@semantic-release/github 8.0.7 → 8.0.8

package/lib/add-channel.js

@@ -14,7 +14,7 @@ module.exports = async (pluginConfig, context) => {
   } = context;
   const {githubToken, githubUrl, githubApiPathPrefix, proxy} = resolveConfig(pluginConfig, context);
   const {owner, repo} = parseGithubUrl(repositoryUrl);
-  const github = getClient({githubToken, githubUrl, githubApiPathPrefix, proxy});
+  const octokit = getClient({githubToken, githubUrl, githubApiPathPrefix, proxy});
   let releaseId;
 
   const release = {owner, repo, name, prerelease: isPrerelease(branch), tag_name: gitTag};
@@ -24,14 +24,14 @@ module.exports = async (pluginConfig, context) => {
   try {
     ({
       data: {id: releaseId},
-    } = await github.repos.getReleaseByTag({owner, repo, tag: gitTag}));
+    } = await octokit.request('GET /repos/{owner}/{repo}/releases/tags/{tag}', {owner, repo, tag: gitTag}));
   } catch (error) {
     if (error.status === 404) {
       logger.log('There is no release for tag %s, creating a new one', gitTag);
 
       const {
         data: {html_url: url},
-      } = await github.repos.createRelease({...release, body: notes});
+      } = await octokit.request('POST /repos/{owner}/{repo}/releases', {...release, body: notes});
 
       logger.log('Published GitHub release: %s', url);
       return {url, name: RELEASE_NAME};
@@ -44,7 +44,7 @@ module.exports = async (pluginConfig, context) => {
 
   const {
     data: {html_url: url},
-  } = await github.repos.updateRelease({...release, release_id: releaseId});
+  } = await octokit.request('PATCH /repos/{owner}/{repo}/releases/{release_id}', {...release, release_id: releaseId});
 
   logger.log('Updated GitHub release: %s', url);
 

package/lib/definitions/retry.js

@@ -0,0 +1,10 @@
+/**
+ * Default exponential backoff configuration for retries.
+ */
+const RETRY_CONF = {
+  // By default, Octokit does not retry on 404s.
+  // But we want to retry on 404s to account for replication lag.
+  doNotRetry: [400, 401, 403, 422],
+};
+
+module.exports = {RETRY_CONF};

package/lib/definitions/throttle.js

@@ -0,0 +1,7 @@
+/**
+ * Default configuration for throttle.
+ * @see https://github.com/octokit/plugin-throttling.js#options
+ */
+const THROTTLE_CONF = {};
+
+module.exports = {THROTTLE_CONF};

package/lib/fail.js

@@ -22,11 +22,12 @@ module.exports = async (pluginConfig, context) => {
   if (failComment === false || failTitle === false) {
     logger.log('Skip issue creation.');
   } else {
-    const github = getClient({githubToken, githubUrl, githubApiPathPrefix, proxy});
+    const octokit = getClient({githubToken, githubUrl, githubApiPathPrefix, proxy});
     // In case the repo changed name, get the new `repo`/`owner` as the search API will not follow redirects
-    const [owner, repo] = (await github.repos.get(parseGithubUrl(repositoryUrl))).data.full_name.split('/');
+    const {data: repoData} = await octokit.request('GET /repos/{owner}/{repo}', parseGithubUrl(repositoryUrl));
+    const [owner, repo] = repoData.full_name.split('/');
     const body = failComment ? template(failComment)({branch, errors}) : getFailComment(branch, errors);
-    const [srIssue] = await findSRIssues(github, failTitle, owner, repo);
+    const [srIssue] = await findSRIssues(octokit, failTitle, owner, repo);
 
     if (srIssue) {
       logger.log('Found existing semantic-release issue #%d.', srIssue.number);
@@ -34,14 +35,21 @@ module.exports = async (pluginConfig, context) => {
       debug('create comment: %O', comment);
       const {
         data: {html_url: url},
-      } = await github.issues.createComment(comment);
+      } = await octokit.request('POST /repos/{owner}/{repo}/issues/{issue_number}/comments', comment);
       logger.log('Added comment to issue #%d: %s.', srIssue.number, url);
     } else {
-      const newIssue = {owner, repo, title: failTitle, body: `${body}\n\n${ISSUE_ID}`, labels: labels || [], assignees};
+      const newIssue = {
+        owner,
+        repo,
+        title: failTitle,
+        body: `${body}\n\n${ISSUE_ID}`,
+        labels: labels || [],
+        assignees,
+      };
       debug('create issue: %O', newIssue);
       const {
         data: {html_url: url, number},
-      } = await github.issues.create(newIssue);
+      } = await octokit.request('POST /repos/{owner}/{repo}/issues', newIssue);
       logger.log('Created issue #%d: %s.', number, url);
     }
   }

package/lib/find-sr-issues.js

@@ -1,9 +1,9 @@
 const {ISSUE_ID} = require('./definitions/constants');
 
