From b316d1ac7fbad1049f0e65866cd251926e816fb4 Mon Sep 17 00:00:00 2001
From: Henry Muru Paenga <meringu@gmail.com>
Date: Tue, 5 Nov 2024 23:11:58 +1300
Subject: [PATCH] use github token file for git commands

Signed-off-by: Henry Muru Paenga <meringu@gmail.com>
---
 server/events/event_parser.go      | 23 +++++++++++++++++++++--
 server/events/event_parser_test.go |  1 +
 server/server.go                   |  1 +
 3 files changed, 23 insertions(+), 2 deletions(-)

diff --git a/server/events/event_parser.go b/server/events/event_parser.go
index a6b4b363ac..5cbc029f48 100644
--- a/server/events/event_parser.go
+++ b/server/events/event_parser.go
@@ -17,6 +17,7 @@ import (
 	"encoding/json"
 	"fmt"
 	"net/url"
+	"os"
 	"path"
 	"strings"
 
@@ -357,6 +358,7 @@ type EventParsing interface {
 type EventParser struct {
 	GithubUser         string
 	GithubToken        string
+	GithubTokenFile    string
 	GitlabUser         string
 	GitlabToken        string
 	GiteaUser          string
@@ -372,7 +374,15 @@ type EventParser struct {
 func (e *EventParser) ParseAPIPlanRequest(vcsHostType models.VCSHostType, repoFullName string, cloneURL string) (models.Repo, error) {
 	switch vcsHostType {
 	case models.Github:
-		return models.NewRepo(vcsHostType, repoFullName, cloneURL, e.GithubUser, e.GithubToken)
+		token := e.GithubToken
+		if e.GithubTokenFile != "" {
+			content, err := os.ReadFile(e.GithubTokenFile)
+			if err != nil {
+				return models.Repo{}, fmt.Errorf("failed reading github token file: %w", err)
+			}
+			token = string(content)
+		}
+		return models.NewRepo(vcsHostType, repoFullName, cloneURL, e.GithubUser, token)
 	case models.Gitea:
 		return models.NewRepo(vcsHostType, repoFullName, cloneURL, e.GiteaUser, e.GiteaToken)
 	case models.Gitlab:
@@ -626,7 +636,16 @@ func (e *EventParser) ParseGithubPull(logger logging.SimpleLogging, pull *github
 // returns a repo into the Atlantis model.
 // See EventParsing for return value docs.
 func (e *EventParser) ParseGithubRepo(ghRepo *github.Repository) (models.Repo, error) {
-	return models.NewRepo(models.Github, ghRepo.GetFullName(), ghRepo.GetCloneURL(), e.GithubUser, e.GithubToken)
+	token := e.GithubToken
+	if e.GithubTokenFile != "" {
+		content, err := os.ReadFile(e.GithubTokenFile)
+		if err != nil {
+			return models.Repo{}, fmt.Errorf("failed reading github token file: %w", err)
+		}
+		token = string(content)
+	}
+
+	return models.NewRepo(models.Github, ghRepo.GetFullName(), ghRepo.GetCloneURL(), e.GithubUser, token)
 }
 
 // ParseGiteaRepo parses the response from the Gitea API endpoint that
diff --git a/server/events/event_parser_test.go b/server/events/event_parser_test.go
index fffe30e3eb..6350ea76ca 100644
--- a/server/events/event_parser_test.go
+++ b/server/events/event_parser_test.go
@@ -36,6 +36,7 @@ import (
 var parser = events.EventParser{
 	GithubUser:         "github-user",
 	GithubToken:        "github-token",
+	GithubTokenFile:    "",
 	GitlabUser:         "gitlab-user",
 	GitlabToken:        "gitlab-token",
 	AllowDraftPRs:      false,
diff --git a/server/server.go b/server/server.go
index 39c5ae1bc7..056550a355 100644
--- a/server/server.go
+++ b/server/server.go
@@ -560,6 +560,7 @@ func NewServer(userConfig UserConfig, config Config) (*Server, error) {
 	eventParser := &events.EventParser{
 		GithubUser:         userConfig.GithubUser,
 		GithubToken:        userConfig.GithubToken,
+		GithubTokenFile:    userConfig.GithubTokenFile,
 		GitlabUser:         userConfig.GitlabUser,
 		GitlabToken:        userConfig.GitlabToken,
 		GiteaUser:          userConfig.GiteaUser,