@@ -23,14 +23,20 @@ runs:
2323 fi
2424 response=$(curl -sf -H "Authorization: Bearer ${{ inputs.api-secret }}" \
2525 "https://mise-versions.jdx.dev/api/token" || true)
26- if [ -n "$response" ]; then
27- token=$(echo "$response" | jq -r '.token')
28- # Validate token looks like a GitHub token (starts with gh and has reasonable length)
29- if [[ "$token" =~ ^gh[a-z]_[A-Za-z0-9_]+$ ]] && [ ${#token} -ge 20 ]; then
30- echo "::add-mask::$token"
31- echo "token=$token" >> "$GITHUB_OUTPUT"
32- echo "token_id=$(echo "$response" | jq -r '.token_id')" >> "$GITHUB_OUTPUT"
33- else
34- echo "Invalid or missing token in response, skipping"
35- fi
26+ if [ -z "$response" ]; then
27+ exit 0
28+ fi
29+ token=$(echo "$response" | jq -r '.token')
30+ echo "::add-mask::$token"
31+ # Validate token looks like a GitHub token (starts with gh and has reasonable length)
32+ if ! [[ "$token" =~ ^gh[a-z]_[A-Za-z0-9_]+$ ]] || [ ${#token} -lt 20 ]; then
33+ echo "Invalid or missing token in response, skipping"
34+ exit 0
35+ fi
36+ # Validate the token works by calling GitHub API
37+ if ! curl -sf -H "Authorization: token $token" "https://api.github.com/rate_limit" > /dev/null; then
38+ echo "Token failed GitHub API validation, skipping"
39+ exit 0
3640 fi
41+ echo "token=$token" >> "$GITHUB_OUTPUT"
42+ echo "token_id=$(echo "$response" | jq -r '.token_id')" >> "$GITHUB_OUTPUT"
0 commit comments