Module: GitHub

Defined in:

brew/Library/Homebrew/utils/github.rb

Defined Under Namespace

Classes: AuthenticationFailedError, Error, HTTPNotFoundError, RateLimitExceededError, ValidationFailedError

Constant Summary

API_URL =

"https://api.github.com"

CREATE_GIST_SCOPES =

["gist"].freeze

CREATE_ISSUE_FORK_OR_PR_SCOPES =

["public_repo"].freeze

ALL_SCOPES =

(CREATE_GIST_SCOPES + CREATE_ISSUE_FORK_OR_PR_SCOPES).freeze

ALL_SCOPES_URL =

Formatter.url(
  "https://github.com/settings/tokens/new?scopes=#{ALL_SCOPES.join(",")}&description=Homebrew",
).freeze

Class Method Summary

• .api_credentials ⇒ Object
• .api_credentials_error_message(response_headers, needed_scopes) ⇒ Object
• .api_credentials_type ⇒ Object
• .api_errors ⇒ Object
• .approved_reviews(user, repo, pr, commit: nil) ⇒ Object
• .check_fork_exists(repo) ⇒ Object
• .check_runs(repo: nil, commit: nil, pr: nil) ⇒ Object
• .create_check_run(repo:, data:) ⇒ Object
• .create_fork(repo) ⇒ Object
• .create_pull_request(repo, title, head, base, body) ⇒ Object
• .dispatch_event(user, repo, event, **payload) ⇒ Object
• .env_username_password ⇒ Object
• .get_artifact_url(user, repo, pr, workflow_id: "tests.yml", artifact_name: "bottles") ⇒ Object
• .get_repo_license(user, repo) ⇒ Object
• .issues_for_formula(name, tap: CoreTap.instance, tap_full_name: tap.full_name, state: nil) ⇒ Object
• .keychain_username_password ⇒ Object
• .merge_pull_request(repo, number:, sha:, merge_method:, commit_message: nil) ⇒ Object
• .open_api(url, data: nil, request_method: nil, scopes: [].freeze, parse_json: true) ⇒ Object
• .open_graphql(query, scopes: [].freeze) ⇒ Object
• .permission(repo, user) ⇒ Object
• .print_pull_requests_matching(query) ⇒ Object
• .private_repo?(full_name) ⇒ Boolean
• .pull_requests(repo, **options) ⇒ Object
• .query_string(*main_params, **qualifiers) ⇒ Object
• .raise_api_error(output, errors, http_code, headers, scopes) ⇒ Object
• .repository(user, repo) ⇒ Object
• .search(entity, *queries, **qualifiers) ⇒ Object
• .search_code(**qualifiers) ⇒ Object
• .search_issues(query, **qualifiers) ⇒ Object
• .sponsors_by_tier(user) ⇒ Object
• .url_to(*subroutes) ⇒ Object
• .user ⇒ Object
• .write_access?(repo, user = nil) ⇒ Boolean

Class Method Details

.api_credentials ⇒ Object

# File 'brew/Library/Homebrew/utils/github.rb', line 111

def api_credentials
  @api_credentials ||= begin
    Homebrew::EnvConfig.github_api_token || env_username_password || keychain_username_password
  end
end

.api_credentials_error_message(response_headers, needed_scopes) ⇒ Object

# File 'brew/Library/Homebrew/utils/github.rb', line 129

def api_credentials_error_message(response_headers, needed_scopes)
  return if response_headers.empty?

  @api_credentials_error_message ||= begin
    unauthorized = (response_headers["http/1.1"] == "401 Unauthorized")
    scopes = response_headers["x-accepted-oauth-scopes"].to_s.split(", ")
    if unauthorized && scopes.blank?
      needed_human_scopes = needed_scopes.join(", ")
      credentials_scopes = response_headers["x-oauth-scopes"]
      return if needed_human_scopes.blank? && credentials_scopes.blank?

      needed_human_scopes = "none" if needed_human_scopes.blank?
      credentials_scopes = "none" if credentials_scopes.blank?

      case GitHub.api_credentials_type
      when :keychain_username_password
        onoe <<~EOS
          Your macOS keychain GitHub credentials do not have sufficient scope!
          Scopes they need: #{needed_human_scopes}
          Scopes they have: #{credentials_scopes}
          Create a personal access token:
            #{ALL_SCOPES_URL}
          #{Utils::Shell.set_variable_in_profile("HOMEBREW_GITHUB_API_TOKEN", "your_token_here")}
        EOS
      when :env_token
        onoe <<~EOS
          Your HOMEBREW_GITHUB_API_TOKEN does not have sufficient scope!
          Scopes it needs: #{needed_human_scopes}
            Scopes it has: #{credentials_scopes}
          Create a new personal access token:
            #{ALL_SCOPES_URL}
          #{Utils::Shell.set_variable_in_profile("HOMEBREW_GITHUB_API_TOKEN", "your_token_here")}
        EOS
      end
    end
    true
  end
end

.api_credentials_type ⇒ Object

# File 'brew/Library/Homebrew/utils/github.rb', line 117

def api_credentials_type
  if Homebrew::EnvConfig.github_api_token
    :env_token
  elsif env_username_password
    :env_username_password
  elsif keychain_username_password
    :keychain_username_password
  else
    :none
  end
end

.api_errors ⇒ Object

# File 'brew/Library/Homebrew/utils/github.rb', line 564

def api_errors
  [GitHub::AuthenticationFailedError, GitHub::HTTPNotFoundError,
   GitHub::RateLimitExceededError, GitHub::Error, JSON::ParserError].freeze
end

.approved_reviews(user, repo, pr, commit: nil) ⇒ Object

# File 'brew/Library/Homebrew/utils/github.rb', line 404

def approved_reviews(user, repo, pr, commit: nil)
  query = <<~EOS
    { repository(name: "#{repo}", owner: "#{user}") {
        pullRequest(number: #{pr}) {
          reviews(states: APPROVED, first: 100) {
            nodes {
              author {
                ... on User { email login name databaseId }
                ... on Organization { email login name databaseId }
              }
              authorAssociation
              commit { oid }
            }
          }
        }
      }
    }
  EOS

  result = open_graphql(query, scopes: ["user:email"])
  reviews = result["repository"]["pullRequest"]["reviews"]["nodes"]

  reviews.map do |r|
    next if commit.present? && commit != r["commit"]["oid"]
    next unless %w[MEMBER OWNER].include? r["authorAssociation"]

    email = if r["author"]["email"].blank?
      "#{r["author"]["databaseId"]}+#{r["author"]["login"]}@users.noreply.github.com"
    else
      r["author"]["email"]
    end

    name = r["author"]["name"].presence || r["author"]["login"]

    {
      "email" => email,
      "name"  => name,
      "login" => r["author"]["login"],
    }
  end.compact
end

.check_fork_exists(repo) ⇒ Object

# File 'brew/Library/Homebrew/utils/github.rb', line 356

def check_fork_exists(repo)
  _, reponame = repo.split("/")

  case api_credentials_type
  when :env_username_password, :keychain_username_password
    _, username = api_credentials
  when :env_token
    username = open_api(url_to("user")) { |json| json["login"] }
  end
  json = open_api(url_to("repos", username, reponame))

  return false if json["message"] == "Not Found"

  true
end

.check_runs(repo: nil, commit: nil, pr: nil) ⇒ Object

# File 'brew/Library/Homebrew/utils/github.rb', line 280

def check_runs(repo: nil, commit: nil, pr: nil)
  if pr
    repo = pr.fetch("base").fetch("repo").fetch("full_name")
    commit = pr.fetch("head").fetch("sha")
  end

  open_api(url_to("repos", repo, "commits", commit, "check-runs"))
end

.create_check_run(repo:, data:) ⇒ Object

# File 'brew/Library/Homebrew/utils/github.rb', line 289

def create_check_run(repo:, data:)
  open_api(url_to("repos", repo, "check-runs"), data: data)
end

.create_fork(repo) ⇒ Object

# File 'brew/Library/Homebrew/utils/github.rb', line 349

def create_fork(repo)
  url = "#{API_URL}/repos/#{repo}/forks"
  data = {}
  scopes = CREATE_ISSUE_FORK_OR_PR_SCOPES
  open_api(url, data: data, scopes: scopes)
end

.create_pull_request(repo, title, head, base, body) ⇒ Object

# File 'brew/Library/Homebrew/utils/github.rb', line 372

def create_pull_request(repo, title, head, base, body)
  url = "#{API_URL}/repos/#{repo}/pulls"
  data = { title: title, head: head, base: base, body: body }
  scopes = CREATE_ISSUE_FORK_OR_PR_SCOPES
  open_api(url, data: data, scopes: scopes)
end

.dispatch_event(user, repo, event, **payload) ⇒ Object

# File 'brew/Library/Homebrew/utils/github.rb', line 446

def dispatch_event(user, repo, event, **payload)
  url = "#{API_URL}/repos/#{user}/#{repo}/dispatches"
  open_api(url, data:           { event_type: event, client_payload: payload },
                request_method: :POST,
                scopes:         CREATE_ISSUE_FORK_OR_PR_SCOPES)
end

.env_username_password ⇒ Object

# File 'brew/Library/Homebrew/utils/github.rb', line 80

def env_username_password
  return unless Homebrew::EnvConfig.github_api_username
  return unless Homebrew::EnvConfig.github_api_password

  [Homebrew::EnvConfig.github_api_password, Homebrew::EnvConfig.github_api_username]
end

.get_artifact_url(user, repo, pr, workflow_id: "tests.yml", artifact_name: "bottles") ⇒ Object

# File 'brew/Library/Homebrew/utils/github.rb', line 453

def get_artifact_url(user, repo, pr, workflow_id: "tests.yml", artifact_name: "bottles")
  scopes = CREATE_ISSUE_FORK_OR_PR_SCOPES
  base_url = "#{API_URL}/repos/#{user}/#{repo}"
  pr_payload = open_api("#{base_url}/pulls/#{pr}", scopes: scopes)
  pr_sha = pr_payload["head"]["sha"]
  pr_branch = URI.encode_www_form_component(pr_payload["head"]["ref"])
  parameters = "event=pull_request&branch=#{pr_branch}"

  workflow = open_api("#{base_url}/actions/workflows/#{workflow_id}/runs?#{parameters}", scopes: scopes)
  workflow_run = workflow["workflow_runs"].select do |run|
    run["head_sha"] == pr_sha
  end

  if workflow_run.empty?
    raise Error, <<~EOS
      No matching workflow run found for these criteria!
        Commit SHA:   #{pr_sha}
        Branch ref:   #{pr_branch}
        Pull request: #{pr}
        Workflow:     #{workflow_id}
    EOS
  end

  status = workflow_run.first["status"].sub("_", " ")
  if status != "completed"
    raise Error, <<~EOS
      The newest workflow run for ##{pr} is still #{status}!
        #{Formatter.url workflow_run.first["html_url"]}
    EOS
  end

  artifacts = open_api(workflow_run.first["artifacts_url"], scopes: scopes)

  artifact = artifacts["artifacts"].select do |art|
    art["name"] == artifact_name
  end

  if artifact.empty?
    raise Error, <<~EOS
      No artifact with the name `#{artifact_name}` was found!
        #{Formatter.url workflow_run.first["html_url"]}
    EOS
  end

  artifact.first["archive_download_url"]
end

.get_repo_license(user, repo) ⇒ Object

# File 'brew/Library/Homebrew/utils/github.rb', line 555

def get_repo_license(user, repo)
  response = GitHub.open_api("#{GitHub::API_URL}/repos/#{user}/#{repo}/license")
  return unless response.key?("license")

  response["license"]["spdx_id"]
rescue GitHub::HTTPNotFoundError
  nil
end

.issues_for_formula(name, tap: CoreTap.instance, tap_full_name: tap.full_name, state: nil) ⇒ Object

# File 'brew/Library/Homebrew/utils/github.rb', line 305

def issues_for_formula(name, tap: CoreTap.instance, tap_full_name: tap.full_name, state: nil)
  search_issues(name, repo: tap_full_name, state: state, in: "title")
end

.keychain_username_password ⇒ Object

# File 'brew/Library/Homebrew/utils/github.rb', line 87

def keychain_username_password
  github_credentials = Utils.popen(["git", "credential-osxkeychain", "get"], "w+") do |pipe|
    pipe.write "protocol=https\nhost=github.com\n"
    pipe.close_write
    pipe.read
  end
  github_username = github_credentials[/username=(.+)/, 1]
  github_password = github_credentials[/password=(.+)/, 1]
  return unless github_username

  # Don't use passwords from the keychain unless they look like
  # GitHub Personal Access Tokens:
  #   https://github.com/Homebrew/brew/issues/6862#issuecomment-572610344
  return unless /^[a-f0-9]{40}$/i.match?(github_password)

  [github_password, github_username]
rescue Errno::EPIPE
  # The above invocation via `Utils.popen` can fail, causing the pipe to be
  # prematurely closed (before we can write to it) and thus resulting in a
  # broken pipe error. The root cause is usually a missing or malfunctioning
  # `git-credential-osxkeychain` helper.
  nil
end

.merge_pull_request(repo, number:, sha:, merge_method:, commit_message: nil) ⇒ Object

# File 'brew/Library/Homebrew/utils/github.rb', line 327

def merge_pull_request(repo, number:, sha:, merge_method:, commit_message: nil)
  url = "#{API_URL}/repos/#{repo}/pulls/#{number}/merge"
  data = { sha: sha, merge_method: merge_method }
  data[:commit_message] = commit_message if commit_message
  open_api(url, data: data, request_method: :PUT, scopes: CREATE_ISSUE_FORK_OR_PR_SCOPES)
end

