search

rstudio / renv

renv: Project environments for R.
https://rstudio.github.io/renv/
MIT License
1.02k stars 155 forks source link

renv with git-credential-manager #1976

Open JackCaster opened 2 months ago

JackCaster commented 2 months ago

I am confused on how ´renv´ deals with packages stored in remote repositories (e.g., Github).

I use Git with SSH keys, but I also have my credentials stored in the git-credential-manager. I do not have the env variable GITHUB_PAT set. Regardless, I can push/commit and use the GH API without problems.

However, when I install a remote package in a fresh environment, renv seems to complain that it cannot find any Github credentials and yet packages are installed (without PAT or package gitcreds):

> renv::install('REditorSupport/languageserver')
- GitHub authentication credentials are not available.
- Please set GITHUB_PAT, or ensure the 'gitcreds' package is installed.
- See https://usethis.r-lib.org/articles/git-credentials.html for more details.
# Downloading packages -------------------------------------------------------
- Downloading languageserver from GitHub ...    OK [84.7 Kb in 3.3s]
- Downloading callr from P3M ...                OK [435 Kb in 1.0s]
- Downloading processx from P3M ...             OK [434.1 Kb in 0.85s]
- Downloading ps from P3M ...                   OK [384.4 Kb in 1.3s]
- Downloading R6 from P3M ...                   OK [81.3 Kb in 0.85s]
- Downloading collections from P3M ...          OK [66.6 Kb in 0.87s]
- Downloading fs from P3M ...                   OK [302.3 Kb in 1.1s]
- Downloading jsonlite from P3M ...             OK [1 Mb in 1.0s]
- Downloading lintr from P3M ...                OK [1.2 Mb in 2.4s]
- Downloading backports from P3M ...            OK [113.4 Kb in 1.0s]
- Downloading cyclocomp from P3M ...            OK [30.7 Kb in 1.1s]
- Downloading crayon from P3M ...               OK [160.2 Kb in 0.93s]
- Downloading desc from P3M ...                 OK [326.6 Kb in 1.1s]
- Downloading cli from P3M ...                  OK [1.2 Mb in 1.3s]
- Downloading remotes from P3M ...              OK [425.8 Kb in 1.0s]
- Downloading withr from P3M ...                OK [218.8 Kb in 0.85s]
- Downloading digest from P3M ...               OK [217.5 Kb in 0.83s]
- Downloading glue from P3M ...                 OK [149.4 Kb in 0.95s]
- Downloading knitr from P3M ...                OK [1.1 Mb in 1.0s]
- Downloading evaluate from P3M ...             OK [83 Kb in 0.97s]
- Downloading highr from P3M ...                OK [36.7 Kb in 0.81s]
- Downloading xfun from P3M ...                 OK [522.6 Kb in 1.0s]
- Downloading yaml from P3M ...                 OK [112.7 Kb in 1.5s]
- Downloading rex from P3M ...                  OK [123.9 Kb in 0.93s]
- Downloading lazyeval from P3M ...             OK [154.1 Kb in 0.88s]
- Downloading xml2 from P3M ...                 OK [276 Kb in 1.7s]
- Downloading rlang from P3M ...                OK [1.5 Mb in 1.6s]
- Downloading xmlparsedata from P3M ...         OK [18.5 Kb in 1.4s]
- Downloading roxygen2 from P3M ...             OK [704.5 Kb in 0.9s]
- Downloading brew from P3M ...                 OK [74.8 Kb in 0.81s]
- Downloading commonmark from P3M ...           OK [143.3 Kb in 0.79s]
- Downloading pkgload from P3M ...              OK [212.5 Kb in 1.7s]
- Downloading lifecycle from P3M ...            OK [122.2 Kb in 0.93s]
- Downloading pkgbuild from P3M ...             OK [197.5 Kb in 1.6s]
- Downloading rprojroot from P3M ...            OK [104.7 Kb in 1.0s]
- Downloading purrr from P3M ...                OK [487.8 Kb in 1.1s]
- Downloading magrittr from P3M ...             OK [218.7 Kb in 1.9s]
- Downloading vctrs from P3M ...                OK [1.3 Mb in 1.6s]
- Downloading stringi from P3M ...              OK [3.1 Mb in 1.6s]
- Downloading stringr from P3M ...              OK [303.2 Kb in 1.1s]
- Downloading cpp11 from P3M ...                OK [266.2 Kb in 1.2s]
- Downloading styler from P3M ...               OK [810.6 Kb in 1.8s]
- Downloading R.cache from P3M ...              OK [109.3 Kb in 1.1s]
- Downloading R.methodsS3 from P3M ...          OK [80.7 Kb in 1.1s]
- Downloading R.oo from P3M ...                 OK [972.7 Kb in 0.97s]
- Downloading R.utils from P3M ...              OK [1.4 Mb in 1.1s]
Successfully downloaded 46 packages in 70 seconds.

