Alien-Build-Plugin-Download-GitHub
view release on metacpan or search on metacpan
);
ENVIRONMENT
ALIEN_BUILD_GITHUB_TOKEN GITHUB_TOKEN GITHUB_PAT
If one of these environment variables are set, then the GitHub API
Personal Access Token (PAT) will be used when connecting to the
GitHub API.
For security reasons, the PAT will be removed from the log. Some
Fetch plugins (for example the curl plugin) will log HTTP requests
headers so this will make sure that your PAT is not displayed in the
log.
ALIEN_BUILD_PLUGIN_DOWNLOAD_GITHUB_DEBUG
Setting this to a true value will send additional diagnostics to the
log during the indexing phase of the fetch.
CAVEATS
The GitHub API is rate limited. Once you've reach that limit, this
plugin will be inoperative for a period of time until the limits reset.
When using the GitHub API unauthenticated the limit is especially low.
This is usually not a problem when used in production where you only
need to use the API once for each Alien, but it can become a problem
when testing an Alien that uses this plugin in CI or via cpantesters.
In this situation you can set the ALIEN_BUILD_GITHUB_TOKEN environment
variable (or commonly used but unofficial GITHUB_TOKEN or GITHUB_PAT),
and this plugin will use that in making API requests. If you are using
GitHub Actions for CI, then you can use the secrets.GITHUB_TOKEN macro
to get a PAT.
If you do this it is recommended that you make some precautions where
possible:
Limit permissions
Create a PAT with the bare minimum access permissions. Consider
creating a separate GitHub account without access to anything, and
use it to generate the PAT.
Limit scope of usage
The PAT is only needed (if it is needed at all) during the build
stage of a share install. If you are doing this in GitHub Actions you
can just set the environment variable for that stage:
perl Makefile.PL
env ALIEN_BUILD_GITHUB_TOKEN=${{ secrets.GITHUB_TOKEN }} make
make test
Or if you are using Dist::Zilla
dzil listdeps --missing | cpanm -n
env ALIEN_BUILD_GITHUB_TOKEN=${{ secrets.GITHUB_TOKEN }} dzil test
AUTHOR
Author: Graham Ollis <plicease@cpan.org>
Contributors:
Roy Storey (KIWIROY)
COPYRIGHT AND LICENSE
lib/Alien/Build/Plugin/Download/GitHub.pm view on Meta::CPAN
}
else
{
$meta->apply_plugin('Extract',
format => 'tar.gz',
);
}
}
my %gh_fetch_options;
my $secret;
foreach my $name (qw( ALIEN_BUILD_GITHUB_TOKEN GITHUB_TOKEN GITHUB_PAT ))
{
if(defined $ENV{$name})
{
$secret = $ENV{$name};
push @{ $gh_fetch_options{http_headers} }, Authorization => "token $secret";
Alien::Build->log("using the GitHub Personal Access Token in $name") if $once;
$once = 0;
last;
}
}
$meta->around_hook(
fetch => sub {
my $orig = shift;
my($build, $url, @the_rest) = @_;
lib/Alien/Build/Plugin/Download/GitHub.pm view on Meta::CPAN
return $orig->($build, $url, @the_rest)
unless do {
my $uri = URI->new($url || $build->meta_prop->{start_url});
$uri->host eq 'api.github.com' && $uri->scheme eq 'https';
};
# Temporarily patch the log method so that we don't log the PAT
my $log = \&Alien::Build::log;
no warnings 'redefine';
local *Alien::Build::log = sub {
if(defined $secret)
{
$_[1] =~ s/\Q$secret\E/ '#' x length($secret) /eg;
}
goto &$log;
};
use warnings;
my $res = $orig->($build, $url, @the_rest, %gh_fetch_options);
if($res->{type} eq 'file' && $res->{filename} =~ qr{^(?:releases|tags)$})
{
my $rel;
if($res->{content})
lib/Alien/Build/Plugin/Download/GitHub.pm view on Meta::CPAN
=head1 ENVIRONMENT
=over 4
=item ALIEN_BUILD_GITHUB_TOKEN GITHUB_TOKEN GITHUB_PAT
If one of these environment variables are set, then the GitHub API Personal
Access Token (PAT) will be used when connecting to the GitHub API.
For security reasons, the PAT will be removed from the log. Some Fetch plugins
(for example the C<curl> plugin) will log HTTP requests headers so this will
make sure that your PAT is not displayed in the log.
=item ALIEN_BUILD_PLUGIN_DOWNLOAD_GITHUB_DEBUG
Setting this to a true value will send additional diagnostics to the log during
the indexing phase of the fetch.
=back
lib/Alien/Build/Plugin/Download/GitHub.pm view on Meta::CPAN
either C<digest_and_encrypt> or C<digest>.
The GitHub API is rate limited. Once you've reach that limit, this plugin will be
inoperative for a period of time until the limits reset. When using the GitHub
API unauthenticated the limit is especially low. This is usually not a problem when
used in production where you only need to use the API once for each L<Alien>, but
it can become a problem when testing an L<Alien> that uses this plugin in CI or via
cpantesters. In this situation you can set the C<ALIEN_BUILD_GITHUB_TOKEN> environment
variable (or commonly used but unofficial C<GITHUB_TOKEN> or C<GITHUB_PAT>), and this
plugin will use that in making API requests. If you are using GitHub Actions for CI,
then you can use the C<secrets.GITHUB_TOKEN> macro to get a PAT.
If you do this it is recommended that you make some precautions where possible:
=over 4
=item Limit permissions
Create a PAT with the bare minimum access permissions. Consider creating a
separate GitHub account without access to anything, and use it to generate the PAT.
=item Limit scope of usage
The PAT is only needed (if it is needed at all) during the build stage
of a share install. If you are doing this in GitHub Actions you can
just set the environment variable for that stage:
perl Makefile.PL
env ALIEN_BUILD_GITHUB_TOKEN=${{ secrets.GITHUB_TOKEN }} make
make test
Or if you are using L<Dist::Zilla>
dzil listdeps --missing | cpanm -n
env ALIEN_BUILD_GITHUB_TOKEN=${{ secrets.GITHUB_TOKEN }} dzil test
=back
=head1 AUTHOR
Author: Graham Ollis E<lt>plicease@cpan.orgE<gt>
Contributors:
Roy Storey (KIWIROY)
( run in 0.900 second using v1.01-cache-2.11-cpan-39bf76dae61 )