Added GitHub Enterprise and Private GitHub support

[chp9-u]

A naive and working attempt to support both Github Enterprise Private and GitHub Private Repositories

[welcome]

Welcome! Congrats on your first pull request to Jekyll Remote Theme. If you haven't already, please be sure to check out the contributing guidelines.

[chp9-u]

resolves #81

[stale]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

[benbalter]

I'd be curious to learn more about what workflow you're trying to solve for here. Enterprise Server support was added in #53.

[benbalter]

Given that this is explicitly called out in the documentation, I'd be hesitant to create a workflow that requires committing the secret to the repository. Could we use an environmental variable as suggested?

[chp9-u]

I fully agree that specifying an environment variable here would prevent "hardcoding" any credentials which can be a security hazard. Unfortunately, unless some changes are done on the server side to allow the GitHub Pages to specify credentials for a privately hosted themes, this was the easiest way to solve the issue.

[qwtel]

So does this mean that there is no way for GitHub Secrets to be accessed in the GitHub Pages environment?

[benbalter]

Why would a user need to be able to specify custom headers?

[chp9-u]

To allow downloading a private hosted theme and additional headers required in a large organization.

[benbalter]

Can you describe the change here? I'm having trouble following.

[chp9-u]

It takes the remote_headers from the configuration file and ensures that the custom headers are passed to the request of the download of the remote_theme. I had to reorganize the download function code for readability and usability.

More details are provided with additional comments of the relevant code.

[benbalter]

As currently written, this is an anti-abuse mechanism, which it looks like this change removes. In an untrusted environment, a malicious actor could request a remote theme from a malicious Git server, leading to a denial of service or other attack. How would we limit hosts in untrusted environments?

[chp9-u]

The problem for us is that since we are using custom DNS, privately hosted repos, the themes are not hosted on any of theses endpoints.

[chp9-u]

I'd be curious to learn more about what workflow you're trying to solve for here. Enterprise Server support was added in #53.

We are hosting our GitHub Enterprise Server (2.21) with a custom internal DNS so it is not using the default github.<enterprise>.com. Our themes repos are also hosted internally and forced to be private by the administrators. Since we can't access anything on the server side, including the process of generating jekyll pages (we are a large organization), we can't rely on environment variables to pass the token to download the theme.

[chp9-u]

According to the GitHub API documentation, host "api.github.com" and rest endpoint "zipball" is the proper endpoint for getting the repository archive zip file. As per the documentation, this requires support for redirections.

Using "archive" should extend the the support to other git private repository such as gitlab and still work for github repos.

[chp9-u]

Reorganizing code for better readability and usability

[chp9-u]

Create a request including the remote_headers configuration provided to the downloader

[chp9-u]

Reading the archive file from the server as per the download code above

[chp9-u]

Our organization is using a custom DNS, and the REST Api are creating some redirections. This new download code supports HTTP Redirections to a maximum of 10 hops.