The latest articles on DEV Community by Gregor Martynus (@gr2m). https://dev.to/gr2m https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F241490%2F77a7b235-2926-458a-ac22-63e8052ae29f.jpeg https://dev.to/gr2m en Gregor Martynus Thu, 16 Feb 2023 23:37:18 +0000 https://dev.to/gr2m/how-to-not-be-a-mentor-to-a-marginalized-person-mpb https://dev.to/gr2m/how-to-not-be-a-mentor-to-a-marginalized-person-mpb <p>3 key lessons I took away from a 1h coaching session with <a href="https://www.kimcrayton.com/">Kim Crayton</a>.</p> <h2> The line between mentoring and gaslighting a marginalized person is thin. </h2> <p>I cannot give advice on how to navigate the hierarchy of the company because I do not share the lived experience of my mentee. My white male privilege grants me safety that doesn’t require me to be constantly strategic about my interactions with others.</p> <p><strong>Example:</strong> I cannot tell a marginalized mentee to “just have an honest conversation” with their manager. There are dynamics at play that I cannot understand.</p> <h2> Being a mentor is like feeding a hungry person. </h2> <p>There is a power dynamic at play that mentors need to acknowledge. Asking for something is not the same as asking a peer.</p> <p><strong>Example:</strong> Asking my mentee for advice based on their lived experience is emotional labor. But they might agree despite their discomfort because they fear I could withhold my mentoring.</p> <h2> My mentee is a target for people who wish me harm. </h2> <p>It comes down to one of <a href="https://www.kimcrayton.com/guiding-principles/">Kim’s guiding principles</a>: prioritize the most vulnerable. I must understand and create strategy that acknowledges that when I speak out about marginalization at GitHub, I will upset people. But due to being prioritized, these people may target the most vulnerable; the very individuals I seek to protect.</p> <p><strong>Example:</strong> when I speak out about marginalization at GitHub it will upset people with power. They will go after the most vulnerable people that I care about.</p> <p>I highly recommend to follow Kim on <a href="https://dair-community.social/@KimCrayton1">Mastodon</a> or <a href="https://twitter.com/KimCrayton1">Twitter</a>, and buy her new book: <a href="https://www.kimcrayton.com/profit-without-oppression/">Profit Without Oppression</a> on from your local or independent bookseller.</p> mentoring Gregor Martynus Fri, 21 Oct 2022 00:09:40 +0000 https://dev.to/gr2m/vs-code-protip-paste-path-of-active-file-into-terminal-1nk4 https://dev.to/gr2m/vs-code-protip-paste-path-of-active-file-into-terminal-1nk4 <p>I need to use the path to the current active file in my VS Code editor all. The. Time!</p> <p>Eventually I figured there must be a shortcut but there is none that's built-in. However, you can quickly add it yourself.</p> <ol> <li>Open the command palette (Windows: Ctrl+Shift+P, Mac: Command+Shift+P)</li> <li>Search for "Preferences: Open Keyboard Shortcuts (JSON)"</li> <li>In the opened <code>keybindings.json</code> file, add a new item to the array </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code> <span class="p">{</span> <span class="dl">"</span><span class="s2">key</span><span class="dl">"</span><span class="p">:</span> <span class="dl">"</span><span class="s2">ctrl+shift+t</span><span class="dl">"</span><span class="p">,</span> <span class="dl">"</span><span class="s2">command</span><span class="dl">"</span><span class="p">:</span> <span class="dl">"</span><span class="s2">workbench.action.terminal.sendSequence</span><span class="dl">"</span><span class="p">,</span> <span class="dl">"</span><span class="s2">args</span><span class="dl">"</span><span class="p">:</span> <span class="p">{</span> <span class="dl">"</span><span class="s2">text</span><span class="dl">"</span><span class="p">:</span> <span class="dl">"</span><span class="s2">${relativeFile}</span><span class="dl">"</span> <span class="p">},</span> <span class="dl">"</span><span class="s2">when</span><span class="dl">"</span><span class="p">:</span> <span class="dl">"</span><span class="s2">terminalFocus</span><span class="dl">"</span> <span class="p">}</span> </code></pre> </div> <p>Now open any file, then open a terminal within VS Code, and press <code>Ctrl+Shift+T</code> and it will paste the full path to that file where your cursor is in the terminal.</p> vscode Gregor Martynus Sat, 19 Dec 2020 01:04:21 +0000 https://dev.to/gr2m/how-i-created-a-public-dashboard-for-the-wip-github-app-using-logflare-6ae https://dev.to/gr2m/how-i-created-a-public-dashboard-for-the-wip-github-app-using-logflare-6ae <p>The <a href="//github.com/marketplace/wip">WIP app</a> is one of the oldest and simplest GitHub apps. It blocks pull requests from being merged accidentally if someone is still working on them:</p> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2Fvyr0trb57dus14luh5qe.gif" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2Fvyr0trb57dus14luh5qe.gif" alt="demo video"></a></p> <p>It's meant as a reference implementation for others to learn from, <a href="https://github.com/wip/app" rel="noopener noreferrer">the source code is on GitHub</a>, and all revenue from the marketplace subscriptions are donated.</p> <p>The WIP GitHub app is continuously deployed to <a href="https://vercel.com/" rel="noopener noreferrer">Vercel</a>. Vercel has an <a href="https://vercel.com/integrations" rel="noopener noreferrer">Integrations Marketplace</a>, which lets you easily integration with other services, e.g. for error tracking or logging. One such service is <a href="https://vercel.com/integrations/logflare" rel="noopener noreferrer">Logflare</a>. The setup couldn't be easier: </p> <ol> <li>Add the integration to your Vercel app</li> <li>You will be asked to create a Logflare account</li> <li>There is no 3rd step</li> </ol> <p>Once setup, all logs are automatically "drained" to a "source" created in your Logflare account.</p> <p>Pressing the "explore" tab in your logflare source will open Google's Data Studio with the Logflare source already setup as data source. See <a href="https://logflare.app/guides/data-studio-setup" rel="noopener noreferrer">Logflare's guide for more details</a>. </p> <p>Note: a paid plan is required to utilize this dashboard feature.</p> <p>Logflare creates the schema for your logs automatically as new logs come in, and stores the data in BigQuery, which Data Studio can use directly as a data source.</p> <p>I never worked with Google Studio before, but was able to create a great interactive dashboard within an hour or so. You can see it live at <a href="https://wip.vercel.app/stats" rel="noopener noreferrer">https://wip.vercel.app/stats</a>.</p> <p>I am not affiliated with Logflare in any way, I'm just a big fan 😊 I cannot wait to build dashboards for all my GitHub apps now. Make sure to check it out!</p> github Gregor Martynus Sat, 15 Feb 2020 00:11:05 +0000 https://dev.to/gr2m/github-api-authentication-username-password-basic-4na5 https://dev.to/gr2m/github-api-authentication-username-password-basic-4na5 <p>Today, on February 14, 2020, <a href="https://developer.github.com/changes/2020-02-14-deprecating-password-auth/">GitHub announced</a> its deprecation timeline for authenticating using a username and a password. Which means you have only time until November 13, 2020 to give this a try 🤪</p> <p>I have mixed feelings about the deprecation. It makes me happy because Basic authentication has all kinds of security problems. Adding two-factor authentication made it a bit more secure, but also a pain in the 🍑</p> <p>I'm sad, because I created <a href="https://github.com/octokit/auth-basic.js/"><code>@octokit/auth-basic</code></a> to hide away most of the complexities introduced by two-factor authentication, and I think it turned out pretty nicely 😭 I think it's a good example of what an API client library can do to hide away complexities from consumers of that API.