more environment variable configuration + github access token usage #8
Conversation
|
i believe this is safe from command injection via |
There was a problem hiding this comment.
Hey @realytcracker!
So sorry for not getting this review out sooner. Thank you so much for taking the time to send this in.
I left a couple of small comments, but I'd be interested in getting this merged. I understand that this has been here for some time so if you don't have time to knock these out just let me know and I can merge into a branch, make the minor changes then get this merged into master.
https://github.blog/2012-09-21-easier-builds-and-deployments-using-git-over-https-and-oauth/ ``` If you’re cloning inside a script and need to avoid the prompts, you can add the token to the clone URL: git clone https://<token>@github.com/owner/repo.git or git clone https://<token>:x-oauth-basic@github.com/owner/repo.git ```
|
sorry for the 3y necromancy - i just noticed this wasn't merged, and updated accordingly. |
|
also, i noticed you're at stripe now @jordan-wright, so you may not even be maintaining this anymore. my old supervisor (super cool, sharp dude) does offensive security there - b steg. |
this patch allows for the pulling of repositories available under the scope of the token's user by modifying the
git clonerequest to include the provided access token as basic authentication, especially helpful in thewebhookimplementation. it also allows for the configuration of other seemingly sensitive variables to be passed along as environment variables.