Access raw file on GitHub Enterprise without user having to create token - github

I have a repo with shell script and want to put single command to run it in readme file, like:
bash <(curl -L <path_to_raw_script_file>)
Raw file urls for GitHub Enterprise look like this: https://raw.github.ibm.com/<user>/<repo>/<branch>/<path_to_file>?token=<token>, where <token> is unique to the file and generated when accesing it via Raw button in repository or with ?raw=true suffix in url.
The problem is, tokens get invalidated after few days/when file is updated and I wouldn't like to update mentioned command each time token becomes invalid. Is there a way to deal with it?
I know there is a way for user to create personal token and use it to login to github from machine he's runnning script from, but I wanted to keep it as simple as possible.
I was thinking of something like auto-generating that raw file url (since user reading the readme file on github surely does have access to the script located in the same repo), but I am not sure if that's possible.

No input, one-liner.
You can get this link by clicking the raw button in the GHE UI, just remove the token query param at the end.
curl -sfSO https://${USER}:${TOKEN}#${GHE_DOMAIN}/raw/${REPO_OWNER}/${REPO_NAME}/${REF}/${FILE}

I believe you'll always need the tokens - however if you'd like to automate the process you can dynamically request tokens associated with a github Oauth app and not associated with any user profile.
https://developer.github.com/enterprise/2.13/apps/building-oauth-apps/authorizing-oauth-apps/

I know there is a way for user to create personal token and use it to login to GitHub from machine he's runnning script from, but I wanted to keep it as simple as possible.
Actually, using GCM (Git Credential Manager); the PAT will be provided when accessing the raw.xxx URL.
But only with GCM v2.0.692 which supports those URLs. See PR 599.
Fix GitHub Enterprise API URL for raw source code links
This is a simple fix of #598 for GitHub Enterprise instances that use a raw. hostname prefix for raw source code links.
I've verified this fix locally by swapping out the GitHub.dll that is used by Visual Studio.
So it now checks for 'raw.' in the hostname and remove it to get the correct GHE API URL.

Related

download gitub artifact from url using wget

I am trying to follow these docs to download an artifact from github using githubs API:
https://docs.github.com/en/rest/actions/artifacts#download-an-artifact
I ran the curl command given in the docs, and it gave me the following url from which to download the artifact (I have replaced the specifics with ...)
https://pipelines.actions.githubusercontent.com/serviceHosts/..../_apis/pipelines/1/runs/16/signedartifactscontent?artifactName=my-artifact&urlExpires=....&urlSigningMethod=HMACV2&urlSignature=....
I am able to download the artifact by putting the URL into my browser (it automatically downloads when the URL is visited) however I tried to use wget to download it via console and got this error:
wget https://pipelines.actions.githubusercontent.com/... # the command I ran
HTTP request sent, awaiting response... 400 Bad Request # the error I got
How can I download a zip file to console? Should I use something other than wget?
I'd like to clarify that viewing this link in the browser is possible even when not logged in to github (or when in private browsing). Also, I can download the zip file at the link as many times as I would like before the link expires after 1 minute. Also my repo is private, which is necessary for my work. I need to use an access token when doing the curl command as described in the docs, however the link that is returned to me does not require any authentication when accessed via a browser.
The api docs seem a bit ambiguous here. It is possible that the redirect can only be accessed a single time in which case you should try generating the redirect and first using wget to parse it. You can then unzip the file using the unzip command.
If that is not the case I believe this statement in the api docs is key:
Anyone with read access to the repository can use this endpoint. If the repository is private you must use an access token with the repo scope. GitHub Apps must have the actions:read permission to use this endpoint.
My guess is that your repository is private and you are logged in on the browser to Github which allows you to be authenticated hence why you are able to download from the redirect link. I would suggest trying from incognito mode to test this.
Migrating the repository to public would allow you to bypass this issue. Alternatively you can pass the authentication token as a header to wget like so in order to authenticate with the server to pull the file.
header='--header=Authorization: token <TOKEN>'
wget "$header" https://pipelines.actions.githubusercontent.com/... -O output_file
The problem was that I didn't put quotes around my url. I needed to do this:
wget "https://pipelines.actions.githubusercontent.com/serviceHosts/..../_apis/pipelines/1/runs/16/signedartifactscontent?artifactName=my-artifact&urlExpires=....&urlSigningMethod=HMACV2&urlSignature=...."

