fix(ng-dev): properly handle github token escapes with ng-dev service auth (#774)

We now correctly handle when the github-escape-hatch is used and don't always
assume that a github token should be checked for.

PR Close #774

Author: josephperrott

github-actions/slash-commands/main.js

@@ -70153,7 +70153,7 @@ async function fetchPullRequestFromGithub(git, prNumber) {
 }
 
 // 
-async function rebasePr(prNumber, githubToken) {
+async function rebasePr(prNumber) {
   const git = await AuthenticatedGitClient.get();
   if (git.hasUncommittedChanges()) {
     Log.error("Cannot perform rebase of PR with local changes.");
@@ -70169,8 +70169,8 @@ async function rebasePr(prNumber, githubToken) {
   const baseRefName = pr.baseRef.name;
   const fullHeadRef = `${pr.headRef.repository.nameWithOwner}:${headRefName}`;
   const fullBaseRef = `${pr.baseRef.repository.nameWithOwner}:${baseRefName}`;
-  const headRefUrl = addTokenToGitHttpsUrl(pr.headRef.repository.url, githubToken);
-  const baseRefUrl = addTokenToGitHttpsUrl(pr.baseRef.repository.url, githubToken);
+  const headRefUrl = addTokenToGitHttpsUrl(pr.headRef.repository.url, git.githubToken);
+  const baseRefUrl = addTokenToGitHttpsUrl(pr.baseRef.repository.url, git.githubToken);
   const forceWithLeaseFlag = `--force-with-lease=${headRefName}:${pr.headRefOid}`;
   if (!pr.maintainerCanModify && !pr.viewerDidAuthor) {
     Log.error(`Cannot rebase as you did not author the PR and the PR does not allow maintainersto modify the PR`);
@@ -70229,7 +70229,7 @@ async function rebase(installationClient, installationToken) {
     }
   });
   AuthenticatedGitClient.configure(installationToken);
-  if (await rebasePr(import_github5.context.issue.number, installationToken) !== 0) {
+  if (await rebasePr(import_github5.context.issue.number) !== 0) {
     await installationClient.issues.createComment({
       ...import_github5.context.repo,
       issue_number: import_github5.context.issue.number,

ng-dev/utils/ng-dev-service.ts

@@ -15,7 +15,7 @@ import {
   restoreNgTokenFromDiskIfValid,
 } from '../auth/shared/ng-dev-token.js';
 import {assertValidGithubConfig, getConfig} from './config.js';
-import {addGithubTokenOption} from './git/github-yargs.js';
+import {configureGitClientWithTokenOrFromEnvironment} from './git/github-yargs.js';
 import {Log} from './logging.js';
 
 /** Configuration for the firebase application used for ng-dev token management. */
@@ -48,15 +48,19 @@ export async function useNgDevService<T>(
   }
 
   return (
-    addGithubTokenOption(argv)
+    argv
       // TODO(josephperrott): remove once stability is validated.
       .option('github-escape-hatch' as 'githubEscapeHatch', {
         type: 'boolean',
-        default: false,
+        hidden: true,
+      })
+      .option('github-token' as 'githubToken', {
+        type: 'string',
+        implies: 'github-escape-hatch',
         hidden: true,
       })
       .middleware(
-        async (args: Arguments<T & {githubToken: string | null; githubEscapeHatch: boolean}>) => {
+        async (args: Arguments<T & {githubToken?: string; githubEscapeHatch?: boolean}>) => {
           // TODO(josephperrott): remove this guard against running multiple times after
           //   https://github.com/yargs/yargs/issues/2223 is fixed
           if (ngDevServiceMiddlewareHasRun) {
@@ -67,17 +71,17 @@ export async function useNgDevService<T>(
           initializeApp(firebaseConfig);
           await restoreNgTokenFromDiskIfValid();
 
-          if (args.githubEscapeHatch === true) {
-            Log.warn('This escape hatch should only be used if the service is erroring. Please');
-            Log.warn(
-              'inform #dev-infra of the need to use this escape hatch so it can be triaged.',
-            );
+          if (isAuthCommand) {
+            Log.debug('Skipping ng-dev token request as this is an auth command');
             return;
           }
-          args.githubToken = null;
 
-          if (isAuthCommand) {
-            Log.debug('Skipping ng-dev token request as this is an auth command');
+          if (args.githubEscapeHatch === true) {
+            // Use the configuration helper to set up the GithubClient using the provided auth
+            // token or environment.
+            configureGitClientWithTokenOrFromEnvironment(args.githubToken);
+            Log.warn('This escape hatch should only be used if the service is erroring. Please');
+            Log.warn('inform #dev-infra of using this escape hatch so it can be triaged.');
             return;
           }