-module.exports = async (github, title, owner, repo) => {
+module.exports = async (octokit, title, owner, repo) => {
   const {
     data: {items: issues},
-  } = await github.search.issuesAndPullRequests({
+  } = await octokit.request('GET /search/issues', {
     q: `in:title+repo:${owner}/${repo}+type:issue+state:open+${title}`,
   });
 

package/lib/get-client.js

@@ -1,35 +1,12 @@
-const {memoize, get} = require('lodash');
-const {Octokit} = require('@octokit/rest');
-const pRetry = require('p-retry');
-const Bottleneck = require('bottleneck');
 const urljoin = require('url-join');
 const HttpProxyAgent = require('http-proxy-agent');
 const HttpsProxyAgent = require('https-proxy-agent');
 
-const {RETRY_CONF, RATE_LIMITS, GLOBAL_RATE_LIMIT} = require('./definitions/rate-limit');
-
-/**
- * Http error status for which to not retry.
- */
-const SKIP_RETRY_CODES = new Set([400, 401, 403]);
-
-/**
- * Create or retrieve the throttler function for a given rate limit group.
- *
- * @param {Array} rate The rate limit group.
- * @param {String} limit The rate limits per API endpoints.
- * @param {Bottleneck} globalThrottler The global throttler.
- *
- * @return {Bottleneck} The throller function for the given rate limit group.
- */
-const getThrottler = memoize((rate, globalThrottler) =>
-  new Bottleneck({minTime: get(RATE_LIMITS, rate)}).chain(globalThrottler)
-);
+const SemanticReleaseOctokit = require('./semantic-release-octokit');
 
 module.exports = ({githubToken, githubUrl, githubApiPathPrefix, proxy}) => {
   const baseUrl = githubUrl && urljoin(githubUrl, githubApiPathPrefix);
-  const globalThrottler = new Bottleneck({minTime: GLOBAL_RATE_LIMIT});
-  const github = new Octokit({
+  const octokit = new SemanticReleaseOctokit({
     auth: `token ${githubToken}`,
     baseUrl,
     request: {
@@ -41,23 +18,5 @@ module.exports = ({githubToken, githubUrl, githubApiPathPrefix, proxy}) => {
     },
   });
 
-  github.hook.wrap('request', (request, options) => {
-    const access = options.method === 'GET' ? 'read' : 'write';
-    const rateCategory = options.url.startsWith('/search') ? 'search' : 'core';
-    const limitKey = [rateCategory, RATE_LIMITS[rateCategory][access] && access].filter(Boolean).join('.');
-
-    return pRetry(async () => {
-      try {
-        return await getThrottler(limitKey, globalThrottler).wrap(request)(options);
-      } catch (error) {
-        if (SKIP_RETRY_CODES.has(error.status)) {
-          throw new pRetry.AbortError(error);
-        }
-
-        throw error;
-      }
-    }, RETRY_CONF);
-  });
-
-  return github;
+  return octokit;
 };

package/lib/publish.js

@@ -20,7 +20,7 @@ module.exports = async (pluginConfig, context) => {
   } = context;
   const {githubToken, githubUrl, githubApiPathPrefix, proxy, assets} = resolveConfig(pluginConfig, context);
   const {owner, repo} = parseGithubUrl(repositoryUrl);
-  const github = getClient({githubToken, githubUrl, githubApiPathPrefix, proxy});
+  const octokit = getClient({githubToken, githubUrl, githubApiPathPrefix, proxy});
   const release = {
     owner,
     repo,
@@ -37,7 +37,7 @@ module.exports = async (pluginConfig, context) => {
   if (!assets || assets.length === 0) {
     const {
       data: {html_url: url, id: releaseId},
-    } = await github.repos.createRelease(release);
+    } = await octokit.request('POST /repos/{owner}/{repo}/releases', release);
 
     logger.log('Published GitHub release: %s', url);
     return {url, name: RELEASE_NAME, id: releaseId};
@@ -49,7 +49,7 @@ module.exports = async (pluginConfig, context) => {
 
   const {
     data: {upload_url: uploadUrl, id: releaseId},
-  } = await github.repos.createRelease(draftRelease);
+  } = await octokit.request('POST /repos/{owner}/{repo}/releases', draftRelease);
 
