Skip to content

feat: GitHub CLI authentication support #438

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 6 commits into
base: master
Choose a base branch
from
Open

feat: GitHub CLI authentication support #438

wants to merge 6 commits into from

Conversation

lox
Copy link
Contributor

@lox lox commented Feb 23, 2025
edited
Loading

Adds support for using GitHub CLI (gh) as an authentication provider for Hermit, eliminating the need to manually set HERMIT_GITHUB_TOKEN.

Exposing HERMIT_GITHUB_TOKEN securely across many developer environments is tricky to do safely without exposing it to other tools or distributing shell wrappers for hermit. Using gh auth token allows for short-lived tokens that are only exposed to hermit as needed.

This feature is enabled via setting the following in the user hermit config (~/.hermit.hcl):

gh-cli-auth = true;

@lox
Copy link
Contributor Author

lox commented Feb 23, 2025

This was tricky to test!

What I've done is add a build tag of localgithub that is used by the integration tests to compile hermit. If compiled this way, it respects HERMIT_GITHUB_BASE_URL as an alternative to github.com which allows tests to create a mock github endpoint without the horrors of HTTPS proxying.

Lemme know if this is overkill @alecthomas.

@lox lox force-pushed the lox/2025-02-23-gh-cli-provider branch from 3e60696 to 3cb0c64 Compare February 23, 2025 05:40
@lox
feat: add GitHub CLI authentication support
12678ab 
Add support for using GitHub CLI (`gh`) as an authentication provider for Hermit via a user config (`gh-cli-auth`), enabling seamless integration with `gh auth token`.
This simplifies authentication for private packages and repositories by eliminating the need to manually set HERMIT_GITHUB_TOKEN.
@lox lox force-pushed the lox/2025-02-23-gh-cli-provider branch from 3cb0c64 to 12678ab Compare February 23, 2025 05:54
@lox lox requested a review from nickajacks1 February 24, 2025 05:40
nickajacks1
nickajacks1 reviewed Feb 26, 2025
View reviewed changes
Copy link
Contributor

@nickajacks1 nickajacks1 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Seems good to me. Just had one more little comment.

github/mock_server.go
@@ -0,0 +1,251 @@
package github
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pretty cool

@lox lox force-pushed the lox/2025-02-23-gh-cli-provider branch from 91d4d33 to 10ad512 Compare February 26, 2025 03:44
@lox lox changed the title feat: add GitHub CLI authentication support feat: GitHub CLI authentication support Feb 28, 2025
nickajacks1
nickajacks1 approved these changes Feb 28, 2025
View reviewed changes
Copy link
Contributor

@nickajacks1 nickajacks1 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not a maintainer but looks LGTM to me

@lox
Copy link
Contributor Author

lox commented Mar 2, 2025

Appreciate the review @nickajacks1

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@nickajacks1 nickajacks1 nickajacks1 approved these changes

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@lox @nickajacks1