Don't include HTTP headers from GitHub API request in redirected artifact download request #83
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…fact download request
In the use case where the "arduino/report-size-deltas" action is ran from a GitHub Actions workflow triggered by a
`schedule` event, it downloads the sketches report file from a workflow artifact.
The GitHub REST API is used to perform this artifact download. The artifact download process is:
1. Action sends request to `/repos/{owner}/{repo}/actions/artifacts/{artifact_id}/{archive_format}` endpoint
2. API responds with HTTP 302 status
3. Action sends request to temporary file download URL provided by the API response
4. Artifact file is downloaded
The API request at step (1) must be authenticated using a GitHub access token. This token is passed via the
`Authorization` HTTP header in the request.
No authentication is required for the download request at step (3).
The `urllib.request` Python module is used to perform the HTTP requests. By default, this module passes the headers from
the original request to the redirect request.
Although these headers were superfluous, they didn't affect the download request when the target artifact was of the v1
format generated by version 3.x and earlier of the "actions/upload-artifact" action. A new v2 artifact format was
introduced in the 4.0.0 release of the "actions/upload-artifact" action. Previously, the request at step (3) of the
artifact download procedure would fail when the target artifact had the v2 format:
```
urllib.error.HTTPError: HTTP Error 400: Authentication information is not given in the correct format. Check the value of Authorization header.
Error: HTTPError: HTTP Error 400: Authentication information is not given in the correct format. Check the value of Authorization header.
<?xml version="1.0" encoding="utf-8"?><Error><Code>InvalidAuthenticationInfo</Code><Message>Authentication information is not given in the correct format. Check the value of Authorization header.
RequestId:1f13170a-001e-0076-5f5d-4e8d15000000
Time:2024-01-24T00:35:22.8264229Z</Message></Error>
```
The cause of the failure was the inclusion of the `Authorization` HTTP header in the download request. The
`urllib.request` Python module can be configured to pass a header in the original request but not in the redirected
request by defining the header via the `Request.add_unredirected_header` method instead of in the `Request`
instantiation. This provides compatibility for using the action with v2 format artifacts.
per1234
added
type: imperfection
Codecov ReportAll modified and coverable lines are covered by tests ✅
Additional details and impacted files@@ Coverage Diff @@
## main #83 +/- ##
=========================================
Coverage 100.00% 100.00%
=========================================
Files 2 2
Lines 745 752 +7
=========================================
+ Hits 745 752 +7 ☔ View full report in Codecov by Sentry. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
In the use case where the arduino/report-size-deltas action is ran from a GitHub Actions workflow triggered by a
scheduleevent, it downloads the sketches report file from a workflow artifact.The GitHub REST API is used to perform this artifact download. The artifact download process is:
/repos/{owner}/{repo}/actions/artifacts/{artifact_id}/{archive_format}endpointThe API request at step (1) must be authenticated using a GitHub access token. This token is passed via the
AuthorizationHTTP header in the request.No authentication is required for the download request at step (3).
The
urllib.requestPython module is used to perform the HTTP requests. By default, this module passes the headers from the original request to the redirect request.Although these headers were superfluous, they didn't affect the download request when the target artifact was of the v1 format generated by version 3.x and earlier of the actions/upload-artifact action. A new v2 artifact format was introduced in the 4.0.0 release of the actions/upload-artifact action. Previously, the request at step (3) of the artifact download procedure would fail when the target artifact had the v2 format:
https://github.com/arduino/report-size-deltas/actions/runs/7633691244/job/20796387110#step:3:164
The cause of the failure was the inclusion of the
AuthorizationHTTP header in the download request. Theurllib.requestPython module can be configured to pass a header in the original request but not in the redirected request by defining the header via theRequest.add_unredirected_headermethod instead of in theRequestinstantiation. This provides compatibility for using the action with v2 format artifacts.