From 4f1f119723074eed2637e4d8b1f0d98f4df7fb68 Mon Sep 17 00:00:00 2001
From: Joshua B <joshdev@9ci.com>
Date: Thu, 31 Mar 2022 15:21:13 -0600
Subject: [PATCH] change so vault requires the GITHUB_TOKEN

---
 Makefile             |  2 +-
 makefiles/vault.make | 12 ++++++++++--
 2 files changed, 11 insertions(+), 3 deletions(-)

diff --git a/Makefile b/Makefile
index 0cc8529..2cb4f34 100644
--- a/Makefile
+++ b/Makefile
@@ -15,7 +15,7 @@ include $(SHIPKIT_MAKEFILES)/bats-testing.make
 
 # -- Variables ---
 export BOT_EMAIL ?= 9cibot@9ci.com
-export VAULT_URL = https://github.com/9ci/vault.git
+export VAULT_REPO = 9ci/vault
 # can be set here but best do it on command line with make
 # export LOGIT_DEBUG_ENABLED := true
 
diff --git a/makefiles/vault.make b/makefiles/vault.make
index f3e514e..d802939 100644
--- a/makefiles/vault.make
+++ b/makefiles/vault.make
@@ -8,6 +8,14 @@ VAULT_DIR   ?= $(BUILD_DIR)/vault
 VAULT_FILES ?= bot.enc.env
 VAULT_BOT_ENV_FILE := $(VAULT_DIR)/bot.env
 
+VAULT_BASE_URL ?= github.com/$(VAULT_REPO).git
+VAULT_GITHUB_URL ?= https://$(VAULT_BASE_URL)
+
+ifdef GITHUB_TOKEN
+  VAULT_GITHUB_URL = https://dummy:$(GITHUB_TOKEN)@$(VAULT_BASE_URL)
+endif
+
+
 # --- look for build/vault/bot.env , run  sops.decrypt-vault-files --
 # we import it straight into make since these are secrets, dont want them in BUILD_VARS where they can get logged
 
@@ -42,8 +50,8 @@ $(SOP_SH):
 # easier for testing
 sops.install: $(SOP_SH)
 
-vault.clone: | _verify_VAULT_URL
-	[ ! -e $(VAULT_DIR) ] && git clone $(VAULT_URL) $(VAULT_DIR) || :;
+vault.clone: | _verify_VAULT_GITHUB_URL
+	[ ! -e $(VAULT_DIR) ] && git clone $(VAULT_GITHUB_URL) $(VAULT_DIR) || :;
 
 # alias for legacy refs
 vault.decrypt-files: vault.decrypt