Add GITHUB_AUTH_TOKEN as arg to Dockerfile to RUN commands using phive

bdovaz · bdovaz · commit 788a70f52eb6 · 2023-02-05T22:48:21.000+01:00
diff --git a/.automation/upload-docker.sh b/.automation/upload-docker.sh
@@ -17,6 +17,7 @@
 ###########
 # Globals #
 ###########
+GITHUB_AUTH_TOKEN="${GITHUB_AUTH_TOKEN}"           # GitHub Token
 GITHUB_WORKSPACE="${GITHUB_WORKSPACE}"             # GitHub Workspace
 GITHUB_REPOSITORY="${GITHUB_REPOSITORY}"           # GitHub Org/Repo passed from system
 DOCKER_USERNAME="${DOCKER_USERNAME}"               # Username to login to DockerHub
@@ -316,7 +317,7 @@ BuildImage() {
   ###################
   # Build the image #
   ###################
-  docker buildx build --platform "${DOCKER_BUILD_PLATFORMS}" $EXTRA_DOCKER_BUILD_ARGS --no-cache --build-arg "BUILD_DATE=${BUILD_DATE}" --build-arg "BUILD_REVISION=${BUILD_REVISION}" --build-arg "BUILD_VERSION=${BUILD_VERSION}" -t "${CONTAINER_URL}:${IMAGE_VERSION}" -f "${DOCKERFILE_PATH}" --load . 2>&1
+  docker buildx build --platform "${DOCKER_BUILD_PLATFORMS}" $EXTRA_DOCKER_BUILD_ARGS --no-cache --build-arg "GITHUB_AUTH_TOKEN=${GITHUB_AUTH_TOKEN}" --build-arg "BUILD_DATE=${BUILD_DATE}" --build-arg "BUILD_REVISION=${BUILD_REVISION}" --build-arg "BUILD_VERSION=${BUILD_VERSION}" -t "${CONTAINER_URL}:${IMAGE_VERSION}" -f "${DOCKERFILE_PATH}" --load . 2>&1
 
   #######################
   # Load the error code #
@@ -341,8 +342,8 @@ BuildImage() {
     # docker tag "${CONTAINER_URL}:${IMAGE_VERSION}" "${CONTAINER_URL}:latest"
 
     # Tag the image with the major tag & latest tag as well
-    docker buildx build --platform "${DOCKER_BUILD_PLATFORMS}" $EXTRA_DOCKER_BUILD_ARGS --build-arg "BUILD_DATE=${BUILD_DATE}" --build-arg "BUILD_REVISION=${BUILD_REVISION}" --build-arg "BUILD_VERSION=${MAJOR_TAG}" -t "${CONTAINER_URL}:latest" -f "${DOCKERFILE_PATH}" --load . 2>&1
-    docker buildx build --platform "${DOCKER_BUILD_PLATFORMS}" $EXTRA_DOCKER_BUILD_ARGS --build-arg "BUILD_DATE=${BUILD_DATE}" --build-arg "BUILD_REVISION=${BUILD_REVISION}" --build-arg "BUILD_VERSION=${MAJOR_TAG}" -t "${CONTAINER_URL}:${MAJOR_TAG}" -f "${DOCKERFILE_PATH}" --load . 2>&1
+    docker buildx build --platform "${DOCKER_BUILD_PLATFORMS}" $EXTRA_DOCKER_BUILD_ARGS --build-arg "GITHUB_AUTH_TOKEN=${GITHUB_AUTH_TOKEN}" --build-arg "BUILD_DATE=${BUILD_DATE}" --build-arg "BUILD_REVISION=${BUILD_REVISION}" --build-arg "BUILD_VERSION=${MAJOR_TAG}" -t "${CONTAINER_URL}:latest" -f "${DOCKERFILE_PATH}" --load . 2>&1
+    docker buildx build --platform "${DOCKER_BUILD_PLATFORMS}" $EXTRA_DOCKER_BUILD_ARGS --build-arg "GITHUB_AUTH_TOKEN=${GITHUB_AUTH_TOKEN}" --build-arg "BUILD_DATE=${BUILD_DATE}" --build-arg "BUILD_REVISION=${BUILD_REVISION}" --build-arg "BUILD_VERSION=${MAJOR_TAG}" -t "${CONTAINER_URL}:${MAJOR_TAG}" -f "${DOCKERFILE_PATH}" --load . 2>&1
 
     #######################
     # Load the error code #
@@ -378,7 +379,7 @@ BuildImage() {
   ###################
   # Build the image #
   ###################
-  docker buildx build --platform "${DOCKER_BUILD_PLATFORMS}" $EXTRA_DOCKER_BUILD_ARGS --build-arg "BUILD_DATE=${BUILD_DATE}" --build-arg "BUILD_REVISION=${BUILD_REVISION}" --build-arg "BUILD_VERSION=${BUILD_VERSION}" -t "${ADDITIONAL_URL}:${IMAGE_VERSION}" -f "${DOCKERFILE_PATH}" --load . 2>&1
+  docker buildx build --platform "${DOCKER_BUILD_PLATFORMS}" $EXTRA_DOCKER_BUILD_ARGS --build-arg "GITHUB_AUTH_TOKEN=${GITHUB_AUTH_TOKEN}" --build-arg "BUILD_DATE=${BUILD_DATE}" --build-arg "BUILD_REVISION=${BUILD_REVISION}" --build-arg "BUILD_VERSION=${BUILD_VERSION}" -t "${ADDITIONAL_URL}:${IMAGE_VERSION}" -f "${DOCKERFILE_PATH}" --load . 2>&1
 
   #######################
   # Load the error code #
@@ -403,8 +404,8 @@ BuildImage() {
     ###################
     # Build the image with latest tags#