.open_api(url, data: nil, request_method: nil, scopes: [].freeze, parse_json: true) ⇒ Object

# File 'brew/Library/Homebrew/utils/github.rb', line 168

def open_api(url, data: nil, request_method: nil, scopes: [].freeze, parse_json: true)
  # This is a no-op if the user is opting out of using the GitHub API.
  return block_given? ? yield({}) : {} if Homebrew::EnvConfig.no_github_api?

  args = ["--header", "Accept: application/vnd.github.v3+json", "--write-out", "\n%\{http_code}"]
  args += ["--header", "Accept: application/vnd.github.antiope-preview+json"]

  token, username = api_credentials
  case api_credentials_type
  when :env_username_password, :keychain_username_password
    args += ["--user", "#{username}:#{token}"]
  when :env_token
    args += ["--header", "Authorization: token #{token}"]
  end

  data_tmpfile = nil
  if data
    begin
      data = JSON.generate data
      data_tmpfile = Tempfile.new("github_api_post", HOMEBREW_TEMP)
    rescue JSON::ParserError => e
      raise Error, "Failed to parse JSON request:\n#{e.message}\n#{data}", e.backtrace
    end
  end

  headers_tmpfile = Tempfile.new("github_api_headers", HOMEBREW_TEMP)
  begin
    if data
      data_tmpfile.write data
      data_tmpfile.close
      args += ["--data", "@#{data_tmpfile.path}"]

      args += ["--request", request_method.to_s] if request_method
    end

    args += ["--dump-header", headers_tmpfile.path]

    output, errors, status = curl_output("--location", url.to_s, *args, secrets: [token])
    output, _, http_code = output.rpartition("\n")
    output, _, http_code = output.rpartition("\n") if http_code == "000"
    headers = headers_tmpfile.read
  ensure
    if data_tmpfile
      data_tmpfile.close
      data_tmpfile.unlink
    end
    headers_tmpfile.close
    headers_tmpfile.unlink
  end

  begin
    raise_api_error(output, errors, http_code, headers, scopes) if !http_code.start_with?("2") || !status.success?

    return if http_code == "204" # No Content

    output = JSON.parse output if parse_json
    if block_given?
      yield output
    else
      output
    end
  rescue JSON::ParserError => e
    raise Error, "Failed to parse JSON response\n#{e.message}", e.backtrace
  end
end

.open_graphql(query, scopes: [].freeze) ⇒ Object

Raises:

• (Error)

# File 'brew/Library/Homebrew/utils/github.rb', line 234

def open_graphql(query, scopes: [].freeze)
  data = { query: query }
  result = open_api("https://api.github.com/graphql", scopes: scopes, data: data, request_method: "POST")

  raise Error, result["errors"].map { |e| "#{e["type"]}: #{e["message"]}" }.join("\n") if result["errors"].present?

  result["data"]
end

.permission(repo, user) ⇒ Object

# File 'brew/Library/Homebrew/utils/github.rb', line 313

def permission(repo, user)
  open_api("#{API_URL}/repos/#{repo}/collaborators/#{user}/permission")
end

.print_pull_requests_matching(query) ⇒ Object

# File 'brew/Library/Homebrew/utils/github.rb', line 334

def print_pull_requests_matching(query)
  open_or_closed_prs = search_issues(query, type: "pr", user: "Homebrew")

  open_prs = open_or_closed_prs.select { |i| i["state"] == "open" }
  prs = if !open_prs.empty?
    puts "Open pull requests:"
    open_prs
  else
    puts "Closed pull requests:" unless open_or_closed_prs.empty?
    open_or_closed_prs.take(20)
  end

  prs.each { |i| puts "#{i["title"]} (#{i["html_url"]})" }
end

.private_repo?(full_name) ⇒ Boolean

Returns:

• (Boolean)

# File 'brew/Library/Homebrew/utils/github.rb', line 379

def private_repo?(full_name)
  uri = url_to "repos", full_name
  open_api(uri) { |json| json["private"] }
end

.pull_requests(repo, **options) ⇒ Object

# File 'brew/Library/Homebrew/utils/github.rb', line 322

def pull_requests(repo, **options)
  url = "#{API_URL}/repos/#{repo}/pulls?#{URI.encode_www_form(options)}"
  open_api(url)
end

