From e3028fbc563b35173008debb2bcabd9eddf63c83 Mon Sep 17 00:00:00 2001 From: Glenn Lewis <6598971+gmlewis@users.noreply.github.com> Date: Tue, 28 Jun 2022 08:03:25 -0400 Subject: [PATCH 1/3] Change SelectedRepoIDs to []string Signed-off-by: Glenn Lewis <6598971+gmlewis@users.noreply.github.com> --- github/actions_secrets.go | 2 +- github/actions_secrets_test.go | 16 ++++++++-------- github/dependabot_secrets_test.go | 12 ++++++------ 3 files changed, 15 insertions(+), 15 deletions(-) diff --git a/github/actions_secrets.go b/github/actions_secrets.go index dc057edba21..9956d03c154 100644 --- a/github/actions_secrets.go +++ b/github/actions_secrets.go @@ -187,7 +187,7 @@ func (s *ActionsService) GetEnvSecret(ctx context.Context, repoID int, env, secr } // SelectedRepoIDs are the repository IDs that have access to the secret. -type SelectedRepoIDs []int64 +type SelectedRepoIDs []string // EncryptedSecret represents a secret that is encrypted using a public key. // diff --git a/github/actions_secrets_test.go b/github/actions_secrets_test.go index a1266d6bae6..019df48ca5f 100644 --- a/github/actions_secrets_test.go +++ b/github/actions_secrets_test.go @@ -429,7 +429,7 @@ func TestActionsService_CreateOrUpdateOrgSecret(t *testing.T) { mux.HandleFunc("/orgs/o/actions/secrets/NAME", func(w http.ResponseWriter, r *http.Request) { testMethod(t, r, "PUT") testHeader(t, r, "Content-Type", "application/json") - testBody(t, r, `{"key_id":"1234","encrypted_value":"QIv=","visibility":"selected","selected_repository_ids":[1296269,1269280]}`+"\n") + testBody(t, r, `{"key_id":"1234","encrypted_value":"QIv=","visibility":"selected","selected_repository_ids":["1296269","1269280"]}`+"\n") w.WriteHeader(http.StatusCreated) }) @@ -438,7 +438,7 @@ func TestActionsService_CreateOrUpdateOrgSecret(t *testing.T) { EncryptedValue: "QIv=", KeyID: "1234", Visibility: "selected", - SelectedRepositoryIDs: SelectedRepoIDs{1296269, 1269280}, + SelectedRepositoryIDs: SelectedRepoIDs{"1296269", "1269280"}, } ctx := context.Background() _, err := client.Actions.CreateOrUpdateOrgSecret(ctx, "o", input) @@ -505,23 +505,23 @@ func TestActionsService_SetSelectedReposForOrgSecret(t *testing.T) { mux.HandleFunc("/orgs/o/actions/secrets/NAME/repositories", func(w http.ResponseWriter, r *http.Request) { testMethod(t, r, "PUT") testHeader(t, r, "Content-Type", "application/json") - testBody(t, r, `{"selected_repository_ids":[64780797]}`+"\n") + testBody(t, r, `{"selected_repository_ids":["64780797"]}`+"\n") }) ctx := context.Background() - _, err := client.Actions.SetSelectedReposForOrgSecret(ctx, "o", "NAME", SelectedRepoIDs{64780797}) + _, err := client.Actions.SetSelectedReposForOrgSecret(ctx, "o", "NAME", SelectedRepoIDs{"64780797"}) if err != nil { t.Errorf("Actions.SetSelectedReposForOrgSecret returned error: %v", err) } const methodName = "SetSelectedReposForOrgSecret" testBadOptions(t, methodName, func() (err error) { - _, err = client.Actions.SetSelectedReposForOrgSecret(ctx, "\n", "\n", SelectedRepoIDs{64780797}) + _, err = client.Actions.SetSelectedReposForOrgSecret(ctx, "\n", "\n", SelectedRepoIDs{"64780797"}) return err }) testNewRequestAndDoFailure(t, methodName, client, func() (*Response, error) { - return client.Actions.SetSelectedReposForOrgSecret(ctx, "o", "NAME", SelectedRepoIDs{64780797}) + return client.Actions.SetSelectedReposForOrgSecret(ctx, "o", "NAME", SelectedRepoIDs{"64780797"}) }) } @@ -888,14 +888,14 @@ func TestEncryptedSecret_Marshal(t *testing.T) { KeyID: "kid", EncryptedValue: "e", Visibility: "v", - SelectedRepositoryIDs: []int64{1}, + SelectedRepositoryIDs: []string{"1"}, } want := `{ "key_id": "kid", "encrypted_value": "e", "visibility": "v", - "selected_repository_ids": [1] + "selected_repository_ids": ["1"] }` testJSONMarshal(t, u, want) diff --git a/github/dependabot_secrets_test.go b/github/dependabot_secrets_test.go index 49b93e760cf..4b9665b4a91 100644 --- a/github/dependabot_secrets_test.go +++ b/github/dependabot_secrets_test.go @@ -352,7 +352,7 @@ func TestDependabotService_CreateOrUpdateOrgSecret(t *testing.T) { mux.HandleFunc("/orgs/o/dependabot/secrets/NAME", func(w http.ResponseWriter, r *http.Request) { testMethod(t, r, "PUT") testHeader(t, r, "Content-Type", "application/json") - testBody(t, r, `{"key_id":"1234","encrypted_value":"QIv=","visibility":"selected","selected_repository_ids":[1296269,1269280]}`+"\n") + testBody(t, r, `{"key_id":"1234","encrypted_value":"QIv=","visibility":"selected","selected_repository_ids":["1296269","1269280"]}`+"\n") w.WriteHeader(http.StatusCreated) }) @@ -361,7 +361,7 @@ func TestDependabotService_CreateOrUpdateOrgSecret(t *testing.T) { EncryptedValue: "QIv=", KeyID: "1234", Visibility: "selected", - SelectedRepositoryIDs: SelectedRepoIDs{1296269, 1269280}, + SelectedRepositoryIDs: SelectedRepoIDs{"1296269", "1269280"}, } ctx := context.Background() _, err := client.Dependabot.CreateOrUpdateOrgSecret(ctx, "o", input) @@ -428,23 +428,23 @@ func TestDependabotService_SetSelectedReposForOrgSecret(t *testing.T) { mux.HandleFunc("/orgs/o/dependabot/secrets/NAME/repositories", func(w http.ResponseWriter, r *http.Request) { testMethod(t, r, "PUT") testHeader(t, r, "Content-Type", "application/json") - testBody(t, r, `{"selected_repository_ids":[64780797]}`+"\n") + testBody(t, r, `{"selected_repository_ids":["64780797"]}`+"\n") }) ctx := context.Background() - _, err := client.Dependabot.SetSelectedReposForOrgSecret(ctx, "o", "NAME", SelectedRepoIDs{64780797}) + _, err := client.Dependabot.SetSelectedReposForOrgSecret(ctx, "o", "NAME", SelectedRepoIDs{"64780797"}) if err != nil { t.Errorf("Dependabot.SetSelectedReposForOrgSecret returned error: %v", err) } const methodName = "SetSelectedReposForOrgSecret" testBadOptions(t, methodName, func() (err error) { - _, err = client.Dependabot.SetSelectedReposForOrgSecret(ctx, "\n", "\n", SelectedRepoIDs{64780797}) + _, err = client.Dependabot.SetSelectedReposForOrgSecret(ctx, "\n", "\n", SelectedRepoIDs{"64780797"}) return err }) testNewRequestAndDoFailure(t, methodName, client, func() (*Response, error) { - return client.Dependabot.SetSelectedReposForOrgSecret(ctx, "o", "NAME", SelectedRepoIDs{64780797}) + return client.Dependabot.SetSelectedReposForOrgSecret(ctx, "o", "NAME", SelectedRepoIDs{"64780797"}) }) } From e1f3a5223470584cb5e8d60da728376685247214 Mon Sep 17 00:00:00 2001 From: Glenn Lewis <6598971+gmlewis@users.noreply.github.com> Date: Tue, 28 Jun 2022 10:30:10 -0400 Subject: [PATCH 2/3] Two different types of encrypted secrets Signed-off-by: Glenn Lewis <6598971+gmlewis@users.noreply.github.com> --- github/actions_secrets.go | 4 ++-- github/actions_secrets_test.go | 16 ++++++++-------- github/dependabot_secrets.go | 26 +++++++++++++++++++++----- github/dependabot_secrets_test.go | 12 ++++++------ 4 files changed, 37 insertions(+), 