[github] update package/manifest for private repos #1721
Conversation
Generated by 🚫 dangerJS |
|
I can't seem to get this working with a private repo, wouldn't you still need to authenticate? |
|
@RedSparr0w It still needs an access token with private repo access to be added, as I've just updated this badge to use the same system as the other GitHub API badges (specifically, I was working off of |
|
Think this should be okay for merge, but could you give me an example of how you would include a token to access a private repo so i can test this. |
|
On my fork, I've added a GitHub user token to the That is, my {
"gh_token": "MY-GH-TOKEN-IS-HERE"
}Without it, the badge works normally on public repos. With it, my fork has access to both private repos I own and public repos. |
PyvesB
added
the
service-badge
paulmelnikow
added
the
self-hosting
|
Thanks for contributing this! I'm happy to include this behavior for self-hosting users, though let's put it behind an environment variable. Perhaps That way, we're not using up our authorization making github API requests when we can make an unauthenticated request instead. |
|
Hi @CynicalBusiness would you be able to address this comment? It would be great to get this merged! |
|
@paulmelnikow My apologies, I had missed that comment. |
Huh, I hadn't really thought about that. It sounds fine to just use the auth'd version when the token is present. I don't really expect self-hosting users to be concerned about preserving quota (nor expect them to use rotating tokens as we do in production). So for anyone likely to use a static token, this behavior is fine. Probably our service tests ought to cover both paths, since they're making different requests. I wonder if there's an easy way to do that. |
I think I got this right. Still need to write the tests.
| @@ -3476,16 +3476,20 @@ cache(function(query_data, match, sendBadge, request) { | |||
| var repo = match[4]; | |||
| var branch = match[5] || 'master'; | |||
| var format = match[6]; | |||
| var apiUrl = 'https://raw.githubusercontent.com/' + user + '/' + repo + '/' + branch + '/' + type + '.json'; | |||
| var hasTokens = !!githubAuth.getTokenDebugInfo({ sanitize: false }).tokens.length; | |||
There was a problem hiding this comment.
Hey, thanks for updating this. This method call is intended for generating debug information and it would be surprising to see it used here. It's also not the right condition. Production uses token rotation, so this will be true, and that's where we want to avoid sending auth information.
I think the thing to check is whether a static token is configured: whether either serverSecrets.gh_token or serverSecrets.gh_client_id is set.
|
It appears this only needs small edits in order to be merged. That is, as long as it's done soon, before #2320 reaches this badge. Is anyone willing to pick it up? |
Rewrite #1721 along the way.
|
Closed in favor of #2470. This turned out to be a bit more involved, as the |
This edit allows for the
/github/(package|manifest)-json/badges to work with private repositories.I've updated the
raw.luolix.topURL to use GitHub's own API instead, and this allows it to work for private repositories. The old tests for this badge are still passing.EDIT: The checks are failing on an unrelated badge, I think? I only ran tests for this one badge and everything looked good there. The failure seems to be for
hit-counter.