PyPI - github-org-manager - Versions diffs - 0.5.2__tar.gz → 0.5.3__tar.gz - Mend

github-org-manager 0.5.2tar.gz → 0.5.3tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (14) hide show

{github_org_manager-0.5.2 → github_org_manager-0.5.3}/PKG-INFO RENAMED Viewed

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: github-org-manager
-Version: 0.5.2
+Version: 0.5.3
 Summary: Manage a GitHub Organization, its teams, repository permissions, and more
 Home-page: https://github.com/OpenRailAssociation/github-org-manager
 License: Apache-2.0
@@ -83,6 +83,20 @@ Inside [`config/example`](./config/example), you can find an example configurati
 You may also be interested in the [live configuration of the OpenRail Association's organization](https://github.com/OpenRailAssociation/openrail-org-config).
+### Authentication via token or app
+As this tool issues many API requests (both on REST and GraphQL API), authentication is highly recommended. This is supported via personal access tokens of a user (PAT) or a GitHub App which you can setup yourself.
+Access tokens and apps need the following permissions:
+* Repository permissions
+  * Administration: read and write
+  * Metadata: read
+* Organization permissions:
+  * Administration: read and write
+  * Members: read and write
+You can set the required secrets in `config/app.yaml` or via environment variables (`GITHUB_TOKEN` or `GITHUB_APP_ID` and `GITHUB_APP_PRIVATE_KEY`).
 ## Run the program
 You can execute the program using the command `gh-org-mgr`. `gh-org-mgr --help` shows all available arguments and options.

{github_org_manager-0.5.2 → github_org_manager-0.5.3}/README.md RENAMED Viewed

@@ -54,6 +54,20 @@ Inside [`config/example`](./config/example), you can find an example configurati
 You may also be interested in the [live configuration of the OpenRail Association's organization](https://github.com/OpenRailAssociation/openrail-org-config).
+### Authentication via token or app
+As this tool issues many API requests (both on REST and GraphQL API), authentication is highly recommended. This is supported via personal access tokens of a user (PAT) or a GitHub App which you can setup yourself.
+Access tokens and apps need the following permissions:
+* Repository permissions
+  * Administration: read and write
+  * Metadata: read
+* Organization permissions:
+  * Administration: read and write
+  * Members: read and write
+You can set the required secrets in `config/app.yaml` or via environment variables (`GITHUB_TOKEN` or `GITHUB_APP_ID` and `GITHUB_APP_PRIVATE_KEY`).
 ## Run the program
 You can execute the program using the command `gh-org-mgr`. `gh-org-mgr --help` shows all available arguments and options.

{github_org_manager-0.5.2 → github_org_manager-0.5.3}/gh_org_mgr/_gh_api.py RENAMED Viewed

@@ -13,20 +13,15 @@ import sys
 import requests
-def get_github_token(token: str = "") -> str:
-    """Get the GitHub token from config or environment, while environment overrides"""
-    if "GITHUB_TOKEN" in os.environ and os.environ["GITHUB_TOKEN"]:
-        logging.debug("GitHub Token taken from environment variable GITHUB_TOKEN")
-        token = os.environ["GITHUB_TOKEN"]
-    elif token:
-        logging.debug("GitHub Token taken from app configuration file")
-    else:
-        sys.exit(
-            "No token set for GitHub authentication! Set it in config/app_config.yaml "
-            "or via environment variable GITHUB_TOKEN"
-        )
-    return token
+def get_github_secrets_from_env(env_variable: str, secret: str | int) -> str:
+    """Get GitHub secrets from config or environment, while environment overrides"""
+    if env_variable in os.environ and os.environ[env_variable]:
+        logging.debug("GitHub secret taken from environment variable %s", env_variable)
+        secret = os.environ[env_variable]
+    elif secret:
+        logging.debug("GitHub secret taken from app configuration file")
+    return str(secret)
 # Function to execute GraphQL query
@@ -51,10 +46,12 @@ def run_graphql_query(query, variables, token):
         return json_return
     # Debug information in case of errors
-    print(
-        f"Query failed with HTTP error code '{request.status_code}' when running "
-        f"this query: {query}\n"
-        f"Return: {json_return}\n"
-        f"Headers: {request.headers}"
+    logging.error(
+        "Query failed with HTTP error code '%s' when running this query: %s\n"
+        "Return: %s\nHeaders: %s",
+        request.status_code,
+        query,
+        json_return,
+        request.headers,
     )
     sys.exit(1)

{github_org_manager-0.5.2 → github_org_manager-0.5.3}/gh_org_mgr/_gh_org.py RENAMED Viewed