</p> <p>So, for the history books, let's see how to use <code>@octokit/auth-basic</code> to authenticate using username, password, and two-factor authentication.</p> <h2> How Basic authentication works for the GitHub API </h2> <p>Let's try to send a request to GitHubs <a href="https://developer.github.com/v3/users/#get-the-authenticated-user"><code>GET /user</code></a> API using the <a href="https://github.com/octokit/request.js/"><code>@octokit/request</code></a> package.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="c1">// my-cli.js</span> <span class="kd">const</span> <span class="p">{</span> <span class="nx">request</span> <span class="p">}</span> <span class="o">=</span> <span class="nx">require</span><span class="p">(</span><span class="dl">"</span><span class="s2">@octokit/request</span><span class="dl">"</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">USERNAME</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">octocat</span><span class="dl">"</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">PASSWORD</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">secret</span><span class="dl">"</span><span class="p">;</span> <span class="nx">request</span><span class="p">(</span><span class="dl">"</span><span class="s2">GET /user</span><span class="dl">"</span><span class="p">,</span> <span class="p">{</span> <span class="na">headers</span><span class="p">:</span> <span class="p">{</span> <span class="na">authorization</span><span class="p">:</span> <span class="s2">`basic </span><span class="p">${</span><span class="nx">Buffer</span><span class="p">.</span><span class="k">from</span><span class="p">(</span><span class="s2">`</span><span class="p">${</span><span class="nx">USERNAME</span><span class="p">}</span><span class="s2">:</span><span class="p">${</span><span class="nx">PASSWORD</span><span class="p">}</span><span class="s2">`</span><span class="p">).</span><span class="nx">toString</span><span class="p">(</span> <span class="dl">"</span><span class="s2">base64</span><span class="dl">"</span> <span class="p">)}</span><span class="s2">`</span> <span class="p">}</span> <span class="p">}).</span><span class="nx">then</span><span class="p">(</span><span class="nx">response</span> <span class="o">=&gt;</span> <span class="nx">console</span><span class="p">.</span><span class="nx">log</span><span class="p">(</span><span class="nx">response</span><span class="p">.</span><span class="nx">data</span><span class="p">),</span> <span class="nx">console</span><span class="p">.</span><span class="nx">error</span><span class="p">);</span> </code></pre> </div> <p>Depending on <a href="https://github.com/settings/security">your GitHub security Settings</a>, the above code will either log the user object for your account, or it will fail with a <code>401</code> response, including a 'X-GitHub-Otp' header with the value set to <code>required; app</code> or <code>required; sms</code>.</p> <p>In order to retrieve your user account, you will need to send the same request again, including a header containing the OTP.</p> <p>By the way, <a href="https://en.wikipedia.org/wiki/One-time_password">OTP stands for one-time password</a>. In GitHub's case, you can use the OTP more than once, because it is actually a time-based password. It usually is valid for about a minute. 🤷‍♂️</p> <p>If you use an authenticator app (you should!), you already know the right OTP to send along, the request code looks like this<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="c1">// my-cli.js</span> <span class="kd">const</span> <span class="p">{</span> <span class="nx">request</span> <span class="p">}</span> <span class="o">=</span> <span class="nx">require</span><span class="p">(</span><span class="dl">"</span><span class="s2">@octokit/request</span><span class="dl">"</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">USERNAME</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">octocat</span><span class="dl">"</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">PASSWORD</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">secret</span><span class="dl">"</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">OTP</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">012345</span><span class="dl">"</span><span class="p">;</span> <span class="nx">request</span><span class="p">(</span><span class="dl">"</span><span class="s2">GET /user</span><span class="dl">"</span><span class="p">,</span> <span class="p">{</span> <span class="na">headers</span><span class="p">:</span> <span class="p">{</span> <span class="na">authorization</span><span class="p">:</span> <span class="s2">`basic </span><span class="p">${</span><span class="nx">Buffer</span><span class="p">.</span><span class="k">from</span><span class="p">(</span><span class="s2">`</span><span class="p">${</span><span class="nx">USERNAME</span><span class="p">}</span><span class="s2">:</span><span class="p">${</span><span class="nx">PASSWORD</span><span class="p">}</span><span class="s2">`</span><span class="p">).</span><span class="nx">toString</span><span class="p">(</span> <span class="dl">"</span><span class="s2">base64</span><span class="dl">"</span> <span class="p">)}</span><span class="s2">`</span><span class="p">,</span> <span class="dl">"</span><span class="s2">x-github-otp</span><span class="dl">"</span><span class="p">:</span> <span class="nx">OTP</span> <span class="p">}</span> <span class="p">}).</span><span class="nx">then</span><span class="p">(</span><span class="nx">response</span> <span class="o">=&gt;</span> <span class="nx">console</span><span class="p">.</span><span class="nx">log</span><span class="p">(</span><span class="nx">response</span><span class="p">.</span><span class="nx">data</span><span class="p">),</span> <span class="nx">console</span><span class="p">.</span><span class="nx">error</span><span class="p">);</span> </code></pre> </div> <p>If you have SMS setup for your two-factor authentication (you should not!), then you are out of luck. Not only do you not know the OTP at the time of the first request, you won't even receive an SMS with an OTP from GitHub. Why? Because only certain REST API routes trigger the SMS delivery. The <a href="https://developer.github.com/v3/oauth_authorizations/">OAuth Authorizations API</a> routes, to be precise. </p> <p>In order to workaround this problem, the recommend best practice is to not use basic authentication for every request. Instead, use it to create a personal access token, then use that token for the following requests.</p> <p>And because you create a personal access token that you probably won't need ever again, it's a good practice to delete that token when you are done. However, the OTP you used to create the token might no longer be valid (time based, remember), so it's well possible that GitHub will respond with a <code>401</code> asking for a new OTP.</p> <p>You can see, this is getting complicated pretty quick, and it's only the tip of the ice berg. For example, some requests require to be authenticated using your username and password, while for most others you can use the token. If you are curious, you can read trough the source code of <a href="https://github.com/octokit/auth-basic.js"><code>@octokit/auth-basic</code></a> to learn all about it. The tests will give you a pretty good summary.