Rewrite so that brew automatically base64 encode the API token

And adjusting the documentation to match

Library/Homebrew/brew.sh

@@ -958,6 +958,11 @@ then
 elif [[ -n "${HOMEBREW_DOCKER_REGISTRY_BASIC_AUTH_TOKEN}" ]]
 then
  export HOMEBREW_GITHUB_PACKAGES_AUTH="Basic ${HOMEBREW_DOCKER_REGISTRY_BASIC_AUTH_TOKEN}"
+elif [[ -n "${HOMEBREW_GITHUB_API_TOKEN}" ]]
+then
+ HOMEBREW_GITHUB_PACKAGES_AUTH="Bearer $(base64 <<<"${HOMEBREW_GITHUB_API_TOKEN}")"
+ export HOMEBREW_GITHUB_PACKAGES_AUTH
+
 else
  export HOMEBREW_GITHUB_PACKAGES_AUTH="Bearer QQ=="
 fi

Library/Homebrew/env_config.rb

@@ -168,15 +168,6 @@ module EnvConfig
  description: <<~EOS,
  Use this bearer token for authenticating with a Docker registry proxying GitHub Packages.
  Preferred over `HOMEBREW_DOCKER_REGISTRY_BASIC_AUTH_TOKEN`.
-
- *Note:* when authenticating against ghcr.io, \
- the `HOMEBREW_DOCKER_REGISTRY_TOKEN` must be a base64 \
- encoded GitHub Personal Access Token (PAT).
-
- *For example:*
- ```bash
- export HOMEBREW_DOCKER_REGISTRY_TOKEN=$(base64<<<$(git config github.token))
- ```
  EOS
  default_text: "`QQ==` unless `HOMEBREW_DOCKER_REGISTRY_BASIC_AUTH_TOKEN` is set.",
  },
@@ -251,12 +242,20 @@ module EnvConfig
  default: "git",
  },
  HOMEBREW_GITHUB_API_TOKEN: {
- description: "Use this personal access token for the GitHub API, for features such as " \
- "`brew search`. You can create one at <https://github.com/settings/tokens>. If set, " \
- "GitHub will allow you a greater number of API requests. For more information, see: " \
- "<https://docs.github.com/en/rest/overview/rate-limits-for-the-rest-api>" \
- "\n\n *Note:* Homebrew doesn't require permissions for any of the scopes, but some " \
- "developer commands may require additional permissions.",
+ description: <<~EOS,
+ Use this personal access token for the GitHub API, for features such as `brew search`.
+ You can create one at <https://github.com/settings/tokens>.
+ If set, GitHub will allow you a greater number of API requests.
+ For more information, see: "<https://docs.github.com/en/rest/overview/rate-limits-for-the-rest-api>"
+
+ *Note:* Homebrew doesn't require permissions for any of the scopes,
+ but some developer commands may require additional permissions.
+
+ *Note:* If set, this token will also be used to authenticating against `ghcr.io` unless
+ `HOMEBREW_DOCKER_REGISTRY_TOKEN` or `HOMEBREW_DOCKER_REGISTRY_BASIC_AUTH_TOKEN` has been set.
+ In this case, the token will require the `packages` permission to be set.
+ `HOMEBREW_GITHUB_PACKAGES_TOKEN` is not used for this permission, but only for uploading packages.
+ EOS
  },
  HOMEBREW_GITHUB_PACKAGES_TOKEN: {
  description: "Use this GitHub personal access token when accessing the GitHub Packages Registry " \

docs/Manpage.md

@@ -2169,7 +2169,7 @@ Display the path where *`formula`* is located.
 
 ### `generate-cask-api` \[`--dry-run`\]
 
-Generate `homebrew/cask` API data files for <https://formulae.brew.sh>.
+Generate `homebrew/cask` API data files for <https://formulae.brew.sh>. The
 generated files are written to the current directory.
 
 `-n`, `--dry-run`
@@ -2178,7 +2178,7 @@ generated files are written to the current directory.
 
 ### `generate-formula-api` \[`--dry-run`\]
 
-Generate `homebrew/core` API data files for <https://formulae.brew.sh>.
+Generate `homebrew/core` API data files for <https://formulae.brew.sh>. The
 generated files are written to the current directory.
 
