Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support for GitHub's Fine-grained tokens. #27098

Open
RiotNOR opened this issue Dec 20, 2024 · 0 comments
Open

Support for GitHub's Fine-grained tokens. #27098

RiotNOR opened this issue Dec 20, 2024 · 0 comments
Labels
enhancement New feature or request

Comments

@RiotNOR
Copy link

RiotNOR commented Dec 20, 2024
edited
Loading

Feature request

Is your feature request related to a problem?

Currently, you cannot install private plugins/apps from GitHub repositories that use fine-grained tokens - only classic tokens are supported. This limits users who have moved to GitHub's recommended fine-grained token authentication system.

Describe the solution you'd like

  1. Changing or adding support for the Authorization header format in the download_plugin_archive function to:
headers = {"Authorization": "Bearer {}".format(token)}
  1. Using the GitHub API endpoint for downloads instead of the direct archive URL:
url = "https://api.github.com/repos/{user}/{repo}/zipball/{tag}"

This matches GitHub's current API requirements for fine-grained token authentication.

You can test yourself by mounting up "./posthog/posthog/plugins:/code/posthog/plugins" under volumes, and swapping out the old code at the top of download_plugin_archive with:

def download_plugin_archive(url: str, tag: Optional[str] = None) -> bytes:
    parsed_url = parse_url(url)
    headers = {}

    if parsed_url["type"] == "github":
        if not (tag or parsed_url.get("tag", None)):
            raise Exception("No GitHub tag given!")

        # Ensure the token is included in the Authorization header
        token = parsed_url["private_token"] or settings.GITHUB_TOKEN
        if token:
            headers = {"Authorization": "Bearer {}".format(token)}
        else:
            raise Exception("Missing GitHub private token!")

        # Construct the archive URL
        url = "https://api.github.com/repos/{user}/{repo}/zipball/{tag}".format(
            user=parsed_url["user"],
            repo=parsed_url["repo"],
            tag=tag or parsed_url["tag"],
        )

Would probably be a good idea to still support the old classic tokens, which I did not in the snippet above.

Describe alternatives you've considered

  • Continue using classic tokens (not recommended as GitHub is moving away from them)
  • Manually download and install plugins (cumbersome and defeats the purpose of the plugin system)
@RiotNOR RiotNOR added the enhancement New feature or request label Dec 20, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@RiotNOR