</p> <h2> 🎩 <code>@octokit/basic-auth</code> </h2> <p><a href="https://github.com/octokit/auth-basic.js"><code>@octokit/basic-auth</code></a> takes away most of the pain that is Basic Auth and two-factor authentication for GitHub's REST API. It even integrates neatly with your favorite Octokit libraries such as <a href="https://octokit.github.io/rest.js/#authentication"><code>@octokit/rest</code></a>, <a href="https://github.com/octokit/core.js#authentication"><code>@octokit/core</code></a> or even the super low-level <a href="https://github.com/octokit/request.js#authentication"><code>@octokit/request</code></a>.</p> <p>In this example I'll use <a href="https://github.com/octokit/auth-basic.js"><code>@octokit/basic-auth</code></a>, <a href="https://github.com/octokit/request.js#authentication"><code>@octokit/request</code></a> and <a href="https://github.com/anseki/readline-sync"><code>readline-sync</code></a><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="c1">// my-cli.js</span> <span class="kd">const</span> <span class="p">{</span> <span class="nx">createBasicAuth</span> <span class="p">}</span> <span class="o">=</span> <span class="nx">require</span><span class="p">(</span><span class="dl">"</span><span class="s2">@octokit/auth-basic</span><span class="dl">"</span><span class="p">);</span> <span class="kd">const</span> <span class="p">{</span> <span class="nx">request</span> <span class="p">}</span> <span class="o">=</span> <span class="nx">require</span><span class="p">(</span><span class="dl">"</span><span class="s2">@octokit/request</span><span class="dl">"</span><span class="p">);</span> <span class="kd">const</span> <span class="p">{</span> <span class="nx">question</span> <span class="p">}</span> <span class="o">=</span> <span class="nx">require</span><span class="p">(</span><span class="dl">"</span><span class="s2">readline-sync</span><span class="dl">"</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">auth</span> <span class="o">=</span> <span class="nx">createBasicAuth</span><span class="p">({</span> <span class="na">username</span><span class="p">:</span> <span class="nx">question</span><span class="p">(</span><span class="dl">"</span><span class="s2">Username: </span><span class="dl">"</span><span class="p">),</span> <span class="na">password</span><span class="p">:</span> <span class="nx">question</span><span class="p">(</span><span class="dl">"</span><span class="s2">Password: </span><span class="dl">"</span><span class="p">),</span> <span class="k">async</span> <span class="nx">on2Fa</span><span class="p">()</span> <span class="p">{</span> <span class="c1">// prompt user for the one-time password retrieved via SMS or authenticator app</span> <span class="k">return</span> <span class="nx">question</span><span class="p">(</span><span class="dl">"</span><span class="s2">Two-factor authentication Code: </span><span class="dl">"</span><span class="p">);</span> <span class="p">}</span> <span class="p">});</span> <span class="kd">const</span> <span class="nx">requestWithBasicAuth</span> <span class="o">=</span> <span class="nx">request</span><span class="p">.</span><span class="nx">defaults</span><span class="p">({</span> <span class="na">request</span><span class="p">:</span> <span class="p">{</span> <span class="na">hook</span><span class="p">:</span> <span class="nx">auth</span><span class="p">.</span><span class="nx">hook</span> <span class="p">}</span> <span class="p">});</span> <span class="nx">requestWithBasicAuth</span><span class="p">(</span><span class="dl">"</span><span class="s2">GET /user</span><span class="dl">"</span><span class="p">).</span><span class="nx">then</span><span class="p">(</span> <span class="nx">response</span> <span class="o">=&gt;</span> <span class="nx">console</span><span class="p">.</span><span class="nx">log</span><span class="p">(</span><span class="nx">response</span><span class="p">.</span><span class="nx">data</span><span class="p">),</span> <span class="nx">console</span><span class="p">.</span><span class="nx">error</span> <span class="p">);</span> </code></pre> </div> <p>When you run the above code with Node, you will be prompted for your username and password. If you have two-factor auth setup and SMS configured for delivery, you will receive an SMS with the OTP. Once you enter the OTP the script will log the user object for your GitHub Account to your terminal.</p> <p>Now lets say you need to send so many requests that the OTP becomes invalid (usually about a minute), but you still want to delete the personal access token at the end. The code would look something like this<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="c1">// my-cli.js</span> <span class="kd">const</span> <span class="p">{</span> <span class="nx">createBasicAuth</span> <span class="p">}</span> <span class="o">=</span> <span class="nx">require</span><span class="p">(</span><span class="dl">"</span><span class="s2">@octokit/auth-basic</span><span class="dl">"</span><span class="p">);</span> <span class="kd">const</span> <span class="p">{</span> <span class="nx">request</span> <span class="p">}</span> <span class="o">=</span> <span class="nx">require</span><span class="p">(</span><span class="dl">"</span><span class="s2">@octokit/request</span><span class="dl">"</span><span class="p">);</span> <span class="kd">const</span> <span class="p">{</span> <span class="nx">question</span> <span class="p">}</span> <span class="o">=</span> <span class="nx">require</span><span class="p">(</span><span class="dl">"</span><span class="s2">readline-sync</span><span class="dl">"</span><span class="p">);</span> <span class="nx">run</span><span class="p">();</span> <span class="k">async</span> <span class="kd">function</span> <span class="nx">run</span><span class="p">()</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">auth</span> <span class="o">=</span> <span class="nx">createBasicAuth</span><span class="p">({</span> <span class="na">username</span><span class="p">:</span> <span class="nx">question</span><span class="p">(</span><span class="dl">"</span><span class="s2">Username: </span><span class="dl">"</span><span class="p">),</span> <span class="na">password</span><span class="p">:</span> <span class="nx">question</span><span class="p">(</span><span class="dl">"</span><span class="s2">Password: </span><span class="dl">"</span><span class="p">),</span> <span class="k">async</span> <span class="nx">on2Fa</span><span class="p">()</span> <span class="p">{</span> <span class="c1">// prompt user for the one-time password retrieved via SMS or authenticator app</span> <span class="k">return</span> <span class="nx">question</span><span class="p">(</span><span class="dl">"</span><span class="s2">Two-factor authentication Code: </span><span class="dl">"</span><span class="p">);</span> <span class="p">}</span> <span class="p">});</span> <span class="kd">const</span> <span class="nx">requestWithBasicAuth</span> <span class="o">=</span> <span class="nx">request</span><span class="p">.</span><span class="nx">defaults</span><span class="p">({</span> <span class="na">request</span><span class="p">:</span> <span class="p">{</span> <span class="na">hook</span><span class="p">:</span> <span class="nx">auth</span><span class="p">.