-
Notifications
You must be signed in to change notification settings - Fork 27
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Evaluate token source lazily #16
Comments
This makes it very hard to load project in any IDE |
I think the problem is that you also need the token in order to run |
This plugin can be used in three ways:
I understand what you said and I think that applies to second and third case where github token is mandatory even for And this issue is especially for the first case where one can just want to have that github token configured on CI machine from where packages are published. Which means for normal developer workflow this setting is not required. |
Yeah the token is definitely needed even in the second case. So basically the fact that you need to have a token regardless of how you're using the plugin was what led me to make it mandatory. I think for the normal developer, I would expect their own personal token would be the one configured in their environment somewhere. Obviously, environment variables don't interact particularly well with most IDEs, so adding a different source for the token is probably the right way to go. Like, I don't actually use an IDE, so I don't know what would work best, but almost anything should be supportable. Like, we could have a file on the system where it's read, or we could rely on the git config (e.g. |
FYI: On my Ubuntu machine I just put
in |
I was coming more of from third party users who are not primary authors of code base. They just want to clone, run tests or some tasks to generate some management related reports which does not have to do with publish. More than that they should not misconfigure tokens with write permissions and accidentally publish. To give an example, my team maintains code base but our client frequently takes a pull and run tests, generate report. Asking them to generate and configure tokens may be little inconvenient. I personally like to clone third party repos, play with it, make changes and run tests. But if i have to setup github tokens in order to do that seems bit strict unless it is necessary. |
I am not sure keeping github token as a global env variable on a developer machine would be good idea, may be it is! |
I am self-employed, I am the only one using the workstation. So I am ok with it. |
Ahhhhh, you're getting at the case where a project is published to GitHub Packages, but all of its dependencies are on Maven Central. In that case, a token isn't necessary because nothing needs to resolve and no publication will be performed. This is a valid case to consider, I think. I guess the question would be whether that case is worth complicating the plugin by using a |
Thats correct. I would say if plugin uses
I would also add that github packages is at very initial stage at the moment, and not lot of packages available in github registry, hence its possible that most of the projects will just publish there packages to github registry but don't consume anything from there (I bet this will change in the future though!) My only concern evaluating this property eagerly is that, people who are not familiar with |
To be clear, we're already using a So the problem with swapping to a |
Currently with default settings, sbt fails to load project because it expects
GITHUB_TOKEN
env variable to be set.In my opinion, ideally it should get evaluated when it is necessary i.e. at the time of
sbt publish
The text was updated successfully, but these errors were encountered: