terraform-linters / tflint

A Pluggable Terraform Linter
Mozilla Public License 2.0
4.98k stars 357 forks source link

plugin: Add support for host-specific GitHub tokens #2025

Closed wata727 closed 7 months ago

wata727 commented 7 months ago

Fixes https://github.com/terraform-linters/tflint/issues/2005

This PR adds support for host-specific GitHub tokens like GITHUB_TOKEN_example_com.

Previously, the GITHUB_TOKEN environment variable was supported during plugin installation for private repositories and to avoid rate limits. However, as explained in #2004 and #2005, when using GitHub.com and GHES together as plugin source hosts, there was a problem where different access tokens could not be used for each.

To solve this, we will introduce environment variables that are only used in GHES. For example, if a plugin is hosted on example.com, GITHUB_TOKEN_example_com will only be used when installing a plugin whose source is "example.com".

# GITHUB_TOKEN will be used
plugin "foo" {
  source = "github.com/org/tflint-ruleset-foo"
}

# GITHUB_TOKEN_example_com will be used preferentially and will fall back to GITHUB_TOKEN if not set.
plugin "bar" {
  source = "example.com/org/tflint-ruleset-bar"
}

This allows you to install plugins from GitHub.com and GHES at the same time by setting GITHUB_TOKEN and GITHUB_TOKEN_example_com.

Please note that host names used as environment variables must be normalized in Punycode. You can also use "_" instead of "." and "__" instead of "-".