You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Aug 1, 2023. It is now read-only.
I tried to create a gyro manifest for a project that I am working on. Currently, I have the source stored in a private repository on GitHub. When running
gyro init haze/top_secret_super_secret_dont_share
I am met with this:
got http status code for https://api.github.com/repos/haze/top_secret_super_secret_dont_share: 404{"message":"Not Found","documentation_url":"https://docs.github.com/rest/reference/repos#get-a-repository"}
The text was updated successfully, but these errors were encountered:
I think the actual issue here is that fetching a private repo requires a bearer token with an additional scope. Currently, gyro's bearer token is only used for reading user data (name and email) on the server side. The token is passed in plaintext as a header, so adding more scopes (especially scopes that provide data not available to the public) is a definite vulnerability.
I think it would be best to manage two different tokens, not everyone is going to both publish and use private repos. We could have a secrets or tokens subcommand that lets the user manage tokens and initiate the device polling thing for github by itself.
This also opens up avenues for other systems but I wouldn't worry about coming up with something too complicated since gyro is at its scope, I only want to maintain it and improve the UX for things it can already do.
Sign up for freeto subscribe to this conversation on GitHub.
Already have an account?
Sign in.
I tried to create a gyro manifest for a project that I am working on. Currently, I have the source stored in a private repository on GitHub. When running
I am met with this:
The text was updated successfully, but these errors were encountered: