From e143ffc907149234e81d027603b30b8b5bd5d7c3 Mon Sep 17 00:00:00 2001
From: Jennifer Power <barnabei.jennifer@gmail.com>
Date: Fri, 3 May 2024 19:01:46 -0400
Subject: [PATCH] feat: adds an environment variable option for token

To simplify running locally in headless mode, an environment
variable would be suitable over piping to standard input. This
also simplifies the action entrypoint scripts.

Signed-off-by: Jennifer Power <barnabei.jennifer@gmail.com>
---
 CONTRIBUTING.md                               |  2 +-
 actions/autosync/auto-sync-entrypoint.sh      | 10 ---------
 actions/create-cd/create-cd-entrypoint.sh     | 10 ---------
 .../rules-transform-entrypoint.sh             | 11 ----------
 .../sync-upstreams-entrypoint.sh              | 10 ---------
 .../entrypoints/test_entrypoint_base.py       | 22 +++++++++++++++++--
 trestlebot/entrypoints/entrypoint_base.py     | 17 +++++++++-----
 7 files changed, 32 insertions(+), 50 deletions(-)

diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
index c984df44..d172dd0e 100644
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -192,5 +192,5 @@ cat my-token.txt | podman secret create repo-secret -
 4. Run the container
 
 ```bash
-podman run --entrypoint /entrypoint.sh --secret repo-secret,type=env,target=GITHUB_TOKEN --env-file=envfile -v my-trestle-space:/data -w /data localhost:5000/trestlebot:latest
+podman run --entrypoint /entrypoint.sh --secret repo-secret,type=env,target=TRESTLEBOT_REPO_ACCESS_TOKEN --env-file=envfile -v my-trestle-space:/data -w /data localhost:5000/trestlebot:latest
 ```
\ No newline at end of file
diff --git a/actions/autosync/auto-sync-entrypoint.sh b/actions/autosync/auto-sync-entrypoint.sh
index 35a4e713..7e084134 100644
--- a/actions/autosync/auto-sync-entrypoint.sh
+++ b/actions/autosync/auto-sync-entrypoint.sh
@@ -42,14 +42,4 @@ if [[ ${INPUT_VERBOSE} == true ]]; then
     command+=" --verbose"
 fi
 
-# Only set the token value when is a target branch so pull requests can be created
-if [[ -n ${INPUT_TARGET_BRANCH} ]]; then
-  if [[ -z ${GITHUB_TOKEN} ]]; then
-    echo "Set the GITHUB_TOKEN env variable."
-    exit 1
-  fi
-
-  command+=" --with-token - <<<\"${GITHUB_TOKEN}\""
-fi
-
 eval "${command}"
\ No newline at end of file
diff --git a/actions/create-cd/create-cd-entrypoint.sh b/actions/create-cd/create-cd-entrypoint.sh
index 5c62ec68..e051bb12 100644
--- a/actions/create-cd/create-cd-entrypoint.sh
+++ b/actions/create-cd/create-cd-entrypoint.sh
@@ -36,14 +36,4 @@ if [[ ${INPUT_DRY_RUN} == true ]]; then
     command+=" --dry-run"
 fi
 
-# Only set the token value when is a target branch so pull requests can be created
-if [[ -n ${INPUT_TARGET_BRANCH} ]]; then
-  if [[ -z ${GITHUB_TOKEN} ]]; then
-    echo "Set the GITHUB_TOKEN env variable."
-    exit 1
-  fi
-
-  command+=" --with-token - <<<\"${GITHUB_TOKEN}\""
-fi
-
 eval "${command}"
\ No newline at end of file
diff --git a/actions/rules-transform/rules-transform-entrypoint.sh b/actions/rules-transform/rules-transform-entrypoint.sh
index 681c8193..3131129e 100644
--- a/actions/rules-transform/rules-transform-entrypoint.sh
+++ b/actions/rules-transform/rules-transform-entrypoint.sh
@@ -31,15 +31,4 @@ if [[ ${INPUT_DRY_RUN} == true ]]; then
     command+=" --dry-run"
 fi
 
