search

crystal-lang / shards

Dependency manager for the Crystal language
Other
765 stars 102 forks source link

"shards install" halts asking for github username #316

Closed carcinocron closed 4 years ago

carcinocron commented 4 years ago 
name: kemal_app
version: 0.1.0

authors:
  - IOM <>

targets:
  kemal_app:
    main: src/app.cr

crystal: 0.32.1

license: MIT

dependencies:
  kemal:
    github: kemalcr/kemal
  spec-kemal:
    github: kemalcr/spec-kemal
    branch: master
  accord:
    github: neovintage/accord
  denetmen:
    github: izniburak/denetmen
  sentry:
    github: samueleaton/sentry
    branch: master
  kemal-session:
    github: kemalcr/kemal-session
  pg:
    github: will/crystal-pg
  kemal-pg:
    github: sdogruyol/kemal-pg
  raven:
    github: Sija/raven
$ shards install
Fetching https://github.com/kemalcr/kemal.git
Fetching https://github.com/luislavena/radix.git
Fetching https://github.com/jeromegn/kilt.git
Fetching https://github.com/crystal-loot/exception_page.git
Fetching https://github.com/kemalcr/spec-kemal.git
Fetching https://github.com/neovintage/accord.git
Fetching https://github.com/izniburak/denetmen.git
Fetching https://github.com/samueleaton/sentry.git
Fetching https://github.com/kemalcr/kemal-session.git
Fetching https://github.com/will/crystal-pg.git
Fetching https://github.com/crystal-lang/crystal-db.git
Fetching https://github.com/sdogruyol/kemal-pg.git
Fetching https://github.com/ysbaddaden/pool.git
Fetching https://github.com/Sija/raven.git
Username for 'https://github.com':

after adding:

  raven:
    github: Sija/raven
Blacksmoke16 commented 4 years ago

That repo doesn't exist. Did you mean Sija/raven.cr?

bcardiff commented 4 years ago

It leads to a 404. Check with Sija/raven.cr

https://github.com/Sija/raven.cr

straight-shoota commented 4 years ago

The mistake is relatively easy to spot, but it's still questionable if shards should ask for passwords. The general idea should be that shards works without any user input. It's a pity that GitHub doesn't immediately respond that a repo wasn't found but asks for credentials instead.

To mitigate this, we could set GIT_ASKPASS to false

RX14 commented 4 years ago

It's a pity that GitHub doesn't immediately respond that a repo wasn't found but asks for credentials instead.

They do this to avoid disclosing if a repo exists at all when it's private. If everything returns 403, you can't tell if anything private exists at all.

Some private shards might need this password feature too, though i'd be fine with only supporting ssh keys for this.

straight-shoota commented 4 years ago

I know why they're doing this and it's probably best for their use case. But for our's it would be better to tell whether a repo exists or not ;)

Some private shards might need this password feature

Yes. It shouldn't ask for passwords interactively, though. This would not work with remote installs. At least not by default. I'm not too familiar with these git options, but I assume setting GIT_ASKPASS to false should be sufficient. In case you need this behaviour, you could still set it to something else (so shards should not override the value).