-
Notifications
You must be signed in to change notification settings - Fork 2.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: Private Hex packages #11168
feat: Private Hex packages #11168
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
manager needs coverage fix
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We should also try to move the linked issue forward. So hexpm support standard bearer auth in near future. This shouldn't be hard for an elexir developer.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Some small test changes and then we are ready to go
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Docs look fine.
I see a lot of CodeQL warnings though... Are we sure this is good to go?
@HonkingGoose it started flagging dummy authorization headers used in tests once I moved them from inline snapshots, or when assertions were added. Looking at the HardcodedCredentials check it doesn't flag these if the credentials look like dummy ones - and the definition of a dummy credential can be found in SensitiveActions.qll. I can probably replace all tokens used in tests with "secret" which shouldn't raise issues, but I don't know what to do about auth.ts:40 (which I didn't even change)- I don't think there's anything to fix there. What's your policy around CodeQL - ignore the line, merge without all checks passing? |
Maybe there was some problem in the I don't know enough about the code to say anything meaningful about getting rid of the CodeQL warnings, and I also don't know anything about our CodeQL warning policy. 😉 |
I've manually dismissed the codeql errors. 4 were used in tests, and 1 was a false positive |
🎉 This PR is included in version 25.72.0 🎉 The release is available on:
Your semantic-release bot 📦🚀 |
Changes:
Introduced support for private Hex packages as discussed in #11028.
Example PR opened with private package support: kamilkowalski/public_project#11.
Documentation (please check one with an [x])
How I've tested my work (please tick one)
I have verified these changes via: