New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fetch commits from github private repos using Authorization header #3675
Conversation
abf999c
to
83f4948
Compare
@Ericson2314 I only changed the one API endpoint that didn't yet use an API token (thus resulting in a 404). Think I should update the other github fetchers with the same logic, or keep the scope of this PR small (fixing the 404)? |
83d1b6c
to
a24c725
Compare
52affed
to
6173acd
Compare
Just saw this. I did a similar approach for gitlab. but used a map instead of a vector. |
"Keys" can be repeated in headers, so a vector is more appropriate. But good to see this is being worked on for gitlab and github :). |
That's a good argument. Will you implement my gitlab headers? Then I would close my pr. |
@Kloenk Sure! I'll take a stab at it now. |
33af97c
to
ed25d83
Compare
Looks got to meet so far. Maybe squash the commits? I think 8 is kinda a lot for this small change. |
e6f6fa9
to
ff01e40
Compare
@Kloenk squashed down to 1, good point :) I'm ready for a merge when it's ready, and am happy to address any other feedback. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
I wouldn't bother squashing things until it passes CI, unless one is find rebasing and force pushing every single time. |
@Ericson2314 the checks are failing, because flake-combat is not updated yet, and the new flake.lock uses version 6 (which is not supported yet). So ci is not working on the flake branch at the current moment. |
Ah right, forgot this was to that branch. |
FYI, flake-compat just updated to support lockfile versions 6 and 7 -- if you re-trigger CI, it should turn green (hopefully)! |
ff01e40
to
dd3a1af
Compare
dd3a1af
to
e4856e2
Compare
@edolstra or @Ericson2314 , would either of you mind giving this another look and/or a merge? I've brought it up to date with Thanks for the flakes blog posts! They're super helpful. |
`nix flake info` calls the github 'commits' API, which requires authorization when the repository is private. Currently this request fails with a 404. This commit adds an authorization header when calling the 'commits' API. It also changes the way that the 'tarball' API authenticates, moving the user's token from a query parameter into the Authorization header. The query parameter method is recently deprecated and will be disallowed in November 2020. Using them today triggers a warning email.
e4856e2
to
a303c0b
Compare
Thanks, will have a look. I'm getting deprecation notices from GitHub every few weeks :-) |
@edolstra @Ericson2314 @Kloenk Thanks! Also @kquick has opened a PR against my PR adding the ability to authenticate with on-premisis github/gitlab instances (imalsogreg#1). It involves changing the format of a nix config string for tokens, to accommodate the different types of tokens that github and gitlab accept, and to accommodate the fact that users have different tokens on multiple instances of github. Should we merge that in to my PR and evaluate both at once? imalsogreg#1 |
It's a rather big pr for that functionality. So I would keep it as 2 separate prs |
nix flake info
calls a github API that requires authorization when the repository in question is private. Currently this request fails with a 404.This commit adds a
headers
parameter to theFileTransferRequest
, and the github fetchers now call it withAuthorization: token <github-access-token>
.This differs from the current convention in nix of passing the access token as a query parameter, because query parameter tokens are deprecated and will be disallowed in November 2020. Using them today triggers a warning email.
This PR grew to include the work done in #3688. I've now tested it with private github and gitlab repositories.