How to download a private GitHub repository ZIP via API

June 10, 2020 | 2 minutes

As you may know from one of my recent blog posts, the blog you’re reading is a collection of Markdown and Hugo artifacts that, when ‘compiled’ with Hugo, creates a wonderfully lightweight website hosted out of AWS S3. My biggest gripe with my documented deployment from GitHub to S3 was the dependency on the GitHub repo being public. Anyone could see my published and unpublished content. As I’ve been spending quite a bit of time writing new posts, I wanted to protect the repo but still deploy the site automatically as I do now in AWS Lambda.

To download the ZIP ball of a branch programmatically, you first need a “Personal Access Token” generated under your GitHub account settings. The minimum required privileges for the Personal Access Token is repo, which includes:

repo - Full control of private repositories
- repo:status - Access commit status
- repo_deployment - Access deployment status
- public_repo - Access public repositories
- repo:invite - Access repository invitations
- security_events - Read and write security events

I’ve tested deselecting any combination of these privileges and can’t cut it down further. So this will have to do. Once you have the token, store it securely, you will need to regenerate it if you misplace it. In the real world, you should be rotating the token.

With the token now available to us, we can start testing it using curl to fetch the ZIP file:

curl -H "Authorization: token $token" -L https://api.github.com/repos/$org/$repo/zipball/master > master.zip

Or, if you’re in my shoes and need it in Python (Yes, I’m aware that $variable is not valid):

http = urllib3.PoolManager()
r = http.request('GET', "https://api.github.com/repos/$org/$repo/zipball/master", preload_content=False, headers={'Authorization': "token " + $token})
with open("/tmp/master.zip", 'wb') as out:
    while True:
        data = r.read(64)
        if not data:
            break
        out.write(data)
r.release_conn()

That’s it! The above Python excerpt was from my Lambda function (minus a few tweaks and replacement of variables). I’ll be putting up another post on using this in a Lambda function to build Hugo sites to compliment my previous posts.

Share this on:

About Stellios Williams

Senior Cloud Solutions Architect - Service Providers VMware

This is my personal tech related blog for anything private and public cloud - including homelabs! My postings are my own and don’t necessarily represent VMware’s positions, strategies or opinions. Any technical guidance or advice is given without warranty or consideration for your unique issues or circumstances.

Contact

Comments

comments powered by Disqus

Latest Posts

Tweets by TheNewStellW

Popular Tags

vmware63 vrealize-suite19 vsphere19 how-to17 vcloud-director12 professional-development10 aws8 certificates8 vrealize-orchestrator7 github6 hugo6 lambda6 tanzu6 vcd6 vcenter6 blog5 s35 homelab4 python4 tanzu-kubernetes-grid4 tkg4 tkgm4 vmware-cloud-director4 vrealize-automation4 vrealize-suite-lifecycle-manager4 api3 api-gateway3 automation3 container-service-extension3 cse3 csp-cloud-builder3 esxi3 javascript3 kubernetes3 pfsense3 powercli3 psc3 upgrade3 vcsa3 velero3 vrealize-log-insight3 vrealize-operations-manager3 vrealize-saltstack-config3 azure2 cassandradb2 certification2 cloud-director2 dns2 hardware2 microsoft2 packer2 rest2 saltstack2 storage2 swagger2 telegraf2 vcd-10.4.12 vcd-10.52 vcloud-availability2 vcp2 vrealize-operations2 active-directory1 adfs1 alp1 app-launchpad1 automator1 blueprints1 bmc1 certificate-authority1 cisco-aci1 clarityui1 cloud-init1 converter1 cpu1 custom-resource1 dell1 docker1 draas1 federation1 firmware1 freebsd1 freenas1 gcp1 ipmi1 ipsec1 json1 macos1 network1 nodejs1 nsx1 opensource1 ova1 postman1 quanta1 route531 saml1 self-hosted1 ubuntu1 utilities1 vcenter-server1 vcloud1 vcpp1 vexpert1 vidm1 virtual-network-gateway1 vmware-identity-manager1 vpn1 vrli1 vro1 vsan1 vvols1 windows-server1 wordpress1