Merge pull request #9145 from nextcloud/use-authorized-github-checks

Add auth token to github requests

2 files changed, 8 insertions, 0 deletions

diff --git a/.drone.yml b/.drone.yml
index 170cb241c86..3a0d5ade9ee 100644
--- a/.drone.yml
+++ b/.drone.yml
@@ -18,6 +18,7 @@ pipeline:
     image: nextcloudci/php7.0:php7.0-19
     commands:
       - ./autotest-checkers.sh
+    secrets: [ github_token ]
     when:
       matrix:
         TESTS: checkers
diff --git a/build/signed-off-checker.php b/build/signed-off-checker.php
index 49890cb0f3d..f21854a83d1 100644
--- a/build/signed-off-checker.php
+++ b/build/signed-off-checker.php
@@ -31,6 +31,7 @@ $pullRequestNumber = getenv('DRONE_PULL_REQUEST');
 $repoOwner = getenv('DRONE_REPO_OWNER');
 $repoName = getenv('DRONE_REPO_NAME');
 $droneEvent = getenv('DRONE_BUILD_EVENT');
+$githubToken = getenv('GITHUB_TOKEN');
 
 if(is_string($droneEvent) && $droneEvent === 'push') {
 	echo("Push event - no signed-off check required.\n");
@@ -52,10 +53,16 @@ if(!is_string($repoName) || $repoName === '') {
 	exit(1);
 }
 
+if(!is_string($githubToken) || $githubToken === '') {
+	echo("The environment variable GITHUB_TOKEN has no proper value.\n");
+	exit(1);
+}
+
 $ch = curl_init();
 curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
 curl_setopt($ch, CURLOPT_URL, 'https://api.github.com/repos/'.$repoOwner.'/'.$repoName.'/pulls/'.$pullRequestNumber.'/commits');
 curl_setopt($ch, CURLOPT_USERAGENT, 'CI for Nextcloud (https://github.com/nextcloud/server)');
+curl_setopt($ch, CURLOPT_HTTPHEADER, 'Authorization: token ' . $githubToken);
 $response = curl_exec($ch);
 curl_close($ch);