Access to read module twin data via Azure IoT Hub's APIs?

I'd like to be able to pull an IoT Edge device's module twin via an HTTPS GET request just like the Azure Portal does. In the portal, I see this firing...
https://my-hub.azure-devices.net/twins/my-device/modules/my-module?api-version=2020-09-30&_=164130947416
...and returning JSON. I'd like to do the same outside of the portal (like in Postman or something).
Obviously, by being logged in to the portal, I have credentials that permit that.
I've tried creating a Shared Access Signature and using it as a header like so...
"Authorization": "SharedAccessSignature sr=my-hub.azure-devices.net&sig=...
...but I get back ErrorCode:IotHubUnauthorizedAccess;Unauthorized
Am I missing something? Maybe a step where I use that SAS to get some additional credential or something?
Or maybe I can't create a SAS that works with any device-id?
In the end, I'd just like to be able to GET the reported properties for a module twin from any of my IoT Hub devices. No setting, no subscribing.
The API you're referring to is documented here. You're doing the right thing, but perhaps your method of creating a Shared Access Signature isn't working. One easy way to create a valid SAS token is by using the az cli command: az iot hub generate-sas-token -n <iot-hub-name>. By default it will create a token for the iothubowner policy, which should give you access to the module twin.
I used Postman, with the Authorization header as you mentioned to check the twin of my device $edgeHub module:
https://<my-iot-hub>.azure-devices.net/twins/<device-id>/modules/$edgeHub?api-version=2020-05-31-preview

How do I sign in to GitHub from command line after password access is removed?

GitHub is retiring password based authentication for command line tools: https://github.blog/2020-12-15-token-authentication-requirements-for-git-operations/
Normally I work in some server, git clone https://...., enter my username and password and get the code that I have to deploy.
What am I supposed to do now? Do I create a token, write it down on a piece of paper, take it with me and retype it into a terminal? Seems a bit too convoluted for just getting some code. Is there some other "intended" workflow?
There are a few options:
You can create a personal access token in your github settings and use that instead of your account password.
you can use SSH to connect
you can rely on the Git Credential Manager Core which will perform an OAuth check either by popping up a UI or giving you an url to paste into a browser.
some hardware tokens will enable you to perform authentication.

Read a Bitbucket resource using curl with Access Keys

I configured my Bitbucket repo to be read-only accessible via REST API publicly. There are some JSON configuration files that I need to read the content using GET HTTP method.
https://<bitbucket-repo-url>/config.json?raw
I want to switch to a secure method using Access Keys.
I want to try to test this using curl, but I don't know the arguments on including the access keys. Can anyone help?
Access keys are for SSH only. They will not work with any HTTP-based utilities (like curl) or endpoints (like the one you list in your example).
Is this Bitbucket Server (the on-premise version)? If so, https://confluence.atlassian.com/bitbucketserver/permanently-authenticating-with-git-repositories-776639846.html?_ga=2.188793826.854670382.1505151098-758028192.1431549295 may be helpful for you.

Get pull requests for private github repository via API

I want to programmatically get a list of open pull requests for a specific private github repository - ours, as it turns out. I assume I can only do this via the github api (http://developer.github.com/) - feel free to tell me there's another way - but I can't figure out whether the API allows this, either. The given API calls seem to assume the target repository is public, which ours is not. I would have thought there would be a way to authenticate as a user of the given repository via ssh key (the same way committing works), but I don't see anything to that effect. All in all I'm puzzled and not at all sure I can actually do this. Am I missing a crucial part of the documentation, or is there possibly some alternative I can leverage?
Yes, the GitHub Pull Requests API supports private repos also. You just need to authenticate or you will get an error saying that the repository does not exist.
Example using curl and basic authentication:
curl -u "username" https://api.github.com/repos/:user/:repo/pulls
This will then prompt you for your password and return a list of pull requests as described in the API docs.
Also check out the docs on authentication: http://developer.github.com/v3/#authentication