The Wayback Machine - https://web.archive.org/web/20251230090757/https://github.com/github/codeql-action/pull/254
Skip to content

Provide API token to downloads via GitHub API #254

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
henrymercer wants to merge 1 commit into from
Closed

Provide API token to downloads via GitHub API #254

henrymercer wants to merge 1 commit into from

Conversation

@henrymercer
Copy link
Contributor

@henrymercer henrymercer commented Oct 5, 2020

Previously, the token was not provided for downloads via $GITHUB_API_URL and therefore downloads of releases in private repositories were susceptible to failing with a 404.

Merge / deployment checklist

  • Confirm this change is backwards compatible with existing workflows.
  • Confirm the readme has been updated if necessary.
@henrymercer
Provide API token to downloads via GitHub API
82aae42 
Previously, the token was not provided for downloads via $GITHUB_API_URL
and therefore downloads of releases in private repositories were
susceptible to failing with a 404.
@robertbrignull
Copy link
Contributor

robertbrignull commented Oct 6, 2020

Can you give an example of the download URL you were providing? I'm confused why it started with the API url. I would have expected it to look something like https://github.com/github/codeql-action/releases/download/codeql-bundle-20200630/codeql-bundle.tar.gz
@henrymercer
Copy link
Contributor Author

henrymercer commented Oct 6, 2020
edited
Loading

An example is https://github.com/some-org/some-private-repo/releases/download/codeql-bundle-20200630/codeql-bundle.tar.gz.

Looking at the getCodeQLBundleDownloadURL function in src/codeql.ts, if we're not downloading from github.com/github/codeql-action, then we will try to get the asset URL using the GitHub API. These asset URLs from the GitHub API are typically prefixed by $GITHUB_API_URL.

My understanding is that getting the asset URL using the GitHub API is necessary to download an asset from a release on a private repository. The https://github.com/some-org/some-private-repo/releases/download/codeql-bundle-20200630/codeql-bundle.tar.gz URL will 404 even with an API token — it only works in the browser.
@henrymercer henrymercer requested a review from marcogario October 7, 2020 19:01
@henrymercer henrymercer closed this Aug 9, 2021
@henrymercer henrymercer deleted the henrymercer/provide-token-to-api-downloads branch August 9, 2021 08:57
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

3 participants

@henrymercer @robertbrignull