Skip to content

Commit

Permalink
Fix: Use "stable" URL for downloading GitHub release assets
Browse files Browse the repository at this point in the history 
Using the url of the assets json response returns different data with
every request. This URL is therefore unstable and every downloaded file
will have a different hash su,m. For being able to create signature we
need a stable API that returns the same data with every request.
Therefore don't use the url property from the json response and instead
the browser_download_url which is stable.
  • Loading branch information
@bjoernricks
bjoernricks committed Jul 4, 2023
1 parent e760716 commit 974a554
Show file tree
Hide file tree
Showing 2 changed files with 8 additions and 5 deletions.
5 changes: 4 additions & 1 deletion pontos/github/api/release.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -269,7 +269,10 @@ async def download_asset(name: str, download_cm) -> Path:

assets_json = response.json()
for asset_json in assets_json:
asset_url: str = asset_json.get("url", "")
# use browser_download_url here because url doesn't response with
# exactly the same data on every request.
# not getting exactly the same data changes the hash sum.
asset_url: str = asset_json.get("browser_download_url", "")
name: str = asset_json.get("name", "")

if match_pattern and not Path(name).match(match_pattern):
Expand Down
8 changes: 4 additions & 4 deletions tests/github/api/test_release.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -291,8 +291,8 @@ async def test_download_release_assets(self):
get_assets_url_response.json.return_value = data
get_assets_response = create_response()
get_assets_response.json.return_value = [
{"url": "http://bar", "name": "bar"},
{"url": "http://baz", "name": "baz"},
{"browser_download_url": "http://bar", "name": "bar"},
{"browser_download_url": "http://baz", "name": "baz"},
]
response = create_response(headers=MagicMock())
response.headers.get.return_value = 2
Expand Down Expand Up @@ -381,8 +381,8 @@ async def test_download_release_assets_filter(self):
get_assets_url_response.json.return_value = data
get_assets_response = create_response()
get_assets_response.json.return_value = [
{"url": "http://bar", "name": "bar"},
{"url": "http://baz", "name": "baz"},
{"browser_download_url": "http://bar", "name": "bar"},
{"browser_download_url": "http://baz", "name": "baz"},
]
response = create_response(headers=MagicMock())
response.headers.get.return_value = 2
Expand Down

0 comments on commit 974a554

Please sign in to comment.