To complete the package and publish flow we need to be able to fetch securely from various hosted locations including internal / private hosting.
This needs to cover the location of the manifest and then the referenced urls inside the manifest.
Any url that doesn't end in .zip is assumed to be a git repo, and you can use git auth settings to pull published repos.
Would be better if we can pull artifacts/zips via http with non-git auth.
(This PR was maybe heading the right direction... #978)
To complete the package and publish flow we need to be able to fetch securely from various hosted locations including internal / private hosting.
This needs to cover the location of the manifest and then the referenced urls inside the manifest.
Any url that doesn't end in
.zipis assumed to be a git repo, and you can use git auth settings to pull published repos.Would be better if we can pull artifacts/zips via
httpwith non-git auth.(This PR was maybe heading the right direction... #978)