   // Append assets to the release
   const globbedAssets = await globAssets(context, assets);
@@ -74,6 +74,7 @@ module.exports = async (pluginConfig, context) => {
 
       const fileName = template(asset.name || path.basename(filePath))(context);
       const upload = {
+        method: 'POST',
         url: uploadUrl,
         data: await readFile(path.resolve(cwd, filePath)),
         name: fileName,
@@ -92,14 +93,19 @@ module.exports = async (pluginConfig, context) => {
 
       const {
         data: {browser_download_url: downloadUrl},
-      } = await github.repos.uploadReleaseAsset(upload);
+      } = await octokit.request(upload);
       logger.log('Published file %s', downloadUrl);
     })
   );
 
   const {
     data: {html_url: url},
-  } = await github.repos.updateRelease({owner, repo, release_id: releaseId, draft: false});
+  } = await octokit.request('PATCH /repos/{owner}/{repo}/releases/{release_id}', {
+    owner,
+    repo,
+    release_id: releaseId,
+    draft: false,
+  });
 
   logger.log('Published GitHub release: %s', url);
   return {url, name: RELEASE_NAME, id: releaseId};

package/lib/semantic-release-octokit.js

@@ -0,0 +1,35 @@
+/* istanbul ignore file */
+
+// If maintaining @octokit/core and the separate plugins gets to cumbersome
+// then the `octokit` package can be used which has all these plugins included.
+// However the `octokit` package has a lot of other things we don't care about.
+// We use only the bits we need to minimize the size of the package.
+const {Octokit} = require('@octokit/core');
+const {paginateRest} = require('@octokit/plugin-paginate-rest');
+const {retry} = require('@octokit/plugin-retry');
+const {throttling} = require('@octokit/plugin-throttling');
+
+const {RETRY_CONF} = require('./definitions/retry');
+const {THROTTLE_CONF} = require('./definitions/throttle');
+const {version} = require('../package.json');
+
+const onRetry = (retryAfter, options, octokit, retryCount) => {
+  octokit.log.warn(`Request quota exhausted for request ${options.method} ${options.url}`);
+
+  if (retryCount <= RETRY_CONF.retries) {
+    octokit.log.debug(`Will retry after ${retryAfter}.`);
+    return true;
+  }
+};
+
+const SemanticReleaseOctokit = Octokit.plugin(paginateRest, retry, throttling).defaults({
+  userAgent: `@semantic-release/github v${version}`,
+  retry: RETRY_CONF,
+  throttle: {
+    ...THROTTLE_CONF,
+    onRateLimit: onRetry,
+    onSecondaryRateLimit: onRetry,
+  },
+});
+
+module.exports = SemanticReleaseOctokit;

package/lib/success.js

@@ -32,9 +32,10 @@ module.exports = async (pluginConfig, context) => {
     addReleases,
   } = resolveConfig(pluginConfig, context);
 
-  const github = getClient({githubToken, githubUrl, githubApiPathPrefix, proxy});
+  const octokit = getClient({githubToken, githubUrl, githubApiPathPrefix, proxy});
   // In case the repo changed name, get the new `repo`/`owner` as the search API will not follow redirects
-  const [owner, repo] = (await github.repos.get(parseGithubUrl(repositoryUrl))).data.full_name.split('/');
+  const {data: repoData} = await octokit.request('GET /repos/{owner}/{repo}', parseGithubUrl(repositoryUrl));
+  const [owner, repo] = repoData.full_name.split('/');
 
   const errors = [];
 
@@ -46,15 +47,27 @@ module.exports = async (pluginConfig, context) => {
     const shas = commits.map(({hash}) => hash);
 
     const searchQueries = getSearchQueries(`repo:${owner}/${repo}+type:pr+is:merged`, shas).map(
-      async (q) => (await github.search.issuesAndPullRequests({q})).data.items
+      async (q) => (await octokit.request('GET /search/issues', {q})).data.items
     );
 
