deployclient: add support for auto-renewing github tokens #296
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
There was a problem hiding this comment.
Pull Request Overview
This pull request adds support for auto-renewing GitHub tokens by introducing a new interceptor and updating configuration and connection logic.
- Added a GitHubTokenInterceptor in the gRPC auth package to automatically fetch and renew tokens.
- Updated configuration flags to deprecate the old GitHub token and add separate fields for the token URL and bearer token.
- Modified the gRPC connection setup to select the appropriate interceptor based on available GitHub authentication parameters.
Reviewed Changes
Copilot reviewed 3 out of 4 changed files in this pull request and generated 1 comment.
| File | Description |
|---|---|
| pkg/grpc/interceptor/auth/client.go | Introduces GitHubTokenInterceptor with token renewal logic. |
| pkg/deployclient/config.go | Renames GithubToken to GitHubToken and adds new config flags for token URL and bearer token. |
| pkg/deployclient/grpc.go | Updates interceptor selection based on new GitHub token fields. |
Files not reviewed (1)
- actions/deploy/entrypoint.sh: Language not supported
Comments suppressed due to low confidence (1)
pkg/grpc/interceptor/auth/client.go:130
- [nitpick] Consider renaming variable 'j' to a more descriptive name (e.g., 'parsedToken') to improve code clarity.
j, err := jwt.ParseString(tokenResponse.Token,
There was a problem hiding this comment.
Pull Request Overview
This pull request introduces support for auto-renewing GitHub tokens for deployments by adding a new interceptor and updating configuration and gRPC connection logic accordingly.
- Added a GitHubTokenInterceptor with token renewal support.
- Updated configuration to favor new GitHub token URL and bearer token flags.
- Modified gRPC connection initialization to prioritize the new token mechanism over the legacy token.
Reviewed Changes
Copilot reviewed 3 out of 4 changed files in this pull request and generated no comments.
| File | Description |
|---|---|
| pkg/grpc/interceptor/auth/client.go | Introduces GitHubTokenInterceptor with auto-renewal logic. |
| pkg/deployclient/config.go | Renames and adds config flags to support new token authentication. |
| pkg/deployclient/grpc.go | Updates gRPC connection setup to use new GitHub token authentication. |
Files not reviewed (1)
- actions/deploy/entrypoint.sh: Language not supported
Comments suppressed due to low confidence (2)
pkg/grpc/interceptor/auth/client.go:132
- [nitpick] Skipping JWT signature verification can expose potential security risks if tokens are used beyond simple expiration checks. Consider documenting the security implications or ensuring that signature verification is performed in environments where it is necessary.
// Skip signature verification; we only care about the expiration time here.
pkg/deployclient/grpc.go:26
- [nitpick] When both new and legacy GitHub token configurations are provided, the new mechanism takes precedence. Consider adding an inline comment to clarify this precedence for future maintainers.
if cfg.GitHubBearerToken != "" && cfg.GitHubTokenURL != "" {
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Fixes #229.