</span><span class="nx">hook</span> <span class="p">}</span> <span class="p">});</span> <span class="kd">const</span> <span class="p">{</span> <span class="nx">data</span> <span class="p">}</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">requestWithBasicAuth</span><span class="p">(</span><span class="dl">"</span><span class="s2">GET /user</span><span class="dl">"</span><span class="p">);</span> <span class="nx">console</span><span class="p">.</span><span class="nx">log</span><span class="p">(</span><span class="s2">`Your GitHub Account ID: </span><span class="p">${</span><span class="nx">data</span><span class="p">.</span><span class="nx">id</span><span class="p">}</span><span class="s2">`</span><span class="p">);</span> <span class="nx">console</span><span class="p">.</span><span class="nx">log</span><span class="p">(</span><span class="s2">`Sending some more requests that take a while ...`</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">TWO_MINUTES_IN_MS</span> <span class="o">=</span> <span class="mi">2</span> <span class="o">*</span> <span class="mi">60</span> <span class="o">*</span> <span class="mi">1000</span><span class="p">;</span> <span class="k">await</span> <span class="k">new</span> <span class="nb">Promise</span><span class="p">(</span><span class="nx">resolve</span> <span class="o">=&gt;</span> <span class="nx">setTimeout</span><span class="p">(</span><span class="nx">resolve</span><span class="p">,</span> <span class="nx">TWO_MINUTES_IN_MS</span><span class="p">));</span> <span class="kd">const</span> <span class="p">{</span> <span class="nx">id</span> <span class="p">}</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">auth</span><span class="p">({</span> <span class="na">type</span><span class="p">:</span> <span class="dl">"</span><span class="s2">token</span><span class="dl">"</span> <span class="p">});</span> <span class="k">await</span> <span class="nx">requestWithBasicAuth</span><span class="p">(</span><span class="dl">"</span><span class="s2">DELETE /authorizations/:authorization_id</span><span class="dl">"</span><span class="p">,</span> <span class="p">{</span> <span class="na">authorization_id</span><span class="p">:</span> <span class="nx">id</span> <span class="p">});</span> <span class="nx">console</span><span class="p">.</span><span class="nx">log</span><span class="p">(</span><span class="dl">"</span><span class="s2">TOKEN deleted</span><span class="dl">"</span><span class="p">);</span> <span class="p">}</span> </code></pre> </div> <p>The code above has a two minute timeout build in to make sure the OTP becomes invalid. You will see that you will get prompted for an OTP for the 2nd time:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span>node my-cli.js Username: gr2m Password: <span class="k">***</span> Two-factor authentication Code: 068194 Your GitHub Account ID: 39992 Sending some more requests that take a <span class="k">while</span> ... Two-factor authentication Code: 975808 TOKEN deleted </code></pre> </div> <h2> What are the alternatives to Basic authentication </h2> <p>Well, the Basic authentication party is over soon, so make sure to use alternative means of authentication before November 2020.</p> <p>You can do one of two things.</p> <ol> <li>Ask your users to create a personal access token and share that with you. I wrote a blog post with more details about that: <a href="https://dev.to/gr2m/github-api-authentication-personal-access-tokens-53kd">GitHub API Authentication - Personal Access Tokens</a> </li> <li>Use <a href="https://developer.github.com/apps/building-oauth-apps/authorizing-oauth-apps/#web-application-flow">GitHub's OAuth web application flow</a>.</li> </ol> <p>Now <code>2.</code> is a nicer user experience, but it's easier said that done. Luckily, I have two blog posts lined up that will help you</p> <ol> <li> <code>OAuth</code>: How to implement the OAuth web flow using a server and a client</li> <li> <code>CLI</code>: How to use the OAuth web flow for CLI apps.</li> </ol> <p>Stay tuned 💐</p> <h2> Credit </h2> <p>Header image: <a href="https://www.flickr.com/photos/wocintechchat/25388715424/">Women Code in Tech Chat</a> CC BY 2.0</p> github javascript octokit Gregor Martynus Fri, 07 Feb 2020 23:28:47 +0000 https://dev.to/gr2m/github-api-how-to-retrieve-the-combined-pull-request-status-from-commit-statuses-check-runs-and-github-action-results-2cen https://dev.to/gr2m/github-api-how-to-retrieve-the-combined-pull-request-status-from-commit-statuses-check-runs-and-github-action-results-2cen <h2> Update </h2> <p>At the time of the article, there was no way to retrieve the combined status for commit checks and check runs. But now there is</p> <p>The final, updated code would no look like this</p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code> <span class="kd">const</span> <span class="nx">QUERY</span> <span class="o">=</span> <span class="s2">`query($owner: String!, $repo: String!, $pull_number: Int!) { repository(owner: $owner, name:$repo) { pullRequest(number:$pull_number) { commits(last: 1) { nodes { commit { statusCheckRollup { state } } } } } } }`</span> <span class="k">async</span> <span class="kd">function</span> <span class="nf">getCombinedSuccess</span><span class="p">(</span><span class="nx">octokit</span><span class="p">,</span> <span class="p">{</span> <span class="nx">owner</span><span class="p">,</span> <span class="nx">repo</span><span class="p">,</span> <span class="nx">pull_number</span><span class="p">})</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">result</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">octokit</span><span class="p">.</span><span class="nf">graphql</span><span class="p">(</span><span class="nx">query</span><span class="p">,</span> <span class="p">{</span> <span class="nx">owner</span><span class="p">,</span> <span class="nx">repo</span><span class="p">,</span> <span class="nx">pull_number</span> <span class="p">});</span> <span class="kd">const</span> <span class="p">[{</span> <span class="na">commit</span><span class="p">:</span> <span class="nx">lastCommit</span> <span class="p">}]</span> <span class="o">=</span> <span class="nx">result</span><span class="p">.</span><span class="nx">repository</span><span class="p">.</span><span class="nx">pullRequest</span><span class="p">.</span><span class="nx">commits</span><span class="p">.</span><span class="nx">nodes</span><span class="p">;</span> <span class="k">return</span> <span class="nx">lastCommit</span><span class="p">.</span><span class="nx">statusCheckRollup</span><span class="p">.</span><span class="nx">state</span> <span class="o">===</span> <span class="dl">"</span><span class="s2">SUCCESS</span><span class="dl">"</span> <span class="p">}</span> </code></pre> </div> <p>In this post, you will learn</p> <ul> <li>Where the pull request checks are coming from</li> <li>There is no single API endpoint to retrieve the combined status for a pull requests</li> <li>The difference between Commit Status, Check Runs, and GitHub Action results</li> <li>How to get a combined status for a pull request</li> </ul> <h2> Storytime </h2> <p>I'm a big fan of automation. In order to keep all dependencies of my projects up-to-date, I use a GitHub App called <a href="https://github.com/marketplace/greenkeeper" rel="noopener noreferrer">Greenkeeper</a>. It creates pull requests if there is a new version of a dependency that is out of range of what I defined in my <code>package.json</code> files.</p> <p>This is a huge help, I could not maintain as many Open Source libraries if it was not for Greenkeeper and other automation.</p> <p>However, whenever there is a new breaking version of a library that I depend on in most of my projects, I get 100s of notifications for pull requests, all of which I have to review and merge manually. After doing that a few times, I decided to create a script that can merge all pull requests from Greenkeeper that I got notifications for. I'd only need to check it once to make sure the new version is legit, all other pull requests should just be merged, as long as the pull request is green (meaning, all tests &amp; other integrations report back with a success status).</p> <p>Turns out, "as long as the pull request is green" is easier said than done.</p> <h2> What is a pull request status? </h2> <p>The first thing that is important to understand is where the list of checks shown at the bottom of most pull requests on GitHub is coming from.</p> <p><a href="https://github.com/octokit/fixtures/pull/288" rel="noopener noreferrer"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2Fy11e1ntolci8q5o91h26.png" alt="A GitHub pull request with a list of checks"></a></p> <p><strong>Pull request checks are not set on pull requests.</strong> They are set on the last commit belonging to a pull request.</p> <p>If you push another commit, all the checks will disappear from that list. The integrations that set them will need to set them again for the new commit. This is important to understand if you try to retrieve the checks using GitHub's REST or GraphQL APIs. First, you need the pull request's last commit (the "head commit"), then you can get the checks.</p> <h2> What is the difference between commit statuses and check runs </h2> <p><a href="https://developer.github.com/v3/repos/statuses/" rel="noopener noreferrer">Commit statuses</a> was the original way for integrators to report back a status on a commit. They were <a href="https://github.blog/2012-09-04-commit-status-api/" rel="noopener noreferrer">introduced in 2012</a>. Creating a commit status is simple. Here is a code example using <a href="https://github.com/octokit/request.js" rel="noopener noreferrer"><code>@octokit/request</code></a></p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code> <span class="k">import</span> <span class="p">{</span> <span class="nx">request</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">@octokit/request</span><span class="dl">'</span> <span class="c1">// https://developer.github.com/v3/repos/statuses/#create-a-status</span> <span class="nf">request</span><span class="p">(</span><span class="dl">'</span><span class="s1">POST /repos/:owner/:repo/statuses/:commit_sha</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="na">headers</span><span class="p">:</span> <span class="p">{</span> <span class="na">authorization</span><span class="p">:</span> <span class="s2">`token </span><span class="p">${</span><span class="nx">TOKEN</span><span class="p">}</span><span class="s2">`</span> <span class="p">},</span> <span class="na">owner</span><span class="p">:</span> <span class="dl">'</span><span class="s1">octocat</span><span class="dl">'</span><span class="p">,</span> <span class="na">repo</span><span class="p">:</span> <span class="dl">'</span><span class="s1">hello-world</span><span class="dl">'</span><span class="p">,</span> <span class="na">commit_sha</span><span class="p">:</span> <span class="dl">'</span><span class="s1">abcd123</span><span class="dl">'</span><span class="p">,</span> <span class="na">state</span><span class="p">:</span> <span class="dl">'</span><span class="s1">success</span><span class="dl">'</span><span class="p">,</span> <span class="na">description</span><span class="p">:</span> <span class="dl">'</span><span class="s1">All tests passed</span><span class="dl">'</span><span class="p">,</span> <span class="na">target_url</span><span class="p">:</span> <span class="dl">'</span><span class="s1">https://my-ci.com/octocat/hello-world/build/123</span><span class="dl">'</span> <span class="p">})</span> </code></pre> </div> <p>And retrieving the combined status for a commit is as just as simple</p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code> <span class="k">import</span> <span class="p">{</span> <span class="nx">request</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">@octokit/request</span><span class="dl">'</span> <span class="c1">// https://developer.github.com/v3/repos/statuses/#get-the-combined-status-for-a-specific-ref</span> <span class="nf">request</span><span class="p">(</span><span class="dl">'</span><span class="s1">GET /repos/:owner/:repo/commits/:commit_sha/status</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="na">headers</span><span class="p">:</span> <span class="p">{</span> <span class="na">authorization</span><span class="p">:</span> <span class="s2">`token </span><span class="p">${</span><span class="nx">TOKEN</span><span class="p">}</span><span class="s2">`</span> <span class="p">},</span> <span class="na">owner</span><span class="p">:</span> <span class="dl">'</span><span class="s1">octocat</span><span class="dl">'</span><span class="p">,</span> <span class="na">repo</span><span class="p">:</span> <span class="dl">'</span><span class="s1">hello-world</span><span class="dl">'</span><span class="p">,</span> <span class="na">commit_sha</span><span class="p">:</span> <span class="dl">'</span><span class="s1">abcd123</span><span class="dl">'</span> <span class="p">})</span> <span class="p">.</span><span class="nf">then</span><span class="p">(</span><span class="nx">response</span> <span class="o">=&gt;</span> <span class="nx">console</span><span class="p">.</span><span class="nf">log</span><span class="p">(</span><span class="nx">response</span><span class="p">.</span><span class="nx">data</span><span class="p">.</span><span class="nx">state</span><span class="p">))</span> </code></pre> </div> <p>But with <a href="https://github.blog/2018-05-07-introducing-checks-api/" rel="noopener noreferrer">the introduction of check runs in 2018</a>, a new way was introduced to add a status to a commit, entirely separated from commit statuses. Instead of setting a <code>target_url</code>, check runs have a UI integrated in github.com. Integrators can set an extensive description. In many cases, they don't need to create a separate website and exclusively use the check runs UI instead.</p> <p>Creating a check run is a bit more involved</p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code> <span class="k">import</span> <span class="p">{</span> <span class="nx">request</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">@octokit/request</span><span class="dl">'</span> <span class="c1">// https://developer.github.com/v3/checks/runs/#create-a-check-run</span> <span class="nf">request</span><span class="p">(</span><span class="dl">'</span><span class="s1">POST /repos/:owner/:repo/check-runs</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="na">headers</span><span class="p">:</span> <span class="p">{</span> <span class="na">authorization</span><span class="p">:</span> <span class="s2">`token </span><span class="p">${</span><span class="nx">TOKEN</span><span class="p">}</span><span class="s2">`</span> <span class="p">},</span> <span class="na">owner</span><span class="p">:</span> <span class="dl">'</span><span class="s1">octocat</span><span class="dl">'</span><span class="p">,</span> <span class="na">repo</span><span class="p">:</span> <span class="dl">'</span><span class="s1">hello-world</span><span class="dl">'</span><span class="p">,</span> <span class="na">name</span><span class="p">:</span> <span class="dl">'</span><span class="s1">My CI</span><span class="dl">'</span><span class="p">,</span> <span class="na">head_sha</span><span class="p">:</span> <span class="dl">'</span><span class="s1">abcd123</span><span class="dl">'</span><span class="p">,</span> <span class="c1">// this is the commit sha</span> <span class="na">status</span><span class="p">:</span> <span class="dl">'</span><span class="s1">completed</span><span class="dl">'</span><span class="p">,</span> <span class="na">conclusion</span><span class="p">:</span> <span class="dl">'</span><span class="s1">success</span><span class="dl">'</span><span class="p">,</span> <span class="na">output</span><span class="p">:</span> <span class="p">{</span> <span class="na">title</span><span class="p">:</span> <span class="dl">'</span><span class="s1">All tests passed</span><span class="dl">'</span><span class="p">,</span> <span class="na">summary</span><span class="p">:</span> <span class="dl">'</span><span class="s1">123 out of 123 tests passed in 1:23 minutes</span><span class="dl">'</span><span class="p">,</span> <span class="c1">// more options: https://developer.github.com/v3/checks/runs/#output-object</span> <span class="p">}</span> <span class="p">})</span> </code></pre> </div> <p>Unfortunately, there is no way to retrieve a combined status from all check runs, you will have to retrieve them all and go through one by one. Note that the <a href="https://developer.github.com/v3/checks/runs/#list-check-runs-for-a-specific-ref" rel="noopener noreferrer">List check runs for a specific ref</a> endpoint does paginate, so I'd recommend using the <a href="https://github.com/octokit/plugin-paginate-rest.js" rel="noopener noreferrer">Octokit paginate plugin</a></p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code> <span class="k">import</span> <span class="p">{</span> <span class="nx">Octokit</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">@octokit/core</span><span class="dl">'</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">paginate</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">@octokit/plugin-paginate-rest</span><span class="dl">'</span> <span class="kd">const</span> <span class="nx">MyOctokit</span> <span class="o">=</span> <span class="nx">Octokit</span><span class="p">.</span><span class="nf">plugin</span><span class="p">(</span><span class="nx">paginate</span><span class="p">)</span> <span class="kd">const</span> <span class="nx">octokit</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">MyOctokit</span><span class="p">({</span> <span class="na">auth</span><span class="p">:</span> <span class="nx">TOKEN</span><span class="p">})</span> <span class="c1">// https://developer.github.com/v3/checks/runs/#list-check-runs-for-a-specific-ref</span> <span class="nx">octokit</span><span class="p">.</span><span class="nf">paginate</span><span class="p">(</span><span class="dl">'</span><span class="s1">GET /repos/:owner/:repo/commits/:ref/check-runs</span><span class="dl">'</span><span class="p">,</span> <span class="p">(</span><span class="nx">response</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="nx">response</span><span class="p">.</span><span class="nx">data</span><span class="p">.</span><span class="nx">conclusion</span><span class="p">)</span> <span class="p">.</span><span class="nf">then</span><span class="p">(</span><span class="nx">conclusions</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">success</span> <span class="o">=</span> <span class="nx">conclusions</span><span class="p">.</span><span class="nf">every</span><span class="p">(</span><span class="nx">conclusion</span> <span class="o">=&gt;</span> <span class="nx">conclusion</span> <span class="o">===</span> <span class="nx">success</span><span class="p">)</span> <span class="p">})</span> </code></pre> </div> <p>A status reported by a GitHub Action is also a check run, so you will retrieve status from actions the same way.</p> <h2> How to retrieve the combined status for a pull request </h2> <p>You will have to retrieve both, the combined status of commit statuses and the combined status of check runs. Given you know the repository and the pull request number, the code would look like this using <a href="https://github.com/octokit/core.js" rel="noopener noreferrer"><code>@octokit/core</code></a> with the <a href="https://github.com/octokit/plugin-paginate-rest.js" rel="noopener noreferrer">paginate plugin</a></p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code> <span class="k">async</span> <span class="kd">function</span> <span class="nf">getCombinedSuccess</span><span class="p">(</span><span class="nx">octokit</span><span class="p">,</span> <span class="p">{</span> <span class="nx">owner</span><span class="p">,</span> <span class="nx">repo</span><span class="p">,</span> <span class="nx">pull_number</span><span class="p">})</span> <span class="p">{</span> <span class="c1">// https://developer.github.com/v3/pulls/#get-a-single-pull-request</span> <span class="kd">const</span> <span class="p">{</span> <span class="na">data</span><span class="p">:</span> <span class="p">{</span> <span class="na">head</span><span class="p">:</span> <span class="p">{</span> <span class="na">sha</span><span class="p">:</span> <span class="nx">commit_sha</span> <span class="p">}</span> <span class="p">}</span> <span class="p">}</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">octokit</span><span class="p">.</span><span class="nf">request</span><span class="p">(</span><span class="dl">'</span><span class="s1">GET /repos/:owner/:repo/pulls/:pull_number</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="nx">owner</span><span class="p">,</span> <span class="nx">repo</span><span class="p">,</span> <span class="nx">pull_number</span> <span class="p">})</span> <span class="c1">// https://developer.github.com/v3/repos/statuses/#get-the-combined-status-for-a-specific-ref</span> <span class="kd">const</span> <span class="p">{</span> <span class="na">data</span><span class="p">:</span> <span class="p">{</span> <span class="na">state</span><span class="p">:</span> <span class="nx">commitStatusState</span> <span class="p">}</span> <span class="p">}</span> <span class="o">=</span> <span class="nf">request</span><span class="p">(</span><span class="dl">'</span><span class="s1">GET /repos/:owner/:repo/commits/:commit_sha/status</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="nx">owner</span><span class="p">,</span> <span class="nx">repo</span><span class="p">,</span> <span class="nx">commit_sha</span> <span class="p">})</span> <span class="c1">// https://developer.github.com/v3/checks/runs/#list-check-runs-for-a-specific-ref</span> <span class="kd">const</span> <span class="nx">conclusions</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">octokit</span><span class="p">.</span><span class="nf">paginate</span><span class="p">(</span><span class="dl">'</span><span class="s1">GET /repos/:owner/:repo/commits/:ref/check-runs</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="nx">owner</span><span class="p">,</span> <span class="nx">repo</span><span class="p">,</span> <span class="nx">commit_sha</span> <span class="p">},</span> <span class="p">(</span><span class="nx">response</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="nx">response</span><span class="p">.</span><span class="nx">data</span><span class="p">.</span><span class="nx">conclusion</span><span class="p">)</span> <span class="kd">const</span> <span class="nx">allChecksSuccess</span> <span class="o">=</span> <span class="nx">conclusions</span> <span class="o">=&gt;</span> <span class="nx">conclusions</span><span class="p">.