New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We鈥檒l occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: add generic git package manager #69
feat: add generic git package manager #69
Conversation
Generally speaking, I tried to follow the Golang model which prefers to use host APIs over the git protocol. I believe they will fall back to git if there are no APIs specified. This is for security reasons. |
I was not aware of that. We need to think about how authenticating the APIs against private repositories then. |
Go falls back on git for private repos, there is special git config override for Go |
Also, trying to keep this CUE Proposal in mind which will also be very Go like |
Yes, I'm actually using this for Cue projects so I'm also 馃挴 to follow cue-lang/cue#851 |
Go is using |
@verdverm I reverted the split and send it to its own function. This function now manage the
I've also added Zip download from API request for GitLab, in a way it has been done by you for GitHub. Now if that changes are ok with you, what I would want to do is to clean that a little bit, rely on |
I'm not keen to rely on a |
Thinking about auth, what are the various scenarios? How would this work in a CI system that might be different than local dev? (Do all the major CI systems rely on sshkeys to fetch private code?) |
I think a |
I've typically seen CI systems using ENV VARS to expose credentials, typically through a secret system that prevents them from being printed |
I'd say enabling ENV VARS like GITHUB_USER / GITHUB_PASS / GITHUB_APIKEY isn't pressing for this and is an easy addition if someone wants it |
Is there a particular |
We can copy pasta the official netrc.go since it's sadly not publicly exposed |
1c0b1b0
to
8dc3a67
Compare
@verdverm some news for you. I've started to look at |
Ok should be gtg now |
@b4nst nice Can you merge develop? I've setup GitHub Actions which will build and "test" (most tests are failing... which we won't worry about here) This is mostly so I can see if my PR setup is working, I recall there GH introducing something about first-time permissions due to abuse This should show it at least building and running across the various platforms I'll give windows a manual try later tonight |
@verdverm I did rebase |
@b4nst indeed, I had missed that and we should see it running now. Thanks! |
@b4nst This looks really good, thanks for the contribution! I'm going to merge without manually testing on Windows and any issues I find I will open a separate ticket for. Would you like to open a separate PR for updating the docs? We could release a new patch version after that |
It should only require
|
@verdverm sure! I'll tackle that asap |
This PR add the ability to pull dependencies from another remote than github.com. It also manages private repositories (using ssh auth) and repository with a longer path (e.g. GitLab and its - infamous - subgroups).
We can obviously improve this PR (managing
v0.0.0
tag, basic auth) but I wanted to first take the temperature 馃槉If that looks OK to you, we can even drop the GitHub API + Zip stuff and use this generic function instead.