[Bug]: Fails to clone policy repo using GitHub App auth

[abhilash-issac]

What happened?

A bug happened! The issue is the same as the below issue

#30

Please find my workflow that I'm trying to execute here

Kindly let me know if any information is needed.

Version

v2 (current major version)

Where are you experiencing the issue?

GitHub Actions

Relevant log output

Run advanced-security/policy-as-code@main
Run echo "Running Policy as Code..."
Running Policy as Code...
INFO:root:GitHub Repository :: CanarysPlayground/IDBI-GHAS-Demo
INFO:root:GitHub Instance :: https://github.com
INFO:root:GitHub Reference (branch/pr) :: refs/heads/main
INFO:root:Loading Policy as Code from Repository - https://github.com/CanarysPlayground/GHAS-Reusable/
INFO:root:Cloning policy repo - CanarysPlayground/GHAS-Reusable@main
Traceback (most recent call last):
  File "/usr/lib/python3.10/runpy.py", line 196, in _run_module_as_main
    return _run_code(code, main_globals, None,
  File "/usr/lib/python3.10/runpy.py", line 86, in _run_code
    exec(code, run_globals)
  File "/home/runner/work/_actions/advanced-security/policy-as-code/main/ghascompliance/__main__.py", line 150, in <module>
    policy = Policy(
  File "/home/runner/work/_actions/advanced-security/policy-as-code/main/ghascompliance/policy.py", line 58, in __init__
    self.loadFromRepo()
  File "/home/runner/work/_actions/advanced-security/policy-as-code/main/ghascompliance/policy.py", line 77, in loadFromRepo
    self.repository.clone(clobber=True, depth=1)
  File "/home/runner/work/_actions/advanced-security/policy-as-code/main/vendor/ghastoolkit/octokit/repository.py", line 220, in clone
    subprocess.check_call(cmd, stdout=null, stderr=null)
  File "/usr/lib/python3.10/subprocess.py", line 369, in check_call
    raise CalledProcessError(retcode, cmd)
subprocess.CalledProcessError: Command '['git', 'clone', '-b', 'main', '--depth', '1', 'https://***@github.com/CanarysPlayground/GHAS-Reusable', '/tmp/repo']' returned non-zero exit status 128.
 _____  _   _   ___   _____ _____                       _ _                      
|  __ \| | | | / _ \ /  ___/  __ \                     | (_)                     
| |  \/| |_| |/ /_\ \\ `--.| /  \/ ___  _ __ ___  _ __ | |_  __ _ _ __   ___ ___ 
| | __ |  _  ||  _  | `--. \ |    / _ \| '_ ` _ \| '_ \| | |/ _` | '_ \ / __/ _ \
| |_\ \| | | || | | |/\__/ / \__/\ (_) | | | | | | |_) | | | (_| | | | | (_|  __/
 \____/\_| |_/\_| |_/\____/ \____/\___/|_| |_| |_| .__/|_|_|\__,_|_| |_|\___\___|
                                                 | |                             
                                                 |_|         v2.8.0
    GitHub Advanced Security Policy as Code by GeekMasher

GitHub Repository :: CanarysPlayground/IDBI-GHAS-Demo
GitHub Instance :: https://github.com
GitHub Reference (branch/pr) :: refs/heads/main
Policy as Code
  Loading Policy as Code from Repository - https://github.com/CanarysPlayground/GHAS-Reusable/
  Cloning policy repo - CanarysPlayground/GHAS-Reusable@main
  Error: Process completed with exit code 1.

Code of Conduct

• I agree to follow this project's Code of Conduct

[GeekMasher]

@abhilash-issac thank you for reporting the bug. Have you set up the permissions right so your Access Token (PAT or GitHub App) can access the repository where the policy is stored?

[abhilash-issac]

@GeekMasher Yes, the permissions seems to be right. I'm using the same Github App to run various scripts which seems to be working fine...

[GeekMasher]

Looking at 'https://***@github.com/CanarysPlayground/GHAS-Reusable' seems to me you might have not enabled the "Using a GitHub App" mode.

with:
  # Argv required to get GitHub App auth working
  argvs: '--is-github-app-token'

This is something I could improve on tho and try both, I will create a PR for this but in the meantime please enable the flag