optionally get GitHub PAT from environment var

[plicease]

This doesn't completely address #3, and there are probably some security concerns to work out, but this might help.

[eserte]

I think having the personal access token in a query parameter is deprecated now and maybe even not possible. Instead, nowadays one should use an HTTP request header: Authorization: token $GITHUB_TOKEN.
This also has the advantage that the security concerns are gone (unless in diagnostic messages the whole http request headers would be dumped).

[plicease]

I think having the personal access token in a query parameter is deprecated now and maybe even not possible. Instead, nowadays one should use an HTTP request header: Authorization: token $GITHUB_TOKEN.
This also has the advantage that the security concerns are gone (unless in diagnostic messages the whole http request headers would be dumped).

I agree that an authorization header is the right way to go here, unfortunately AB doesn't support setting headers yet. I did start working on this:

PerlAlien/Alien-Build#141

but I think that PR was too ambitious. I think adding headers to just one of the fetch plugins and forcing its usage if you need a header could be doable.

[plicease]

After some more consideration I think supporting headers on most or all of the core plugins should be doable, so I opened this:

PerlAlien/Alien-Build#256

[plicease]

Closing this for security reasons. Will implement as described in #13