lex-github 0.2.4 → 0.3.0

data/lib/legion/extensions/github/oauth/actor/token_refresh.rb

@@ -0,0 +1,76 @@
+# frozen_string_literal: true
+
+module Legion
+  module Extensions
+    module Github
+      module OAuth
+        module Actor
+          class TokenRefresh < Legion::Extensions::Actors::Every # rubocop:disable Legion/Extension/SelfContainedActorRunnerClass,Legion/Extension/EveryActorRequiresTime
+            def use_runner?    = false
+            def check_subtask? = false
+            def generate_task? = false
+
+            def time
+              3 * 60 * 60
+            end
+
+            # rubocop:disable Legion/Extension/ActorEnabledSideEffects
+            def enabled?
+              oauth_settings[:client_id] && oauth_settings[:client_secret]
+            rescue StandardError => _e
+              false
+            end
+            # rubocop:enable Legion/Extension/ActorEnabledSideEffects
+
+            def manual
+              settings = oauth_settings
+              return unless settings[:client_id] && settings[:client_secret]
+
+              token_entry = fetch_delegated_token
+              return unless token_entry&.dig(:refresh_token)
+
+              auth = Object.new.extend(Legion::Extensions::Github::OAuth::Runners::Auth)
+              result = auth.refresh_token(
+                client_id:     settings[:client_id],
+                client_secret: settings[:client_secret],
+                refresh_token: token_entry[:refresh_token]
+              )
+              return unless result.dig(:result, 'access_token')
+
+              store_delegated_token(result[:result])
+              log.info('OAuth::Actor::TokenRefresh: delegated token refreshed')
+            rescue StandardError => e
+              log.error("OAuth::Actor::TokenRefresh: #{e.message}")
+            end
+
+            private
+
+            def oauth_settings
+              return {} unless defined?(Legion::Settings)
+
+              Legion::Settings[:github]&.dig(:oauth) || {}
+            rescue StandardError => _e
+              {}
+            end
+
+            def fetch_delegated_token
+              return nil unless defined?(Legion::Crypt)
+
+              vault_get('github/oauth/delegated/token')
+            rescue StandardError => _e
+              nil
+            end
+
+            def store_delegated_token(token_data)
+              return unless defined?(Legion::Crypt)
+
+              vault_write('github/oauth/delegated/token', token_data)
+            rescue StandardError => e
+              log.warn("OAuth::Actor::TokenRefresh#store_delegated_token: #{e.message}")
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/lib/legion/extensions/github/oauth/hooks/callback.rb

@@ -0,0 +1,19 @@
+# frozen_string_literal: true
+
+module Legion
+  module Extensions
+    module Github
+      module OAuth
+        module Hooks
+          class Callback < Legion::Extensions::Hooks::Base # rubocop:disable Legion/Extension/HookMissingRunnerClass
+            mount '/callback'
+
+            def self.runner_class
+              'Legion::Extensions::Github::OAuth::Runners::Auth'
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/lib/legion/extensions/github/oauth/runners/auth.rb