The following package(s) will be installed:
- backports      [1.5.0]
- brew           [1.0-10]
- callr          [3.7.6]
- cli            [3.6.3]
- collections    [0.3.7]
- commonmark     [1.9.1]
- cpp11          [0.5.0]
- crayon         [1.5.3]
- cyclocomp      [1.1.1]
- desc           [1.4.3]
- digest         [0.6.37]
- evaluate       [0.24.0]
- fs             [1.6.4]
- glue           [1.7.0]
- highr          [0.11]
- jsonlite       [1.8.8]
- knitr          [1.48]
- languageserver [REditorSupport/languageserver]
- lazyeval       [0.2.2]
- lifecycle      [1.0.4]
- lintr          [3.1.2]
- magrittr       [2.0.3]
- pkgbuild       [1.4.4]
- pkgload        [1.4.0]
- processx       [3.8.4]
- ps             [1.7.7]
- purrr          [1.0.2]
- R.cache        [0.16.0]
- R.methodsS3    [1.8.2]
- R.oo           [1.26.0]
- R.utils        [2.12.3]
- R6             [2.5.1]
- remotes        [2.5.0]
- rex            [1.2.1]
- rlang          [1.1.4]
- roxygen2       [7.3.2]
- rprojroot      [2.0.4]
- stringi        [1.8.4]
- stringr        [1.5.1]
- styler         [1.10.3]
- vctrs          [0.6.5]
- withr          [3.0.1]
- xfun           [0.47]
- xml2           [1.3.6]
- xmlparsedata   [1.0.5]
- yaml           [2.3.10]
These packages will be installed into "~/R/x86_64-pc-linux-gnu-library/4.4".

Is this the intended behavior?

The documentation on how to set up the Github credentials is a bit confusing, I admit. For example, here. you seem to recommend the use of GITHUB_PAT, here reads like username + password is recommended, but then you also write

For packages installed from Git remotes, renv will attempt to use git from the command line to download and restore the associated package. Hence, it is recommended that authentication is done through SSH keys when possible.

Finally, it is not mentioned that you can authenticate to Github via browser when using git-credential-manager, without the need of creating a PAT first. This makes things much easier.

image

JackCaster commented 2 months ago

I opened an issue in the usethis repo to improve the doc on their side too: https://github.com/r-lib/usethis/issues/2051

kevinushey commented 2 months ago

It could probably be made more clear, but renv is differentiating between "github" remotes and plain "git" remotes here. It looks like you're using "github" remotes here?

When installing packages from GitHub using the "github" remote style, e.g. renv::install("user/repo"), we explicitly set an Authorization header with the relevant access token. This is retrieved either from the GITHUB_PAT environment variable, or (if it's installed) the gitcreds package, which we use to request the relevant credentials.

Packages from git remotes are typically installed using something like renv::install("git::git@github.com:user/repo.git"). In this scenario, renv uses git from the command line to fetch the required sources. In this case, having authentication keys set up should make the process smoother, since git can then handle everything for us behind the scenes. This is where the recommendation for SSH + available keys comes from.

JackCaster commented 2 months ago

Thanks! True, I may confuse git and Github. And yes, in this specific case I mean a Github repository!

When installing packages from GitHub using the "github" remote style, e.g. renv::install("user/repo"), we explicitly set an Authorization header with the relevant access token. This is retrieved either from the GITHUB_PAT environment variable, or (if it's installed) the gitcreds package, which we use to request the relevant credentials.

This is where I am confused. I can install remote packages, despite not having GITHUB_PAT nor gitcreds. But I do have my credentials in the credential manager stored via the browser authentication (if I do install gitcreds, they will be shown). That warning message by renv should perhaps not be shown in this scenario?

kevinushey commented 2 months ago

I can install remote packages, despite not having GITHUB_PAT nor gitcreds. But I do have my credentials in the credential manager stored via the browser authentication (if I do install gitcreds, they will be shown). That warning message by renv should perhaps not be shown in this scenario?

It's possible, but my guess is that you might run into GitHub API rate limits since renv isn't seeing your tokens in this scenario. (Unless you're using a private GitHub repository, in case I'm obviously wrong!)