tap_dumper: filter HOMEBREW_GITHUB_API_TOKEN.

If it's present in a tap's git remote: filter it out and replace it with a lookup for the environment variable instead.
Homebrew · Dec 13, 2023 · 75fe082 · 75fe082
1 parent ea1f4fa
commit 75fe082
Show file tree

Hide file tree

Showing 2 changed files with 29 additions and 6 deletions.
diff --git a/lib/bundle/tap_dumper.rb b/lib/bundle/tap_dumper.rb
@@ -13,6 +13,14 @@ def reset!
     def dump
       taps.map do |tap|
         remote = if tap.custom_remote? && (tap_remote = tap.remote)
+          if (api_token = ENV.fetch("HOMEBREW_GITHUB_API_TOKEN", false).presence)
+            # Replace the API token in the remote URL with interpolation.
+            # Rubocop's warning here is wrong; we intentionally want to not
+            # evaluate this string until the Brewfile is evaluated.
+            # rubocop:disable Style/RedundantPercentQ
+            tap_remote = tap_remote.gsub(api_token, %q(#{ENV.fetch("HOMEBREW_GITHUB_API_TOKEN")}))
+            # rubocop:enable Style/RedundantPercentQ
+          end
           ", \"#{tap_remote}\""
         end
         "tap \"#{tap.name}\"#{remote}"

diff --git a/spec/bundle/tap_dumper_spec.rb b/spec/bundle/tap_dumper_spec.rb
@@ -19,25 +19,40 @@
     end
   end
 
-  context "with `bitbucket/bar`, `homebrew/baz` and `homebrew/foo` taps" do
+  context "with taps" do
     before do
       described_class.reset!
+
       bar = instance_double(Tap, name: "bitbucket/bar", custom_remote?: true,
                             remote: "https://bitbucket.org/bitbucket/bar.git")
       baz = instance_double(Tap, name: "homebrew/baz", custom_remote?: false)
       foo = instance_double(Tap, name: "homebrew/foo", custom_remote?: false)
-      allow(Tap).to receive(:each).and_return [bar, baz, foo]
+
+      ENV["HOMEBREW_GITHUB_API_TOKEN_BEFORE"] = ENV.fetch("HOMEBREW_GITHUB_API_TOKEN", nil)
+      ENV["HOMEBREW_GITHUB_API_TOKEN"] = "some-token"
+      private_tap = instance_double(Tap, name: "privatebrew/private", custom_remote?: true,
+        remote: "https://#{ENV.fetch("HOMEBREW_GITHUB_API_TOKEN")}@github.com/privatebrew/homebrew-private")
+
+      allow(Tap).to receive(:each).and_return [bar, baz, foo, private_tap]
+    end
+
+    after do
+      ENV["HOMEBREW_GITHUB_API_TOKEN"] = ENV.fetch("HOMEBREW_GITHUB_API_TOKEN_BEFORE", nil)
+      ENV.delete("HOMEBREW_GITHUB_API_TOKEN_BEFORE")
     end
 
     it "returns list of information" do
       expect(dumper.tap_names).not_to be_empty
     end
 
     it "dumps output" do
-      expect(dumper.dump).to eql(
-        "tap \"bitbucket/bar\", \"https://bitbucket.org/bitbucket/bar.git\"\n" \
-        "tap \"homebrew/baz\"\ntap \"homebrew/foo\"",
-      )
+      expected_output = <<~EOS
+        tap "bitbucket/bar", "https://bitbucket.org/bitbucket/bar.git"
+        tap "homebrew/baz"
+        tap "homebrew/foo"
+        tap "privatebrew/private", "https://\#{ENV.fetch("HOMEBREW_GITHUB_API_TOKEN")}@github.com/privatebrew/homebrew-private"
+      EOS
+      expect(dumper.dump).to eql(expected_output.chomp)
     end
   end
 end