Move GitHub authentication options to a separate class (#1660)

Co-authored-by: Matt Thalman <[email protected]>

Author: lbussell

Diff for: Microsoft.DotNet.DockerTools.sln

@@ -19,6 +19,10 @@ Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "src", "src", "{A35A8A12-AC5
 EndProject
 Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "Microsoft.DotNet.ImageBuilder", "src\Microsoft.DotNet.ImageBuilder\src\Microsoft.DotNet.ImageBuilder.csproj", "{25B808D8-AF2F-4C51-BBF2-E2BE83C97E20}"
 EndProject
+Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "tests", "tests", "{F124FA66-7255-8556-598B-1D8A12763BBD}"
+EndProject
+Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "Microsoft.DotNet.ImageBuilder.Tests", "src\Microsoft.DotNet.ImageBuilder\tests\Microsoft.DotNet.ImageBuilder.Tests.csproj", "{66621167-DB12-484B-A5E8-E02FB7F84F2F}"
+EndProject
 Global
 	GlobalSection(SolutionConfigurationPlatforms) = preSolution
 		Debug|Any CPU = Debug|Any CPU
@@ -65,6 +69,18 @@ Global
 		{25B808D8-AF2F-4C51-BBF2-E2BE83C97E20}.Release|x64.Build.0 = Release|Any CPU
 		{25B808D8-AF2F-4C51-BBF2-E2BE83C97E20}.Release|x86.ActiveCfg = Release|Any CPU
 		{25B808D8-AF2F-4C51-BBF2-E2BE83C97E20}.Release|x86.Build.0 = Release|Any CPU
+		{66621167-DB12-484B-A5E8-E02FB7F84F2F}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{66621167-DB12-484B-A5E8-E02FB7F84F2F}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{66621167-DB12-484B-A5E8-E02FB7F84F2F}.Debug|x64.ActiveCfg = Debug|Any CPU
+		{66621167-DB12-484B-A5E8-E02FB7F84F2F}.Debug|x64.Build.0 = Debug|Any CPU
+		{66621167-DB12-484B-A5E8-E02FB7F84F2F}.Debug|x86.ActiveCfg = Debug|Any CPU
+		{66621167-DB12-484B-A5E8-E02FB7F84F2F}.Debug|x86.Build.0 = Debug|Any CPU
+		{66621167-DB12-484B-A5E8-E02FB7F84F2F}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{66621167-DB12-484B-A5E8-E02FB7F84F2F}.Release|Any CPU.Build.0 = Release|Any CPU
+		{66621167-DB12-484B-A5E8-E02FB7F84F2F}.Release|x64.ActiveCfg = Release|Any CPU
+		{66621167-DB12-484B-A5E8-E02FB7F84F2F}.Release|x64.Build.0 = Release|Any CPU
+		{66621167-DB12-484B-A5E8-E02FB7F84F2F}.Release|x86.ActiveCfg = Release|Any CPU
+		{66621167-DB12-484B-A5E8-E02FB7F84F2F}.Release|x86.Build.0 = Release|Any CPU
 	EndGlobalSection
 	GlobalSection(SolutionProperties) = preSolution
 		HideSolutionNode = FALSE
@@ -76,5 +92,7 @@ Global
 		{5642BE26-182A-8523-32C6-646C04E8E66B} = {827E0CD3-B72D-47B6-A68D-7590B98EB39B}
 		{A35A8A12-AC52-E606-2330-8FAB7C79392D} = {5642BE26-182A-8523-32C6-646C04E8E66B}
 		{25B808D8-AF2F-4C51-BBF2-E2BE83C97E20} = {A35A8A12-AC52-E606-2330-8FAB7C79392D}
+		{F124FA66-7255-8556-598B-1D8A12763BBD} = {5642BE26-182A-8523-32C6-646C04E8E66B}
+		{66621167-DB12-484B-A5E8-E02FB7F84F2F} = {F124FA66-7255-8556-598B-1D8A12763BBD}
 	EndGlobalSection
 EndGlobal

Diff for: src/Microsoft.DotNet.ImageBuilder/src/Commands/GetStaleImagesCommand.cs

@@ -158,17 +158,14 @@ private async Task<List<string>> GetPathsToRebuildAsync(
 
         private async Task<ImageArtifactDetails> GetImageInfoForSubscriptionAsync(Models.Subscription.Subscription subscription, ManifestInfo manifest)
         {
-            IApiConnection connection = OctokitClientFactory.CreateApiConnection(Options.GitOptions.ToOctokitCredentials());
-
-            ITreesClient treesClient = _octokitClientFactory.CreateTreesClient(connection);
+            ITreesClient treesClient = _octokitClientFactory.CreateTreesClient(Options.GitOptions.GitHubAuthOptions);
             string fileSha = await treesClient.GetFileShaAsync(
                 subscription.ImageInfo.Owner, subscription.ImageInfo.Repo, subscription.ImageInfo.Branch, subscription.ImageInfo.Path);
 
-            IBlobsClient blobsClient = _octokitClientFactory.CreateBlobsClient(connection);
+            IBlobsClient blobsClient = _octokitClientFactory.CreateBlobsClient(Options.GitOptions.GitHubAuthOptions);
             string imageDataJson = await blobsClient.GetFileContentAsync(subscription.ImageInfo.Owner, subscription.ImageInfo.Repo, fileSha);
 
             return ImageInfoHelper.LoadFromContent(imageDataJson, manifest, skipManifestValidation: true);
         }
     }
 }
-#nullable disable

Diff for: src/Microsoft.DotNet.ImageBuilder/src/Commands/GitOptions.cs

@@ -5,6 +5,7 @@
 using System;
 using System.Collections.Generic;
 using System.CommandLine;
+using System.Linq;
 using Microsoft.DotNet.VersionTools.Automation;
 using Octokit;
 using static Microsoft.DotNet.ImageBuilder.Commands.CliHelper;
@@ -14,22 +15,23 @@ namespace Microsoft.DotNet.ImageBuilder.Commands
 {
     public class GitOptions : IGitHubFileRef
     {
-        public string AuthToken { get; set; } = string.Empty;
         public string Branch { get; set; } = string.Empty;
         public string Email { get; set; } = string.Empty;
         public string Owner { get; set; } = string.Empty;
         public string Path { get; set; } = string.Empty;
         public string Repo { get; set; } = string.Empty;
         public string Username { get; set; } = string.Empty;
 
-        public GitHubAuth ToGitHubAuth()
-        {
-            return new GitHubAuth(AuthToken, Username, Email);
-        }
+        public Uri GetRepoUrl() => new Uri($"https://github.com/{Owner}/{Repo}");
+
+        public GitHubAuthOptions GitHubAuthOptions { get; set; } = new GitHubAuthOptions();
+    }
 
-        public Credentials ToOctokitCredentials() => new Credentials(AuthToken);
+    public record GitHubAuthOptions(string AuthToken = "", string PrivateKeyFilePath = "")
+    {
+        public bool IsPrivateKeyAuth => !string.IsNullOrEmpty(PrivateKeyFilePath);
 
-        public Uri GetRepoUrl() => new Uri($"https://github.com/{Owner}/{Repo}");
+        public bool HasCredentials => !string.IsNullOrEmpty(AuthToken) || !string.IsNullOrEmpty(PrivateKeyFilePath);
     }
 
     public class GitOptionsBuilder
@@ -47,7 +49,7 @@ public static GitOptionsBuilder BuildWithDefaults() =>
             Build()
                 .WithUsername(isRequired: true)
                 .WithEmail(isRequired: true)
-                .WithAuthToken(isRequired: true)
+                .WithGitHubAuth()
                 .WithBranch()
                 .WithOwner()
                 .WithPath()
@@ -65,12 +67,6 @@ public GitOptionsBuilder WithEmail(
             string description = "Email to use for GitHub connection") =>
             AddSymbol("git-email", nameof(GitOptions.Email), isRequired, defaultValue, description);
 
-        public GitOptionsBuilder WithAuthToken(
-            bool isRequired = false,
-            string? defaultValue = null,
-            string description = "Auth token to use to connect to GitHub") =>
-            AddSymbol("git-token", nameof(GitOptions.AuthToken), isRequired, defaultValue, description);
-
         public GitOptionsBuilder WithBranch(
             bool isRequired = false,
             string? defaultValue = null,
@@ -95,23 +91,62 @@ public GitOptionsBuilder WithRepo(
             string description = "Name of the GitHub repo to access") =>
             AddSymbol("git-repo", nameof(GitOptions.Repo), isRequired, defaultValue, description);
 
