From aad1191ad8945676ba24660034e49d17cac9d665 Mon Sep 17 00:00:00 2001
From: B <6723574+louisgv@users.noreply.github.com>
Date: Sat, 28 Mar 2026 00:37:45 +0000
Subject: [PATCH] fix(github-auth): add sudo availability check before use

In rootless containers or environments without sudo, the script
previously failed with cryptic errors. Now fails fast with a clear
error message when non-root and sudo is unavailable.

Fixes #3069

Agent: security-auditor
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
---
 sh/shared/github-auth.sh | 18 ++++++++++++++++--
 1 file changed, 16 insertions(+), 2 deletions(-)

diff --git a/sh/shared/github-auth.sh b/sh/shared/github-auth.sh
index e01f19c9c..dc1f261fe 100755
--- a/sh/shared/github-auth.sh
+++ b/sh/shared/github-auth.sh
@@ -39,7 +39,14 @@ _install_gh_brew() {
 _install_gh_apt() {
     # Use sudo only when not already root (some cloud containers run as root)
     local SUDO=""
-    if [[ "$(id -u)" -ne 0 ]]; then SUDO="sudo"; fi
+    if [[ "$(id -u)" -ne 0 ]]; then
+        if command -v sudo >/dev/null 2>&1; then
+            SUDO="sudo"
+        else
+            log_error "This script requires sudo or root privileges to install gh via apt"
+            return 1
+        fi
+    fi
 
     log_info "Adding GitHub CLI APT repository..."
     curl -fsSL --proto '=https' https://cli.github.com/packages/githubcli-archive-keyring.gpg \
@@ -58,7 +65,14 @@ _install_gh_apt() {
 # Install gh via DNF (Fedora/RHEL)
 _install_gh_dnf() {
     local SUDO=""
-    if [[ "$(id -u)" -ne 0 ]]; then SUDO="sudo"; fi
+    if [[ "$(id -u)" -ne 0 ]]; then
+        if command -v sudo >/dev/null 2>&1; then
+            SUDO="sudo"
+        else
+            log_error "This script requires sudo or root privileges to install gh via dnf"
+            return 1
+        fi
+    fi
     ${SUDO} dnf install -y gh || {
         log_error "Failed to install gh via dnf"
         return 1