@@ -0,0 +1,111 @@
+# frozen_string_literal: true
+
+require 'base64'
+require 'openssl'
+require 'securerandom'
+require 'uri'
+require 'legion/extensions/github/helpers/client'
+
+module Legion
+  module Extensions
+    module Github
+      module OAuth
+        module Runners
+          module Auth
+            include Legion::Extensions::Github::Helpers::Client
+
+            def generate_pkce(**)
+              verifier = SecureRandom.urlsafe_base64(32)
+              challenge = ::Base64.urlsafe_encode64(
+                OpenSSL::Digest::SHA256.digest(verifier), padding: false
+              )
+              { result: { verifier: verifier, challenge: challenge, challenge_method: 'S256' } }
+            end
+
+            def authorize_url(client_id:, redirect_uri:, scope:, state:,
+                              code_challenge:, code_challenge_method: 'S256', **)
+              params = URI.encode_www_form(
+                client_id: client_id, redirect_uri: redirect_uri,
+                scope: scope, state: state,
+                code_challenge: code_challenge,
+                code_challenge_method: code_challenge_method
+              )
+              { result: "https://github.com/login/oauth/authorize?#{params}" }
+            end
+
+            def exchange_code(client_id:, client_secret:, code:, redirect_uri:, code_verifier:, **)
+              response = oauth_connection.post('/login/oauth/access_token', {
+                                                 client_id: client_id, client_secret: client_secret,
+                                                code: code, redirect_uri: redirect_uri,
+                                                code_verifier: code_verifier
+                                               })
+              { result: response.body }
+            end
+
+            def refresh_token(client_id:, client_secret:, refresh_token:, **)
+              response = oauth_connection.post('/login/oauth/access_token', {
+                                                 client_id: client_id, client_secret: client_secret,
+                                                refresh_token: refresh_token,
+                                                grant_type: 'refresh_token'
+                                               })
+              { result: response.body }
+            end
+
+            def request_device_code(client_id:, scope: 'repo', **)
+              response = oauth_connection.post('/login/device/code', {
+                                                 client_id: client_id, scope: scope
+                                               })
+              { result: response.body }
+            end
+
+            def poll_device_code(client_id:, device_code:, interval: 5, timeout: 300, **)
+              deadline = Time.now + timeout
+              current_interval = interval
+
+              loop do
+                response = oauth_connection.post('/login/oauth/access_token', {
+                                                   client_id:   client_id,
+                                                   device_code: device_code,
+                                                   grant_type:  'urn:ietf:params:oauth:grant-type:device_code'
+                                                 })
+                body = response.body
+                return { result: body } if body[:access_token]
+
+                error_key = body[:error]
+                case error_key
+                when 'authorization_pending'
+                  return { error: 'timeout', description: "Device code flow timed out after #{timeout}s" } if Time.now > deadline
+
+                  sleep(current_interval) unless current_interval.zero?
+                when 'slow_down'
+                  current_interval += 5
+                  sleep(current_interval) unless current_interval.zero?
+                else
+                  return { error: error_key, description: body[:error_description] }
+                end
+              end
+            end
+
+            def revoke_token(client_id:, client_secret:, access_token:, **)
+              conn = oauth_connection(client_id: client_id, client_secret: client_secret)
+              response = conn.delete("/applications/#{client_id}/token", { access_token: access_token })
+              { result: response.status == 204 }
+            end
+
+            def oauth_connection(client_id: nil, client_secret: nil, **)
+              Faraday.new(url: 'https://github.com') do |conn|
+                conn.request :json
+                conn.response :json, content_type: /\bjson$/
+                conn.headers['Accept'] = 'application/json'
+                conn.request :authorization, :basic, client_id, client_secret if client_id && client_secret
+              end
+            end
+
+            include Legion::Extensions::Helpers::Lex if Legion::Extensions.const_defined?(:Helpers, false) &&
+                                                        Legion::Extensions::Helpers.const_defined?(:Lex, false)
+          end
+        end
+      end
+    end
+  end
+end

data/lib/legion/extensions/github/oauth/transport/exchanges/oauth.rb

@@ -0,0 +1,17 @@
+# frozen_string_literal: true
+
+module Legion
+  module Extensions
+    module Github
+      module OAuth
+        module Transport
+          module Exchanges
+            class Oauth < Legion::Transport::Exchange
+              def exchange_name = 'lex.github.oauth'
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/lib/legion/extensions/github/oauth/transport/queues/auth.rb

@@ -0,0 +1,18 @@
+# frozen_string_literal: true
+
+module Legion
+  module Extensions
+    module Github
+      module OAuth
+        module Transport
+          module Queues
+            class Auth < Legion::Transport::Queue
+              def queue_name    = 'lex.github.oauth.runners.auth'
+              def queue_options = { auto_delete: false }
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/lib/legion/extensions/github/runners/actions.rb