+        public GitOptionsBuilder WithGitHubAuth(string? description = null, bool isRequired = false)
+        {
+            description ??= "GitHub Personal Access Token (PAT) or private key file (.pem)";
+            description += " [token=<token> | private-key-file=<path to .pem file>]";
+
+            _options.Add(CreateOption(
+                "github-auth",
+                nameof(GitOptions.GitHubAuthOptions),
+                "GitHub Personal Access Token (PAT) or private key file (.pem) [token=<token> | private-key-file=<path to .pem file>]",
+                parseArg: argumentResult =>
+                {
+                    var dictionary = argumentResult.Tokens
+                        .Select(token => token.Value.ParseKeyValuePair('='))
+                        .ToDictionary();
+
+                    string token = dictionary.GetValueOrDefault("token", "");
+                    string privateKeyFile = dictionary.GetValueOrDefault("private-key-file", "");
+
+                    if (isRequired && string.IsNullOrEmpty(token) && string.IsNullOrEmpty(privateKeyFile))
+                    {
+                        throw new ArgumentException("GitHub token or private key file must be provided.");
+                    }
+
+                    return new GitHubAuthOptions(token, privateKeyFile);
+                }
+            ));
+
+            return this;
+        }
+
         public IEnumerable<Option> GetCliOptions() => _options;
 
         public IEnumerable<Argument> GetCliArguments() => _arguments;
 
-        private GitOptionsBuilder AddSymbol<T>(string alias, string propertyName, bool isRequired, T? defaultValue, string description)
+        private GitOptionsBuilder AddSymbol<T>(
+            string alias,
+            string propertyName,
+            bool isRequired,
+            T? defaultValue,
+            string description)
         {
             if (isRequired)
             {
                 _arguments.Add(new Argument<T>(propertyName, description));
             }
             else
             {
-                _options.Add(CreateOption<T>(alias, propertyName, description, defaultValue is null ? default! : defaultValue));
+                _options.Add(
+                    CreateOption(
+                        alias,
+                        propertyName,
+                        description,
+                        defaultValue is null ? default! : defaultValue));
             }
 
             return this;
         }
     }
 }
-#nullable disable

Diff for: src/Microsoft.DotNet.ImageBuilder/src/Commands/PostPublishNotificationCommand.cs

@@ -26,14 +26,17 @@ public class PostPublishNotificationCommand : ManifestCommand<PostPublishNotific
     {
         private readonly IVssConnectionFactory _connectionFactory;
         private readonly INotificationService _notificationService;
+        private readonly IOctokitClientFactory _octokitClientFactory;
 
         [ImportingConstructor]
         public PostPublishNotificationCommand(
             IVssConnectionFactory connectionFactory,
-            INotificationService notificationService)
+            INotificationService notificationService,
+            IOctokitClientFactory octokitClientFactory)
         {
             _connectionFactory = connectionFactory ?? throw new ArgumentNullException(nameof(connectionFactory));
             _notificationService = notificationService ?? throw new ArgumentNullException(nameof(notificationService));
+            _octokitClientFactory = octokitClientFactory ?? throw new ArgumentNullException(nameof(octokitClientFactory));
         }
 
         protected override string Description => "Posts a notification about a publishing event";
@@ -107,7 +110,7 @@ await _notificationService.PostAsync(
                 }.AppendIf(NotificationLabels.Failure, () => overallResult == BuildResult.Failed),
                 Options.GitOptions.Owner,
                 Options.GitOptions.Repo,
-                Options.GitOptions.AuthToken,
+                Options.GitOptions.GitHubAuthOptions,
                 Options.IsDryRun,
                 imagesMarkdown);
         }
@@ -117,8 +120,7 @@ await _notificationService.PostAsync(
             // In the case where the publish build was queued by AutoBuilder, this finds the GitHub issue associated
             // with that queued build.
 