-    const prs = await pFilter(
-      uniqBy(flatten(await Promise.all(searchQueries)), 'number'),
-      async ({number}) =>
-        (await github.pulls.listCommits({owner, repo, pull_number: number})).data.find(({sha}) => shas.includes(sha)) ||
-        shas.includes((await github.pulls.get({owner, repo, pull_number: number})).data.merge_commit_sha)
-    );
+    const searchQueriesResults = await Promise.all(searchQueries);
+    const uniqueSearchQueriesResults = uniqBy(flatten(searchQueriesResults), 'number');
+    const prs = await pFilter(uniqueSearchQueriesResults, async ({number}) => {
+      const commits = await octokit.paginate('GET /repos/{owner}/{repo}/pulls/{pull_number}/commits', {
+        owner,
+        repo,
+        pull_number: number,
+      });
+      const matchingCommit = commits.find(({sha}) => shas.includes(sha));
+      if (matchingCommit) return matchingCommit;
+
+      const {data: pullRequest} = await octokit.request('GET /repos/{owner}/{repo}/pulls/{pull_number}', {
+        owner,
+        repo,
+        pull_number: number,
+      });
+      return shas.includes(pullRequest.merge_commit_sha);
+    });
 
     debug(
       'found pull requests: %O',
@@ -87,17 +100,15 @@ module.exports = async (pluginConfig, context) => {
           debug('create comment: %O', comment);
           const {
             data: {html_url: url},
-          } = await github.issues.createComment(comment);
+          } = await octokit.request('POST /repos/{owner}/{repo}/issues/{issue_number}/comments', comment);
           logger.log('Added comment to issue #%d: %s', issue.number, url);
 
           if (releasedLabels) {
             const labels = releasedLabels.map((label) => template(label)(context));
-            // Don’t use .issues.addLabels for GHE < 2.16 support
-            // https://github.com/semantic-release/github/issues/138
-            await github.request('POST /repos/:owner/:repo/issues/:number/labels', {
+            await octokit.request('POST /repos/{owner}/{repo}/issues/{issue_number}/labels', {
               owner,
               repo,
-              number: issue.number,
+              issue_number: issue.number,
               data: labels,
             });
             logger.log('Added labels %O to issue #%d', labels, issue.number);
@@ -120,7 +131,7 @@ module.exports = async (pluginConfig, context) => {
   if (failComment === false || failTitle === false) {
     logger.log('Skip closing issue.');
   } else {
-    const srIssues = await findSRIssues(github, failTitle, owner, repo);
+    const srIssues = await findSRIssues(octokit, failTitle, owner, repo);
 
     debug('found semantic-release issues: %O', srIssues);
 
@@ -132,7 +143,7 @@ module.exports = async (pluginConfig, context) => {
           debug('closing issue: %O', updateIssue);
           const {
             data: {html_url: url},
-          } = await github.issues.update(updateIssue);
+          } = await octokit.request('PATCH /repos/{owner}/{repo}/issues/{issue_number}', updateIssue);
           logger.log('Closed issue #%d: %s.', issue.number, url);
         } catch (error) {
           errors.push(error);
@@ -153,7 +164,12 @@ module.exports = async (pluginConfig, context) => {
           addReleases === 'top'
             ? additionalReleases.concat('\n---\n', nextRelease.notes)
             : nextRelease.notes.concat('\n---\n', additionalReleases);
-        await github.repos.updateRelease({owner, repo, release_id: ghRelaseId, body: newBody});
+        await octokit.request('PATCH /repos/{owner}/{repo}/releases/{release_id}', {
+          owner,
+          repo,
+          release_id: ghRelaseId,
+          body: newBody,
+        });
       }
     }
   }

package/lib/verify.js

@@ -55,12 +55,12 @@ module.exports = async (pluginConfig, context) => {
   if (!owner || !repo) {
     errors.push(getError('EINVALIDGITHUBURL'));
   } else if (githubToken && !errors.find(({code}) => code === 'EINVALIDPROXY')) {
-    const github = getClient({githubToken, githubUrl, githubApiPathPrefix, proxy});
+    const octokit = getClient({githubToken, githubUrl, githubApiPathPrefix, proxy});
 
