Skip to content

Commit 2712876

Browse files
alexandre-dauboisalexandre-daubois
authored
ci(docker): authenticate GitHub API calls (#1680)
1 parent b243518 commit 2712876

3 files changed

Lines changed: 31 additions & 16 deletions

File tree

Dockerfile

Lines changed: 15 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -81,16 +81,23 @@ RUN apt-get update && \
8181

8282
# Install e-dant/watcher (necessary for file watching)
8383
WORKDIR /usr/local/src/watcher
84-
RUN curl -s https://api.github.com/repos/e-dant/watcher/releases/latest | \
85-
grep tarball_url | \
86-
awk '{ print $2 }' | \
87-
sed 's/,$//' | \
88-
sed 's/"//g' | \
89-
xargs curl -L | \
84+
RUN --mount=type=secret,id=github-token \
85+
if [ -f /run/secrets/github-token ] && [ -s /run/secrets/github-token ]; then \
86+
echo "Using authenticated GitHub API request"; \
87+
curl -s -H "Authorization: Bearer $(cat /run/secrets/github-token)" https://api.github.com/repos/e-dant/watcher/releases/latest; \
88+
else \
89+
echo "Using unauthenticated GitHub API request"; \
90+
curl -s https://api.github.com/repos/e-dant/watcher/releases/latest; \
91+
fi | \
92+
grep tarball_url | \
93+
awk '{ print $2 }' | \
94+
sed 's/,$//' | \
95+
sed 's/"//g' | \
96+
xargs curl -L | \
9097
tar xz --strip-components 1 && \
9198
cmake -S . -B build -DCMAKE_BUILD_TYPE=Release && \
92-
cmake --build build && \
93-
cmake --install build && \
99+
cmake --build build && \
100+
cmake --install build && \
94101
ldconfig
95102

96103
WORKDIR /go/src/app

alpine.Dockerfile

Lines changed: 15 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -88,16 +88,23 @@ RUN apk add --no-cache --virtual .build-deps \
8888

8989
# Install e-dant/watcher (necessary for file watching)
9090
WORKDIR /usr/local/src/watcher
91-
RUN curl -s https://api.github.com/repos/e-dant/watcher/releases/latest | \
92-
grep tarball_url | \
93-
awk '{ print $2 }' | \
94-
sed 's/,$//' | \
95-
sed 's/"//g' | \
96-
xargs curl -L | \
91+
RUN --mount=type=secret,id=github-token \
92+
if [ -f /run/secrets/github-token ] && [ -s /run/secrets/github-token ]; then \
93+
echo "Using authenticated GitHub API request"; \
94+
curl -s -H "Authorization: Bearer $(cat /run/secrets/github-token)" https://api.github.com/repos/e-dant/watcher/releases/latest; \
95+
else \
96+
echo "Using unauthenticated GitHub API request"; \
97+
curl -s https://api.github.com/repos/e-dant/watcher/releases/latest; \
98+
fi | \
99+
grep tarball_url | \
100+
awk '{ print $2 }' | \
101+
sed 's/,$//' | \
102+
sed 's/"//g' | \
103+
xargs curl -L | \
97104
tar xz --strip-components 1 && \
98105
cmake -S . -B build -DCMAKE_BUILD_TYPE=Release && \
99-
cmake --build build && \
100-
cmake --install build
106+
cmake --build build && \
107+
cmake --install build
101108

102109
WORKDIR /go/src/app
103110

docker-bake.hcl

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -116,6 +116,7 @@ target "default" {
116116
args = {
117117
FRANKENPHP_VERSION = VERSION
118118
}
119+
secret = ["id=github-token,env=GITHUB_TOKEN"]
119120
}
120121

121122
target "static-builder-musl" {

0 commit comments

Comments
 (0)