tasks: Better protect user's GitHub token in run-local.sh

Always start with the dummy token in the initialization, as most tests don't need it at all, or even expect to run against the local container setup. This is particularly relevant for `test_mock_pr()`. There are only two places where we want the actual token: `test_pr()` and `--interactive` mode. Both of these already opt into the real token by updating `.config--github-token`.
cockpit-project · Mar 6, 2024 · a676ed1 · a676ed1
1 parent 94b3f1c
commit a676ed1
Showing 1 changed file with 3 additions and 7 deletions.
diff --git a/tasks/run-local.sh b/tasks/run-local.sh
@@ -87,12 +87,8 @@ EOF
         (mkdir -p webhook; cd webhook; $MYDIR/credentials/webhook/generate.sh)
         (mkdir -p tasks; cd tasks; $ROOTDIR/local-s3/generate-s3-cert.sh)
 
-        # dummy token
-        if [ -z "$TOKEN" ]; then
-            echo 0123abc > webhook/.config--github-token
-        else
-            cp -fv "$TOKEN" webhook/.config--github-token
-        fi
+        # default to dummy token, tests need to opt into real one
+        echo 0123abc > webhook/.config--github-token
 
         # minio S3 key
         mkdir tasks/s3-keys
@@ -199,7 +195,7 @@ EOF
 cleanup_containers() {
     echo "Cleaning up..."
 
-    # clean up dummy token, so that image-prune does not try to use it
+    # clean up token, so that image-prune does not try to use it
     rm "$SECRETS"/webhook/.config--github-token
 
     # revert podman socket permission change