Why cannot GitHub PAT be used for AUR?

[bartekpacia]

Is your feature request related to a problem? Please describe.

Publishing formulas to a Homebrew tap requires a Personal Access Token.

However publishing to an AUR repo requires an SSH key.

$ export GITHUB_TOKEN="<token that has access to both my BREW-TAP and AUR repos>"
$ goreleaser release
  ...
    • homebrew tap formula
      • pushing                                      repository=bartekpacia/homebrew-tools branch= file=Formula/fhome.rb
      • pushing                                      repository=bartekpacia/homebrew-tools branch= file=Formula/fhomed.rb
      • took: 3s
    • arch user repositories
      • pipe skipped                                 reason=private_key is empty
  ...

Describe the solution you'd like

I'd like to not be forced to provide SSH key that can access my AUR repo. Instead I'd like to be able to use a Personal Access Token, just like with Homebrew taps.

If it's not possible, as a user I'd like to know what's the cause of this.

Describe alternatives you've considered

Search

• I did search for other open and closed issues before opening this

Supporter

• I am a sponsor or a Pro customer

Code of Conduct

• I agree to follow this project's Code of Conduct

Additional context

huge thanks for creating and maintaining this tool!

[caarlos0]

It's because the AUR pipe pushes to https://aur.archlinux.org only, and the only way of auth there is private keys.

FWIW you can create another private key just for your account there.

---

huge thanks for creating and maintaining this tool!

thank you! 🙏

[bartekpacia]

It's because the AUR pipe pushes to https://aur.archlinux.org/ only, and the only way of auth there is private keys.

Ah yeah, this makes sense. Thank you. But I am using aurs in my GoReleaser to push to my private AUR repo. See here. Is this the valid usecase?

I do not plan on pushing to "official" AUR.

[caarlos0]

I think you could set the git_url to the the one of that repo, but yeah, it will not be as "clean" as brews for example 🤔

[bartekpacia]

you could set the git_url to the the one of that repo

Sorry, I don't think I understand. Do you mean this?

"In the .goreleaser.yaml file in the bartekpacia/fhome repository, set git_url to git@github.com:bartekpacia/fhome.git? So in other words, eliminate bartekpacia/aur repository"?

[caarlos0]

I mean, you could do something like this:

aurs:
  - # ...
    git_url: "git@github.com:bartekpacia/aur.git"
    # ...

[bartekpacia]

I'm already doing this: https://github.com/bartekpacia/fhome/blob/40d11f11f2393cfc7139f2669ab36d8c4db819de/.goreleaser.yaml#L100. It requires me to specify an SSH key in private_key.

I mean, if in brews I can specify repo A to push to using a PAT, I'd also like to be able, in aurs, to specify repo B and push to it using a PAT as well.

[caarlos0]

yes, pat would not work, you'll need to set a private key as well

Thinking more about it now, I think you might be able to workaround it with

aur:
  - # ...
    # set a https url authing with the PAT
    git_url: "https://{{ .Env.GH_PATH }}@github.com/bartekpacia/aur"

    # path to a key generated at runtime, would not be used
    private_key: ./foo

    # by default this will use the private_key value, override so it doesn't
    git_ssh_command: "ssh"
    # ...

PS: i havent tested this, but I think it might work