     // https://github.com/semantic-release/github/issues/182
     // Do not check for permissions in GitHub actions, as the provided token is an installation access token.
-    // github.repos.get({repo, owner}) does not return the "permissions" key in that case. But GitHub Actions
-    // have all permissions required for @semantic-release/github to work
+    // octokit.request("GET /repos/{owner}/{repo}", {repo, owner}) does not return the "permissions" key in that case.
+    // But GitHub Actions have all permissions required for @semantic-release/github to work
     if (env.GITHUB_ACTION) {
       return;
     }
@@ -70,13 +70,13 @@ module.exports = async (pluginConfig, context) => {
         data: {
           permissions: {push},
         },
-      } = await github.repos.get({repo, owner});
+      } = await octokit.request('GET /repos/{owner}/{repo}', {repo, owner});
       if (!push) {
         // If authenticated as GitHub App installation, `push` will always be false.
         // We send another request to check if current authentication is an installation.
         // Note: we cannot check if the installation has all required permissions, it's
         // up to the user to make sure it has
-        if (await github.request('HEAD /installation/repositories', {per_page: 1}).catch(() => false)) {
+        if (await octokit.request('HEAD /installation/repositories', {per_page: 1}).catch(() => false)) {
           return;
         }
 

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@semantic-release/github",
   "description": "semantic-release plugin to publish a GitHub release and comment on released Pull Requests/Issues",
-  "version": "8.0.7",
+  "version": "8.0.8",
   "author": "Pierre Vanduynslager (https://twitter.com/@pvdlg_)",
   "ava": {
     "files": [
@@ -16,10 +16,12 @@
     "Gregor Martynus (https://twitter.com/gr2m)"
   ],
   "dependencies": {
-    "@octokit/rest": "^19.0.0",
+    "@octokit/core": "^4.2.1",
+    "@octokit/plugin-paginate-rest": "^6.1.2",
+    "@octokit/plugin-retry": "^4.1.3",
+    "@octokit/plugin-throttling": "^5.2.3",
     "@semantic-release/error": "^3.0.0",
     "aggregate-error": "^3.0.0",
-    "bottleneck": "^2.18.1",
     "debug": "^4.0.0",
     "dir-glob": "^3.0.0",
     "fs-extra": "^11.0.0",
@@ -30,20 +32,19 @@
     "lodash": "^4.17.4",
     "mime": "^3.0.0",
     "p-filter": "^2.0.0",
-    "p-retry": "^4.0.0",
     "url-join": "^4.0.0"
   },
   "devDependencies": {
     "ava": "5.1.0",
     "clear-module": "4.1.2",
     "codecov": "3.8.3",
-    "nock": "13.2.9",
+    "nock": "13.3.1",
     "nyc": "15.1.0",
     "proxy": "1.0.2",
     "proxyquire": "2.1.3",
-    "semantic-release": "19.0.5",
+    "semantic-release": "21.0.2",
     "server-destroy": "1.0.1",
-    "sinon": "15.0.0",
+    "sinon": "15.1.0",
     "tempy": "1.0.1",
     "xo": "0.36.1"
   },
@@ -88,7 +89,8 @@
     "trailingComma": "es5"
   },
   "publishConfig": {
-    "access": "public"
+    "access": "public",
+    "provenance": true
   },
   "repository": {
     "type": "git",

package/lib/definitions/rate-limit.js

@@ -1,27 +0,0 @@
-/**
- * Default exponential backoff configuration for retries.
- */
-const RETRY_CONF = {retries: 3, factor: 2, minTimeout: 1000};
-
-/**
- * Rate limit per API endpoints.
- *
- * See {@link https://developer.github.com/v3/search/#rate-limit|Search API rate limit}.
- * See {@link https://developer.github.com/v3/#rate-limiting|Rate limiting}.
- */
-const RATE_LIMITS = {
-  search: ((60 * 1000) / 30) * 1.1, // 30 calls per minutes => 1 call every 2s + 10% safety margin
-  core: {
-    read: ((60 * 60 * 1000) / 5000) * 1.1, // 5000 calls per hour => 1 call per 720ms + 10% safety margin
-    write: 3000, // 1 call every 3 seconds
-  },
-};
-
-/**
- * Global rate limit to prevent abuse.
- *
- * See {@link https://developer.github.com/v3/guides/best-practices-for-integrators/#dealing-with-abuse-rate-limits|Dealing with abuse rate limits}
- */
-const GLOBAL_RATE_LIMIT = 1000;
-
-module.exports = {RETRY_CONF, RATE_LIMITS, GLOBAL_RATE_LIMIT};