     ###################
-    docker buildx build --platform "${DOCKER_BUILD_PLATFORMS}" $EXTRA_DOCKER_BUILD_ARGS --build-arg "BUILD_DATE=${BUILD_DATE}" --build-arg "BUILD_REVISION=${BUILD_REVISION}" --build-arg "BUILD_VERSION=${MAJOR_TAG}" -t "${ADDITIONAL_URL}:latest" -f "${DOCKERFILE_PATH}" . --load 2>&1
-    docker buildx build --platform "${DOCKER_BUILD_PLATFORMS}" $EXTRA_DOCKER_BUILD_ARGS --build-arg "BUILD_DATE=${BUILD_DATE}" --build-arg "BUILD_REVISION=${BUILD_REVISION}" --build-arg "BUILD_VERSION=${MAJOR_TAG}" -t "${ADDITIONAL_URL}:${MAJOR_TAG}" -f "${DOCKERFILE_PATH}" . --load 2>&1
+    docker buildx build --platform "${DOCKER_BUILD_PLATFORMS}" $EXTRA_DOCKER_BUILD_ARGS --build-arg "GITHUB_AUTH_TOKEN=${GITHUB_AUTH_TOKEN}" --build-arg "BUILD_DATE=${BUILD_DATE}" --build-arg "BUILD_REVISION=${BUILD_REVISION}" --build-arg "BUILD_VERSION=${MAJOR_TAG}" -t "${ADDITIONAL_URL}:latest" -f "${DOCKERFILE_PATH}" . --load 2>&1
+    docker buildx build --platform "${DOCKER_BUILD_PLATFORMS}" $EXTRA_DOCKER_BUILD_ARGS --build-arg "GITHUB_AUTH_TOKEN=${GITHUB_AUTH_TOKEN}" --build-arg "BUILD_DATE=${BUILD_DATE}" --build-arg "BUILD_REVISION=${BUILD_REVISION}" --build-arg "BUILD_VERSION=${MAJOR_TAG}" -t "${ADDITIONAL_URL}:${MAJOR_TAG}" -f "${DOCKERFILE_PATH}" . --load 2>&1
 
     #######################
     # Load the error code #
diff --git a/.github/workflows/deploy-ALPHA-flavors.yml b/.github/workflows/deploy-ALPHA-flavors.yml
@@ -84,6 +84,7 @@ jobs:
       - name: Deploy latest image to DockerHub
         env:
           # Set the Env Vars
+          GITHUB_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
           DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }}
           IMAGE_REPO: oxsecurity/megalinter-${{ matrix.flavor }}
@@ -101,6 +102,7 @@ jobs:
       - name: Deploy latest image to GitHub Container Registry
         env:
           # Set the Env Vars
+          GITHUB_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           GCR_USERNAME: ${{ secrets.GCR_USERNAME }}
           GCR_TOKEN: ${{ secrets.GCR_PASSWORD }}
           IMAGE_REPO: oxsecurity/megalinter-${{ matrix.flavor }}
diff --git a/.github/workflows/deploy-ALPHA.yml b/.github/workflows/deploy-ALPHA.yml
@@ -64,6 +64,7 @@ jobs:
       - name: Deploy latest image to DockerHub
         env:
           # Set the Env Vars
+          GITHUB_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
           DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }}
           IMAGE_REPO: oxsecurity/megalinter
@@ -81,6 +82,7 @@ jobs:
         if: github.repository == 'disabled'
         env:
           # Set the Env Vars
+          GITHUB_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           GCR_USERNAME: ${{ secrets.GCR_USERNAME }}
           GCR_TOKEN: ${{ secrets.GCR_PASSWORD }}
           IMAGE_REPO: oxsecurity/megalinter
diff --git a/.github/workflows/deploy-BETA-flavors.yml b/.github/workflows/deploy-BETA-flavors.yml
@@ -88,6 +88,7 @@ jobs:
       - name: Deploy beta image to DockerHub
         env:
           # Set the Env Vars
+          GITHUB_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
           DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }}
           IMAGE_REPO: oxsecurity/megalinter-${{ matrix.flavor }}
@@ -104,6 +105,7 @@ jobs:
       - name: Deploy beta image to GitHub Container Registry
         env:
           # Set the Env Vars
+          GITHUB_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           GCR_USERNAME: ${{ secrets.GCR_USERNAME }}
           GCR_TOKEN: ${{ secrets.GCR_PASSWORD }}
           IMAGE_REPO: oxsecurity/megalinter-${{ matrix.flavor }}
diff --git a/.github/workflows/deploy-BETA-linters.yml b/.github/workflows/deploy-BETA-linters.yml
@@ -115,6 +115,7 @@ jobs:
       - name: Deploy Beta image to DockerHub
         env:
           # Set the Env Vars
+          GITHUB_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
           DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }}
           IMAGE_REPO: oxsecurity/megalinter-only-${{ matrix.linter }}
@@ -128,6 +129,7 @@ jobs:
       - name: Deploy ${{ needs.prepare.outputs.unique_docker_image_name }} image to DockerHub
         env:
           # Set the Env Vars
+          GITHUB_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
           DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }}
           IMAGE_REPO: oxsecurity/megalinter-only-${{ matrix.linter }}
@@ -145,6 +147,7 @@ jobs:
       - name: Deploy Beta image to GitHub Container Registry
         env:
           # Set the Env Vars
+          GITHUB_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           GCR_USERNAME: ${{ secrets.GCR_USERNAME }}
           GCR_TOKEN: ${{ secrets.GCR_PASSWORD }}
           IMAGE_REPO: oxsecurity/megalinter-only-${{ matrix.linter }}
@@ -158,6 +161,7 @@ jobs:
       - name: Deploy ${{ needs.prepare.outputs.unique_docker_image_name }} image to GitHub Container Registry
         env:
           # Set the Env Vars
+          GITHUB_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           GCR_USERNAME: ${{ secrets.GCR_USERNAME }}
           GCR_TOKEN: ${{ secrets.GCR_PASSWORD }}
           IMAGE_REPO: oxsecurity/megalinter-only-${{ matrix.linter }}
diff --git a/.github/workflows/deploy-BETA.yml b/.github/workflows/deploy-BETA.yml
@@ -77,6 +77,7 @@ jobs:
       - name: Deploy beta image to DockerHub
         env:
           # Set the Env Vars
+          GITHUB_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
           DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }}
           IMAGE_REPO: oxsecurity/megalinter
@@ -93,6 +94,7 @@ jobs:
       - name: Deploy beta image to GitHub Container Registry
         env:
           # Set the Env Vars
+          GITHUB_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           GCR_USERNAME: ${{ secrets.GCR_USERNAME }}
           GCR_TOKEN: ${{ secrets.GCR_PASSWORD }}
           IMAGE_REPO: oxsecurity/megalinter
diff --git a/.github/workflows/deploy-DEV-linters.yml b/.github/workflows/deploy-DEV-linters.yml
@@ -108,6 +108,7 @@ jobs:
       - name: Deploy ${{ needs.prepare.outputs.tag }} image to DockerHub
         env:
           # Set the Env Vars
+          GITHUB_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
           DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }}
           IMAGE_REPO: oxsecurity/megalinter-only-${{ matrix.linter }}
diff --git a/.github/workflows/deploy-DEV.yml b/.github/workflows/deploy-DEV.yml
@@ -104,6 +104,7 @@ jobs:
         if: "contains(github.event.head_commit.message, 'quick build push')"
         env:
           # Set the Env Vars
+          GITHUB_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
           DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }}
           IMAGE_REPO: oxsecurity/megalinter
@@ -143,6 +144,7 @@ jobs:
           !contains(github.event.head_commit.message, 'quick build')
         env:
           # Set the Env Vars
+          GITHUB_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
           DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }}
           IMAGE_REPO: oxsecurity/megalinter
diff --git a/.github/workflows/deploy-RELEASE-flavors.yml b/.github/workflows/deploy-RELEASE-flavors.yml
@@ -77,6 +77,7 @@ jobs:
       - name: Deploy Release image to Dockerhub
         env:
           # Set the Env Vars
+          GITHUB_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
           DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }}
           IMAGE_REPO: oxsecurity/megalinter-${{ matrix.flavor }}
@@ -93,6 +94,7 @@ jobs:
       - name: Deploy Release image to GitHub Container Registry
         env:
           # Set the Env Vars
+          GITHUB_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           GCR_USERNAME: ${{ secrets.GCR_USERNAME }}
           GCR_TOKEN: ${{ secrets.GCR_PASSWORD }}
           IMAGE_REPO: oxsecurity/megalinter-${{ matrix.flavor }}
diff --git a/.github/workflows/deploy-RELEASE-linters.yml b/.github/workflows/deploy-RELEASE-linters.yml
@@ -91,6 +91,7 @@ jobs:
       - name: Deploy ${{ github.event.release.tag_name }} image to DockerHub
         env:
           # Set the Env Vars
+          GITHUB_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
           DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }}
           IMAGE_REPO: oxsecurity/megalinter-only-${{ matrix.linter }}
@@ -108,6 +109,7 @@ jobs:
       - name: Deploy ${{ github.event.release.tag_name }} image to GitHub Container Registry
         env:
           # Set the Env Vars
+          GITHUB_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           GCR_USERNAME: ${{ secrets.GCR_USERNAME }}
           GCR_TOKEN: ${{ secrets.GCR_PASSWORD }}
           IMAGE_REPO: oxsecurity/megalinter-only-${{ matrix.linter }}
diff --git a/.github/workflows/deploy-RELEASE.yml b/.github/workflows/deploy-RELEASE.yml
@@ -67,6 +67,7 @@ jobs:
       - name: Deploy Release image to Dockerhub
         env:
           # Set the Env Vars
+          GITHUB_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
           DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }}
           IMAGE_REPO: oxsecurity/megalinter
@@ -83,6 +84,7 @@ jobs:
       - name: Deploy Release image to GitHub Container Registry
         env:
           # Set the Env Vars
+          GITHUB_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           GCR_USERNAME: ${{ secrets.GCR_USERNAME }}
           GCR_TOKEN: ${{ secrets.GCR_PASSWORD }}
           IMAGE_REPO: oxsecurity/megalinter
diff --git a/megalinter/descriptors/php.megalinter-descriptor.yml b/megalinter/descriptors/php.megalinter-descriptor.yml
@@ -21,7 +21,9 @@ install:
     - dpkg
   dockerfile:
     - |
-      RUN wget --tries=5 -q -O phive.phar https://phar.io/releases/phive.phar \
+      ARG GITHUB_AUTH_TOKEN
+      RUN export GITHUB_AUTH_TOKEN="$GITHUB_AUTH_TOKEN" \
+          && wget --tries=5 -q -O phive.phar https://phar.io/releases/phive.phar \
           && wget --tries=5 -q -O phive.phar.asc https://phar.io/releases/phive.phar.asc \
           && PHAR_KEY_ID="0x9D8A98B29B2D5D79" \
           && ( gpg --keyserver keyserver.pgp.com --recv-keys "$PHAR_KEY_ID" \
@@ -52,7 +54,8 @@ linters:
     install:
       dockerfile:
         - |
-          RUN phive --no-progress install phpcs -g --trust-gpg-keys 31C7E470E2138192
+          ARG GITHUB_AUTH_TOKEN
+          RUN export GITHUB_AUTH_TOKEN="$GITHUB_AUTH_TOKEN" && phive --no-progress install phpcs -g --trust-gpg-keys 31C7E470E2138192
     ide:
       atom:
         - name: linter-phpcs
@@ -96,7 +99,8 @@ linters:
     install:
       dockerfile:
         - |
-          RUN phive --no-progress install phpstan -g --trust-gpg-keys CF1A108D0E7AE720
+          ARG GITHUB_AUTH_TOKEN
+          RUN export GITHUB_AUTH_TOKEN="$GITHUB_AUTH_TOKEN" && phive --no-progress install phpstan -g --trust-gpg-keys CF1A108D0E7AE720
     ide:
       idea:
         - name: PHPStan / Psalm / Generics
@@ -130,7 +134,8 @@ linters:
     install:
       dockerfile:
         - |
-          RUN phive --no-progress install psalm -g --trust-gpg-keys 8A03EA3B385DBAA1,12CE0F1D262429A5
+          ARG GITHUB_AUTH_TOKEN
+          RUN export GITHUB_AUTH_TOKEN="$GITHUB_AUTH_TOKEN" && phive --no-progress install psalm -g --trust-gpg-keys 8A03EA3B385DBAA1,12CE0F1D262429A5
     ide:
       idea:
         - name: PHPStan / Psalm / Generics