-            GitHubClient gitHubClient = new(new ProductHeaderValue("dotnet"));
-            Credentials token = new(Options.GitOptions.AuthToken);
+            IGitHubClient gitHubClient = _octokitClientFactory.CreateGitHubClient(Options.GitOptions.GitHubAuthOptions);
             RepositoryIssueRequest issueRequest = new()
             {
                 Filter = IssueFilter.All,
@@ -127,7 +129,6 @@ await _notificationService.PostAsync(
             issueRequest.Labels.Add(NotificationLabels.AutoBuilder);
             issueRequest.Labels.Add(NotificationLabels.GetRepoLocationLabel(Options.SourceRepo, Options.SourceBranch));
 
-            gitHubClient.Credentials = token;
             IReadOnlyList<Octokit.Issue> issues = await gitHubClient.Issue.GetAllForRepository(
                 Options.GitOptions.Owner, Options.GitOptions.Repo, issueRequest);
 

Diff for: src/Microsoft.DotNet.ImageBuilder/src/Commands/PostPublishNotificationOptions.cs

@@ -25,7 +25,9 @@ public class PostPublishNotificationOptionsBuilder : ManifestOptionsBuilder
         private readonly AzdoOptionsBuilder _azdoOptionsBuilder = new();
         private readonly GitOptionsBuilder _gitOptionsBuilder =
             GitOptionsBuilder.Build()
-                .WithAuthToken(isRequired: true, description: "Auth token to use to connect to GitHub for posting notifications")
+                .WithGitHubAuth(
+                    isRequired: true,
+                    description: "Auth token to use to connect to GitHub for posting notifications")
                 .WithOwner(isRequired: true, description: "Owner of the GitHub repo to post notifications to")
                 .WithRepo(isRequired: true, description: "Name of the GitHub repo to post notifications to");
 

Diff for: src/Microsoft.DotNet.ImageBuilder/src/Commands/PublishImageInfoCommand.cs

@@ -7,6 +7,7 @@
 using System.IO;
 using System.Threading.Tasks;
 using LibGit2Sharp;
+using LibGit2Sharp.Handlers;
 
 #nullable enable
 namespace Microsoft.DotNet.ImageBuilder.Commands
@@ -42,11 +43,7 @@ public override Task ExecuteAsync()
                 _loggerService.WriteSubheading("Cloning GitHub repo");
 
                 CloneOptions cloneOptions = new() { BranchName = Options.GitOptions.Branch };
-                cloneOptions.FetchOptions.CredentialsProvider = (url, user, cred) => new UsernamePasswordCredentials
-                {
-                    Username = Options.GitOptions.AuthToken,
-                    Password = string.Empty
-                };
+                cloneOptions.FetchOptions.CredentialsProvider = GetCredentials(Options.GitOptions.GitHubAuthOptions);
 
                 using IRepository repo =_gitService.CloneRepository(
                     $"https://github.com/{Options.GitOptions.Owner}/{Options.GitOptions.Repo}",
@@ -96,15 +93,18 @@ private void UpdateGitRepos(string repoPath, IRepository repo)
             repo.Network.Push(branch,
                 new PushOptions
                 {
-                    CredentialsProvider = (url, user, cred) => new UsernamePasswordCredentials
-                    {
-                        Username = Options.GitOptions.AuthToken,
-                        Password = string.Empty
-                    }
+                    CredentialsProvider = GetCredentials(Options.GitOptions.GitHubAuthOptions)
                 });
 
             Uri gitHubCommitUrl = GitHelper.GetCommitUrl(Options.GitOptions, commit.Sha);
             _loggerService.WriteMessage($"The '{Options.GitOptions.Path}' file was updated: {gitHubCommitUrl}");
         }
+
+        private static CredentialsHandler GetCredentials(GitHubAuthOptions gitHubAuthOptions) =>
+            (url, user, cred) => new UsernamePasswordCredentials
+            {
+                Username = gitHubAuthOptions.AuthToken,
+                Password = string.Empty
+            };
     }
 }

Diff for: src/Microsoft.DotNet.ImageBuilder/src/Commands/PublishMcrDocsCommand.cs

@@ -59,7 +59,7 @@ public override async Task ExecuteAsync()
 
             if (!Options.IsDryRun)
             {
-                using IGitHubClient gitHubClient = _gitHubClientFactory.GetClient(Options.GitOptions.ToGitHubAuth(), Options.IsDryRun);
+                using IGitHubClient gitHubClient = _gitHubClientFactory.GetClient(Options.GitOptions, Options.IsDryRun);
 
                 await RetryHelper.GetWaitAndRetryPolicy<HttpRequestException>(_loggerService).ExecuteAsync(async () =>
                 {

Diff for: src/Microsoft.DotNet.ImageBuilder/src/Commands/QueueBuildCommand.cs

@@ -249,7 +249,7 @@ private async Task LogAndNotifyResultsAsync(
             notificationMarkdown.AppendLine();
             notificationMarkdown.AppendLine(NotificationHelper.FormatNotificationMetadata(queueInfo));
 
