From d030d5b792ea8502e7e41653918cfec2cf4be8e1 Mon Sep 17 00:00:00 2001
From: Adrian Cole <adrian@tetrate.io>
Date: Sun, 10 Oct 2021 14:26:36 -1000
Subject: [PATCH] Authenticate when downloading draft release assets

Signed-off-by: Adrian Cole <adrian@tetrate.io>
---
 .github/workflows/release.yaml | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
index 00f60d4e..0a1d8da1 100644
--- a/.github/workflows/release.yaml
+++ b/.github/workflows/release.yaml
@@ -80,7 +80,7 @@ jobs:
         run: |
           gh release download "${GITHUB_REF#refs/tags/}" -p '${{ matrix.pattern }}'
           ${{ matrix.unzip || 'tar -xzf *.tar.gz && rm *.tar.gz' }}
-        env:  # authenticate as the release is a draft
+        env:  # authenticate release downloads as drafts are not public
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
 
       - name: "Run e2e tests using draft `func-e` binary"
@@ -102,11 +102,14 @@ jobs:
         run: |
           gh release download "${GITHUB_REF#refs/tags/}" -p '*linux_amd64.deb' -D dist
           packaging/nfpm/verify_deb.sh
+        env:  # authenticate release downloads as drafts are not public
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
 
       - name: "Test RPM package (CentOS)"
         if: runner.os == 'Linux'
-        run: |
+        run: |  # Note: the naming convention is intentionally different for RPM: x86_64 not amd64!
           gh release download "${GITHUB_REF#refs/tags/}" -p '*linux_x86_64.rpm' -D dist
           docker run --rm -v $PWD:/work --entrypoint packaging/nfpm/verify_rpm.sh ${CENTOS_IMAGE}
-        env:  # CENTOS_IMAGE was built by internal-images.yaml
-          CENTOS_IMAGE: ghcr.io/tetratelabs/func-e-internal:centos-8
+        env:  # authenticate release downloads as drafts are not public
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          CENTOS_IMAGE: ghcr.io/tetratelabs/func-e-internal:centos-8  # See internal-images.yaml