name: kemal_app
version: 0.1.0
authors:
- IOM <>
targets:
kemal_app:
main: src/app.cr
crystal: 0.32.1
license: MIT
dependencies:
kemal:
github: kemalcr/kemal
spec-kemal:
github: kemalcr/spec-kemal
branch: master
accord:
github: neovintage/accord
denetmen:
github: izniburak/denetmen
sentry:
github: samueleaton/sentry
branch: master
kemal-session:
github: kemalcr/kemal-session
pg:
github: will/crystal-pg
kemal-pg:
github: sdogruyol/kemal-pg
raven:
github: Sija/raven
$ shards install
Fetching https://github.com/kemalcr/kemal.git
Fetching https://github.com/luislavena/radix.git
Fetching https://github.com/jeromegn/kilt.git
Fetching https://github.com/crystal-loot/exception_page.git
Fetching https://github.com/kemalcr/spec-kemal.git
Fetching https://github.com/neovintage/accord.git
Fetching https://github.com/izniburak/denetmen.git
Fetching https://github.com/samueleaton/sentry.git
Fetching https://github.com/kemalcr/kemal-session.git
Fetching https://github.com/will/crystal-pg.git
Fetching https://github.com/crystal-lang/crystal-db.git
Fetching https://github.com/sdogruyol/kemal-pg.git
Fetching https://github.com/ysbaddaden/pool.git
Fetching https://github.com/Sija/raven.git
Username for 'https://github.com':
after adding:
raven:
github: Sija/raven
That repo doesn't exist. Did you mean Sija/raven.cr?
It leads to a 404. Check with Sija/raven.cr
The mistake is relatively easy to spot, but it's still questionable if shards should ask for passwords. The general idea should be that shards works without any user input.
It's a pity that GitHub doesn't immediately respond that a repo wasn't found but asks for credentials instead.
To mitigate this, we could set GIT_ASKPASS to false
It's a pity that GitHub doesn't immediately respond that a repo wasn't found but asks for credentials instead.
They do this to avoid disclosing if a repo exists at all when it's private. If everything returns 403, you can't tell if anything private exists at all.
Some private shards might need this password feature too, though i'd be fine with only supporting ssh keys for this.
I know why they're doing this and it's probably best for their use case. But for our's it would be better to tell whether a repo exists or not ;)
Some private shards might need this password feature
Yes. It shouldn't ask for passwords interactively, though. This would not work with remote installs.
At least not by default. I'm not too familiar with these git options, but I assume setting GIT_ASKPASS to false should be sufficient. In case you need this behaviour, you could still set it to something else (so shards should not override the value).
Most helpful comment
The mistake is relatively easy to spot, but it's still questionable if
shardsshould ask for passwords. The general idea should be thatshardsworks without any user input.It's a pity that GitHub doesn't immediately respond that a repo wasn't found but asks for credentials instead.
To mitigate this, we could set
GIT_ASKPASSto false