import: github: Use HTTP "Authorization" header for access tokens.

Fixes <https://bugs.gnu.org/39511>.

The "access_token" query parameter is now deprecated:

  https://developer.github.com/changes/2019-11-05-deprecated-passwords-and-authorizations-api/#authenticating-using-query-parameters

* guix/import/github.scm (fetch-releases-or-tags)[headers]: Add
"Authorization" header when (%github-token) is true.
[decorate]: Remove, and remove callers.

diff --git a/guix/import/github.scm b/guix/import/github.scm
index df5f6ff..7136e7a 100644 (file)
--- a/guix/import/github.scm
+++ b/guix/import/github.scm
@@ -154,18 +154,16 @@ empty list."
     ;; Ask for version 3 of the API as suggested at
     ;; <https://developer.github.com/v3/>.
     `((Accept . "application/vnd.github.v3+json")
-      (user-agent . "GNU Guile")))
+      (user-agent . "GNU Guile")
+      ,@(if (%github-token)
+            `((Authorization . ,(string-append "token " (%github-token))))
+            '())))
 
-  (define (decorate url)
-    (if (%github-token)
-        (string-append url "?access_token=" (%github-token))
-        url))
-
-  (match (json-fetch (decorate release-url) #:headers headers)
+  (match (json-fetch release-url #:headers headers)
     (#()
      ;; We got the empty list, presumably because the user didn't use GitHub's
      ;; "release" mechanism, but hopefully they did use Git tags.
-     (json-fetch (decorate tag-url) #:headers headers))
+     (json-fetch tag-url #:headers headers))
     (x x)))
 
 (define (latest-released-version url package-name)