-            if (Options.GitOptions.AuthToken == string.Empty ||
+            if (!Options.GitOptions.GitHubAuthOptions.HasCredentials ||
                 Options.GitOptions.Owner == string.Empty ||
                 Options.GitOptions.Repo == string.Empty)
             {
@@ -267,7 +267,7 @@ await _notificationService.PostAsync(
                     }.AppendIf(NotificationLabels.Failure, () => exception is not null),
                     Options.GitOptions.Owner,
                     Options.GitOptions.Repo,
-                    Options.GitOptions.AuthToken,
+                    Options.GitOptions.GitHubAuthOptions,
                     Options.IsDryRun);
             }
         }

Diff for: src/Microsoft.DotNet.ImageBuilder/src/Commands/QueueBuildOptions.cs

@@ -23,7 +23,7 @@ public class QueueBuildOptionsBuilder : CliOptionsBuilder
         private readonly AzdoOptionsBuilder _azdoOptionsBuilder = new();
         private readonly GitOptionsBuilder _gitOptionsBuilder =
             GitOptionsBuilder.Build()
-                .WithAuthToken(description: "Auth token to use to connect to GitHub for posting notifications")
+                .WithGitHubAuth(description: "Auth token to use to connect to GitHub for posting notifications")
                 .WithOwner(description: "Owner of the GitHub repo to post notifications to")
                 .WithRepo(description: "Name of the GitHub repo to post notifications to");
 

Diff for: src/Microsoft.DotNet.ImageBuilder/src/GitHubClientFactory.cs

@@ -5,6 +5,7 @@
 using System;
 using System.ComponentModel.Composition;
 using System.Threading.Tasks;
+using Microsoft.DotNet.ImageBuilder.Commands;
 using Microsoft.DotNet.VersionTools.Automation;
 using Microsoft.DotNet.VersionTools.Automation.GitHubApi;
 
@@ -21,9 +22,14 @@ public GitHubClientFactory(ILoggerService loggerService)
             _loggerService = loggerService ?? throw new ArgumentNullException(nameof(loggerService));
         }
 
-        public IGitHubClient GetClient(GitHubAuth gitHubAuth, bool isDryRun)
+        public IGitHubClient GetClient(GitOptions gitOptions, bool isDryRun)
         {
-            return new GitHubClientWrapper(_loggerService, new GitHubClient(gitHubAuth), isDryRun);
+            var auth = new GitHubAuth(
+                authToken: gitOptions.GitHubAuthOptions.AuthToken,
+                user: gitOptions.Username,
+                email: gitOptions.Email);
+
+            return new GitHubClientWrapper(_loggerService, new GitHubClient(auth), isDryRun);
         }
 
         // Wrapper class to ensure that no operations with side-effects are invoked when the dry-run option is enabled

Diff for: src/Microsoft.DotNet.ImageBuilder/src/IGitHubClientFactory.cs

@@ -2,13 +2,13 @@
 // The .NET Foundation licenses this file to you under the MIT license.
 // See the LICENSE file in the project root for more information.
 
-using Microsoft.DotNet.VersionTools.Automation;
+using Microsoft.DotNet.ImageBuilder.Commands;
 using Microsoft.DotNet.VersionTools.Automation.GitHubApi;
 
 namespace Microsoft.DotNet.ImageBuilder
 {
     public interface IGitHubClientFactory
     {
-        IGitHubClient GetClient(GitHubAuth gitHubAuth, bool isDryRun);
+        IGitHubClient GetClient(GitOptions gitOptions, bool isDryRun);
     }
 }

Diff for: src/Microsoft.DotNet.ImageBuilder/src/INotificationService.cs

@@ -3,6 +3,7 @@
 
 using System.Collections.Generic;
 using System.Threading.Tasks;
+using Microsoft.DotNet.ImageBuilder.Commands;
 
 #nullable enable
 namespace Microsoft.DotNet.ImageBuilder;
@@ -15,7 +16,7 @@ Task PostAsync(
         IEnumerable<string> labels,
         string repoOwner,
         string repoName,
-        string gitHubAccessToken,
+        GitHubAuthOptions gitHubAuth,
         bool isDryRun,
         IEnumerable<string>? comments = null);
 }