Support authentication when downloading files (e.g. artifacts) #4247
Comments
|
I was hoping artifacts were immune to that, but that would require them to be proxied through the package servers? For reference in Trixi.jl we did trixi-framework/Trixi.jl#2415 |
Yes, but for example Pkg.jl/test/test_packages/ArtifactInstallation/Artifacts.toml Lines 145 to 162 in 88629b5 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
It has been requested several times to make it possible to have artifacts in private GitHub repositories, or other services such as S3 which would require authentication. For GitHub and GitLab (I don't know if this is the same for all other services) the solution is simple: add the entry
"Authorization" => "Bearer ${TOKEN}"to the headers. But some of the problems to implement such a solution are:Pkg.add: an environment may have artifacts hosted on different private services, we should have a (user-defined?) mechanism to identify which token to use for each service.To further complicate things, authentication could be optional: GitHub in general allows unauthenticated downloads from public repositories (also, there's no way to programmatically tell whether a repo is public or private based on the URL only without querying the server), but it recently started aggressively throttling such requests, so that even downloading public artifacts could need a token.
I have the feeling that the
Artifacts.tomlshould optionally have at least some hints for "how to authenticate" for each artifact: for example the name of the environment variable to use as token if it exists? I'm not a fan of this solution, but this to give an idea of the type of approach we may want.I'm opening the ticket to start the discussion about this, since the new rate limiting also affects Julia's own CI and of many downstream packages.
The text was updated successfully, but these errors were encountered: