markdown-link-check icon indicating copy to clipboard operation
markdown-link-check copied to clipboard
verified publisher icon tcort

Validate links of private github repositories

Open volker-raschek opened this issue 1 year ago • 11 comments

Hi @tcort, I've running the markdown-link-checker as container image in my CI. The README.md contains some links to a private GitHub repository and throws an 404 status code, because the application tries to access unauthorized the git repository.

How can be defined a PAT to make an access possible? Alternatively, is a .netrc file supported?

https://www.gnu.org/software/inetutils/manual/html_node/The-_002enetrc-file.html

Volker

volker-raschek avatar Jul 22 '24 09:07 volker-raschek

I am stumbling on the same issue. We have links in our release documentation that point to releases but the link checker fails with a 404 even in the same repo where the link checker is running.

Currently i see no way on how we could authenticate to GitHub so links can be validated. A PAT token in my case is a route I am hesitate to take as this is personally bound.

mpas avatar Feb 27 '25 06:02 mpas

A PAT token in my case is a route I am hesitate to take as this is personally bound.

Especially when it comes to validating Markdown files with links to private GitHub repositories, I think a common usage of markdown-link-check is in a GitHub Actions workflow. GitHub Actions provides an automatically generated access token for use in workflows:

https://docs.github.com/actions/security-for-github-actions/security-guides/automatic-token-authentication

It is true that this token only provides access to the repository in which the workflow is running, so this would not be sufficient to avoid false positives from markdown-link-check for links to other private repositories. However, it will be useful for validating links to the one private repository. I think that will be the most common situation anyway.

per1234 avatar Feb 27 '25 09:02 per1234

Instead of using a PAT, can't the linter be registered as a GitHub app so you can check links to private GitHub repositories?

This would solve the problem with the PAT as well as the GITHUB_TOKEN from the repository.

volker-raschek avatar Feb 27 '25 10:02 volker-raschek

This issue has been marked as stale because it has been open 60 days with no activity. It will be closed in 30 days unless the stale label is removed or someone adds a comment.

github-actions[bot] avatar Apr 30 '25 08:04 github-actions[bot]

Unstale

FYI: @WillGibson

volker-raschek avatar Apr 30 '25 08:04 volker-raschek

Instead of using a PAT, can't the linter be registered as a GitHub app so you can check links to private GitHub repositories?

This would solve the problem with the PAT as well as the GITHUB_TOKEN from the repository.

@volker-raschek Are you able to elaborate on how this approach would work?

WillGibson avatar Apr 30 '25 16:04 WillGibson

This issue has been marked as stale because it has been open 60 days with no activity. It will be closed in 30 days unless the stale label is removed or someone adds a comment.

github-actions[bot] avatar Jul 03 '25 08:07 github-actions[bot]

unstale

per1234 avatar Jul 03 '25 09:07 per1234

@volker-raschek Are you able to elaborate on how this approach would work?

Hi @WillGibson, you register a GitHub app in your own account or an organization. You can then use the GitHub app and its token to access all repos. Renovate does a similar thing when you register the bot as a GitHub app: https://github.com/apps/renovate

https://docs.github.com/en/apps/creating-github-apps/registering-a-github-app/registering-a-github-app

volker-raschek avatar Jul 03 '25 15:07 volker-raschek

This issue has been marked as stale because it has been open 60 days with no activity. It will be closed in 90 days unless the stale label is removed or someone adds a comment.

github-actions[bot] avatar Oct 03 '25 08:10 github-actions[bot]

Unstale

volker-raschek avatar Oct 03 '25 08:10 volker-raschek