proposal: ability to provide credentials to download releases

[stuart-warren]

gofish can install private rigs as it uses the hosts git configuration

however to download the release itself it just does a simple http get request

could we support netrc files or similar?

gitlab needs an authorization header like the following

curl --header "Authorization: Bearer ${GITLAB_TOKEN}" 
"https://somegitlab.com/stuart.warren/some-tool/-/releases/0.3.0/downloads/some-tool_0.3.0_darwin_amd64.tar.gz"

github needs something similar "Authorization: token ${GITHUB_API_TOKEN}"

perhaps we could set both?

[bacongobbler]

I don't see why not. Feel free to contribute a patch.

[stuart-warren]

Hmm, gitlab apparently only lets you download release source artifacts rather than uploaded binary artifacts, but credentials will still be useful.

I'm was originally thinking: make the request, if response is 401, use www-authenticate header to work out how to format the credentials from netrc, basic auth or just the password as a token

but github gives a 404 instead and gitlab (not that it works yet) 302s you to the login page so might be a bit messy...

so i guess try first request with basic auth if credentials exist with an 'accept: application/octet-stream' header, potentially handle things differently based on hostname patterns later