 `-n`, `--dry-run`
@@ -2975,6 +2975,7 @@ control system ignores it if you'd prefer to rely on debugging information from
 a local machine).
 
 `brew bundle dump`
+
 : Write all installed casks/formulae/images/taps into a `Brewfile` in the
  current directory.
 
@@ -2993,6 +2994,7 @@ This provides a successful exit code if everything is up-to-date, making it
 useful for scripting.
 
 `brew bundle list`
+
 : List all dependencies present in the `Brewfile`.
 
 By default, only Homebrew formula dependencies are listed.
@@ -3538,7 +3540,7 @@ command execution e.g. `$(cat file)`.
  supported. For example, you might add something like the following to your
  `~/.profile`, `~/.bash_profile`, or `~/.zshenv`:
 
-  `export HOMEBREW_CASK_OPTS="--appdir=~/Applications --fontdir=/Library/Fonts"`
+ `export HOMEBREW_CASK_OPTS="--appdir=~/Applications --fontdir=/Library/Fonts"`
 
 `HOMEBREW_CLEANUP_MAX_AGE_DAYS`
 
@@ -3611,9 +3613,7 @@ command execution e.g. `$(cat file)`.
 
 : If set, print install times for each formula at the end of the run.
 
-- `HOMEBREW_DOCKER_REGISTRY_TOKEN`
- <br>Use this bearer token for authenticating with a Docker registry proxying GitHub Packages.
-Preferred over `HOMEBREW_DOCKER_REGISTRY_BASIC_AUTH_TOKEN`.
+`HOMEBREW_DOCKER_REGISTRY_BASIC_AUTH_TOKEN`
 
 : Use this base64 encoded username and password for authenticating with a Docker
  registry proxying GitHub Packages. If `HOMEBREW_DOCKER_REGISTRY_TOKEN` is set,
@@ -3624,6 +3624,8 @@ Preferred over `HOMEBREW_DOCKER_REGISTRY_BASIC_AUTH_TOKEN`.
 : Use this bearer token for authenticating with a Docker registry proxying
  GitHub Packages. Preferred over `HOMEBREW_DOCKER_REGISTRY_BASIC_AUTH_TOKEN`.
 
+ *Default:* `QQ==` unless `HOMEBREW_DOCKER_REGISTRY_BASIC_AUTH_TOKEN` is set.
+
 `HOMEBREW_EDITOR`
 
 : Use this editor when editing a single formula, or several formulae in the same
@@ -3717,11 +3719,18 @@ Preferred over `HOMEBREW_DOCKER_REGISTRY_BASIC_AUTH_TOKEN`.
 : Use this personal access token for the GitHub API, for features such as `brew
  search`. You can create one at <https://github.com/settings/tokens>. If set,
  GitHub will allow you a greater number of API requests. For more information,
- see: <https://docs.github.com/en/rest/overview/rate-limits-for-the-rest-api>
+ see: "<https://docs.github.com/en/rest/overview/rate-limits-for-the-rest-api>"
 
  *Note:* Homebrew doesn't require permissions for any of the scopes, but some
  developer commands may require additional permissions.
 
+ *Note:* If set, this token will also be used to authenticating against
+ `ghcr.io` unless `HOMEBREW_DOCKER_REGISTRY_TOKEN` or
+ `HOMEBREW_DOCKER_REGISTRY_BASIC_AUTH_TOKEN` has been set. In this case, the
+ token will require the `packages` permission to be set.
+ `HOMEBREW_GITHUB_PACKAGES_TOKEN` is not used for this permission, but only for
+ uploading packages.
+
 `HOMEBREW_GITHUB_PACKAGES_TOKEN`
 
