Pass Github Token to the composer.sh install script

[chrispelzer]

The problem with #492 and #491 might be due to the github token not being passed to composer.

This corrects and installs PHPUnit, as if a github_pat was set, it still never ended up getting to composer.sh

I can't say much for if it's an issue for the VMware provider as I only run Virtualbox.

[stefantalen]

I'll try your solution later today, with the changes in my PR I got it working again. Maybe we should merge both solutions?

[stefantalen]

Applying only your changes results in this error:

==> Vaprobash: >>> Installing Global Composer Packages:
==> Vaprobash:      codeception/codeception=* phpspec/phpspec:2.0.*@dev squizlabs/php_codesniffer:1.5.*
==> Vaprobash: Changed current directory to /home/vagrant/.composer
==> Vaprobash:                                                                                                
==> Vaprobash:   [UnexpectedValueException]                                                                   
==> Vaprobash:   Your github oauth token for github.com contains invalid characters: "phpunit/phpunit:4.0.*"  
==> Vaprobash:                                                                                                
==> Vaprobash: require [--dev] [--prefer-source] [--prefer-dist] [--no-progress] [--no-update] [--update-no-dev] [--update-with-dependencies] [--ignore-platform-reqs] [--sort-packages] [packages1] ... [packagesN]

Applying my changes and rerunning it results in the same error. I'll try some different settings to see if I can get it working.

[chrispelzer]

@stefantalen

I'll take a look at it later.

You are creating a Github Token for Github account and setting it at
https://github.com/fideloper/Vaprobash/blob/master/Vagrantfile#L10 correct?

[stefantalen]

Yes, I created a token at https://github.com/settings/tokens with repo access.

Debugging by adding these lines to composer.sh (Most current version) shows me no token

echo ">>> Setting GitHub token:"
echo "    " ${GITHUB_OAUTH[@]}

Looks like the arguments still aren't handled correctly.

[chrispelzer]

@stefantalen
It works for me with your latest changes from #492 merged with this PR.

With the current master branch, the token is never getting passed to the script to begin with due to the $1 being "" instead of github_pat

  # config.vm.provision "shell", path: "#{github_url}/scripts/composer.sh", privileged: false, args: ["", composer_packages.join(" ")]

https://github.com/fideloper/Vaprobash/blob/master/Vagrantfile#L323

I'm curious what is getting set for you under /home/vagrant/.composer/auth.json when it's giving you the error below:

==> Vaprobash:   [UnexpectedValueException]                                                                   
==> Vaprobash:   Your github oauth token for github.com contains invalid characters: "phpunit/phpunit:4.0.*"  

With #492 and this change, if I set the github_pat within the Vagrantfile it will set it correctly under /home/vagrant/.composer/auth.json for github.com

[stefantalen]

I feel really dumb right now, I commented the original composer installer script and still used my local script. That one never passed the argument 😅

Maybe you can consider adding some echo's within the if statement when the token is being set? That way it'll be more visible what has been set during provision.

[chrispelzer]

Added an echo with the token output.

Should the token be in the output or is the "Setting Github Personal Access Token" sufficient enough?

==> Vaprobash: Running provisioner: shell...
    Vaprobash: Running: /var/folders/44/npkcjjh17r54fgrwl2n54z2c0000gn/T/vagrant-shell20150905-65058-16g34s0.sh
==> Vaprobash: >>> Updating Composer
==> Vaprobash: You are already using composer version 4590012a57d829f18bfb819ce7041671ba2b0a67.
==> Vaprobash: >>> Setting Github Personal Access Token: {GITHUB TOKEN SET SHOWN HERE}
==> Vaprobash: >>> Installing Global Composer Packages:
==> Vaprobash:      phpunit/phpunit:4.0.* codeception/codeception=* phpspec/phpspec:2.0.*@dev squizlabs/php_codesniffer:1.5.*

[chrispelzer]

Just noticed this should also correct @Ilyes512 concern at #465 (comment)

[stefantalen]

👍

I think adding the token to the output will let you know what token has been set in case something went wrong.

[chrispelzer]

Though problem might be that if people aren't aware they could be exposing their PAT tokens when showing the output of a vagrant up to show issues.

I guess you could say the same thing about posting their Vagrantfile, so non-issue, just a thought.

[Ilyes512]

Maybe concat the token first before displaying it?

[stefantalen]

@chrispelzer Does this need any rework? Or is it ready to merge?

[chrispelzer]

This is ready to merge. The Github PAT will get passed correctly when set.

I reversed the PAT token from being shown, even though it's a development only situation. I just don't like it being exposed and the possibility of someone copying and pasting it.

[fideloper]

thanks!