21 deletions(-) diff --git a/github/actions_secrets.go b/github/actions_secrets.go index 9956d03c154..4fdc5fdde09 100644 --- a/github/actions_secrets.go +++ b/github/actions_secrets.go @@ -186,8 +186,8 @@ func (s *ActionsService) GetEnvSecret(ctx context.Context, repoID int, env, secr return s.getSecret(ctx, url) } -// SelectedRepoIDs are the repository IDs that have access to the secret. -type SelectedRepoIDs []string +// SelectedRepoIDs are the repository IDs that have access to the action secrets. +type SelectedRepoIDs []int64 // EncryptedSecret represents a secret that is encrypted using a public key. // diff --git a/github/actions_secrets_test.go b/github/actions_secrets_test.go index 019df48ca5f..a1266d6bae6 100644 --- a/github/actions_secrets_test.go +++ b/github/actions_secrets_test.go @@ -429,7 +429,7 @@ func TestActionsService_CreateOrUpdateOrgSecret(t *testing.T) { mux.HandleFunc("/orgs/o/actions/secrets/NAME", func(w http.ResponseWriter, r *http.Request) { testMethod(t, r, "PUT") testHeader(t, r, "Content-Type", "application/json") - testBody(t, r, `{"key_id":"1234","encrypted_value":"QIv=","visibility":"selected","selected_repository_ids":["1296269","1269280"]}`+"\n") + testBody(t, r, `{"key_id":"1234","encrypted_value":"QIv=","visibility":"selected","selected_repository_ids":[1296269,1269280]}`+"\n") w.WriteHeader(http.StatusCreated) }) @@ -438,7 +438,7 @@ func TestActionsService_CreateOrUpdateOrgSecret(t *testing.T) { EncryptedValue: "QIv=", KeyID: "1234", Visibility: "selected", - SelectedRepositoryIDs: SelectedRepoIDs{"1296269", "1269280"}, + SelectedRepositoryIDs: SelectedRepoIDs{1296269, 1269280}, } ctx := context.Background() _, err := client.Actions.CreateOrUpdateOrgSecret(ctx, "o", input) @@ -505,23 +505,23 @@ func TestActionsService_SetSelectedReposForOrgSecret(t *testing.T) { mux.HandleFunc("/orgs/o/actions/secrets/NAME/repositories", func(w http.ResponseWriter, r *http.Request) { testMethod(t, r, "PUT") testHeader(t, r, "Content-Type", "application/json") - testBody(t, r, `{"selected_repository_ids":["64780797"]}`+"\n") + testBody(t, r, `{"selected_repository_ids":[64780797]}`+"\n") }) ctx := context.Background() - _, err := client.Actions.SetSelectedReposForOrgSecret(ctx, "o", "NAME", SelectedRepoIDs{"64780797"}) + _, err := client.Actions.SetSelectedReposForOrgSecret(ctx, "o", "NAME", SelectedRepoIDs{64780797}) if err != nil { t.Errorf("Actions.SetSelectedReposForOrgSecret returned error: %v", err) } const methodName = "SetSelectedReposForOrgSecret" testBadOptions(t, methodName, func() (err error) { - _, err = client.Actions.SetSelectedReposForOrgSecret(ctx, "\n", "\n", SelectedRepoIDs{"64780797"}) + _, err = client.Actions.SetSelectedReposForOrgSecret(ctx, "\n", "\n", SelectedRepoIDs{64780797}) return err }) testNewRequestAndDoFailure(t, methodName, client, func() (*Response, error) { - return client.Actions.SetSelectedReposForOrgSecret(ctx, "o", "NAME", SelectedRepoIDs{"64780797"}) + return client.Actions.SetSelectedReposForOrgSecret(ctx, "o", "NAME", SelectedRepoIDs{64780797}) }) } @@ -888,14 +888,14 @@ func TestEncryptedSecret_Marshal(t *testing.T) { KeyID: "kid", EncryptedValue: "e", Visibility: "v", - SelectedRepositoryIDs: []string{"1"}, + SelectedRepositoryIDs: []int64{1}, } want := `{ "key_id": "kid", "encrypted_value": "e", "visibility": "v", - "selected_repository_ids": ["1"] + "selected_repository_ids": [1] }` testJSONMarshal(t, u, want) diff --git a/github/dependabot_secrets.go b/github/dependabot_secrets.go index f51f3396bdc..8318cd812cf 100644 --- a/github/dependabot_secrets.go +++ b/github/dependabot_secrets.go @@ -110,7 +110,20 @@ func (s *DependabotService) GetOrgSecret(ctx context.Context, org, name string) return s.getSecret(ctx, url) } -func (s *DependabotService) putSecret(ctx context.Context, url string, eSecret *EncryptedSecret) (*Response, error) { +// DependabotEncryptedSecret represents a secret that is encrypted using a public key for Dependabot. +// +// The value of EncryptedValue must be your secret, encrypted with +// LibSodium (see documentation here: https://libsodium.gitbook.io/doc/bindings_for_other_languages) +// using the public key retrieved using the GetPublicKey method. +type DependabotEncryptedSecret struct { + Name string `json:"-"` + KeyID string `json:"key_id"` + EncryptedValue string `json:"encrypted_value"` + Visibility string `json:"visibility,omitempty"` + SelectedRepositoryIDs DependabotSecretsSelectedRepoIDs `json:"selected_repository_ids,omitempty"` +} + +func (s *DependabotService) putSecret(ctx context.Context, url string, eSecret *DependabotEncryptedSecret) (*Response, error) { req, err := s.client.NewRequest("PUT", url, eSecret) if err != nil { return nil, err @@ -122,7 +135,7 @@ func (s *DependabotService) putSecret(ctx context.Context, url string, eSecret * // CreateOrUpdateRepoSecret creates or updates a repository Dependabot secret with an encrypted value. // // GitHub API docs: https://docs.github.com/en/rest/dependabot/secrets#create-or-update-a-repository-secret -func (s *DependabotService) CreateOrUpdateRepoSecret(ctx context.Context, owner, repo string, eSecret *EncryptedSecret) (*Response, error) { +func (s *DependabotService) CreateOrUpdateRepoSecret(ctx context.Context, owner, repo string, eSecret *DependabotEncryptedSecret) (*Response, error) { url := fmt.Sprintf("repos/%v/%v/dependabot/secrets/%v", owner, repo, eSecret.Name) return s.putSecret(ctx, url, eSecret) } @@ -130,7 +143,7 @@ func (s *DependabotService) CreateOrUpdateRepoSecret(ctx context.Context, owner, // CreateOrUpdateOrgSecret creates or updates an organization Dependabot secret with an encrypted value. // // GitHub API docs: https://docs.github.com/en/rest/dependabot/secrets#create-or-update-an-organization-secret -func (s *DependabotService) CreateOrUpdateOrgSecret(ctx context.Context, org string, eSecret *EncryptedSecret) (*Response, error) { +func (s *DependabotService) CreateOrUpdateOrgSecret(ctx context.Context, org string, eSecret *DependabotEncryptedSecret) (*Response, error) { url := fmt.Sprintf("orgs/%v/dependabot/secrets/%v", org, eSecret.Name) return s.putSecret(ctx, url, eSecret) } @@ -184,13 +197,16 @@ func (s *DependabotService) ListSelectedReposForOrgSecret(ctx context.Context, o return result, resp, nil } +// DependabotSecretsSelectedRepoIDs are the repository IDs that have access to the dependabot secrets. +type DependabotSecretsSelectedRepoIDs []string + // SetSelectedReposForOrgSecret sets the repositories that have access to a Dependabot secret. // // GitHub API docs: https://docs.github.com/en/rest/dependabot/secrets#set-selected-repositories-for-an-organization-secret -func (s *DependabotService) SetSelectedReposForOrgSecret(ctx context.Context, org, name string, ids SelectedRepoIDs) (*Response, error) { +func (s *DependabotService) SetSelectedReposForOrgSecret(ctx context.Context, org, name string, ids DependabotSecretsSelectedRepoIDs) (*Response, error) { url := fmt.Sprintf("orgs/%v/dependabot/secrets/%v/repositories", org, name) type repoIDs struct { - SelectedIDs SelectedRepoIDs `json:"selected_repository_ids"` + SelectedIDs DependabotSecretsSelectedRepoIDs `json:"selected_repository_ids"` } req, err := s.client.NewRequest("PUT", url, repoIDs{SelectedIDs: ids}) diff --git a/github/dependabot_secrets_test.go b/github/dependabot_secrets_test.go index 4b9665b4a91..49ddaab61e2 100644 --- a/github/dependabot_secrets_test.go +++ b/github/dependabot_secrets_test.go @@ -178,7 +178,7 @@ func TestDependabotService_CreateOrUpdateRepoSecret(t *testing.T) { w.WriteHeader(http.StatusCreated) }) - input := &EncryptedSecret{ + input := &DependabotEncryptedSecret{ Name: "NAME", EncryptedValue: "QIv=", KeyID: "1234", @@ -356,12 +356,12 @@ func TestDependabotService_CreateOrUpdateOrgSecret(t *testing.T) { w.WriteHeader(http.StatusCreated) }) - input := &EncryptedSecret{ + input := &DependabotEncryptedSecret{ Name: "NAME", EncryptedValue: "QIv=", KeyID: "1234", Visibility: "selected", - SelectedRepositoryIDs: SelectedRepoIDs{"1296269", "1269280"}, + SelectedRepositoryIDs: DependabotSecretsSelectedRepoIDs{"1296269", "1269280"}, } ctx := context.Background() _, err := client.Dependabot.CreateOrUpdateOrgSecret(ctx, "o", input) @@ -432,19 +432,19 @@ func TestDependabotService_SetSelectedReposForOrgSecret(t *testing.T) { }) ctx := context.Background() - _, err := client.Dependabot.SetSelectedReposForOrgSecret(ctx, "o", "NAME", SelectedRepoIDs{"64780797"}) + _, err := client.Dependabot.SetSelectedReposForOrgSecret(ctx, "o", "NAME", DependabotSecretsSelectedRepoIDs{"64780797"}) if err != nil { t.Errorf("Dependabot.SetSelectedReposForOrgSecret returned error: %v", err) } const methodName = "SetSelectedReposForOrgSecret" testBadOptions(t, methodName, func() (err error) { - _, err = client.Dependabot.SetSelectedReposForOrgSecret(ctx, "\n", "\n", SelectedRepoIDs{"64780797"}) + _, err = client.Dependabot.SetSelectedReposForOrgSecret(ctx, "\n", "\n", DependabotSecretsSelectedRepoIDs{"64780797"}) return err }) testNewRequestAndDoFailure(t, methodName, client, func() (*Response, error) { - return client.Dependabot.SetSelectedReposForOrgSecret(ctx, "o", "NAME", SelectedRepoIDs{"64780797"}) + return client.Dependabot.SetSelectedReposForOrgSecret(ctx, "o", "NAME", DependabotSecretsSelectedRepoIDs{"64780797"}) }) } From 23b6ed6c6f1b8fa0b67b5311a7f5e2d87fb9fc79 Mon Sep 17 00:00:00 2001 From: Glenn Lewis <6598971+gmlewis@users.noreply.github.com> Date: Tue, 28 Jun 2022 10:31:41 -0400 Subject: [PATCH 3/3] Minor tweak Signed-off-by: Glenn Lewis <6598971+gmlewis@users.noreply.github.com> --- github/actions_secrets.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/github/actions_secrets.go b/github/actions_secrets.go index 4fdc5fdde09..316badb70d6 100644 --- a/github/actions_secrets.go +++ b/github/actions_secrets.go @@ -186,7 +186,7 @@ func (s *ActionsService) GetEnvSecret(ctx context.Context, repoID int, env, secr return s.getSecret(ctx, url) } -// SelectedRepoIDs are the repository IDs that have access to the action secrets. +// SelectedRepoIDs are the repository IDs that have access to the actions secrets. type SelectedRepoIDs []int64 // EncryptedSecret represents a secret that is encrypted using a public key.