 : Use this GitHub personal access token when accessing the GitHub Packages

manpages/brew.1

@@ -11,10 +11,10 @@ Homebrew is the easiest and most flexible way to install the UNIX tools Apple di
 .SH "TERMINOLOGY"
 .TP
 \fBformula\fP
- Homebrew package definition that builds from upstream sources
+Homebrew package definition that builds from upstream sources
 .TP
 \fBcask\fP
- Homebrew package definition that installs macOS native applications
+Homebrew package definition that installs macOS native applications
 .TP
 \fBprefix\fP
 path in which Homebrew is installed, e\.g\. \fB/usr/local\fP
@@ -1981,7 +1981,7 @@ If \fBsudo\fP is passed, operate on \fB/Library/LaunchDaemons\fP/\fB/usr/lib/sys
 List information about all managed services for the current user (or root)\. Provides more output from Homebrew and \fBlaunchctl\fP(1) or \fBsystemctl\fP(1) if run with \fB\-\-debug\fP\&\.
 .TP
 [\fBsudo\fP] \fBbrew services info\fP (\fIformula\fP|\fB\-\-all\fP|\fB\-\-json\fP)
- List all managed services for the current user (or root)\.
+List all managed services for the current user (or root)\.
 .TP
 [\fBsudo\fP] \fBbrew services run\fP (\fIformula\fP|\fB\-\-all\fP)
 Run the service \fIformula\fP without registering to launch at login (or boot)\.
@@ -1999,7 +1999,7 @@ Stop the service \fIformula\fP immediately but keep it registered to launch at l
 Stop (if necessary) and start the service \fIformula\fP immediately and register it to launch at login (or boot)\.
 .TP
 [\fBsudo\fP] \fBbrew services cleanup\fP
- Remove all unused services\.
+Remove all unused services\.
 .TP
 \fB\-\-file\fP
 Use the service file from this location to \fBstart\fP the service\.
@@ -2206,7 +2206,7 @@ Linux only: Pass this value to a type name representing the compiler\[u2019]s \f
 .RE
 .TP
 \fBHOMEBREW_ARTIFACT_DOMAIN\fP
-Prefix all download URLs, including those for bottles, with this value\. For example, \fBHOMEBREW_ARTIFACT_DOMAIN=http://localhost:8080\fR will cause a formula with the URL \fBhttps://example\.com/foo\.tar\.gz\fR to instead download from \fBhttp://localhost:8080/https://example\.com/foo\.tar\.gz\fR\. Bottle URLs however, have their domain replaced with this prefix\. This results in e\.g\. \fBhttps://ghcr\.io/v2/homebrew/core/gettext/manifests/0\.21\fR to instead be downloaded from \fBhttp://localhost:8080/v2/homebrew/core/gettext/manifests/0\.21\fR
+Prefix all download URLs, including those for bottles, with this value\. For example, \fBHOMEBREW_ARTIFACT_DOMAIN=http://localhost:8080\fP will cause a formula with the URL \fBhttps://example\.com/foo\.tar\.gz\fP to instead download from \fBhttp://localhost:8080/https://example\.com/foo\.tar\.gz\fP\&\. Bottle URLs however, have their domain replaced with this prefix\. This results in e\.g\. \fBhttps://ghcr\.io/v2/homebrew/core/gettext/manifests/0\.21\fP to instead be downloaded from \fBhttp://localhost:8080/v2/homebrew/core/gettext/manifests/0\.21\fP
 .TP
 \fBHOMEBREW_API_AUTO_UPDATE_SECS\fP
 Check Homebrew\[u2019]s API for new formulae or cask data every \fBHOMEBREW_API_AUTO_UPDATE_SECS\fP seconds\. Alternatively, disable API auto\-update checks entirely with \fBHOMEBREW_NO_AUTO_UPDATE\fP\&\.
@@ -2246,7 +2246,7 @@ Use this as the \fBbat\fP theme for syntax highlighting\.
 If set, use Bootsnap to speed up repeated \fBbrew\fP calls\. A no\-op when using Homebrew\[u2019]s vendored, relocatable Ruby on macOS (as it doesn\[u2019]t work)\.
 .TP
 \fBHOMEBREW_BOTTLE_DOMAIN\fP
