从私人 GitHub 存储库更新 WordPress 主题/插件
背景
我正在为我的 WordPress 网站开发一个自定义主题,我想从私人 GitHub 存储库进行管理。 (这个主题永远不会被推入 WordPress 市场)总体想法是,我使用存储库来管理代码,然后一旦我标记新版本,该标记就会触发 WordPress 主题的更新。
我使用以下内容作为模板来使用此模式:
https://github.com/krafit/wp-gitlab-updater
(是的,我知道该存储库适用于 Gitlab,而不是 GitHub)
由于我的存储库是私有的,因此我需要生成一个用户令牌以允许更新主题。而且由于用户令牌能够访问我所有的私人存储库,因此从安全角度来看,与另一个插件共享用户令牌的想法是令人不安的。 (意思是,我使用这样的插件感到不舒服: https://github.com/afragen/git- updater)
问题
问题是 GitHub 有 已弃用使用 access_token 作为查询字符串参数,因此所有令牌都必须作为 Authorization 标头发送。
如何将授权标头添加到 WordPress 发送的下载工件的请求中?
我尝试过的方法
当我检查新标签时,我使用代码:
protected function fetch_tags_from_repo( $git_url, $repo, $access_token ) {
$request_url = "$git_url/repos/$repo/tags?access_token=$access_token";
$args = [
"headers" => [
"Accept" => "application/vnd.github.v3+json",
"Authorization" => "token " . $access_token
]
];
$request = wp_safe_remote_get( $request_url, $args );
return $request;
}
这可以正常工作,没有任何问题。但是...
在 pre_set_site_transient_update_themes 挂钩期间,我返回一个如下所示的对象:
$transient->response[ $theme['name'] ]['theme'] = $theme['name'];
$transient->response[ $theme['name'] ]['new_version'] = $latest_version;
$transient->response[ $theme['name'] ]['package'] = $theme_package;
问题是,我无法将 Authorization 标头添加到瞬态响应对象。因此,当 WP 稍后尝试下载该工件时,它会失败。
注意:
$theme_package字符串是一个 URL,如下所示:$theme_package = "$git_url/repos/$repo/zipball/refs/tags/$latest_version";
感谢您的支持,谢谢!
Background
I am working on a custom theme for my WordPress site which I would like to manage from a private GitHub repo. (This theme will never be pushed into the WordPress market place) The general idea would be that I use the repo to manage the code and then once I tag a new version, the tag would trigger an update for the WordPress theme.
I have this pattern working using the following as a template:
https://github.com/krafit/wp-gitlab-updater
(Yes, I know the repo is for Gitlab and not GitHub)
Since my repo is private, I will need to generate a user token to allow the theme to be updated. And because the user token is capable of accessing all my private repos, the idea of sharing the user token with another plugin is discomforting from a security standpoint. (Meaning, I'm uncomfortable using a plugin like: https://github.com/afragen/git-updater)
Question
The problem is that GitHub has deprecated the use of access_token as a query string parameter, so all tokens must be sent over as an Authorization header.
How do I add an authorization header to the request WordPress sends to download the artifact?
What I've Tried
When I check for new tags I use the code:
protected function fetch_tags_from_repo( $git_url, $repo, $access_token ) {
$request_url = "$git_url/repos/$repo/tags?access_token=$access_token";
$args = [
"headers" => [
"Accept" => "application/vnd.github.v3+json",
"Authorization" => "token " . $access_token
]
];
$request = wp_safe_remote_get( $request_url, $args );
return $request;
}
This works without any issues. However...
During the pre_set_site_transient_update_themes hook I return an object that looks like:
$transient->response[ $theme['name'] ]['theme'] = $theme['name'];
$transient->response[ $theme['name'] ]['new_version'] = $latest_version;
$transient->response[ $theme['name'] ]['package'] = $theme_package;
The problem is, I have no way of adding an Authorization header to the transient response object. Therefore, when WP later tries to download the artifact, it fails.
Note: The
$theme_packagestring is a URL which looks like:$theme_package = "$git_url/repos/$repo/zipball/refs/tags/$latest_version";
Any support appreciated, thank you!
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
从 GitHub 中弹出并使用 Gitlab,因为它们仍然支持
access_token作为标头。他们有无限的免费私人存储库 <5GB 存储空间。Eject from GitHub and use Gitlab because they still support
access_tokenas a header. They have unlimited free private repos <5gb storage.如果您计划使用许可证分发私有存储库,我建议您不要在脚本中公开您的访问凭据。
相反,您应该将 GitHub PHP API 与您在存储库设置中设置的 SSH 密钥或在存储库上授予访问权限的 GitHub 应用程序一起使用。
这是一个可靠的 SDK 起点:
https://github.com/KnpLabs/php-github -api
或者,正如您在答案中建议的那样,可以使用第三方服务代表您管理凭据。
Gitlab 是一个不错的通用且低成本的选择,但如果您正在寻找专门用于 WordPress 开发的东西,我推荐 WP 包编辑器 (WP2E )
除此之外,该服务使用注册的 GitHub 应用程序从公共/私有 GitHub 存储库中提取最新版本:
https://github.com/marketplace/wp-package-editor
这是引用自 有关如何使用 GitHub 实现的文档:
将脚本成功导入到存储库库并稍后作为安装程序依赖项进行同步,有 4 个条件:
If you are planning to distribute the private repo with a license I recommend you not to expose your access credentials in the script.
Instead you should use the GitHub PHP API together with a SSH Key that you setup in your repo settings or a GitHub App with access permission granted on your repo.
Here is a solid SDK to start from:
https://github.com/KnpLabs/php-github-api
Alternatively as you suggested it in your answer, a third party service could be used to manage the credentials on your behalf.
Gitlab is a nice generic and low cost option but if you are looking for something dedicated to Wordpress development I recommend WP Package Editor (WP2E)
Among other things the service uses a registered GitHub App to pull the latest version from public / private GitHub repositories:
https://github.com/marketplace/wp-package-editor
This is quoted from the documentation regarding how it is implemented with GitHub:
For a script to be successfully imported to the library of repositories and later be synchronized as an installer dependency there are 4 conditions :