From c85e9da4beb09eb8385b8f6c620a45b50a323ffa Mon Sep 17 00:00:00 2001 From: Andre Loreth Date: Wed, 25 Jun 2025 18:54:08 +0200 Subject: [PATCH] fix: add authentication to repo.get request --- src/dispatch/controller.ts | 17 +++++++++++++---- src/dispatch/github.ts | 17 ++++++++++++++--- 2 files changed, 27 insertions(+), 7 deletions(-) diff --git a/src/dispatch/controller.ts b/src/dispatch/controller.ts index 625159f..2737a2d 100644 --- a/src/dispatch/controller.ts +++ b/src/dispatch/controller.ts @@ -88,10 +88,19 @@ export const dispatchControllerFactory: () => Promise = // If it's not present, we need to resolve the default branch. let enrichedTargetRef = body.target.ref; if (!enrichedTargetRef) { - enrichedTargetRef = await getRepositoryDefaultBranch({ - owner: body.target.owner, - repo: body.target.repo, - }); + try { + enrichedTargetRef = await getRepositoryDefaultBranch({ + owner: body.target.owner, + repo: body.target.repo, + }); + } catch (e) { + _reqLogger.warn({ error: e }, "Failed to resolve default branch"); + + return res + .status(400) + .header("content-type", responseContentType) + .json({ error: "Failed to resolve default branch" }); + } } // Map the body to the policy input. diff --git a/src/dispatch/github.ts b/src/dispatch/github.ts index 63ddc11..3708f7e 100644 --- a/src/dispatch/github.ts +++ b/src/dispatch/github.ts @@ -116,10 +116,21 @@ async function resolveAccessToken(id: RepositoryIdentity): Promise { export async function getRepositoryDefaultBranch( id: RepositoryIdentity, ): Promise { + // We need to fetch the metadata of the repository, which might be private. + // Therefore, we also need the access token. + const token = await resolveAccessToken({ + owner: id.owner, + repo: id.repo, + }); + try { - const { data } = await _baseOctokit.rest.repos.get({ - owner: id.owner, - repo: id.repo, + const data = await runOctokit(token, async (octokit) => { + const { data } = await octokit.rest.repos.get({ + owner: id.owner, + repo: id.repo, + }); + + return data; }); return data.default_branch;