From 5f26594590190422813db0a95bde84be3af070e0 Mon Sep 17 00:00:00 2001
From: Jon Turney <jon.turney@dronecode.org.uk>
Date: Sat, 23 Mar 2024 14:11:36 +0000
Subject: [PATCH] Don't add Authorization header to redirected download request

Don't add Authorization header to redirected GitHub artifact download
request. It seems that the place upload-artifacts@v4 now stores things
doesn't like being given an unnecessary Authorization header.

Also: Log any error response to these requests
Also: provide a simple way to test examine_run_artifacts
---
 fetch.py |  5 +++--
 gh.py    | 14 ++++++++++++--
 2 files changed, 15 insertions(+), 4 deletions(-)

diff --git a/fetch.py b/fetch.py
index 2068df0..048aa42 100755
--- a/fetch.py
+++ b/fetch.py
@@ -63,14 +63,15 @@ def fetch():
                     req = urllib.request.Request(url)
 
                     if backend == 'github':
-                        req.add_header('Authorization', 'Bearer ' + gh_token.fetch_iat())
+                        req.add_unredirected_header('Authorization', 'Bearer ' + gh_token.fetch_iat())
 
                     _LOGGER.info('fetching %s' % url)
 
                     try:
                         with urllib.request.urlopen(req, timeout=60) as response:
                             shutil.copyfileobj(response, tmpfile)
-                    except (socket.timeout, urllib.error.URLError):
+                    except (socket.timeout, urllib.error.URLError) as e:
+                        logging.info("archive download response %s" % e)
                         incomplete = True
                         break
 
diff --git a/gh.py b/gh.py
index f81204e..134a846 100644
--- a/gh.py
+++ b/gh.py
@@ -41,7 +41,7 @@ def examine_run_artifacts(wfr_id, u):
         if a['name'] == 'metadata':
             url = a['archive_download_url']
             req = urllib.request.Request(url)
-            req.add_header('Authorization', 'Bearer ' + gh_token.fetch_iat())
+            req.add_unredirected_header('Authorization', 'Bearer ' + gh_token.fetch_iat())
 
             # occasionally, the metadata file is 404, despite appearing in the
             # list of artifacts. it seems we need to wait a little while after
@@ -49,7 +49,8 @@ def examine_run_artifacts(wfr_id, u):
             # again later.
             try:
                 response = urllib.request.urlopen(req)
-            except urllib.error.URLError:
+            except urllib.error.URLError as e:
+                logging.info("metadata download REST API response %s" % e)
                 break
 
             # fetch to a temporary file as zipfile needs to seek
@@ -83,3 +84,12 @@ def examine_run_artifacts(wfr_id, u):
     # if we couldn't retrieve, or didn't find the metadata file in the workflow
     # artifacts, try again later
     return found_metadata
+
+
+if __name__ == '__main__':
+    import sys
+    import types
+
+    u = types.SimpleNamespace()
+    examine_run_artifacts(sys.argv[1], u)
+    print(u)