From e8ce194ff702f3c272ba60725ec344a76ea26175 Mon Sep 17 00:00:00 2001
From: Garrett Delfosse <garrett@coder.com>
Date: Tue, 30 Apr 2024 16:23:20 +0000
Subject: [PATCH] use code cli for token and update readme

---
 github-upload-public-key/README.md | 21 ++++++++++++++++-----
 github-upload-public-key/run.sh    | 10 ++++++++--
 2 files changed, 24 insertions(+), 7 deletions(-)

diff --git a/github-upload-public-key/README.md b/github-upload-public-key/README.md
index 208e36a..4317e02 100644
--- a/github-upload-public-key/README.md
+++ b/github-upload-public-key/README.md
@@ -3,13 +3,13 @@ display_name: Github Upload Public Key
 description: Automates uploading Coder public key to Github so users don't have to.
 icon: ../.icons/github.svg
 maintainer_github: f0ssel
-verified: false
-tags: [helper]
+verified: true
+tags: [helper, git]
 ---
 
 # github-upload-public-key
 
-<!-- Describes what this module does -->
+Templates that utilize Github External Auth can automatically ensure that the Coder public key is uploaded to Github so that users can clone repositories without needing to upload the public key themselves.
 
 ```tf
 module "github-upload-public-key" {
@@ -19,5 +19,16 @@ module "github-upload-public-key" {
 }
 ```
 
-<!-- Add a screencast or screenshot here  put them in .images directory -->
-<!-- TODO: Add examples -->
+# Requirements
+
+Github External Auth must be enabled in the workspace for this module to work. The Github app that is configured for external auth must have both read and write permissions to "Git SSH keys" in order to upload the public key. Additionally, a Coder admin must also have the `admin:public_key` scope added to the external auth configuration of the Coder deployment. For example:
+
+```
+CODER_EXTERNAL_AUTH_0_ID="USER_DEFINED_ID"
+CODER_EXTERNAL_AUTH_0_TYPE=github
+CODER_EXTERNAL_AUTH_0_CLIENT_ID=xxxxxx
+CODER_EXTERNAL_AUTH_0_CLIENT_SECRET=xxxxxxx
+CODER_EXTERNAL_AUTH_0_SCOPES="repo,workflow,admin:public_key"
+```
+
+Note that the default scopes if not provided are `repo,workflow`.
diff --git a/github-upload-public-key/run.sh b/github-upload-public-key/run.sh
index 68f30d7..1e39ec2 100755
--- a/github-upload-public-key/run.sh
+++ b/github-upload-public-key/run.sh
@@ -15,11 +15,17 @@ if [ -z "$CODER_OWNER_SESSION_TOKEN" ]; then
   exit 1
 fi
 
+echo "Fetching GitHub token..."
+GITHUB_TOKEN=$(coder external-auth access-token github)
+if [ $? -ne 0 ]; then
+  echo "Failed to fetch GitHub token!"
+  exit 1
+fi
 if [ -z "$GITHUB_TOKEN" ]; then
-  echo "No GITHUB_TOKEN in the workspace environment!"
-  echo "The user must be authenticated with Github before this script can be run."
+  echo "No GitHub token found!"
   exit 1
 fi
+echo "GitHub token found!"
 
 echo "Fetching Coder public SSH key..."
 PUBLIC_KEY_RESPONSE=$(curl -L -s \