Comments (11)
My understanding is that go-github is removing deps in recent releases. It would be super nice to include gh app cred support, instead of relying on ghinstallation (no offense). To be honest, ghinstallation builds on the go-github api, which means if not using the correct version, people will end up bundling 2 versions in the final binary...
For the record,
ghinstallation
is only mentioned in this repo's docs and in an examples folder, in the hopes that it will help people. Note that it does not appear at all in our top-levelgo.mod
, and therefore this repo does not rely on that package as a dependency.I personally have no experience working with
gh app cred
, so it sounds to me like the best advice I can give is for you to open up a brand new issue (since I believe this is an orthogonal issue to this one), and we can have any of our contributors work on adding examples of how to use it. Does that sound good to you?
Sorry for the misunderstanding. I saw #2895 and #2914 in the recent changes. So I assume adding WithTokenSource(oauth2.TokenSource)
will not be an option. If that's still on the table, I guess the most straightforwad option would be use that directly.
But it's definitely a good idea to create another issue to cover the gh app auth mania. A bunch of APIs requires that to work, e.g. checks API. So It's probably a good idea to have a full story supporting those use-cases.
from go-github.
This is what we have today:
// NewAppTokenHTTPClient creates a new http client that performs requests
// authenticated as a GitHub App.
func NewAppTokenHTTPClient(ctx context.Context, privateKeyPEM []byte, appID int64) (*http.Client, error) {
...
return oauth2.NewClient(ctx, oauth2.ReuseTokenSource(nil, ts)), nil
}
// NewAppInstallationTokenHTTPClient creates a new http client that performs requests
// authenticated as a GitHub App installation. gc must be a GitHub client authenticated
// as a GitHub App.
func NewAppInstallationTokenHTTPClient(ctx context.Context, gc *github.Client, installationID int64) (*http.Client, error) {
...
return oauth2.NewClient(ctx, oauth2.ReuseTokenSource(nil, ts)), nil
}
func main() {
ctx := context.Background()
ahc, _ := NewAppTokenHTTPClient(ctx, ...)
agc := github.NewClient(ahc).WithEnterpriseURLs(..., ...)
// the following might be in another file/struct, say, handling webhook requests, which sees nothing but the `agc`
aihc, _ := NewAppInstallationTokenHTTPClient(ctx, agc, ...)
aigc := github.NewClient(aihc).WithEnterpriseURLs(..., ...)
// If I need to use user credential, I'll need to do this all over again.
ugc := github.NewClient(uhc).WithEnterpriseURLs(..., ...)
}
It will be much cleaner to do:
func main() {
...
aigc := agc.WithClient(aihc)
ugc := agc.WithClient(uhc)
}
I was also thinking about using ctx to carry the optional token source, which will make the code even cleaner. Then I realized that the current Client
holds the rate limit data which ties to the creds it uses, and it will require lots of refactor.
from go-github.
@gmlewis I'm not sure this will make a good first issue considering the compatibility issues I mentioned above.
from go-github.
I think I have something that will work for this. We could add WithRoundTripper
instead of WithClient
. The http client would have a Transport that first adds the auth header if configured, then it would call the RoundTripper provided by WithRoundTripper
.
Here's a function that uses token auth as well as authenticating as both an app and an installation.
func listAppRepos(ctx context.Context, gheURL, gheUploadURL, authToken, appSlug string, key []byte) ([]string, error) {
client, err := github.NewClient(nil).WithEnterpriseURLs(gheURL, gheUploadURL)
if err != nil {
return nil, err
}
client = client.WithAuthToken(authToken)
app, _, err := client.Apps.Get(ctx, appSlug)
if err != nil {
return nil, err
}
appsTransport, err := ghinstallation.NewAppsTransport(http.DefaultTransport, app.GetID(), key)
if err != nil {
return nil, err
}
client = client.WithRoundTripper(appsTransport)
installations, _, err := client.Apps.ListInstallations(ctx, nil)
if err != nil {
return nil, err
}
var result []string
var repos *github.ListRepositories
for _, inst := range installations {
client = client.WithRoundTripper(ghinstallation.NewFromAppsTransport(appsTransport, inst.GetID()))
repos, _, err = client.Apps.ListRepos(ctx, nil)
if err != nil {
return nil, err
}
for _, repo := range repos.Repositories {
result = append(result, repo.GetFullName())
}
}
return result, nil
}
from go-github.
