Remove --external-repository-token option from runner
Specifying a token as a cli input leads to a potential for leaking the token on CI logs. This commit removes the option. Instead, users should specify a single GitHub token through `--github-auth-stdin` or by setting the `GITHUB_TOKEN` environment variable. This token should be created with enough privileges to access the required repository.
This commit is contained in:
Andrew Eisenberg
parent
88714e3a60
commit
58defc0652
4 changed files with 2 additions and 10 deletions
2
lib/runner.js
generated
2
lib/runner.js
generated
|
|
@ -84,7 +84,6 @@ program
|
|||
.requiredOption("--github-url <url>", "URL of GitHub instance. (Required)")
|
||||
.option("--github-auth <auth>", "GitHub Apps token or personal access token. This option is insecure and deprecated, please use `--github-auth-stdin` instead.")
|
||||
.option("--github-auth-stdin", "Read GitHub Apps token or personal access token from stdin.")
|
||||
.option("--external-repository-token <token>", "A token for fetching external config files and queries if they reside in a private repository.")
|
||||
.option("--languages <languages>", "Comma-separated list of languages to analyze. Otherwise detects and analyzes all supported languages from the repo.")
|
||||
.option("--queries <queries>", "Comma-separated list of additional queries to run. This overrides the same setting in a configuration file.")
|
||||
.option("--config-file <file>", "Path to config file.")
|
||||
|
|
@ -108,7 +107,6 @@ program
|
|||
const auth = await util_1.getGitHubAuth(logger, cmd.githubAuth, cmd.githubAuthStdin);
|
||||
const apiDetails = {
|
||||
auth,
|
||||
externalRepoAuth: cmd.externalRepositoryToken,
|
||||
url: util_1.parseGithubUrl(cmd.githubUrl),
|
||||
};
|
||||
const gitHubVersion = await util_1.getGitHubVersion(apiDetails);
|
||||
|
|
|
|||
File diff suppressed because one or more lines are too long
|
|
@ -20,7 +20,7 @@ export interface GitHubApiDetails {
|
|||
}
|
||||
|
||||
export interface GitHubApiExternalRepoDetails {
|
||||
externalRepoAuth: string | undefined;
|
||||
externalRepoAuth?: string;
|
||||
url: string;
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -98,7 +98,6 @@ interface InitArgs {
|
|||
githubUrl: string;
|
||||
githubAuth: string;
|
||||
githubAuthStdin: boolean;
|
||||
externalRepositoryToken: string | undefined;
|
||||
debug: boolean;
|
||||
}
|
||||
|
||||
|
|
@ -115,10 +114,6 @@ program
|
|||
"--github-auth-stdin",
|
||||
"Read GitHub Apps token or personal access token from stdin."
|
||||
)
|
||||
.option(
|
||||
"--external-repository-token <token>",
|
||||
"A token for fetching external config files and queries if they reside in a private repository."
|
||||
)
|
||||
.option(
|
||||
"--languages <languages>",
|
||||
"Comma-separated list of languages to analyze. Otherwise detects and analyzes all supported languages from the repo."
|
||||
|
|
@ -167,7 +162,6 @@ program
|
|||
|
||||
const apiDetails = {
|
||||
auth,
|
||||
externalRepoAuth: cmd.externalRepositoryToken,
|
||||
url: parseGithubUrl(cmd.githubUrl),
|
||||
};
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue