From a778b0f85aa62d18f26ba855915e4ac0a0d49c47 Mon Sep 17 00:00:00 2001 From: Kiara Grouwstra Date: Sun, 22 Sep 2024 12:46:46 +0200 Subject: [PATCH] fix(libfetchers): set GitHub API version header, closes #255 Sets the `X-GitHub-Api-Version` header to `2022-11-28` for calls to the GitHub API. This follows the later version as per https://docs.github.com/en/rest/about-the-rest-api/api-versions?apiVersion=2022-11-28. This affected the check on whether to use the API versus unauthenticated calls as well, given the headers would no longer be empty if the authentication token were missing. The workaround used here is to use a check similar to an existing check for the token. In the current implementation, headers are (still) similarly sent to non-authenticated as well as GitHub on-prem calls. For what it's worth, manual curl calls with such a header seemed to break nor unauthenticated calls nor ones to the github.com API. Change-Id: I6e10839e6b99cb65eb451e923b2a64f5d3c0f578 --- doc/manual/change-authors.yml | 3 +++ doc/manual/rl-next/x-github-api-header.md | 23 +++++++++++++++++++++++ src/libfetchers/github.cc | 15 +++++++++++---- 3 files changed, 37 insertions(+), 4 deletions(-) create mode 100644 doc/manual/rl-next/x-github-api-header.md diff --git a/doc/manual/change-authors.yml b/doc/manual/change-authors.yml index e18abada1..cd5b02a55 100644 --- a/doc/manual/change-authors.yml +++ b/doc/manual/change-authors.yml @@ -78,6 +78,9 @@ jade: forgejo: jade github: lf- +kiara: + github: KiaraGrouwstra + kjeremy: github: kjeremy diff --git a/doc/manual/rl-next/x-github-api-header.md b/doc/manual/rl-next/x-github-api-header.md new file mode 100644 index 000000000..3c9e8d0db --- /dev/null +++ b/doc/manual/rl-next/x-github-api-header.md @@ -0,0 +1,23 @@ +--- +synopsis: "Set `X-GitHub-Api-Version` header" +issues: [fj#255] +cls: [1925] +category: Development +credits: kiara +--- + +Sets the `X-GitHub-Api-Version` header to `2022-11-28` for calls to the +GitHub API. +This follows the later version as per +https://docs.github.com/en/rest/about-the-rest-api/api-versions?apiVersion=2022-11-28. + +This affected the check on whether to use the API versus unauthenticated +calls as well, given the headers would no longer be empty if the +authentication token were missing. +The workaround to this used here is to use a check similar to an existing +check for the token. + +In the current implementation, headers are (still) similarly sent to +non-authenticated as well as GitHub on-prem calls. +For what it's worth, manual curl calls with such a header seemed to +break nor unauthenticated calls nor ones to the github.com API. diff --git a/src/libfetchers/github.cc b/src/libfetchers/github.cc index 32032258a..2ae127bc5 100644 --- a/src/libfetchers/github.cc +++ b/src/libfetchers/github.cc @@ -289,10 +289,10 @@ struct GitHubInputScheme : GitArchiveInputScheme // urls so we do not run into rate limits. const auto urlFmt = host != "github.com" - ? "https://%s/api/v3/repos/%s/%s/tarball/%s" - : headers.empty() - ? "https://%s/%s/%s/archive/%s.tar.gz" - : "https://api.%s/repos/%s/%s/tarball/%s"; + ? "https://%s/api/v3/repos/%s/%s/tarball/%s" + : !getAccessToken(host) + ? "https://%s/%s/%s/archive/%s.tar.gz" + : "https://api.%s/repos/%s/%s/tarball/%s"; const auto url = fmt(urlFmt, host, getOwner(input), getRepo(input), input.getRev()->to_string(Base::Base16, false)); @@ -308,6 +308,13 @@ struct GitHubInputScheme : GitArchiveInputScheme .applyOverrides(input.getRef(), input.getRev()) .clone(destDir); } + + Headers makeHeadersWithAuthTokens(const std::string & host) const + { + Headers headers = GitArchiveInputScheme::makeHeadersWithAuthTokens(host); + headers.emplace_back("X-GitHub-Api-Version", "2022-11-28"); + return headers; + } }; struct GitLabInputScheme : GitArchiveInputScheme