git auth token support for private repos

Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com>
2025-12-06 15:58:07 +08:00 · 2024-04-13 15:20:19 +02:00
parent b6cc37d5b9
commit 908c98f276
4 changed files with 53 additions and 17 deletions
--- a/src/context.ts
+++ b/src/context.ts
@@ -21,6 +21,7 @@ export interface Inputs {
  sbom: string;
  set: string[];
  source: string;
+  githubToken: string;
 }

 export async function getInputs(): Promise<Inputs> {
@@ -36,7 +37,8 @@ export async function getInputs(): Promise<Inputs> {
    push: core.getBooleanInput('push'),
    sbom: core.getInput('sbom'),
    set: Util.getInputList('set', {ignoreComma: true, quote: false}),
-    source: getSourceInput('source')
+    source: getSourceInput('source'),
+    githubToken: core.getInput('github-token')
  };
 }

--- a/src/main.ts
+++ b/src/main.ts
@@ -19,6 +19,7 @@ actionsToolkit.run(
  async () => {
    const inputs: context.Inputs = await context.getInputs();
    const toolkit = new Toolkit();
+    const gitAuthToken = process.env.BUILDX_BAKE_GIT_AUTH_TOKEN ?? inputs.githubToken;

    await core.group(`GitHub Actions runtime token ACs`, async () => {
      try {
@@ -85,7 +86,8 @@ actionsToolkit.run(
          push: inputs.push,
          sbom: inputs.sbom,
          source: inputs.source,
-          targets: inputs.targets
+          targets: inputs.targets,
+          githubToken: gitAuthToken
        },
        {
          cwd: inputs.workdir
@@ -98,15 +100,22 @@ actionsToolkit.run(

    const args: string[] = await context.getArgs(inputs, definition, toolkit);
    const buildCmd = await toolkit.buildx.getCommand(args);
+    const buildEnv = Object.assign({}, process.env, {
+      BUILDX_BAKE_GIT_AUTH_TOKEN: gitAuthToken
+    }) as {
+      [key: string]: string;
+    };

    await core.group(`Bake definition`, async () => {
      await Exec.exec(buildCmd.command, [...buildCmd.args, '--print'], {
-        cwd: inputs.workdir
+        cwd: inputs.workdir,
+        env: buildEnv
      });
    });

    await Exec.getExecOutput(buildCmd.command, buildCmd.args, {
      cwd: inputs.workdir,
+      env: buildEnv,
      ignoreReturnCode: true
    }).then(res => {
      if (res.stderr.length > 0 && res.exitCode != 0) {