diff --git a/CHANGELOG.md b/CHANGELOG.md index 535b0ce9..3e35df64 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -31,6 +31,15 @@ and adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). `CODEGRAPH_DOWNLOAD_BASE=` to point it at your own mirror of the release archives; the standalone `install.sh` remains the no-Node alternative. Resolves [#303](https://github.com/colbymchenry/codegraph/issues/303). +- **`install.sh` failing with `403` / "could not resolve latest version" on + shared or cloud hosts.** The standalone installer resolved the latest release + through the GitHub API, whose unauthenticated limit is 60 requests/hour per IP + — routinely exhausted on cloud devboxes and CI where many users share an + address, returning `403` (issue #325). It now resolves the version from the + `releases/latest` web redirect, which isn't rate-limited (and still falls back + to the API). `CODEGRAPH_VERSION` also accepts a bare `0.9.4` in addition to + `v0.9.4`. Resolves + [#325](https://github.com/colbymchenry/codegraph/issues/325). ## [0.9.3] - 2026-05-22 diff --git a/install.sh b/install.sh index 5cf01346..b4004fb1 100755 --- a/install.sh +++ b/install.sh @@ -44,12 +44,24 @@ esac target="${os}-${arch}" # 2. Resolve the version (latest release unless pinned). +# +# Resolve "latest" from the releases/latest *web* redirect, not the GitHub API: +# the unauthenticated API is rate-limited to 60 requests/hour per IP and returns +# 403 once exhausted — routine on shared/cloud hosts and CI (issue #325). The +# redirect (github.com//releases/latest -> .../releases/tag/vX.Y.Z) has no +# such limit. Fall back to the API if the redirect can't be read. version="${CODEGRAPH_VERSION:-}" +if [ -z "$version" ]; then + version="$(curl -fsSLI -o /dev/null -w '%{url_effective}' "https://github.com/$REPO/releases/latest" \ + | sed -n 's#.*/releases/tag/##p')" +fi if [ -z "$version" ]; then version="$(curl -fsSL "https://api.github.com/repos/$REPO/releases/latest" \ | sed -n 's/.*"tag_name": *"\([^"]*\)".*/\1/p' | head -n1)" fi -[ -n "$version" ] || { echo "codegraph: could not resolve latest version; set CODEGRAPH_VERSION." >&2; exit 1; } +[ -n "$version" ] || { echo "codegraph: could not resolve latest version; set CODEGRAPH_VERSION (e.g. CODEGRAPH_VERSION=v0.9.4)." >&2; exit 1; } +# Release tags are vX.Y.Z; accept a bare X.Y.Z in CODEGRAPH_VERSION too. +case "$version" in v*) ;; *) version="v$version" ;; esac # 3. Download + extract the bundle. url="https://github.com/$REPO/releases/download/$version/codegraph-${target}.tar.gz"