@@ -0,0 +1,100 @@
+# frozen_string_literal: true
+
+require 'legion/extensions/github/helpers/client'
+
+module Legion
+  module Extensions
+    module Github
+      module Runners
+        module Actions
+          include Legion::Extensions::Github::Helpers::Client
+
+          def list_workflows(owner:, repo:, per_page: 30, page: 1, **)
+            response = connection(owner: owner, repo: repo, **).get(
+              "/repos/#{owner}/#{repo}/actions/workflows", per_page: per_page, page: page
+            )
+            { result: response.body }
+          end
+
+          def get_workflow(owner:, repo:, workflow_id:, **)
+            response = connection(owner: owner, repo: repo, **).get(
+              "/repos/#{owner}/#{repo}/actions/workflows/#{workflow_id}"
+            )
+            { result: response.body }
+          end
+
+          def list_workflow_runs(owner:, repo:, workflow_id:, status: nil, branch: nil,
+                                 per_page: 30, page: 1, **)
+            params = { per_page: per_page, page: page, status: status, branch: branch }.compact
+            response = connection(owner: owner, repo: repo, **).get(
+              "/repos/#{owner}/#{repo}/actions/workflows/#{workflow_id}/runs", params
+            )
+            { result: response.body }
+          end
+
+          def get_workflow_run(owner:, repo:, run_id:, **)
+            response = connection(owner: owner, repo: repo, **).get(
+              "/repos/#{owner}/#{repo}/actions/runs/#{run_id}"
+            )
+            { result: response.body }
+          end
+
+          def trigger_workflow(owner:, repo:, workflow_id:, ref:, inputs: {}, **)
+            payload = { ref: ref, inputs: inputs }
+            response = connection(owner: owner, repo: repo, **).post(
+              "/repos/#{owner}/#{repo}/actions/workflows/#{workflow_id}/dispatches", payload
+            )
+            { result: response.status == 204 }
+          end
+
+          def cancel_workflow_run(owner:, repo:, run_id:, **)
+            response = connection(owner: owner, repo: repo, **).post(
+              "/repos/#{owner}/#{repo}/actions/runs/#{run_id}/cancel"
+            )
+            { result: [202, 204].include?(response.status) }
+          end
+
+          def rerun_workflow(owner:, repo:, run_id:, **)
+            response = connection(owner: owner, repo: repo, **).post(
+              "/repos/#{owner}/#{repo}/actions/runs/#{run_id}/rerun"
+            )
+            { result: [201, 204].include?(response.status) }
+          end
+
+          def rerun_failed_jobs(owner:, repo:, run_id:, **)
+            response = connection(owner: owner, repo: repo, **).post(
+              "/repos/#{owner}/#{repo}/actions/runs/#{run_id}/rerun-failed-jobs"
+            )
+            { result: [201, 204].include?(response.status) }
+          end
+
+          def list_workflow_run_jobs(owner:, repo:, run_id:, filter: 'latest', per_page: 30, page: 1, **)
+            params = { filter: filter, per_page: per_page, page: page }
+            response = connection(owner: owner, repo: repo, **).get(
+              "/repos/#{owner}/#{repo}/actions/runs/#{run_id}/jobs", params
+            )
+            { result: response.body }
+          end
+
+          def download_workflow_run_logs(owner:, repo:, run_id:, **)
+            response = connection(owner: owner, repo: repo, **).get(
+              "/repos/#{owner}/#{repo}/actions/runs/#{run_id}/logs"
+            )
+            { result: { status: response.status, headers: response.headers.to_h, body: response.body } }
+          end
+
+          def list_workflow_run_artifacts(owner:, repo:, run_id:, per_page: 30, page: 1, **)
+            params = { per_page: per_page, page: page }
+            response = connection(owner: owner, repo: repo, **).get(
+              "/repos/#{owner}/#{repo}/actions/runs/#{run_id}/artifacts", params
+            )
+            { result: response.body }
+          end
+
+          include Legion::Extensions::Helpers::Lex if Legion::Extensions.const_defined?(:Helpers, false) &&
+                                                      Legion::Extensions::Helpers.const_defined?(:Lex, false)
+        end
+      end
+    end
+  end
+end

data/lib/legion/extensions/github/runners/branches.rb

@@ -1,6 +1,7 @@
 # frozen_string_literal: true
 
 require 'legion/extensions/github/helpers/client'
+require 'legion/extensions/github/helpers/cache'
 
 module Legion
   module Extensions
@@ -8,22 +9,23 @@ module Legion
       module Runners
         module Branches
           include Legion::Extensions::Github::Helpers::Client
+          include Legion::Extensions::Github::Helpers::Cache
 
           def create_branch(owner:, repo:, branch:, from_ref: 'main', **)
-            ref_response = connection(**).get("/repos/#{owner}/#{repo}/git/ref/heads/#{from_ref}")
+            ref_response = connection(owner: owner, repo: repo, **).get("/repos/#{owner}/#{repo}/git/ref/heads/#{from_ref}")
             sha = ref_response.body.dig('object', 'sha')
 
