devbox icon indicating copy to clipboard operation
devbox copied to clipboard
verified publisher icon jetify-com

Private Github plugins

Open jylamont opened this issue 1 year ago • 3 comments

What problem are you trying to solve?

Devbox allows you to reference plugins hosted by Github, but from what I can tell they only allow public repos. Our company wants to build a plugin for internal use and mark the repo visibility as private, but we run into an authentication issue when attempting to pull.

What solution would you like?

If the user has GITHUB_TOKEN set in their shell (not devbox.json or devbox shell), then token=$GITHUB_TOKEN is appended as a URL param when resolving the Github-hosted plugin URL. For example:

  • If GITHUB_TOKEN is not set, the URL will be: https://raw.githubusercontent.com/<org>/<repo>/master/<plugin-dir>
  • If GITHUB_TOKEN is set to gh_abcd, the URL will be: https://raw.githubusercontent.com/<org>/<repo>/master/<plugin-dir>?token=gh_abcd

Alternatives you've considered

Currently we pull the repo and reference using the local path. This works but my concerns are:

  1. Team members have to manage cloning and updating the local repo
  2. The local path is dependent on where team member clone the repo to, so it can make our devbox.json files brittle.

jylamont avatar Mar 22 '24 15:03 jylamont

I'm happy to make a PR for this.

jylamont avatar Mar 22 '24 15:03 jylamont

It turns out the above solution doesn't work. The token must be passed as an Authorization header with the GET request.

jylamont avatar Mar 22 '24 18:03 jylamont

Hey @mikeland73, I saw you implemented existing Github plugin code and wondered if you had any input on this idea.

jylamont avatar Apr 01 '24 23:04 jylamont

@jylamont thanks for the suggestion and the implementation! Will go out in next release 🎉

mikeland73 avatar Apr 11 '24 20:04 mikeland73