Skip to content

Commit 16ab831

Browse files
brettfoCopilot
andcommitted
Pass JOB_TOKEN env var to the proxy container
Extract proxy environment construction into a proxyEnv helper and include the JOB_TOKEN environment variable so it is forwarded to the proxy container. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
1 parent 2ed587f commit 16ab831

2 files changed

Lines changed: 79 additions & 10 deletions

File tree

internal/infra/proxy.go

Lines changed: 21 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -79,16 +79,7 @@ func NewProxy(ctx context.Context, cli *client.Client, params *RunParams, nets *
7979
}
8080
config := &container.Config{
8181
Image: params.ProxyImage,
82-
Env: []string{
83-
"HTTP_PROXY=" + os.Getenv("HTTP_PROXY"),
84-
"HTTPS_PROXY=" + os.Getenv("HTTPS_PROXY"),
85-
"NO_PROXY=" + os.Getenv("NO_PROXY"),
86-
"JOB_ID=" + jobID,
87-
"PROXY_CACHE=true",
88-
"LOG_RESPONSE_BODY_ON_AUTH_FAILURE=true",
89-
"ACTIONS_ID_TOKEN_REQUEST_TOKEN=" + os.Getenv("ACTIONS_ID_TOKEN_REQUEST_TOKEN"),
90-
"ACTIONS_ID_TOKEN_REQUEST_URL=" + os.Getenv("ACTIONS_ID_TOKEN_REQUEST_URL"),
91-
},
82+
Env: proxyEnv(),
9283
Entrypoint: []string{
9384
"sh", "-c", "update-ca-certificates && /dependabot-proxy",
9485
},
@@ -141,6 +132,26 @@ func NewProxy(ctx context.Context, cli *client.Client, params *RunParams, nets *
141132
return proxy, nil
142133
}
143134

135+
// proxyEnv builds the environment variables passed to the proxy container.
136+
func proxyEnv() []string {
137+
env := []string{
138+
"HTTP_PROXY=" + os.Getenv("HTTP_PROXY"),
139+
"HTTPS_PROXY=" + os.Getenv("HTTPS_PROXY"),
140+
"NO_PROXY=" + os.Getenv("NO_PROXY"),
141+
"JOB_ID=" + jobID,
142+
"PROXY_CACHE=true",
143+
"LOG_RESPONSE_BODY_ON_AUTH_FAILURE=true",
144+
"ACTIONS_ID_TOKEN_REQUEST_TOKEN=" + os.Getenv("ACTIONS_ID_TOKEN_REQUEST_TOKEN"),
145+
"ACTIONS_ID_TOKEN_REQUEST_URL=" + os.Getenv("ACTIONS_ID_TOKEN_REQUEST_URL"),
146+
}
147+
// Only forward JOB_TOKEN when it is actually set on the host, so the proxy
148+
// container sees no JOB_TOKEN variable at all when the host doesn't set one.
149+
if token, ok := os.LookupEnv("JOB_TOKEN"); ok {
150+
env = append(env, "JOB_TOKEN="+token)
151+
}
152+
return env
153+
}
154+
144155
func putProxyConfig(ctx context.Context, cli *client.Client, config *Config, id string) error {
145156
opt := container.CopyToContainerOptions{}
146157

internal/infra/proxy_test.go

Lines changed: 58 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,58 @@
1+
package infra
2+
3+
import (
4+
"os"
5+
"strings"
6+
"testing"
7+
)
8+
9+
func envValue(env []string, key string) (string, bool) {
10+
prefix := key + "="
11+
for _, e := range env {
12+
if strings.HasPrefix(e, prefix) {
13+
return strings.TrimPrefix(e, prefix), true
14+
}
15+
}
16+
return "", false
17+
}
18+
19+
func Test_proxyEnv_JobToken(t *testing.T) {
20+
t.Run("passes JOB_TOKEN from environment", func(t *testing.T) {
21+
t.Setenv("JOB_TOKEN", "super-secret-token")
22+
23+
env := proxyEnv()
24+
25+
value, ok := envValue(env, "JOB_TOKEN")
26+
if !ok {
27+
t.Fatal("expected JOB_TOKEN to be present in proxy env")
28+
}
29+
if value != "super-secret-token" {
30+
t.Errorf("expected JOB_TOKEN to be %q, got %q", "super-secret-token", value)
31+
}
32+
})
33+
34+
t.Run("omits JOB_TOKEN when unset", func(t *testing.T) {
35+
t.Setenv("JOB_TOKEN", "placeholder")
36+
os.Unsetenv("JOB_TOKEN")
37+
38+
env := proxyEnv()
39+
40+
if _, ok := envValue(env, "JOB_TOKEN"); ok {
41+
t.Error("expected JOB_TOKEN to be absent from proxy env when host has it unset")
42+
}
43+
})
44+
45+
t.Run("forwards empty JOB_TOKEN when set to empty", func(t *testing.T) {
46+
t.Setenv("JOB_TOKEN", "")
47+
48+
env := proxyEnv()
49+
50+
value, ok := envValue(env, "JOB_TOKEN")
51+
if !ok {
52+
t.Fatal("expected JOB_TOKEN to be present when host sets it (even empty)")
53+
}
54+
if value != "" {
55+
t.Errorf("expected JOB_TOKEN to be empty, got %q", value)
56+
}
57+
})
58+
}

0 commit comments

Comments
 (0)