Add auth token to curl

action.yml

@@ -5,6 +5,9 @@ branding:
   color: blue
   icon: anchor
 inputs:
+  token:
+    description: "The token used to authenticate when fetching chart-testing release. When running this action on github.com, the default value is sufficient. When running on GHES, you can pass a personal access token for github.com if you are experiencing rate limiting."
+    default: ${{ github.server_url == 'https://github.com' && github.token || '' }}
   version:
     description: "The chart-testing version to install (default: v3.8.0)"
     required: false
@@ -24,6 +27,7 @@ runs:
     - run: |
         cd $GITHUB_ACTION_PATH \
         && ./ct.sh \
+            --token ${{ inputs.token }} \
             --version ${{ inputs.version }} \
             --yamllint-version ${{ inputs.yamllint_version }} \
             --yamale-version ${{ inputs.yamale_version }}

ct.sh

@@ -4,6 +4,7 @@ set -o errexit
 set -o nounset
 set -o pipefail
 
+DEFAULT_TOKEN=
 DEFAULT_CHART_TESTING_VERSION=v3.8.0
 DEFAULT_YAMLLINT_VERSION=1.27.1
 DEFAULT_YAMALE_VERSION=3.0.4
@@ -14,10 +15,12 @@ Usage: $(basename "$0") <options>
 
     -h, --help          Display help
     -v, --version       The chart-testing version to use (default: $DEFAULT_CHART_TESTING_VERSION)"
+    -t, --token         The token used to authenticate when fetching chart-testing release from github.com"
 EOF
 }
 
 main() {
+    local token="$DEFAULT_TOKEN"
     local version="$DEFAULT_CHART_TESTING_VERSION"
     local yamllint_version="$DEFAULT_YAMLLINT_VERSION"
     local yamale_version="$DEFAULT_YAMALE_VERSION"
@@ -34,6 +37,16 @@ parse_command_line() {
                 show_help
                 exit
                 ;;
+            -t|--token)
+                if [[ -n "${2:-}" ]]; then
+                    token="$2"
+                    shift
+                else
+                    echo "ERROR: '-t|--token' cannot be empty." >&2
+                    show_help
+                    exit 1
+                fi
+                ;;
             -v|--version)
                 if [[ -n "${2:-}" ]]; then
                     version="$2"
@@ -95,7 +108,12 @@ install_chart_testing() {
         CT_CERT=https://github.com/helm/chart-testing/releases/download/$version/chart-testing_${version#v}_linux_$arch.tar.gz.pem
         CT_SIG=https://github.com/helm/chart-testing/releases/download/$version/chart-testing_${version#v}_linux_$arch.tar.gz.sig
 
-        curl --retry 5 --retry-delay 1 -sSLo ct.tar.gz "https://github.com/helm/chart-testing/releases/download/$version/chart-testing_${version#v}_linux_$arch.tar.gz"
+        AUTH_HEADER=""
+        if [ ! -z "$token" ]; then
+            AUTH_HEADER="--header \"Authorization: Bearer ${token}\""
+        fi
+
+        curl --retry 5 --retry-delay 1 -sSLo $AUTH_HEADER ct.tar.gz "https://github.com/helm/chart-testing/releases/download/$version/chart-testing_${version#v}_linux_$arch.tar.gz"
         cosign verify-blob --certificate $CT_CERT --signature $CT_SIG \
           --certificate-identity "https://github.com/helm/chart-testing/.github/workflows/release.yaml@refs/heads/main" \
           --certificate-oidc-issuer "https://token.actions.githubusercontent.com" ct.tar.gz