Skip to content

Commit 6019bf9

Browse files
brettfoCopilot
andcommitted
Pass JOB_TOKEN and DEPENDABOT_API_URL env vars to the proxy container
Extract proxy environment construction into a proxyEnv helper and forward the JOB_TOKEN and DEPENDABOT_API_URL environment variables to the proxy container. Each is only forwarded when actually set on the host, so an unset variable is omitted entirely (matching prior behavior). Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
1 parent 2ed587f commit 6019bf9

2 files changed

Lines changed: 124 additions & 10 deletions

File tree

internal/infra/proxy.go

Lines changed: 25 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -79,16 +79,7 @@ func NewProxy(ctx context.Context, cli *client.Client, params *RunParams, nets *
7979
}
8080
config := &container.Config{
8181
Image: params.ProxyImage,
82-
Env: []string{
83-
"HTTP_PROXY=" + os.Getenv("HTTP_PROXY"),
84-
"HTTPS_PROXY=" + os.Getenv("HTTPS_PROXY"),
85-
"NO_PROXY=" + os.Getenv("NO_PROXY"),
86-
"JOB_ID=" + jobID,
87-
"PROXY_CACHE=true",
88-
"LOG_RESPONSE_BODY_ON_AUTH_FAILURE=true",
89-
"ACTIONS_ID_TOKEN_REQUEST_TOKEN=" + os.Getenv("ACTIONS_ID_TOKEN_REQUEST_TOKEN"),
90-
"ACTIONS_ID_TOKEN_REQUEST_URL=" + os.Getenv("ACTIONS_ID_TOKEN_REQUEST_URL"),
91-
},
82+
Env: proxyEnv(),
9283
Entrypoint: []string{
9384
"sh", "-c", "update-ca-certificates && /dependabot-proxy",
9485
},
@@ -141,6 +132,30 @@ func NewProxy(ctx context.Context, cli *client.Client, params *RunParams, nets *
141132
return proxy, nil
142133
}
143134

135+
// proxyEnv builds the environment variables passed to the proxy container.
136+
func proxyEnv() []string {
137+
env := []string{
138+
"HTTP_PROXY=" + os.Getenv("HTTP_PROXY"),
139+
"HTTPS_PROXY=" + os.Getenv("HTTPS_PROXY"),
140+
"NO_PROXY=" + os.Getenv("NO_PROXY"),
141+
"JOB_ID=" + jobID,
142+
"PROXY_CACHE=true",
143+
"LOG_RESPONSE_BODY_ON_AUTH_FAILURE=true",
144+
"ACTIONS_ID_TOKEN_REQUEST_TOKEN=" + os.Getenv("ACTIONS_ID_TOKEN_REQUEST_TOKEN"),
145+
"ACTIONS_ID_TOKEN_REQUEST_URL=" + os.Getenv("ACTIONS_ID_TOKEN_REQUEST_URL"),
146+
}
147+
// Only forward JOB_TOKEN when it is actually set on the host, so the proxy
148+
// container sees no JOB_TOKEN variable at all when the host doesn't set one.
149+
if token, ok := os.LookupEnv("JOB_TOKEN"); ok {
150+
env = append(env, "JOB_TOKEN="+token)
151+
}
152+
// Likewise, only forward DEPENDABOT_API_URL when the host has it set.
153+
if apiURL, ok := os.LookupEnv("DEPENDABOT_API_URL"); ok {
154+
env = append(env, "DEPENDABOT_API_URL="+apiURL)
155+
}
156+
return env
157+
}
158+
144159
func putProxyConfig(ctx context.Context, cli *client.Client, config *Config, id string) error {
145160
opt := container.CopyToContainerOptions{}
146161

internal/infra/proxy_test.go

Lines changed: 99 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,99 @@
1+
package infra
2+
3+
import (
4+
"os"
5+
"strings"
6+
"testing"
7+
)
8+
9+
func envValue(env []string, key string) (string, bool) {
10+
prefix := key + "="
11+
for _, e := range env {
12+
if strings.HasPrefix(e, prefix) {
13+
return strings.TrimPrefix(e, prefix), true
14+
}
15+
}
16+
return "", false
17+
}
18+
19+
func Test_proxyEnv_JobToken(t *testing.T) {
20+
t.Run("passes JOB_TOKEN from environment", func(t *testing.T) {
21+
t.Setenv("JOB_TOKEN", "super-secret-token")
22+
23+
env := proxyEnv()
24+
25+
value, ok := envValue(env, "JOB_TOKEN")
26+
if !ok {
27+
t.Fatal("expected JOB_TOKEN to be present in proxy env")
28+
}
29+
if value != "super-secret-token" {
30+
t.Errorf("expected JOB_TOKEN to be %q, got %q", "super-secret-token", value)
31+
}
32+
})
33+
34+
t.Run("omits JOB_TOKEN when unset", func(t *testing.T) {
35+
t.Setenv("JOB_TOKEN", "placeholder")
36+
os.Unsetenv("JOB_TOKEN")
37+
38+
env := proxyEnv()
39+
40+
if _, ok := envValue(env, "JOB_TOKEN"); ok {
41+
t.Error("expected JOB_TOKEN to be absent from proxy env when host has it unset")
42+
}
43+
})
44+
45+
t.Run("forwards empty JOB_TOKEN when set to empty", func(t *testing.T) {
46+
t.Setenv("JOB_TOKEN", "")
47+
48+
env := proxyEnv()
49+
50+
value, ok := envValue(env, "JOB_TOKEN")
51+
if !ok {
52+
t.Fatal("expected JOB_TOKEN to be present when host sets it (even empty)")
53+
}
54+
if value != "" {
55+
t.Errorf("expected JOB_TOKEN to be empty, got %q", value)
56+
}
57+
})
58+
}
59+
60+
func Test_proxyEnv_DependabotAPIURL(t *testing.T) {
61+
t.Run("passes DEPENDABOT_API_URL from environment", func(t *testing.T) {
62+
t.Setenv("DEPENDABOT_API_URL", "https://api.example.com")
63+
64+
env := proxyEnv()
65+
66+
value, ok := envValue(env, "DEPENDABOT_API_URL")
67+
if !ok {
68+
t.Fatal("expected DEPENDABOT_API_URL to be present in proxy env")
69+
}
70+
if value != "https://api.example.com" {
71+
t.Errorf("expected DEPENDABOT_API_URL to be %q, got %q", "https://api.example.com", value)
72+
}
73+
})
74+
75+
t.Run("omits DEPENDABOT_API_URL when unset", func(t *testing.T) {
76+
t.Setenv("DEPENDABOT_API_URL", "placeholder")
77+
os.Unsetenv("DEPENDABOT_API_URL")
78+
79+
env := proxyEnv()
80+
81+
if _, ok := envValue(env, "DEPENDABOT_API_URL"); ok {
82+
t.Error("expected DEPENDABOT_API_URL to be absent from proxy env when host has it unset")
83+
}
84+
})
85+
86+
t.Run("forwards empty DEPENDABOT_API_URL when set to empty", func(t *testing.T) {
87+
t.Setenv("DEPENDABOT_API_URL", "")
88+
89+
env := proxyEnv()
90+
91+
value, ok := envValue(env, "DEPENDABOT_API_URL")
92+
if !ok {
93+
t.Fatal("expected DEPENDABOT_API_URL to be present when host sets it (even empty)")
94+
}
95+
if value != "" {
96+
t.Errorf("expected DEPENDABOT_API_URL to be empty, got %q", value)
97+
}
98+
})
99+
}

0 commit comments

Comments
 (0)