-            create_response = connection(**).post("/repos/#{owner}/#{repo}/git/refs",
-                                                  { ref: "refs/heads/#{branch}", sha: sha })
+            create_response = connection(owner: owner, repo: repo, **).post("/repos/#{owner}/#{repo}/git/refs",
+                                                                            { ref: "refs/heads/#{branch}", sha: sha })
 
             { success: true, ref: create_response.body['ref'], sha: sha }
           rescue StandardError => e
-            log.warn(e.message) if respond_to?(:log, true)
+            log.warn(e.message)
             { success: false, error: e.message }
           end
 
-          include Legion::Extensions::Helpers::Lex if Legion::Extensions.const_defined?(:Helpers) &&
-                                                      Legion::Extensions::Helpers.const_defined?(:Lex)
+          include Legion::Extensions::Helpers::Lex if Legion::Extensions.const_defined?(:Helpers, false) &&
+                                                      Legion::Extensions::Helpers.const_defined?(:Lex, false)
         end
       end
     end

data/lib/legion/extensions/github/runners/checks.rb

@@ -0,0 +1,84 @@
+# frozen_string_literal: true
+
+require 'legion/extensions/github/helpers/client'
+
+module Legion
+  module Extensions
+    module Github
+      module Runners
+        module Checks
+          include Legion::Extensions::Github::Helpers::Client
+
+          def create_check_run(owner:, repo:, name:, head_sha:, status: nil, # rubocop:disable Metrics/ParameterLists
+                               conclusion: nil, output: nil, details_url: nil, **)
+            payload = { name: name, head_sha: head_sha, status: status,
+                        conclusion: conclusion, output: output, details_url: details_url }.compact
+            response = connection(owner: owner, repo: repo, **).post(
+              "/repos/#{owner}/#{repo}/check-runs", payload
+            )
+            { result: response.body }
+          end
+
+          def update_check_run(owner:, repo:, check_run_id:, **opts)
+            payload = opts.slice(:name, :status, :conclusion, :output, :details_url,
+                                 :started_at, :completed_at)
+            response = connection(owner: owner, repo: repo, **opts).patch(
+              "/repos/#{owner}/#{repo}/check-runs/#{check_run_id}", payload
+            )
+            { result: response.body }
+          end
+
+          def get_check_run(owner:, repo:, check_run_id:, **)
+            response = connection(owner: owner, repo: repo, **).get(
+              "/repos/#{owner}/#{repo}/check-runs/#{check_run_id}"
+            )
+            { result: response.body }
+          end
+
+          def list_check_runs_for_ref(owner:, repo:, ref:, check_name: nil, status: nil,
+                                      per_page: 30, page: 1, **)
+            params = { check_name: check_name, status: status,
+                       per_page: per_page, page: page }.compact
+            response = connection(owner: owner, repo: repo, **).get(
+              "/repos/#{owner}/#{repo}/commits/#{ref}/check-runs", params
+            )
+            { result: response.body }
+          end
+
+          def list_check_suites_for_ref(owner:, repo:, ref:, per_page: 30, page: 1, **)
+            params = { per_page: per_page, page: page }
+            response = connection(owner: owner, repo: repo, **).get(
+              "/repos/#{owner}/#{repo}/commits/#{ref}/check-suites", params
+            )
+            { result: response.body }
+          end
+
+          def get_check_suite(owner:, repo:, check_suite_id:, **)
+            response = connection(owner: owner, repo: repo, **).get(
+              "/repos/#{owner}/#{repo}/check-suites/#{check_suite_id}"
+            )
+            { result: response.body }
+          end
+
+          def rerequest_check_suite(owner:, repo:, check_suite_id:, **)
+            response = connection(owner: owner, repo: repo, **).post(
+              "/repos/#{owner}/#{repo}/check-suites/#{check_suite_id}/rerequest"
+            )
+            { result: [201, 204].include?(response.status) }
+          end
+
+          def list_check_run_annotations(owner:, repo:, check_run_id:, per_page: 30, page: 1, **)
+            params = { per_page: per_page, page: page }
+            response = connection(owner: owner, repo: repo, **).get(
+              "/repos/#{owner}/#{repo}/check-runs/#{check_run_id}/annotations", params
+            )
+            { result: response.body }
+          end
+
+          include Legion::Extensions::Helpers::Lex if Legion::Extensions.const_defined?(:Helpers, false) &&
+                                                      Legion::Extensions::Helpers.const_defined?(:Lex, false)
+        end
+      end
+    end
+  end
+end

