Fetch commits from github private repos using Authorization header #3675
This commit adds a
This differs from the current convention in nix of passing the access token as a query parameter, because query parameter tokens are deprecated and will be disallowed in November 2020. Using them today triggers a warning email.
This PR grew to include the work done in #3688. I've now tested it with private github and gitlab repositories.
`nix flake info` calls the github 'commits' API, which requires authorization when the repository is private. Currently this request fails with a 404. This commit adds an authorization header when calling the 'commits' API. It also changes the way that the 'tarball' API authenticates, moving the user's token from a query parameter into the Authorization header. The query parameter method is recently deprecated and will be disallowed in November 2020. Using them today triggers a warning email.
@edolstra @Ericson2314 @Kloenk Thanks! Also @kquick has opened a PR against my PR adding the ability to authenticate with on-premisis github/gitlab instances (imalsogreg#1). It involves changing the format of a nix config string for tokens, to accommodate the different types of tokens that github and gitlab accept, and to accommodate the fact that users have different tokens on multiple instances of github.
Should we merge that in to my PR and evaluate both at once? imalsogreg#1