From d9502ea63755e676577117d06709fdb76f7c5571 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 2 Dec 2024 22:24:09 +0000 Subject: [PATCH] Bump github.com/cli/go-gh/v2 from 2.11.0 to 2.11.1 Bumps [github.com/cli/go-gh/v2](https://github.com/cli/go-gh) from 2.11.0 to 2.11.1. - [Release notes](https://github.com/cli/go-gh/releases) - [Commits](https://github.com/cli/go-gh/compare/v2.11.0...v2.11.1) --- updated-dependencies: - dependency-name: github.com/cli/go-gh/v2 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 4 +- .../github.com/cli/go-gh/v2/pkg/auth/auth.go | 52 +++++++++++-------- vendor/modules.txt | 2 +- 4 files changed, 34 insertions(+), 26 deletions(-) diff --git a/go.mod b/go.mod index 72b4693a..59b5897d 100644 --- a/go.mod +++ b/go.mod @@ -5,7 +5,7 @@ go 1.22.0 toolchain go1.22.4 require ( - github.com/cli/go-gh/v2 v2.11.0 + github.com/cli/go-gh/v2 v2.11.1 github.com/go-errors/errors v1.5.1 github.com/onsi/gomega v1.36.0 github.com/sigstore/cosign/v2 v2.2.4 diff --git a/go.sum b/go.sum index e1374e43..ee39592c 100644 --- a/go.sum +++ b/go.sum @@ -245,8 +245,8 @@ github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMn github.com/clbanning/mxj/v2 v2.5.5/go.mod h1:hNiWqW14h+kc+MdF9C6/YoRfjEJoR3ou6tn/Qo+ve2s= github.com/clbanning/mxj/v2 v2.7.0 h1:WA/La7UGCanFe5NpHF0Q3DNtnCsVoxbPKuyBNHWRyME= github.com/clbanning/mxj/v2 v2.7.0/go.mod h1:hNiWqW14h+kc+MdF9C6/YoRfjEJoR3ou6tn/Qo+ve2s= -github.com/cli/go-gh/v2 v2.11.0 h1:TERLYMMWderKBO3lBff/JIu2+eSly2oFRgN2WvO+3eA= -github.com/cli/go-gh/v2 v2.11.0/go.mod h1:MeRoKzXff3ygHu7zP+NVTT+imcHW6p3tpuxHAzRM2xE= +github.com/cli/go-gh/v2 v2.11.1 h1:amAyfqMWQTBdue8iTmDUegGZK7c8kk6WCxD9l/wLtGI= +github.com/cli/go-gh/v2 v2.11.1/go.mod h1:MeRoKzXff3ygHu7zP+NVTT+imcHW6p3tpuxHAzRM2xE= github.com/cli/safeexec v1.0.0 h1:0VngyaIyqACHdcMNWfo6+KdUYnqEr2Sg+bSP1pdF+dI= github.com/cli/safeexec v1.0.0/go.mod h1:Z/D4tTN8Vs5gXYHDCbaM1S/anmEDnJb1iW0+EJ5zx3Q= github.com/cli/shurcooL-graphql v0.0.4 h1:6MogPnQJLjKkaXPyGqPRXOI2qCsQdqNfUY1QSJu2GuY= diff --git a/vendor/github.com/cli/go-gh/v2/pkg/auth/auth.go b/vendor/github.com/cli/go-gh/v2/pkg/auth/auth.go index a903736c..4c54642f 100644 --- a/vendor/github.com/cli/go-gh/v2/pkg/auth/auth.go +++ b/vendor/github.com/cli/go-gh/v2/pkg/auth/auth.go @@ -6,7 +6,6 @@ import ( "fmt" "os" "os/exec" - "strconv" "strings" "github.com/cli/go-gh/v2/internal/set" @@ -62,35 +61,42 @@ func TokenFromEnvOrConfig(host string) (string, string) { } func tokenForHost(cfg *config.Config, host string) (string, string) { - host = NormalizeHostname(host) - if IsEnterprise(host) { + normalizedHost := NormalizeHostname(host) + // This code is currently the exact opposite of IsEnterprise. However, we have chosen + // to write it separately, directly in line, because it is much clearer in the exact + // scenarios that we expect to use GH_TOKEN and GITHUB_TOKEN. + if normalizedHost == github || IsTenancy(normalizedHost) || normalizedHost == localhost { + if token := os.Getenv(ghToken); token != "" { + return token, ghToken + } + + if token := os.Getenv(githubToken); token != "" { + return token, githubToken + } + } else { if token := os.Getenv(ghEnterpriseToken); token != "" { return token, ghEnterpriseToken } + if token := os.Getenv(githubEnterpriseToken); token != "" { return token, githubEnterpriseToken } - if isCodespaces, _ := strconv.ParseBool(os.Getenv(codespaces)); isCodespaces { - if token := os.Getenv(githubToken); token != "" { - return token, githubToken - } - } - if cfg != nil { - token, _ := cfg.Get([]string{hostsKey, host, oauthToken}) - return token, oauthToken - } } - if token := os.Getenv(ghToken); token != "" { - return token, ghToken - } - if token := os.Getenv(githubToken); token != "" { - return token, githubToken + + // If config is nil, something has failed much earlier and it's probably + // more correct to panic because we don't expect to support anything + // where the config isn't available, but that would be a breaking change, + // so it's worth thinking about carefully, if we wanted to rework this. + if cfg == nil { + return "", defaultSource } - if cfg != nil { - token, _ := cfg.Get([]string{hostsKey, host, oauthToken}) - return token, oauthToken + + token, err := cfg.Get([]string{hostsKey, normalizedHost, oauthToken}) + if err != nil { + return "", defaultSource } - return "", defaultSource + + return token, oauthToken } func tokenFromGh(path string, host string) (string, string) { @@ -151,8 +157,10 @@ func defaultHost(cfg *config.Config) (string, string) { } // IsEnterprise determines if a provided host is a GitHub Enterprise Server instance, -// rather than GitHub.com or a tenancy GitHub instance. +// rather than GitHub.com, a tenancy GitHub instance, or github.localhost. func IsEnterprise(host string) bool { + // Note that if you are making changes here, you should also consider making the equivalent + // in tokenForHost, which is the exact opposite of this function. normalizedHost := NormalizeHostname(host) return normalizedHost != github && normalizedHost != localhost && !IsTenancy(normalizedHost) } diff --git a/vendor/modules.txt b/vendor/modules.txt index 6fe96c1e..bf292e54 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -403,7 +403,7 @@ github.com/chrismellard/docker-credential-acr-env/pkg/token # github.com/clbanning/mxj/v2 v2.7.0 ## explicit; go 1.15 github.com/clbanning/mxj/v2 -# github.com/cli/go-gh/v2 v2.11.0 +# github.com/cli/go-gh/v2 v2.11.1 ## explicit; go 1.21 github.com/cli/go-gh/v2/internal/set github.com/cli/go-gh/v2/internal/yamlmap