-Use this URL as the download mirror for bottles\. If bottles at that URL are temporarily unavailable, the default bottle domain will be used as a fallback mirror\. For example, \fBHOMEBREW_BOTTLE_DOMAIN=http://localhost:8080\fR will cause all bottles to download from the prefix \fBhttp://localhost:8080/\fR\. If bottles are not available at \fBHOMEBREW_BOTTLE_DOMAIN\fR they will be downloaded from the default bottle domain\.
+Use this URL as the download mirror for bottles\. If bottles at that URL are temporarily unavailable, the default bottle domain will be used as a fallback mirror\. For example, \fBHOMEBREW_BOTTLE_DOMAIN=http://localhost:8080\fP will cause all bottles to download from the prefix \fBhttp://localhost:8080/\fP\&\. If bottles are not available at \fBHOMEBREW_BOTTLE_DOMAIN\fP they will be downloaded from the default bottle domain\.
 .RS
 .P
 \fIDefault:\fP \fBhttps://ghcr\.io/v2/homebrew/core\fP\&\.
@@ -2348,15 +2348,10 @@ Use this base64 encoded username and password for authenticating with a Docker r
 .TP
 \fBHOMEBREW_DOCKER_REGISTRY_TOKEN\fP
 Use this bearer token for authenticating with a Docker registry proxying GitHub Packages\. Preferred over \fBHOMEBREW_DOCKER_REGISTRY_BASIC_AUTH_TOKEN\fP\&\.
-.IP
-\fINote:\fR when authenticating against ghcr\.io, the \fBHOMEBREW_DOCKER_REGISTRY_TOKEN\fR must be a base64 encoded GitHub Personal Access Token (PAT)\.
-.
-.IP
-\fIFor example:\fR \fBbash export HOMEBREW_DOCKER_REGISTRY_TOKEN=$(base64<<<$(git config github\.token))\fR
-.
-.IP
-\fIDefault:\fR \fBQQ==\fR unless \fBHOMEBREW_DOCKER_REGISTRY_BASIC_AUTH_TOKEN\fR is set\.
-.
+.RS
+.P
+\fIDefault:\fP \fBQQ==\fP unless \fBHOMEBREW_DOCKER_REGISTRY_BASIC_AUTH_TOKEN\fP is set\.
+.RE
 .TP
 \fBHOMEBREW_EDITOR\fP
 Use this editor when editing a single formula, or several formulae in the same directory\.
@@ -2427,12 +2422,15 @@ Linux only: Set this value to a new enough \fBgit\fP executable for Homebrew to
 \fBHOMEBREW_GITHUB_API_TOKEN\fP
 Use this personal access token for the GitHub API, for features such as \fBbrew search\fP\&\. You can create one at 
 .UR https://github\.com/settings/tokens
-.UE \&\. If set, GitHub will allow you a greater number of API requests\. For more information, see: 
+.UE \&\. If set, GitHub will allow you a greater number of API requests\. For more information, see: \[u201c]
 .UR https://docs\.github\.com/en/rest/overview/rate\-limits\-for\-the\-rest\-api
 .UE
+\[u201d]
 .RS
 .P
 \fINote:\fP Homebrew doesn\[u2019]t require permissions for any of the scopes, but some developer commands may require additional permissions\.
+.P
+\fINote:\fP If set, this token will also be used to authenticating against \fBghcr\.io\fP unless \fBHOMEBREW_DOCKER_REGISTRY_TOKEN\fP or \fBHOMEBREW_DOCKER_REGISTRY_BASIC_AUTH_TOKEN\fP has been set\. In this case, the token will require the \fBpackages\fP permission to be set\. \fBHOMEBREW_GITHUB_PACKAGES_TOKEN\fP is not used for this permission, but only for uploading packages\.
 .RE
 .TP
 \fBHOMEBREW_GITHUB_PACKAGES_TOKEN\fP
@@ -2603,7 +2601,6 @@ For example, to use an unauthenticated HTTP or SOCKS5 proxy:
 .sp
 .RS 4
 .EX
-
 export http_proxy=http://$HOST:$PORT
 
 export all_proxy=socks5://$HOST:$PORT
@@ -2614,7 +2611,6 @@ And for an authenticated HTTP proxy:
 .sp
 .RS 4
 .EX
-
 export http_proxy=http://$USER:$PASSWORD@$HOST:$PORT
 .EE
 .RE
@@ -2652,4 +2648,3 @@ See our issues on GitHub:
 \fBHomebrew/homebrew\-cask\fP
 .UR https://github\.com/Homebrew/homebrew\-cask/issues
 .UE
-