data/lib/legion/extensions/github/runners/comments.rb

@@ -1,6 +1,7 @@
 # frozen_string_literal: true
 
 require 'legion/extensions/github/helpers/client'
+require 'legion/extensions/github/helpers/cache'
 
 module Legion
   module Extensions
@@ -8,35 +9,40 @@ module Legion
       module Runners
         module Comments
           include Legion::Extensions::Github::Helpers::Client
+          include Legion::Extensions::Github::Helpers::Cache
 
           def list_comments(owner:, repo:, issue_number:, per_page: 30, page: 1, **)
             params = { per_page: per_page, page: page }
-            response = connection(**).get("/repos/#{owner}/#{repo}/issues/#{issue_number}/comments", params)
-            { result: response.body }
+            { result: cached_get("github:repo:#{owner}/#{repo}:issues:#{issue_number}:comments:#{page}:#{per_page}") do
+              connection(owner: owner, repo: repo, **).get("/repos/#{owner}/#{repo}/issues/#{issue_number}/comments", params).body
+            end }
           end
 
           def get_comment(owner:, repo:, comment_id:, **)
-            response = connection(**).get("/repos/#{owner}/#{repo}/issues/comments/#{comment_id}")
-            { result: response.body }
+            { result: cached_get("github:repo:#{owner}/#{repo}:comments:#{comment_id}") do
+              connection(owner: owner, repo: repo, **).get("/repos/#{owner}/#{repo}/issues/comments/#{comment_id}").body
+            end }
           end
 
           def create_comment(owner:, repo:, issue_number:, body:, **)
-            response = connection(**).post("/repos/#{owner}/#{repo}/issues/#{issue_number}/comments", { body: body })
+            response = connection(owner: owner, repo: repo, **).post("/repos/#{owner}/#{repo}/issues/#{issue_number}/comments", { body: body })
             { result: response.body }
           end
 
           def update_comment(owner:, repo:, comment_id:, body:, **)
-            response = connection(**).patch("/repos/#{owner}/#{repo}/issues/comments/#{comment_id}", { body: body })
+            response = connection(owner: owner, repo: repo, **).patch("/repos/#{owner}/#{repo}/issues/comments/#{comment_id}", { body: body })
+            cache_write("github:repo:#{owner}/#{repo}:comments:#{comment_id}", response.body) if response.body['id']
             { result: response.body }
           end
 
           def delete_comment(owner:, repo:, comment_id:, **)
-            response = connection(**).delete("/repos/#{owner}/#{repo}/issues/comments/#{comment_id}")
+            response = connection(owner: owner, repo: repo, **).delete("/repos/#{owner}/#{repo}/issues/comments/#{comment_id}")
+            cache_invalidate("github:repo:#{owner}/#{repo}:comments:#{comment_id}") if response.status == 204
             { result: response.status == 204 }
           end
 
