[ARTSEC-INT] kipz/private repo support#770
Open
harmonherring-pro wants to merge 7 commits into
Open
Conversation
Add support for authenticating to GitHub Pages when testing private repositories. The test-repository action now accepts an optional gh_token parameter that can be used to access private GitHub Pages content. Changes: - Add AuthenticatedFetcher class implementing TUF FetcherInterface - Add --gh-token CLI parameter to tuf-on-ci-test-client - Update initial root download to support authentication - Pass custom fetcher to TUF Updater when token is provided - Add gh_token input parameter to test-repository action - Update action script to conditionally pass token to client - Document private repository setup in REPOSITORY-MAINTENANCE.md The token parameter is optional and backward compatible. Public repositories continue to work without any token. Private repositories can use secrets.GITHUB_TOKEN for automatic authentication.
Convert urllib HTTPError to TUF DownloadHTTPError so the TUF client can handle 404 errors gracefully when checking for root rotations.
Add custom HTTPRedirectHandler that preserves Authorization headers across redirects. This fixes authentication issues when GitHub Pages uses custom domains or when redirects occur before authentication. The urllib default redirect handler doesn't preserve custom headers, which caused authentication to fail after redirects. Now both the initial root download and the AuthenticatedFetcher use an opener with the custom redirect handler.
Added optional ref input parameter to both online-sign and update-issue actions to allow explicit specification of which branch/tag/SHA to checkout. This fixes issues where scheduled workflows (which run on the default branch) need to checkout a different branch for TUF operations. When ref is not specified, actions/checkout will use its default behavior (checking out the triggering ref).
Member
|
👋 Can please share more details around the context for this? It's totally possible today to run tuf-on-ci with a private repository so I'm not really sure what this is supposed to solve. |
Member
|
Is the problem that you also have the GitHub page visibility set to private? |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Brings in kipz's changes for private repo support