Check for bad token permissions when install via PR (k3s-io#10387)

* Check for bad token permissions when install via PR Signed-off-by: Derek Nola <derek.nola@suse.com>
brandond · Jul 9, 2024 · 4204248 · 4204248
1 parent 8f9ad1f
commit 4204248
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 4 deletions.
diff --git a/install.sh b/install.sh
@@ -482,11 +482,15 @@ get_pr_artifact_url() {
     fi
 
     if [ -z "${GITHUB_TOKEN}" ]; then
-        fatal "Installing PR builds requires GITHUB_TOKEN with k3s-io/k3s repo authorization"
+        fatal "Installing PR builds requires GITHUB_TOKEN with k3s-io/k3s repo permissions"
     fi
-
     # GET request to the GitHub API to retrieve the latest commit SHA from the pull request
-    commit_id=$(curl -s -H "Authorization: Bearer $GITHUB_TOKEN" "$github_api_url/pulls/$INSTALL_K3S_PR" | jq -r '.head.sha')
+    pr_raw=$(curl -s -H "Authorization: Bearer $GITHUB_TOKEN" "$github_api_url/pulls/$INSTALL_K3S_PR")
+
+    if ! echo "$pr_raw" | grep -q "Bad credentials.*401" ; then
+        fatal "Installing PR builds requires GITHUB_TOKEN with k3s-io/k3s repo permissions"
+    fi
+    commit_id=$( echo "$pr_raw" | jq -r '.head.sha')
 
     # GET request to the GitHub API to retrieve the Build workflow associated with the commit
     wf_raw=$(curl -s -H "Authorization: Bearer $GITHUB_TOKEN" "$github_api_url/commits/$commit_id/check-runs")

diff --git a/install.sh.sha256sum b/install.sh.sha256sum
@@ -1 +1 @@
-696c6a93262b3e1f06a78841b8a82c238a8f17755824c024baad652b18bc92bc  install.sh
+2e2469498e1d6a5dcd97d0eeae342298500b27fe0768527ea8039a3295cdbce9  install.sh