feat(installer): add github token support #2676
Conversation
jpeeler
force-pushed
the
add-token-to-installer
branch
from
3cfa850 to
35b3c50
Compare
|
What do you think now? It uses a config file to avoid ps output and turns off xtrace for the temp config file writing that only occurs when GITHUB_TOKEN is set. |
There was a problem hiding this comment.
I'm still not super comfortable with this as is. It's better to keep it out of logs, but it's not good to be writing it to a file. And the code is getting a little crazy. I think maybe we should just pass it as an argument, and make sure that command echoing is turned off.
jpeeler
force-pushed
the
add-token-to-installer
branch
2 times, most recently
from
9a9df28 to
002ec53
Compare
|
Less crazy? |
There was a problem hiding this comment.
Yah, still a little crazy ;)
I think it's probably a bad idea to pass GIHUB_TOKEN to install.sh, because that actually makes it more likely, I think, that the token will wind up in CI logs.
So, here's what I would like to see:
- This PR's modifications should be local to the
download()function wgetandcurluse the same syntax for--header, so we can use the same variable for both, which is either set to the empty string (no auth) or--header=….- I think we should automatically pass the auth token if it's found
So, to sum up, something like:
download() {
url="$1"
output="$2"
set +x
if [ -v GITHUB_TOKEN ]; then
authorization="--header='Authorization: Bearer $GITHUB_TOKEN'"
else
authorization=""
fi
if command -v curl > /dev/null; then
curl --proto =https --tlsv1.2 -sSfL "$authorization" "$url" "-o$output"
else
wget --https-only --secure-protocol=TLSv1_2 --quiet "$authorization" "$url" "-O$output"
fi
if [ -n "${GITHUB_ACTIONS-}" ]; then
set -x
fi
}
jpeeler
force-pushed
the
add-token-to-installer
branch
from
002ec53 to
1b2f119
Compare
|
I could not get your version to quite work correctly. I read that "wget tries to interpret any non-option argument as a URL" so was seeing a spurious "Prepended http:// to ''" when the token wasn't set. And then curl's parsing also seemed to not like an empty argument, so I gave up and conditioned it all. If this is unacceptable I'll just fork. (But I do think that it's not a coincidence that this issue came up from somebody else - I assume github changed their rate limiting.) |
|
@jpeeler I believe that the If you have an empty variable which is unquoted, then it won't be passed as an argument at all. x=
$ args $x
0: /Users/rodarmor/bin/args
$ args "$x"
0: /Users/rodarmor/bin/args
1:So we could use an unquoted string variable. However, I think the best answer is actually to use an array variable, conditionally push the additional |
|
I can't get any combination that works correctly for both when the token is defined and when it isn't (aside from my latest revision). Also, array variables are bash only I think. |
|
Hrm, I just now noticed that the standard install command line you have documented is actually using bash. I hadn't been testing that way, so I'll adjust and try yet again to get this right. |
This adds support for utilizing the env var GITHUB_TOKEN when it exists and passes it via the header argument for curl and wget. The command invocations are not included in xtrace output so that the token is not logged. fixes casey#2664
jpeeler
force-pushed
the
add-token-to-installer
branch
from
1b2f119 to
dd4b7a8
Compare
|
@casey Simple/good enough? |
|
@casey One more ping since I think you do want this little feature. |
This adds support for utilizing the env var GITHUB_TOKEN if it exists for both curl/wget download utils.
fixes #2664
I think this would be a nice way to help alleviate rate limiting issues for those who can provide a token. My only concern is that perhaps some people may be upset if they are running this script unpiped and are utilizing github actions such that the -x output shows the token in some logs. Otherwise, perhaps this is a nice feature enhancement?
Edit: this is handled now.
Would be nice to not have to fork the installer, though it seems that changes are pretty rare.