DownloadReleaseAsset breaks with renamed repository #3081
Description
DownloadReleaseAsset breaks when a repository is renamed. You can see a reproduction of this here on a repository that I renamed from go-github-issue-demo to go-github-issue-demo-1.
main_test.go:57: data differs (-got +want):
string(
- `{"url":"https://api.github.com/repos/mterwill/go-github-issue-demo-1/releases/assets/151970555","id":151970555,"node_id":"RA_kwDOLThgfM4JDuL7","name":"foo.txt","label":null,"uploader":{"login":"mterwill","id":5882053,"node_id":"MDQ6VXNlcjU4ODIwNTM=","avata`...,
+ "Hello, world!\n",
)
The code expects to receive exactly 1 redirect, which is to download the asset from the media server. However, if the repository is renamed, GitHub redirects once more to the new repository name. On following the redirect, downloadReleaseAssetFromURL code below sets a different accept header which causes the API server to respond with the release metadata rather than contents (docs):
To download the asset's binary content, set the Accept header of the request to application/octet-stream. The API will either redirect the client to the location, or stream it directly if possible. API clients should handle both a 200 or 302 response.
go-github/github/repos_releases.go
Line 390 in 454c1dd
The test I linked above is a minimal reproduction but it's worth noting that we actually discovered this in a different way: attempting to download a release for a renamed private repository actually returns a 401 Unauthorized, as when the redirect is followed the client also omits authentication (for actual release asset downloads, GitHub puts a token in the query params). We were following the function documentation and passing http.DefaultClient, rather than our authenticating HTTP client that was used to originally construct the GHE API client.