.query_string(*main_params, **qualifiers) ⇒ Object

# File 'brew/Library/Homebrew/utils/github.rb', line 384

def query_string(*main_params, **qualifiers)
  params = main_params

  params += qualifiers.flat_map do |key, value|
    Array(value).map { |v| "#{key}:#{v}" }
  end

  "q=#{URI.encode_www_form_component(params.join(" "))}&per_page=100"
end

.raise_api_error(output, errors, http_code, headers, scopes) ⇒ Object

# File 'brew/Library/Homebrew/utils/github.rb', line 243

def raise_api_error(output, errors, http_code, headers, scopes)
  json = begin
    JSON.parse(output)
  rescue
    nil
  end
  message = json&.[]("message") || "curl failed! #{errors}"

  meta = {}
  headers.lines.each do |l|
    key, _, value = l.delete(":").partition(" ")
    key = key.downcase.strip
    next if key.empty?

    meta[key] = value.strip
  end

  if meta.fetch("x-ratelimit-remaining", 1).to_i <= 0
    reset = meta.fetch("x-ratelimit-reset").to_i
    raise RateLimitExceededError.new(reset, message)
  end

  GitHub.api_credentials_error_message(meta, scopes)

  case http_code
  when "401", "403"
    raise AuthenticationFailedError, message
  when "404"
    raise HTTPNotFoundError, message
  when "422"
    errors = json&.[]("errors") || []
    raise ValidationFailedError.new(message, errors)
  else
    raise Error, message
  end
end

.repository(user, repo) ⇒ Object

# File 'brew/Library/Homebrew/utils/github.rb', line 297

def repository(user, repo)
  open_api(url_to("repos", user, repo))
end

.search(entity, *queries, **qualifiers) ⇒ Object

# File 'brew/Library/Homebrew/utils/github.rb', line 398

def search(entity, *queries, **qualifiers)
  uri = url_to "search", entity
  uri.query = query_string(*queries, **qualifiers)
  open_api(uri) { |json| json.fetch("items", []) }
end

.search_code(**qualifiers) ⇒ Object

# File 'brew/Library/Homebrew/utils/github.rb', line 301

def search_code(**qualifiers)
  search("code", **qualifiers)
end

.search_issues(query, **qualifiers) ⇒ Object

# File 'brew/Library/Homebrew/utils/github.rb', line 293

def search_issues(query, **qualifiers)
  search("issues", query, **qualifiers)
end

.sponsors_by_tier(user) ⇒ Object

# File 'brew/Library/Homebrew/utils/github.rb', line 500

def sponsors_by_tier(user)
  query = <<~EOS
      { organization(login: "#{user}") {
        sponsorsListing {
          tiers(first: 10, orderBy: {field: MONTHLY_PRICE_IN_CENTS, direction: DESC}) {
            nodes {
              monthlyPriceInDollars
              adminInfo {
                sponsorships(first: 100, includePrivate: true) {
                  totalCount
                  nodes {
                    privacyLevel
                    sponsorEntity {
                      __typename
                      ... on Organization { login name }
                      ... on User { login name }
                    }
                  }
                }
              }
            }
          }
        }
      }
    }
  EOS
  result = open_graphql(query, scopes: ["admin:org", "user"])

  tiers = result["organization"]["sponsorsListing"]["tiers"]["nodes"]

  tiers.map do |t|
    tier = t["monthlyPriceInDollars"]
    raise Error, "Your token needs the 'admin:org' scope to access this API" if t["adminInfo"].nil?

    sponsorships = t["adminInfo"]["sponsorships"]
    count = sponsorships["totalCount"]
    sponsors = sponsorships["nodes"].map do |sponsor|
      next unless sponsor["privacyLevel"] == "PUBLIC"

      se = sponsor["sponsorEntity"]
      {
        "name"  => se["name"].presence || sponsor["login"],
        "login" => se["login"],
        "type"  => se["__typename"].downcase,
      }
    end.compact

    {
      "tier"     => tier,
      "count"    => count,
      "sponsors" => sponsors,
    }
  end.compact
end

.url_to(*subroutes) ⇒ Object

# File 'brew/Library/Homebrew/utils/github.rb', line 394

def url_to(*subroutes)
  URI.parse([API_URL, *subroutes].join("/"))
end

.user ⇒ Object

# File 'brew/Library/Homebrew/utils/github.rb', line 309

def user
  @user ||= open_api("#{API_URL}/user")
end

.write_access?(repo, user = nil) ⇒ Boolean

Returns:

• (Boolean)

# File 'brew/Library/Homebrew/utils/github.rb', line 317

def write_access?(repo, user = nil)
  user ||= self.user["login"]
  ["admin", "write"].include?(permission(repo, user)["permission"])
end