I would like to work on this PR
from go-github.
Thank you, @ashi009 .
What would the ideal API look like from the user perspective?
In other words, could you please write a short code snippet of how you would like it to look like?
That would help me understand.
Thanks again. 😁💜
from go-github.
Thank you, @ashi009 for the extra details!
This would be a great PR for any new contributor to this repo or a new Go developer.
All contributions are greatly appreciated!
Feel free to volunteer for any issue and the issue can be assigned to you so that others don't attempt to duplicate the work.
Please check out our CONTRIBUTING.md guide to get started. (In particular, please remember to go generate ./...
and don't use force-push to your PRs.)
Thank you!
from go-github.
My understanding is that go-github is removing deps in recent releases. It would be super nice to include gh app cred support, instead of relying on ghinstallation (no offense). To be honest, ghinstallation builds on the go-github api, which means if not using the correct version, people will end up bundling 2 versions in the final binary...
from go-github.
I considered adding WithHTTPClient
when working on #2904. I ended up not doing it because it could result in unexpected behavior when used after NewTokenClient
or Client.WithAuthToken
because those modify the http client's Transport to add an auth header.
This wouldn't be an issue for your use case because you wouldn't expect the auth header to be there after replacing the client with another one that handles auth. However, if WithHTTPClient
is called with a client that doesn't handle auth, the result would be a possible-unexpected loss of token auth.
Before adding WithHTTPClient
we should consider other interfaces that don't have that issue or perhaps changing how Client.WithAuthToken
works.
from go-github.
My understanding is that go-github is removing deps in recent releases. It would be super nice to include gh app cred support, instead of relying on ghinstallation (no offense). To be honest, ghinstallation builds on the go-github api, which means if not using the correct version, people will end up bundling 2 versions in the final binary...
For the record, ghinstallation
is only mentioned in this repo's docs and in an examples folder, in the hopes that it will help people. Note that it does not appear at all in our top-level go.mod
, and therefore this repo does not rely on that package as a dependency.
I personally have no experience working with gh app cred
, so it sounds to me like the best advice I can give is for you to open up a brand new issue (since I believe this is an orthogonal issue to this one), and we can have any of our contributors work on adding examples of how to use it. Does that sound good to you?
from go-github.
Thank you, @WillAbides ! It's yours.
from go-github.
Related Issues (20)
- Merge Queues break repository ruleset unmarshaling HOT 8
- Getting the metadata of an issue in github project planning board HOT 1
- Changing custom properties HOT 5
- Update deprecated endpoints in github/action_variables.go HOT 4
- `omitempty` tag on `InstallationAccessTokenOptions.Repositories` masking functionality of GitHub API HOT 11
- `NewTeam` missing `notification_setting` field HOT 1
- feat: Add an option to wait for primary rate limit reset and retry instead of erroring out HOT 7
- Username is required when using fine-grained vs classic PAT (personal access token) for PlainClone operation
- LIst of issue comments do not collect the comment which was added during the creation of the PR. HOT 6
- Use enums for the action field in GitHub Webhooks HOT 4
- Can't remove repository ruleset's every Bypass Actors because of serialization issue HOT 4
- Support new REST API endpoint that evaluates if private vulnerability reporting is enabled HOT 4
- Webhook MemberEvent Type is Missing Changes Object
- Bug: Issues.ListByRepo Repository field is always `nil` HOT 5
- `ListRunnersOption` change omits consideration of Enterprise Runner HOT 4
- Add support for CommitID, InReplyTo, and SubjectType to DraftReviewComment HOT 1
- Support for merge queues. HOT 3
- Bug: GetArchiveLink returns a status code 200, not 302, when link is requested with an installation token rather than personal/bearer token HOT 3
- WorkflowRun struct does not include `path` property HOT 1
- Proposal: Add GitHub App Token and Installation Token Source Functionality HOT 6
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from go-github.