Add support for github.com authentication token

README.md

@@ -15,6 +15,7 @@ A GitHub Action for installing the [helm/chart-testing](https://github.com/helm/
 
 For more information on inputs, see the [API Documentation](https://developer.github.com/v3/repos/releases/#input)
 
+- `token`: The token used to authenticate when fetching chart-testing release from github.com (optional)
 - `version`: The chart-testing version to install (default: `v3.8.0`)
 - `yamllint_version`: The chart-testing version to install (default: `1.27.1`)
 - `yamale_version`: The chart-testing version to install (default: `3.0.4`)

action.yml

@@ -5,6 +5,9 @@ branding:
   color: blue
   icon: anchor
 inputs:
+  token:
+    description: "The token used to authenticate when fetching chart-testing release. When running this action on github.com, the default value is sufficient. When running on GHES, you can pass a personal access token for github.com if you are experiencing rate limiting."
+    default: ${{ github.server_url == 'https://github.com' && github.token || '' }}
   version:
     description: "The chart-testing version to install (default: v3.8.0)"
     required: false
@@ -24,6 +27,7 @@ runs:
     - run: |
         cd $GITHUB_ACTION_PATH \
         && ./ct.sh \
+            --token ${{ inputs.token }} \
             --version ${{ inputs.version }} \
             --yamllint-version ${{ inputs.yamllint_version }} \
             --yamale-version ${{ inputs.yamale_version }}

ct.sh

@@ -14,10 +14,12 @@ Usage: $(basename "$0") <options>
 
     -h, --help          Display help
     -v, --version       The chart-testing version to use (default: $DEFAULT_CHART_TESTING_VERSION)"
+    -t, --token         The token used to authenticate when fetching chart-testing release from github.com"
 EOF
 }
 
 main() {
+    local token=""
     local version="$DEFAULT_CHART_TESTING_VERSION"
     local yamllint_version="$DEFAULT_YAMLLINT_VERSION"
     local yamale_version="$DEFAULT_YAMALE_VERSION"
@@ -34,6 +36,16 @@ parse_command_line() {
                 show_help
                 exit
                 ;;
+            -t|--token)
+                if [[ -n "${2:-}" ]]; then
+                    token="$2"
+                    shift
+                else
+                    echo "ERROR: '-t|--token' cannot be empty." >&2
+                    show_help
+                    exit 1
+                fi
+                ;;
             -v|--version)
                 if [[ -n "${2:-}" ]]; then
                     version="$2"
@@ -95,8 +107,14 @@ install_chart_testing() {
         CT_CERT=https://github.com/helm/chart-testing/releases/download/$version/chart-testing_${version#v}_linux_$arch.tar.gz.pem
         CT_SIG=https://github.com/helm/chart-testing/releases/download/$version/chart-testing_${version#v}_linux_$arch.tar.gz.sig
 
-        curl --retry 5 --retry-delay 1 -sSLo ct.tar.gz "https://github.com/helm/chart-testing/releases/download/$version/chart-testing_${version#v}_linux_$arch.tar.gz"
-        cosign verify-blob --certificate $CT_CERT --signature $CT_SIG \
+        if [ ! -z "$token" ]; then
+            auth+=(--header "Authorization: Bearer ${token}")
+        fi
+
+        curl "${auth[@]}" --retry 5 --retry-delay 1 -sSLo chart-testing.tar.gz.pem $CT_CERT
+        curl "${auth[@]}" --retry 5 --retry-delay 1 -sSLo chart-testing.tar.gz.sig $CT_SIG
+        curl "${auth[@]}" --retry 5 --retry-delay 1 -sSLo ct.tar.gz "https://github.com/helm/chart-testing/releases/download/$version/chart-testing_${version#v}_linux_$arch.tar.gz"
+        cosign verify-blob --certificate ./chart-testing.tar.gz.pem --signature ./chart-testing.tar.gz.sig \
           --certificate-identity "https://github.com/helm/chart-testing/.github/workflows/release.yaml@refs/heads/main" \
           --certificate-oidc-issuer "https://token.actions.githubusercontent.com" ct.tar.gz
         retVal=$?