Fetch commits from github private repos using Authorization header #3675
Conversation
imalsogreg
force-pushed
the
github-api-token
branch
from
abf999c
to
83f4948
Compare
|
@Ericson2314 I only changed the one API endpoint that didn't yet use an API token (thus resulting in a 404). Think I should update the other github fetchers with the same logic, or keep the scope of this PR small (fixing the 404)? |
imalsogreg
force-pushed
the
github-api-token
branch
3 times, most recently
from
83d1b6c
to
a24c725
Compare
imalsogreg
force-pushed
the
github-api-token
branch
from
52affed
to
6173acd
Compare
|
Just saw this. I did a similar approach for gitlab. but used a map instead of a vector. |
|
"Keys" can be repeated in headers, so a vector is more appropriate. But good to see this is being worked on for gitlab and github :). |
That's a good argument. Will you implement my gitlab headers? Then I would close my pr. |
|
@Kloenk Sure! I'll take a stab at it now. |
imalsogreg
force-pushed
the
github-api-token
branch
from
33af97c
to
ed25d83
Compare
|
Looks got to meet so far. Maybe squash the commits? I think 8 is kinda a lot for this small change. |
imalsogreg
force-pushed
the
github-api-token
branch
from
e6f6fa9
to
ff01e40
Compare
|
@Kloenk squashed down to 1, good point :) I'm ready for a merge when it's ready, and am happy to address any other feedback. |
|
I wouldn't bother squashing things until it passes CI, unless one is find rebasing and force pushing every single time. |
|
@Ericson2314 the checks are failing, because flake-combat is not updated yet, and the new flake.lock uses version 6 (which is not supported yet). So ci is not working on the flake branch at the current moment. |
|
Ah right, forgot this was to that branch. |
|
FYI, flake-compat just updated to support lockfile versions 6 and 7 -- if you re-trigger CI, it should turn green (hopefully)! |
imalsogreg
force-pushed
the
github-api-token
branch
from
ff01e40
to
dd3a1af
Compare
imalsogreg
force-pushed
the
github-api-token
branch
from
dd3a1af
to
e4856e2
Compare
|
@edolstra or @Ericson2314 , would either of you mind giving this another look and/or a merge? I've brought it up to date with Thanks for the flakes blog posts! They're super helpful. |
`nix flake info` calls the github 'commits' API, which requires authorization when the repository is private. Currently this request fails with a 404. This commit adds an authorization header when calling the 'commits' API. It also changes the way that the 'tarball' API authenticates, moving the user's token from a query parameter into the Authorization header. The query parameter method is recently deprecated and will be disallowed in November 2020. Using them today triggers a warning email.
imalsogreg
force-pushed
the
github-api-token
branch
from
e4856e2
to
a303c0b
Compare
|
Thanks, will have a look. I'm getting deprecation notices from GitHub every few weeks :-) |
|
@edolstra @Ericson2314 @Kloenk Thanks! Also @kquick has opened a PR against my PR adding the ability to authenticate with on-premisis github/gitlab instances (imalsogreg#1). It involves changing the format of a nix config string for tokens, to accommodate the different types of tokens that github and gitlab accept, and to accommodate the fact that users have different tokens on multiple instances of github. Should we merge that in to my PR and evaluate both at once? imalsogreg#1 |
|
It's a rather big pr for that functionality. So I would keep it as 2 separate prs |
nix flake infocalls a github API that requires authorization when the repository in question is private. Currently this request fails with a 404.This commit adds a
headersparameter to theFileTransferRequest, and the github fetchers now call it withAuthorization: token <github-access-token>.This differs from the current convention in nix of passing the access token as a query parameter, because query parameter tokens are deprecated and will be disallowed in November 2020. Using them today triggers a warning email.
This PR grew to include the work done in #3688. I've now tested it with private github and gitlab repositories.