</span><span class="nf">every</span><span class="p">(</span><span class="nx">conclusion</span> <span class="o">=&gt;</span> <span class="nx">conclusion</span> <span class="o">===</span> <span class="nx">success</span><span class="p">)</span> <span class="k">return</span> <span class="nx">commitStatusState</span> <span class="o">===</span> <span class="dl">'</span><span class="s1">success</span><span class="dl">'</span> <span class="o">&amp;&amp;</span> <span class="nx">allChecksSuccess</span> <span class="p">}</span> </code></pre> </div> <p>Using GraphQL, you will only have to send one request. But keep in mind that <code>octokit.graphql</code> does not come with a solution for pagination, because it's complicated™. If you expect more than 100 check runs, you'll have to use the REST API or look into paginating the results from GraphQL (I recommend watching Rea Loretta's fantastic talk on <a href="https://www.youtube.com/watch?v=i5pIszu9MeM" rel="noopener noreferrer">Advanced patterns for GitHub's GraphQL API</a> to learn how to do that, and why it's so complicated).</p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code> <p><span class="kd">const</span> <span class="nx">QUERY</span> <span class="o">=</span> <span class="s2"><code>query($owner: String!, $repo: String!, $pull_number: Int!) {<br> repository(owner: $owner, name:$repo) {<br> pullRequest(number:$pull_number) {<br> commits(last: 1) {<br> nodes {<br> commit {<br> checkSuites(first: 100) {<br> nodes {<br> checkRuns(first: 100) {<br> nodes {<br> name<br> conclusion<br> permalink<br> }<br> }<br> }<br> }<br> status {<br> state<br> contexts {<br> state<br> targetUrl<br> description<br> context<br> }<br> }<br> }<br> }<br> }<br> }<br> }<br> }</code></span></p> <p><span class="k">async</span> <span class="kd">function</span> <span class="nf">getCombinedSuccess</span><span class="p">(</span><span class="nx">octokit</span><span class="p">,</span> <span class="p">{</span> <span class="nx">owner</span><span class="p">,</span> <span class="nx">repo</span><span class="p">,</span> <span class="nx">pull_number</span><span class="p">})</span> <span class="p">{</span><br> <span class="kd">const</span> <span class="nx">result</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">octokit</span><span class="p">.</span><span class="nf">graphql</span><span class="p">(</span><span class="nx">query</span><span class="p">,</span> <span class="p">{</span> <span class="nx">owner</span><span class="p">,</span> <span class="nx">repo</span><span class="p">,</span> <span class="nx">pull_number</span> <span class="p">});</span><br> <span class="kd">const</span> <span class="p">[{</span> <span class="na">commit</span><span class="p">:</span> <span class="nx">lastCommit</span> <span class="p">}]</span> <span class="o">=</span> <span class="nx">result</span><span class="p">.</span><span class="nx">repository</span><span class="p">.</span><span class="nx">pullRequest</span><span class="p">.</span><span class="nx">commits</span><span class="p">.</span><span class="nx">nodes</span><span class="p">;</span></p> <p><span class="kd">const</span> <span class="nx">allChecksSuccess</span> <span class="o">=</span> <span class="p">[].</span><span class="nf">concat</span><span class="p">(</span><br> <span class="p">...</span><span class="nx">lastCommit</span><span class="p">.</span><span class="nx">checkSuites</span><span class="p">.</span><span class="nx">nodes</span><span class="p">.</span><span class="nf">map</span><span class="p">(</span><span class="nx">node</span> <span class="o">=&gt;</span> <span class="nx">node</span><span class="p">.</span><span class="nx">checkRuns</span><span class="p">.</span><span class="nx">nodes</span><span class="p">)</span><br> <span class="p">).</span><span class="nf">every</span><span class="p">(</span><span class="nx">checkRun</span> <span class="o">=&gt;</span> <span class="nx">checkRun</span><span class="p">.</span><span class="nx">conclusion</span> <span class="o">===</span> <span class="dl">"</span><span class="s2">SUCCESS</span><span class="dl">"</span><span class="p">)</span><br> <span class="kd">const</span> <span class="nx">allStatusesSuccess</span> <span class="o">=</span> <span class="nx">lastCommit</span><span class="p">.</span><span class="nx">status</span><span class="p">.</span><span class="nx">contexts</span><span class="p">.</span><span class="nf">every</span><span class="p">(</span><span class="nx">status</span> <span class="o">=&gt;</span> <span class="nx">status</span><span class="p">.</span><span class="nx">state</span> <span class="o">===</span> <span class="dl">"</span><span class="s2">SUCCESS</span><span class="dl">"</span><span class="p">);</span></p> <p><span class="k">return</span> <span class="nx">allStatusesSuccess</span> <span class="o">||</span> <span class="nx">allChecksSuccess</span><br> <span class="p">}</span></p> </code></pre> </div> <h3> <br> <br> <br> See it in action<br> </h3> <p>I use the GraphQL version in my script to merge all open pull requests by Greenkeeper that I have unread notifications for: <a href="https://github.com/gr2m/merge-greenkeeper-prs/blob/a5322461d0ce2a07d57510b04bd50c81c89d841d/bin/merge-greenkeeper-prs.js#L50-L134" rel="noopener noreferrer">merge-greenkeeper-prs</a>.</p> <p>Happy automated pull request status checking &amp; merging 🥳</p> <h3> Credit </h3> <p>The header image is by <a href="https://www.flickr.com/photos/wocintechchat/22359007740/" rel="noopener noreferrer">WOCinTech Chat</a>, licensed under <a href="https://creativecommons.org/licenses/by-sa/2.0/" rel="noopener noreferrer">CC BY-SA 2.0</a></p> github javascript octokit Gregor Martynus Fri, 17 Jan 2020 21:26:12 +0000 https://dev.to/gr2m/github-api-authentication-github-actions-la3 https://dev.to/gr2m/github-api-authentication-github-actions-la3 <p>In this post, I will explain how to create a GitHub Action workflow that adds a comment to every new pull request using</p> <ol> <li>A <a href="https://help.github.com/en/actions/automating-your-workflow-with-github-actions/workflow-syntax-for-github-actions" rel="noopener noreferrer">GitHub Action workflow</a> file (<code>.github/workflows/pr-comment.yml</code>)</li> <li>A single JavaScript file (<code>.github/actions/pr-comment.js</code>)</li> </ol> <p>Both files live in the same repository where the comments will be added. If you get stuck at any point, <a href="https://github.com/gr2m/create-pull-request-comment-action-example" rel="noopener noreferrer">here is my repository</a> with all the code described in this post.</p> <h2> Prerequisites </h2> <ol> <li>Install <a href="https://git-scm.com/" rel="noopener noreferrer">git</a> and <a href="https://nodejs.org/en/" rel="noopener noreferrer">Node.js</a> </li> <li><a href="https://github.com/new" rel="noopener noreferrer">Create a repository on GitHub</a></li> <li> <a href="https://help.github.com/en/github/creating-cloning-and-archiving-repositories/cloning-a-repository" rel="noopener noreferrer">Clone the repository to your local machine</a>.</li> </ol> <h2> Passing the <code>GITHUB_TOKEN</code> secret to a JavaScript file </h2> <p>GitHub Actions come with their own special token that must be passed to each workflow step explicitly: <a href="https://help.github.com/en/actions/automating-your-workflow-with-github-actions/authenticating-with-the-github_token" rel="noopener noreferrer"><code>secrets.GITHUB_TOKEN</code></a>. Unlike <a href="https://dev.to/gr2m/github-api-authentication-personal-access-tokens-53kd">Personal Access Tokens</a> that I explained in the previous post of this series, you don't have to manually create them. A unique <code>GITHUB_TOKEN</code> is created each time your GitHub Action is run.