@@ -8,13 +8,19 @@ import logging
 import sys
 from dataclasses import asdict, dataclass, field
-from github import Github, GithubException, UnknownObjectException
+from github import (
+    Auth,
+    Github,
+    GithubException,
+    GithubIntegration,
+    UnknownObjectException,
+)
 from github.NamedUser import NamedUser
 from github.Organization import Organization
 from github.Repository import Repository
 from github.Team import Team
-from ._gh_api import get_github_token, run_graphql_query
+from ._gh_api import get_github_secrets_from_env, run_graphql_query
 @dataclass
@@ -24,6 +30,8 @@ class GHorg:  # pylint: disable=too-many-instance-attributes, too-many-lines
     gh: Github = None  # type: ignore
     org: Organization = None  # type: ignore
     gh_token: str = ""
+    gh_app_id: str | int = ""
+    gh_app_private_key: str = ""
     default_repository_permission: str = ""
     current_org_owners: list[NamedUser] = field(default_factory=list)
     configured_org_owners: list[str] = field(default_factory=list)
@@ -56,18 +64,39 @@ class GHorg:  # pylint: disable=too-many-instance-attributes, too-many-lines
         # supported, or multiple spaces etc.
         return team.replace(" ", "-")
-    def login(self, orgname: str, token: str) -> None:
-        """Login to GH, gather org data"""
-        self.gh_token = get_github_token(token)
-        self.gh = Github(self.gh_token)
-        logging.debug("Logged in as %s", self.gh.get_user().login)
+    def login(
+        self, orgname: str, token: str = "", app_id: str | int = "", app_private_key: str = ""
+    ) -> None:
+        """Login to GH via PAT or App, gather org data"""
+        # Get all login data from config and environment
+        self.gh_token = get_github_secrets_from_env(env_variable="GITHUB_TOKEN", secret=token)
+        self.gh_app_id = get_github_secrets_from_env(env_variable="GITHUB_APP_ID", secret=app_id)
+        self.gh_app_private_key = get_github_secrets_from_env(
+            env_variable="GITHUB_APP_PRIVATE_KEY", secret=app_private_key
+        )
+        # Decide how to login. If app set, prefer this
+        if self.gh_app_id and self.gh_app_private_key:
+            logging.debug("Logged in via app %s", self.gh_app_id)
+            auth = Auth.AppAuth(app_id=self.gh_app_id, private_key=self.gh_app_private_key)
+            app = GithubIntegration(auth=auth)
+            installation = app.get_installations()[0]
+            self.gh = installation.get_github_for_installation()
+        elif self.gh_token:
+            logging.debug("Logging in as user with PAT")
+            self.gh = Github(auth=Auth.Token(self.gh_token))
+            logging.debug("Logged in as %s", self.gh.get_user().login)
+        else:
+            logging.error("No GitHub token or App ID+private key provided")
+            sys.exit(1)
         self.org = self.gh.get_organization(orgname)
         logging.debug("Gathered data from organization '%s' (%s)", self.org.login, self.org.name)
     def ratelimit(self):
-        """Get current rate limit"""
+        """Print current rate limit"""
         core = self.gh.get_rate_limit().core
-        logging.debug(
+        logging.info(
             "Current rate limit: %s/%s (reset: %s)", core.remaining, core.limit, core.reset
         )
@@ -917,7 +946,7 @@ class GHorg:  # pylint: disable=too-many-instance-attributes, too-many-lines
         permissions using the GraphQL API"""
         # TODO: Consider doing this for all repositories at once, but calculate
         # costs beforehand
-        query = """
+        graphql_query = """
             query($owner: String!, $name: String!, $cursor: String) {
                 repository(owner: $owner, name: $name) {
                     collaborators(first: 100, after: $cursor) {
@@ -944,7 +973,7 @@ class GHorg:  # pylint: disable=too-many-instance-attributes, too-many-lines
         while has_next_page:
             logging.debug("Requesting collaborators for %s", repo.name)
-            result = run_graphql_query(query, variables, self.gh_token)
+            result = run_graphql_query(graphql_query, variables, self.gh_token)
             try:
                 collaborators.extend(result["data"]["repository"]["collaborators"]["edges"])
                 has_next_page = result["data"]["repository"]["collaborators"]["pageInfo"][

{github_org_manager-0.5.2 → github_org_manager-0.5.3}/pyproject.toml RENAMED Viewed

@@ -4,7 +4,7 @@
 [tool.poetry]
 name = "github-org-manager"
-version = "0.5.2"
+version = "0.5.3"
 description = "Manage a GitHub Organization, its teams, repository permissions, and more"
 authors = ["Max Mehl <max.mehl@deutschebahn.com>"]
 readme = "README.md"