feat(workspace): add /configs/.github-token static-token fallback
Some checks are pending
Block internal-flavored paths / Block forbidden paths (pull_request) Blocked by required conditions
CI / Detect changes (pull_request) Blocked by required conditions
CI / Platform (Go) (pull_request) Blocked by required conditions
CI / Canvas (Next.js) (pull_request) Blocked by required conditions
CI / Shellcheck (E2E scripts) (pull_request) Blocked by required conditions
CI / Canvas Deploy Reminder (pull_request) Blocked by required conditions
CI / Python Lint & Test (pull_request) Blocked by required conditions
CodeQL / Analyze (${{ matrix.language }}) (go) (pull_request) Blocked by required conditions
CodeQL / Analyze (${{ matrix.language }}) (javascript-typescript) (pull_request) Blocked by required conditions
CodeQL / Analyze (${{ matrix.language }}) (python) (pull_request) Blocked by required conditions
E2E API Smoke Test / detect-changes (pull_request) Blocked by required conditions
E2E API Smoke Test / E2E API Smoke Test (pull_request) Blocked by required conditions
E2E Staging Canvas (Playwright) / detect-changes (pull_request) Blocked by required conditions
E2E Staging Canvas (Playwright) / Canvas tabs E2E (pull_request) Blocked by required conditions
Handlers Postgres Integration / detect-changes (pull_request) Blocked by required conditions
Handlers Postgres Integration / Handlers Postgres Integration (pull_request) Blocked by required conditions
Runtime PR-Built Compatibility / detect-changes (pull_request) Blocked by required conditions
Runtime PR-Built Compatibility / PR-built wheel + import smoke (pull_request) Blocked by required conditions
Secret scan / Scan diff for credential-shaped strings (pull_request) Blocked by required conditions
Harness Replays / detect-changes (pull_request) Blocked by required conditions
Harness Replays / Harness Replays (pull_request) Blocked by required conditions
Some checks are pending
Block internal-flavored paths / Block forbidden paths (pull_request) Blocked by required conditions
CI / Detect changes (pull_request) Blocked by required conditions
CI / Platform (Go) (pull_request) Blocked by required conditions
CI / Canvas (Next.js) (pull_request) Blocked by required conditions
CI / Shellcheck (E2E scripts) (pull_request) Blocked by required conditions
CI / Canvas Deploy Reminder (pull_request) Blocked by required conditions
CI / Python Lint & Test (pull_request) Blocked by required conditions
CodeQL / Analyze (${{ matrix.language }}) (go) (pull_request) Blocked by required conditions
CodeQL / Analyze (${{ matrix.language }}) (javascript-typescript) (pull_request) Blocked by required conditions
CodeQL / Analyze (${{ matrix.language }}) (python) (pull_request) Blocked by required conditions
E2E API Smoke Test / detect-changes (pull_request) Blocked by required conditions
E2E API Smoke Test / E2E API Smoke Test (pull_request) Blocked by required conditions
E2E Staging Canvas (Playwright) / detect-changes (pull_request) Blocked by required conditions
E2E Staging Canvas (Playwright) / Canvas tabs E2E (pull_request) Blocked by required conditions
Handlers Postgres Integration / detect-changes (pull_request) Blocked by required conditions
Handlers Postgres Integration / Handlers Postgres Integration (pull_request) Blocked by required conditions
Runtime PR-Built Compatibility / detect-changes (pull_request) Blocked by required conditions
Runtime PR-Built Compatibility / PR-built wheel + import smoke (pull_request) Blocked by required conditions
Secret scan / Scan diff for credential-shaped strings (pull_request) Blocked by required conditions
Harness Replays / detect-changes (pull_request) Blocked by required conditions
Harness Replays / Harness Replays (pull_request) Blocked by required conditions
When platform /github-installation-token returns 500 (GitHub App unconfigured or token expired), operators can place a PAT in /configs/.github-token to keep git/ gh ops running. This is a pure additive step-4 fallback — cache is NEVER written for static tokens so recovery always reads fresh. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
This commit is contained in:
Molecule AI Core Platform Lead
parent
c94ead1953
commit
d03fec794e
@ -46,8 +46,10 @@
|
||||
# 2. Fetch fresh token from platform API.
|
||||
# 3. If platform is unreachable, fall back to GITHUB_TOKEN / GH_TOKEN
|
||||
# env var (set at container start, valid for up to 60 min).
|
||||
# 4. If all fail, exit 1 so git falls through to the next credential
|
||||
# helper in the chain (if any).
|
||||
# 4. If all fail, fall back to a static PAT written by the infra operator
|
||||
# at ${CONFIGS_DIR}/.github-token (helps when platform
|
||||
# /github-installation-token returns 500 due to GitHub App misconfiguration).
|
||||
# Cache is NEVER written for static tokens — recovery is always fresh.
|
||||
#
|
||||
# # gh CLI integration
|
||||
#
|
||||
@ -222,6 +224,17 @@ _fetch_token() {
|
||||
return 0
|
||||
fi
|
||||
|
||||
# 4. Fall back to static token file (written by infra operator).
|
||||
static_token_file="${CONFIGS_DIR:-/configs}/.github-token"
|
||||
if [ -f "${static_token_file}" ]; then
|
||||
static_token=$(cat "${static_token_file}" | tr -d '[:space:]')
|
||||
if [ -n "${static_token}" ]; then
|
||||
echo "[molecule-git-token-helper] API unreachable, falling back to static token file" >&2
|
||||
echo "${static_token}"
|
||||
return 0
|
||||
fi
|
||||
fi
|
||||
|
||||
echo "[molecule-git-token-helper] all token sources exhausted" >&2
|
||||
return 1
|
||||
}
|
||||
|
||||
Loading…
Reference in New Issue
Block a user