search

YahnisElsts / plugin-update-checker

A custom update checker for WordPress plugins. Useful if you don't want to host your project in the official WP repository, but would still like it to support automatic updates. Despite the name, it also works with themes.
MIT License
2.26k stars 410 forks source link

Private repo json file #420

Open affordabletheme opened 3 years ago

affordabletheme commented 3 years ago

Hi,

from your read-me instructions, you mentioned putting a json file to a public location that consists link to the zip file of the theme/plugin. Is there any way that I can use private repo and use an access token instead to access the JSON ? I dont want to expose downloadable zip url publicly

YahnisElsts commented 3 years ago

If you have a GitHub repository, it might be simpler to use the GitHub API instead of a JSON file. See the GitHub Integration section of the read-me for more information.

I'm not sure if there even is a way to use a JSON file in this context. You would need to give the update checker a URL that returns the contents of the file. Since the repository is private, a direct link wouldn't work; you would have to use the API somehow. The GitHub Contents API returns a response with a number of different fields and not just the file itself, so you wouldn't be able to simply add your access token to the API URL and then give that URL to the update checker.

In any case, whether you use an access token to get a JSON file from a repository, or just use the repository directly, there's still the problem that your users will have the token. Last time I checked, it was not possible to create a token with read-only access to the repository, so users would be able to download updates and make changes to the repository. One workaround that I've seen suggested is to create another user account, give it read-only access to the repository, and then have that account create an access token.