From be0b2ddffb3eb47b90f23afea71de5966eb179e7 Mon Sep 17 00:00:00 2001
From: Marcus Weiner <marcus.weiner@gmail.com>
Date: Sun, 28 Apr 2024 01:49:00 +0200
Subject: [PATCH] Allow authing using repo-scoped token

---
 pkg/auth/github/pat.go | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/pkg/auth/github/pat.go b/pkg/auth/github/pat.go
index 487c4be..608bb93 100644
--- a/pkg/auth/github/pat.go
+++ b/pkg/auth/github/pat.go
@@ -48,6 +48,13 @@ type identity struct {
 }
 
 func (pa *PATAuthenticator) Authenticate(secret string, s *terraform.State) (bool, error) {
+	// check access to repo that matches project in org
+	_, err := makeRequest(fmt.Sprintf("https://api.github.com/repos/%s/%s", pa.org, s.Project), secret)
+	if err == nil {
+		// allow when there is no error
+		return true, nil
+	}
+
 	// check if org matches username
 	resp, err := makeRequest("https://api.github.com/user", secret)
 	if err != nil {