Fix GHA token missing bug (#731)

* Update test-extensions.php

* Enable UPX test

* Add debug messages

* Test

* Revert

* Update tests.yml

* Update tests.yml

* Explict define GITHUB_TOKEN

* What's this???

* Check GITHUB_TOKEN in workflow

* Test token variable in step

* Test token variable inside php

* Test token in command

* Get env in commands

* Revert workflow env, add passthrough GITHUB_TOKEN into docker

* See build commands

* See build commands

* Typo fix

* Remove debug symbol for normal mode

.github/workflows/tests.yml

@@ -17,8 +17,7 @@ on:
       - 'box.json'
       - '.php-cs-fixer.php'
 
-permissions:
-  contents: read
+permissions: read-all
 
 env:
   GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
@@ -191,7 +190,7 @@ jobs:
           echo "UPX_CMD=$(php src/globals/test-extensions.php upx)" >> $GITHUB_ENV
 
       - name: "Run Build Tests (download)"
-        run: php src/globals/test-extensions.php download_cmd ${{ matrix.os }} ${{ matrix.php }}
+        run: GITHUB_TOKEN=${{ secrets.GITHUB_TOKEN }} php src/globals/test-extensions.php download_cmd ${{ matrix.os }} ${{ matrix.php }}
 
       - name: "Run Build Tests (build)"
         run: php src/globals/test-extensions.php build_cmd ${{ matrix.os }} ${{ matrix.php }}

bin/spc-alpine-docker

@@ -121,6 +121,13 @@ if [ -f "$(pwd)/craft.yml" ]; then
     MOUNT_LIST="$MOUNT_LIST -v ""$(pwd)""/craft.yml:/app/craft.yml"
 fi
 
+# Environment variable passthrough
+ENV_LIST=""
+ENV_LIST="$ENV_LIST -e SPC_FIX_DEPLOY_ROOT="$(pwd)""
+if [ ! -z "$GITHUB_TOKEN" ]; then
+    ENV_LIST="$ENV_LIST -e GITHUB_TOKEN=$GITHUB_TOKEN"
+fi
+
 # Run docker
 # shellcheck disable=SC2068
 # shellcheck disable=SC2086
@@ -139,8 +146,8 @@ if [ "$SPC_DOCKER_DEBUG" = "yes" ]; then
     echo "*    ./downloads: $(pwd)/downloads"
     echo "*    ./pkgroot:   $(pwd)/pkgroot"
     echo "*"
-
-    $DOCKER_EXECUTABLE run --rm $INTERACT -e SPC_FIX_DEPLOY_ROOT="$(pwd)" $MOUNT_LIST cwcc-spc-$SPC_USE_ARCH-$SPC_DOCKER_VERSION
+    set -ex
+    $DOCKER_EXECUTABLE run --rm $INTERACT $ENV_LIST $MOUNT_LIST cwcc-spc-$SPC_USE_ARCH-$SPC_DOCKER_VERSION
 else
-    $DOCKER_EXECUTABLE run --rm $INTERACT -e SPC_FIX_DEPLOY_ROOT="$(pwd)" $MOUNT_LIST cwcc-spc-$SPC_USE_ARCH-$SPC_DOCKER_VERSION bin/spc $@
+    $DOCKER_EXECUTABLE run --rm $INTERACT $ENV_LIST $MOUNT_LIST cwcc-spc-$SPC_USE_ARCH-$SPC_DOCKER_VERSION bin/spc $@
 fi

bin/spc-gnu-docker

@@ -1,8 +1,5 @@
 #!/usr/bin/env bash
 
-# This file is using docker to run commands
-set -e
-
 # Detect docker can run
 if ! which docker >/dev/null; then
   echo "Docker is not installed, please install docker first !"
@@ -143,6 +140,13 @@ echo 'SPC_LIBC=glibc' >> /tmp/spc-gnu-docker.env
 echo 'SPC_CMD_VAR_PHP_MAKE_EXTRA_LDFLAGS_PROGRAM="-Wl,-O1 -pie"' >> /tmp/spc-gnu-docker.env
 echo 'SPC_CMD_VAR_PHP_MAKE_EXTRA_LIBS="-ldl -lpthread -lm -lresolv -lutil -lrt"' >> /tmp/spc-gnu-docker.env
 