-
-# Only set the token value when is a target branch so pull requests can be created
-if [[ -n ${INPUT_TARGET_BRANCH} ]]; then
-  if [[ -z ${GITHUB_TOKEN} ]]; then
-    echo "Set the GITHUB_TOKEN env variable."
-    exit 1
-  fi
-
-  command+=" --with-token - <<<\"${GITHUB_TOKEN}\""
-fi
-
 eval "${command}"
\ No newline at end of file
diff --git a/actions/sync-upstreams/sync-upstreams-entrypoint.sh b/actions/sync-upstreams/sync-upstreams-entrypoint.sh
index 5422ee73..8c38a84c 100644
--- a/actions/sync-upstreams/sync-upstreams-entrypoint.sh
+++ b/actions/sync-upstreams/sync-upstreams-entrypoint.sh
@@ -39,14 +39,4 @@ if [[ ${INPUT_SKIP_VALIDATION} == true ]]; then
     command+=" --skip-validation"
 fi
 
-# Only set the token value when is a target branch so pull requests can be created
-if [[ -n ${INPUT_TARGET_BRANCH} ]]; then
-  if [[ -z ${GITHUB_TOKEN} ]]; then
-    echo "Set the GITHUB_TOKEN env variable."
-    exit 1
-  fi
-
-  command+=" --with-token - <<<\"${GITHUB_TOKEN}\""
-fi
-
 eval "${command}"
\ No newline at end of file
diff --git a/tests/trestlebot/entrypoints/test_entrypoint_base.py b/tests/trestlebot/entrypoints/test_entrypoint_base.py
index 8aebaa3a..c765f1e8 100644
--- a/tests/trestlebot/entrypoints/test_entrypoint_base.py
+++ b/tests/trestlebot/entrypoints/test_entrypoint_base.py
@@ -35,6 +35,24 @@ def test_set_git_provider_with_github() -> None:
         assert isinstance(provider, GitHub)
 
 
+@patch.dict(
+    "os.environ",
+    {"GITHUB_ACTIONS": "true", "TRESTLEBOT_REPO_ACCESS_TOKEN": "fake_token"},
+)
+def test_set_git_provider_with_github_no_stdin() -> None:
+    """Test set_git_provider function in Entrypoint Base for GitHub Actions"""
+    with patch("sys.stdin", return_value=StringIO("fake_token")):
+        provider: Optional[GitProvider]
+        args = argparse.Namespace(
+            target_branch="main",
+            with_token=False,
+            git_provider_type="",
+            git_server_url="",
+        )
+        provider = EntrypointBase.set_git_provider(args=args)
+        assert isinstance(provider, GitHub)
+
+
 @patch.dict(
     "os.environ",
     {
@@ -105,8 +123,8 @@ def test_set_provider_with_no_token() -> None:
     args = argparse.Namespace(target_branch="main", with_token=False)
     with pytest.raises(
         EntrypointInvalidArgException,
-        match="Invalid args --with-token: with-token flag must be set to read from "
-        "standard input when using target-branch",
+        match="Invalid args --with-token: with-token flag must be set to read from standard input "
+        "or use TRESTLEBOT_REPO_ACCESS_TOKEN environment variable when using target-branch",
     ):
         EntrypointBase.set_git_provider(args=args)
 
diff --git a/trestlebot/entrypoints/entrypoint_base.py b/trestlebot/entrypoints/entrypoint_base.py
index 93bfbd26..53ad6e22 100644
--- a/trestlebot/entrypoints/entrypoint_base.py
+++ b/trestlebot/entrypoints/entrypoint_base.py
@@ -14,6 +14,7 @@
 
 import argparse
 import logging
+import os
 import sys
 from typing import List, Optional
 
@@ -167,14 +168,18 @@ def set_git_provider(args: argparse.Namespace) -> Optional[GitProvider]:
         git_provider: Optional[GitProvider] = None
         if args.target_branch is not None:
             if not args.with_token:
-                raise EntrypointInvalidArgException(
-                    "--with-token",
-                    "with-token flag must be set to read from standard input when "
-                    "using target-branch",
-                )
+                # Attempts to read from env var
+                access_token = os.environ.get("TRESTLEBOT_REPO_ACCESS_TOKEN", "")
+                if not access_token:
+                    raise EntrypointInvalidArgException(
+                        "--with-token",
+                        "with-token flag must be set to read from standard input or use "
+                        "TRESTLEBOT_REPO_ACCESS_TOKEN environment variable when using target-branch",
+                    )
             else:
-                access_token = sys.stdin.read().strip()
+                access_token = sys.stdin.read()
             try:
+                access_token = access_token.strip()
                 git_provider_type = args.git_provider_type
                 git_server_url = args.git_server_url
                 git_provider = GitProviderFactory.provider_factory(