Move bin/lein release script to downloading from non-github #4

New Issue

Open

opened 2022-08-05 18:54:25 +00:00 by technomancy · 4 comments

technomancy commented

2022-08-05 18:54:25 +00:00

Owner

Unfortunately codeberg release download URLs are not predictable: https://codeberg.org/attachments/60dddfb3-74f1-4177-945a-a4ccfe8f7d88

This means we can't update bin/lein with the URL before tagging the release.

We will need to find another way to do this. One option is to host on https://leiningen.org but this opens up possibilities for attack vectors which we haven't had to worry about in the past.

Unfortunately codeberg release download URLs are not predictable: https://codeberg.org/attachments/60dddfb3-74f1-4177-945a-a4ccfe8f7d88 This means we can't update `bin/lein` with the URL before tagging the release. We will need to find another way to do this. One option is to host on https://leiningen.org but this opens up possibilities for attack vectors which we haven't had to worry about in the past.

wink commented

2022-08-05 19:14:00 +00:00

Ugh, those unpredictable urls are a real bummer, sounds like not thinking through any kind of automation at first glance :(

technomancy commented

2022-08-10 00:13:01 +00:00

Poster

Owner

Since #5 is a very serious problem, I think we will have to wait on this and not fix it in 2.9.10.

esuomi commented

2022-08-10 13:14:40 +00:00

Gitea has an API for getting specific release by tag:

/repos/{owner}/{repo}/releases/tags/{tag}

https://codeberg.org/api/swagger#/repository/repoGetReleaseByTag

So for example 2.9.9 is https://codeberg.org/api/v1/repos/leiningen/leiningen/releases/tags/2.9.9 which returns bunch of JSON with links to attachments.

Gitea has an API for getting specific release by tag: ``` /repos/{owner}/{repo}/releases/tags/{tag} ``` https://codeberg.org/api/swagger#/repository/repoGetReleaseByTag So for example 2.9.9 is `https://codeberg.org/api/v1/repos/leiningen/leiningen/releases/tags/2.9.9` which returns bunch of JSON with links to attachments.

technomancy commented

2022-08-10 15:24:23 +00:00

Poster

Owner

Aha; so it looks like there is a URL for what we need. It's just not exposed anywhere other than the API.

I still want to get the 2.9.10 release out first since it's very urgent, but we can switch the bin script over for the following release.

Aha; so it looks like there is a URL for what we need. It's just not exposed anywhere other than the API. I still want to get the 2.9.10 release out first since it's very urgent, but we can switch the bin script over for the following release.