com/%s.git', $token, $project);
} elseif (!empty($clone)) {
$cloneUrl = $clone;
} else {
Expand Down

0 comments on commit cc3eed4

Please sign in to comment.