-
-
Notifications
You must be signed in to change notification settings - Fork 9.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat(download_strategy): allow using netrc auth in curl strategies #11091
Conversation
This allows folks to add a custom download strategy for github private releases as follows: ```ruby # Strategy for downloading a file from a private GitHub release. # # This requires a ~/.netrc file with a GitHub API token with the repo scope of the form: # machine api.github.com # login <GitHub username> # password <https://github.com/settings/tokens> # # Use by adding the following to your formula: # # # Get latest asset ID by running: # # curl -sLn https://api.github.com/repos/<org>/<repo>/releases/latest| jq '.assets[].id' # url "https://api.github.com/repos/<org>/<repo>/releases/assets/<asset_id>", :using => CurlGitHubPrivateRepoDownloadStrategy # # @api public class CurlGitHubPrivateRepoDownloadStrategy < CurlDownloadStrategy attr_writer :resolved_basename def initialize(url, name, version, **meta) meta ||= {} meta[:headers] ||= [] meta[:netrc] ||= true meta[:headers] << ["Accept: application/octet-stream"] super(url, name, version, meta) end private def resolved_basename @resolved_basename.presence || super end end ``` This will have brew run the equivalent of: ```shell curl -n https://api.github.com/repos/${org?}/${repo?}/releases | jq -r '.[] | ("Release: \(.tag_name)", (.assets[] | " \(.name) => \(.id)"))' curl --netrc --location --remote-header-name --header "Accept: application/octet-stream" \ https://api.github.com/repos/${org?}/${repo?}/releases/assets/${asset?} ``` Refs: Homebrew#3106 Refs: Homebrew#5038
10d4b93
to
c0d5942
Compare
Could this instead set the relevant headers from a |
I guess it could, but that means adding a netrc parser to your Formula's download_strategy, which is fairly involved for something you have to copy-paste between each tap. The For me adding this one line (or something generic for setting curl options) in brew is worth not having to add a bunch of fragile parser code in individual Formulae or Taps, but obviously YMMV :). |
Which I'd rather see a more generic API for authentication rather than directly reading Something like the following for basic auth, but extensible to arbitrary authentication methods: url "acme.example.com/downloads/example-1.2.3.tar.gz",
auth: { basic: ENV["HOMEBREW_AUTH_BASIC_ACME"] } |
For this specific use-case just this one, which is why this PR just adds this. For other use-cases I have no idea, but
That sounds a lot like the GitHubPrivateRepositoryDownloadStrategy that was deleted in eed1444#diff-8ec3f54c98c7cd9ba0ab5b4d6c6666fb10bdfd3868beb88d05c14354fcb202e0. For me I'd also note that maintaining support for arbitrary auth methods sounds like a bunch of code for brew, vs this one-line "add a curl option" change.
As long as I could do |
A dedicated download strategy is not something we'll keep in Homebrew/brew. The ability to add specific headers should already be there and, if not, we'd welcome PRs to ease authentication like @reitermarkus suggested.
I'm not convinced setting up |
Netrc is a one-off cost for
We could certainly use (you can check whether you have credentials set up by running: echo -e "protocol=https\nhost=github.com\npath=homebrew/brew" | git credential fill ) |
Yeh, we already have code to query this. Do these credentials work for your case? |
Oh awesome! Yeah that personal access token works for downloading releases too (maybe depending on what scopes you've given the token). |
@gibfahn Could consider using that token for all release URLs by default. |
That does seem like a very reasonable solution, although it would probably need some handling for GHE instances too. I'll close this PR if that's what folks would prefer, sounds like a bunch more work, so will have to try to find time to get to it. |
Sounds good @gibfahn, happy to help whenever you've opened a PR and thanks for being understanding here. |
brew/Library/Homebrew/utils/github/api.rb Line 140 in 4862463
|
Opening this PR for discussion, having read through #3106 and #5038, in particular:
#5038 (comment)
I assume that directly adding the
CurlGitHubPrivateRepoDownloadStrategy
to the repo itself wouldn't be okay given that it was just removed in eed1444.#3106 (comment)
This makes sense, but obviously it's unlikely to have open-source formulae that need to download from private repositories.
I believe this line is needed to allow adding this option to Curl, I couldn't see a way to add an arg to curl other than this. Maybe a generic
meta.curl_flags
object would be a better idea?#5074 (comment)
Providing ones own
download_strategy
viarequire_relative
is fine for Formulae, although it gets a bit more painful for Casks, which copy their source files into the Caskroom so they can be uninstalled with the same file that installed them, which breaks the relative links unless you also add a postflight task to copy thedownload_strategy
lib into the same relative path.Commits (oldest to newest)
c0d5942 feat(download_strategy): allow using netrc auth in curl strategies
This allows folks to add a custom download strategy for github private
releases as follows:
This will have brew run the equivalent of:
Refs: #3106
Refs: #5038