-          include Legion::Extensions::Helpers::Lex if Legion::Extensions.const_defined?(:Helpers) &&
-                                                      Legion::Extensions::Helpers.const_defined?(:Lex)
+          include Legion::Extensions::Helpers::Lex if Legion::Extensions.const_defined?(:Helpers, false) &&
+                                                      Legion::Extensions::Helpers.const_defined?(:Lex, false)
         end
       end
     end

data/lib/legion/extensions/github/runners/commits.rb

@@ -1,6 +1,7 @@
 # frozen_string_literal: true
 
 require 'legion/extensions/github/helpers/client'
+require 'legion/extensions/github/helpers/cache'
 
 module Legion
   module Extensions
@@ -8,27 +9,31 @@ module Legion
       module Runners
         module Commits
           include Legion::Extensions::Github::Helpers::Client
+          include Legion::Extensions::Github::Helpers::Cache
 
           def list_commits(owner:, repo:, sha: nil, per_page: 30, page: 1, **)
             params = { per_page: per_page, page: page }
             params[:sha] = sha if sha
-            response = connection(**).get("/repos/#{owner}/#{repo}/commits", params)
-            { result: response.body }
+            { result: cached_get("github:repo:#{owner}/#{repo}:commits:#{sha}:#{page}:#{per_page}") do
+              connection(owner: owner, repo: repo, **).get("/repos/#{owner}/#{repo}/commits", params).body
+            end }
           end
 
           def get_commit(owner:, repo:, ref:, **)
-            response = connection(**).get("/repos/#{owner}/#{repo}/commits/#{ref}")
-            { result: response.body }
+            { result: cached_get("github:repo:#{owner}/#{repo}:commits:#{ref}") do
+              connection(owner: owner, repo: repo, **).get("/repos/#{owner}/#{repo}/commits/#{ref}").body
+            end }
           end
 
           def compare_commits(owner:, repo:, base:, head:, per_page: 30, page: 1, **)
             params = { per_page: per_page, page: page }
-            response = connection(**).get("/repos/#{owner}/#{repo}/compare/#{base}...#{head}", params)
-            { result: response.body }
+            { result: cached_get("github:repo:#{owner}/#{repo}:commits:compare:#{base}...#{head}:#{page}:#{per_page}") do
+              connection(owner: owner, repo: repo, **).get("/repos/#{owner}/#{repo}/compare/#{base}...#{head}", params).body
+            end }
           end
 
-          include Legion::Extensions::Helpers::Lex if Legion::Extensions.const_defined?(:Helpers) &&
-                                                      Legion::Extensions::Helpers.const_defined?(:Lex)
+          include Legion::Extensions::Helpers::Lex if Legion::Extensions.const_defined?(:Helpers, false) &&
+                                                      Legion::Extensions::Helpers.const_defined?(:Lex, false)
         end
       end
     end

data/lib/legion/extensions/github/runners/contents.rb

@@ -1,6 +1,7 @@
 # frozen_string_literal: true
 
 require 'legion/extensions/github/helpers/client'
+require 'legion/extensions/github/helpers/cache'
 
 module Legion
   module Extensions
@@ -8,9 +9,10 @@ module Legion
       module Runners
         module Contents
           include Legion::Extensions::Github::Helpers::Client
+          include Legion::Extensions::Github::Helpers::Cache
 
           def commit_files(owner:, repo:, branch:, files:, message:, **)
-            conn = connection(**)
+            conn = connection(owner: owner, repo: repo, **)
 
             ref = conn.get("/repos/#{owner}/#{repo}/git/ref/heads/#{branch}")
             commit_sha = ref.body.dig('object', 'sha')
@@ -33,12 +35,12 @@ module Legion
 
             { success: true, commit_sha: new_commit.body['sha'], tree_sha: new_tree.body['sha'] }
           rescue StandardError => e
-            log.warn(e.message) if respond_to?(:log, true)
+            log.warn(e.message)
             { success: false, error: e.message }
           end
 
-          include Legion::Extensions::Helpers::Lex if Legion::Extensions.const_defined?(:Helpers) &&
-                                                      Legion::Extensions::Helpers.const_defined?(:Lex)
+          include Legion::Extensions::Helpers::Lex if Legion::Extensions.const_defined?(:Helpers, false) &&
+                                                      Legion::Extensions::Helpers.const_defined?(:Lex, false)
         end
       end
     end