func newGithubActionsCredential()

in pkg/internal/token/githubactionscredential.go [29:54]

• 24 lines of code
• 5 McCabe index (conditional complexity)

func newGithubActionsCredential(opts *Options) (CredentialProvider, error) {
	if opts.ClientID == "" {
		return nil, fmt.Errorf("client ID cannot be empty")
	}
	if opts.TenantID == "" {
		return nil, fmt.Errorf("tenant ID cannot be empty")
	}
	cred := confidential.NewCredFromAssertionCallback(func(ctx context.Context, _ confidential.AssertionRequestOptions) (string, error) {
		return getGitHubToken(ctx)
	})

	o := []confidential.Option{
		confidential.WithInstanceDiscovery(!opts.DisableInstanceDiscovery),
	}
	if opts.httpClient != nil {
		o = append(o, confidential.WithHTTPClient(opts.httpClient))
	}
	client, err := confidential.New(
		fmt.Sprintf("%s%s/", opts.GetCloudConfiguration().ActiveDirectoryAuthorityHost, opts.TenantID),
		opts.ClientID, cred, o...)
	if err != nil {
		return nil, fmt.Errorf("failed to create github actions credential: %w", err)
	}

	return &GithubActionsCredential{client: client}, nil
}