fetchFromGitHub: use the API tarball endpoint

GitHub currently has two kinds of personal access token: "classic" and
"fine-grained".  Fine-grained personal access tokens, as the name
suggests, allow much more control over what the token can and cannot do,
and in particular allow users to specify which repositories the token
should provide access to.

Unfortunately, fine-grained tokens don't allow access to repository
archive tarballs for private repositories at (say)
https://github.com/me-and/private-demo/archive/HEAD.tar.gz.
Fortunately, the GitHub API endpoint does provide this access, and also
works with classic tokens and -- for public repositories -- no token at
all.

To allow folk to use fine-grained access tokens, use the GitHub API for
accessing private repos.  Keep using the existing interface for
non-private repos, as we can only assume an authenticated user for
private repos, and unauthenticated users have restrictive rate limits on
the API interface.

Fixes #321481

0 files changed, 0 insertions, 0 deletions