+# Environment variable passthrough
+ENV_LIST=""
+ENV_LIST="$ENV_LIST -e SPC_FIX_DEPLOY_ROOT="$(pwd)""
+if [ ! -z "$GITHUB_TOKEN" ]; then
+    ENV_LIST="$ENV_LIST -e GITHUB_TOKEN=$GITHUB_TOKEN"
+fi
+
 # Run docker
 # shellcheck disable=SC2068
 # shellcheck disable=SC2086
@@ -162,8 +166,8 @@ if [ "$SPC_DOCKER_DEBUG" = "yes" ]; then
     echo "*    ./downloads: $(pwd)/downloads"
     echo "*    ./pkgroot:   $(pwd)/pkgroot"
     echo "*"
-
-    $DOCKER_EXECUTABLE run --rm -it --privileged $INTERACT -e SPC_FIX_DEPLOY_ROOT="$(pwd)" --env-file /tmp/spc-gnu-docker.env $MOUNT_LIST cwcc-spc-gnu-$SPC_USE_ARCH
+    set -ex
+    $DOCKER_EXECUTABLE run --rm -it --privileged $INTERACT $ENV_LIST --env-file /tmp/spc-gnu-docker.env $MOUNT_LIST cwcc-spc-gnu-$SPC_USE_ARCH
 else
-    $DOCKER_EXECUTABLE run --rm $INTERACT -e SPC_FIX_DEPLOY_ROOT="$(pwd)" --env-file /tmp/spc-gnu-docker.env $MOUNT_LIST cwcc-spc-gnu-$SPC_USE_ARCH bin/spc $@
+    $DOCKER_EXECUTABLE run --rm $INTERACT $ENV_LIST --env-file /tmp/spc-gnu-docker.env $MOUNT_LIST cwcc-spc-gnu-$SPC_USE_ARCH bin/spc $@
 fi

src/SPC/store/CurlHook.php

@@ -15,18 +15,20 @@ class CurlHook
      */
     public static function setupGithubToken(string $method, string $url, array &$headers): void
     {
-        if (!getenv('GITHUB_TOKEN')) {
+        $token = getenv('GITHUB_TOKEN');
+        if (!$token) {
+            logger()->debug('no github token found, skip');
             return;
         }
         if (getenv('GITHUB_USER')) {
-            $auth = base64_encode(getenv('GITHUB_USER') . ':' . getenv('GITHUB_TOKEN'));
+            $auth = base64_encode(getenv('GITHUB_USER') . ':' . $token);
             $he = "Authorization: Basic {$auth}";
             if (!in_array($he, $headers)) {
                 $headers[] = $he;
             }
             logger()->info("using basic github token for {$method} {$url}");
         } else {
-            $auth = getenv('GITHUB_TOKEN');
+            $auth = $token;
             $he = "Authorization: Bearer {$auth}";
             if (!in_array($he, $headers)) {
                 $headers[] = $he;

src/globals/test-extensions.php

@@ -13,22 +13,22 @@ declare(strict_types=1);
 
 // test php version (8.1 ~ 8.4 available, multiple for matrix)
 $test_php_version = [
-    '8.1',
-    '8.2',
-    '8.3',
+    // '8.1',
+    // '8.2',
+    // '8.3',
     '8.4',
 ];
 
 // test os (macos-13, macos-14, macos-15, ubuntu-latest, windows-latest are available)
 $test_os = [
-    'macos-13',
+    // 'macos-13',
     // 'macos-14',
     'macos-15',
     'ubuntu-latest',
-    'ubuntu-22.04',
+    // 'ubuntu-22.04',
     // 'ubuntu-24.04',
-    'ubuntu-22.04-arm',
-    'ubuntu-24.04-arm',
+    // 'ubuntu-22.04-arm',
+    // 'ubuntu-24.04-arm',
     // 'windows-latest',
 ];
 
@@ -131,7 +131,7 @@ if ($argv[1] === 'doctor_cmd') {
     $doctor_cmd = 'doctor --auto-fix --debug';
 }
 if ($argv[1] === 'install_upx_cmd') {
-    $install_upx_cmd = 'install-pkg upx';
+    $install_upx_cmd = 'install-pkg upx --debug';
 }
 
 $prefix = match ($argv[2] ?? null) {