Github Workflow (Yeah another one, but with more security)

[willfarrell]

I've tried a few github workflows. Most don't have user auth built in, or if they did, sent the password in the request (which is not secure!). So I build a new one with a few more features and followed Githubs best practices for auth security. Hope everyone likes it. If you'd like other APIs support just let me know.

 

https://github.com/willfarrell/alfred-github-workflow

 

[vitor]

The download link is wrong (linking to a blank workflow).

[willfarrell]

Thanks! Fixed

[raguay.customct]

On the setting your password script, you need to surround the {query} with quotes. It currently doesn't and bombs out on my password, which uses symbols, number, and letters.

[willfarrell]

Thanks raguay. Version 1.1 just release with a bug fix for that.

[perifer]

Github has good options for authorisation that don't require a password. Are there not any Github workflow that for example uses 

 

https://help.github.com/articles/creating-an-access-token-for-command-line-use or http://developer.github.com/v3/oauth/#non-web-application-flow ?

 

Have you looked at those options ?

Edited October 4, 2013 by perifer

[perifer]

I just realised that a command line token (https://help.github....ommand-line-use) can be used right now. Great!

Edited October 4, 2013 by perifer

[willfarrell]

I didn't see that token option. I'll add that option to the documentation for the next version.

 

I looked into the OAuth option but the flow for a beginner user to set it up isn't very simple, and can be long. I have a few more idea to try to improve the login process to make it more secure.

 

Thanks again for the token link

[tsigo]

So why, after installing and authorizing this workflow, did it automatically star every one of your workflow repos without telling me, much less asking me?

[willfarrell]

Shit. I was testing out a starring feature on my local workflow inside of test and must of got pushed when I did a bug fix.  I'll re-export my workflow when I get home later tonight. Thanks for the catch, will include a remove all for those who already ran the test. Apologies to anyone who this affected. Look for version bump soon with fix. Thanks @tsigo for reporting this.

[tsigo]

Glad to hear it was an honest mistake. No harm done.

[politicus]

That is a amazing workflow! Already loving it. 

 

One thing I found "funny" is adding my password not hidden -> notification "Set Alfred Github password ***********".

 

Is there a way to hide what I am typing in Alfred? 

[vitor]

Is there a way to hide what I am typing in Alfred?

Unlikely, since Alfred is not really geared towards typing passwords in the input. For this workflow, you should really only need to set it once (even if you use it across multiple Macs), though.

[rice.shawn]

This looks great, although it doesn't show my private repositories. Any clue how to make those show up?

[willfarrell]

@politicus: like @vitor said, Alfred doesn't support password text type. If you're in a situation where someone is looking over your shoulder all the time then you can alternatively enter a Github Application Token. Hope this helps.

 

@Shawn Rice: I don't think there is an API for that yet. http://developer.github.com/v3/gists/#list-gists

[politicus]

@willfarell no problem at all with this.

I was just joking. WelI, trying 

[rice.shawn]

I just looked at the api quickly (I had looked at it a while ago). I think it's there, but under the "scope" part of the query. If I manage to get some time in a the few days, I'll look to see how your workflow is sending the query and see if I can alter it to get the desired results. If I get it to work, then I'll post the code here as a suggested change.