</p> <p>Let's start out by creating a new workflow file at <code>.github/workflows/pr-comment.yml</code><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">name</span><span class="pi">:</span> <span class="s">PR Comment</span> <span class="na">on</span><span class="pi">:</span> <span class="c1"># Run this workflow only when a new pull request is opened</span> <span class="c1"># compare: https://git.io/JvTyV</span> <span class="na">pull_request</span><span class="pi">:</span> <span class="na">types</span><span class="pi">:</span> <span class="pi">[</span><span class="nv">opened</span><span class="pi">]</span> <span class="na">jobs</span><span class="pi">:</span> <span class="na">pr_comment</span><span class="pi">:</span> <span class="na">runs-on</span><span class="pi">:</span> <span class="s">ubuntu-latest</span> <span class="na">steps</span><span class="pi">:</span> <span class="c1"># Make files accessible to actions</span> <span class="c1"># https://github.com/actions/checkout#readme</span> <span class="pi">-</span> <span class="na">uses</span><span class="pi">:</span> <span class="s">actions/checkout@v2</span> <span class="c1"># Install Node</span> <span class="c1"># https://github.com/actions/setup-node#readme</span> <span class="pi">-</span> <span class="na">uses</span><span class="pi">:</span> <span class="s">actions/setup-node@v1</span> <span class="na">with</span><span class="pi">:</span> <span class="na">node-version</span><span class="pi">:</span> <span class="m">12</span> <span class="c1"># Install dependencies</span> <span class="pi">-</span> <span class="na">run</span><span class="pi">:</span> <span class="s">npm ci</span> <span class="c1"># Run pr-comment.js with Node and pass the authentication token </span> <span class="pi">-</span> <span class="na">run</span><span class="pi">:</span> <span class="s">node .github/actions/pr-comment.js</span> <span class="na">with</span><span class="pi">:</span> <span class="na">GITHUB_TOKEN</span><span class="pi">:</span> <span class="s">${{ secrets.GITHUB_TOKEN }}</span> </code></pre> </div> <p>Next, we need to create a <code>package.json</code> file and install a few dependencies, and create the <code>.github/actions/pr-comment.js</code>.</p> <h2> Creating a comment using JavaScript </h2> <p>We will use GitHub's <a href="https://developer.github.com/v3/issues/comments/#create-a-comment" rel="noopener noreferrer">Create a comment</a> REST API endpoint to create the comment on every new pull request. A GraphQL query would work just the same, using <code>octokit.graphql</code> instead of <code>octokit.request</code>.</p> <p>Create a <code>package.json</code> file in the folder you cloned your repository into:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>npm init </code></pre> </div> <p>After that, install <a href="https://github.com/octokit/action.js" rel="noopener noreferrer"><code>@octokit/action</code></a><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>npm <span class="nb">install</span> @octokit/action </code></pre> </div> <p>Next, create the <code>.github/actions/pr-comment.js</code> file<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="c1">// GITHUB_EVENT_PATH always exists when run by an Action,</span> <span class="c1">// see https://git.io/JvUf7 for a full list</span> <span class="kd">const</span> <span class="nx">eventPayload</span> <span class="o">=</span> <span class="nf">require</span><span class="p">(</span><span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">GITHUB_EVENT_PATH</span><span class="p">);</span> <span class="kd">const</span> <span class="p">{</span> <span class="nx">Octokit</span> <span class="p">}</span> <span class="o">=</span> <span class="nf">require</span><span class="p">(</span><span class="dl">"</span><span class="s2">@octokit/action</span><span class="dl">"</span><span class="p">);</span> <span class="nf">createPrComment</span><span class="p">();</span> <span class="k">async</span> <span class="kd">function</span> <span class="nf">createPrComment</span><span class="p">()</span> <span class="p">{</span> <span class="c1">// No need to pass process.env.GITHUB_TOKEN, `@octokit/action`</span> <span class="c1">// is using it directly and throws an error if it is not present.</span> <span class="kd">const</span> <span class="nx">octokit</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">Octokit</span><span class="p">();</span> <span class="c1">// See https://developer.github.com/v3/issues/comments/#create-a-comment</span> <span class="kd">const</span> <span class="p">{</span> <span class="nx">data</span> <span class="p">}</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">octokit</span><span class="p">.</span><span class="nf">request</span><span class="p">(</span> <span class="dl">"</span><span class="s2">POST /repos/:repository/issues/:pr_number/comments</span><span class="dl">"</span><span class="p">,</span> <span class="p">{</span> <span class="na">repository</span><span class="p">:</span> <span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">GITHUB_REPOSITORY</span><span class="p">,</span> <span class="na">pr_number</span><span class="p">:</span> <span class="nx">eventPayload</span><span class="p">.</span><span class="nx">pull_request</span><span class="p">.</span><span class="nx">number</span><span class="p">,</span> <span class="na">body</span><span class="p">:</span> <span class="dl">"</span><span class="s2">Thank you for your pull request!</span><span class="dl">"</span> <span class="p">}</span> <span class="p">);</span> <span class="nx">console</span><span class="p">.</span><span class="nf">log</span><span class="p">(</span><span class="dl">"</span><span class="s2">Comment created: %d</span><span class="dl">"</span><span class="p">,</span> <span class="nx">data</span><span class="p">.</span><span class="nx">html_url</span><span class="p">);</span> <span class="p">}</span> </code></pre> </div> <p>Commit and push your changes<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>git add . git commit -m 'add GitHub Action workflow to comment on new PRs' git push origin master </code></pre> </div> <p>Now create a new pull request on your repository. After a short delay, the Action will show up in the list of checks as pending</p> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fthepracticaldev.s3.amazonaws.com%2Fi%2Fordv02m8ybwrexdgdepn.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fthepracticaldev.s3.amazonaws.com%2Fi%2Fordv02m8ybwrexdgdepn.png" alt="Screenshot of new pull request"></a></p> <p>If all goes as expected, the action will add the new comment</p> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fthepracticaldev.s3.amazonaws.com%2Fi%2Fwri0tub497howpsfj0c7.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fthepracticaldev.s3.amazonaws.com%2Fi%2Fwri0tub497howpsfj0c7.png" alt="Screenshot of new comment"></a></p> <p>Congratulations 👏 Now that you know how to send authenticated requests against GitHub's APIs with Actions and JavaScript, sky is the limit 🚀</p> <p><a href="https://i.giphy.com/media/EybtniuGPjSdG/giphy.gif" class="article-body-image-wrapper"><img src="https://i.giphy.com/media/EybtniuGPjSdG/giphy.gif" alt="With great power comes great responsibility"></a></p> <h1> Secrets and pull requests from forks </h1> <p>Creating the comment will not work when someone creates a pull request from a fork. The <code>GITHUB_TOKEN</code> secret is still passed, but has only read permissions, it cannot create or update anything. If that was not the case, anyone could create a pull request changing the code of the <code>pr-comment.js</code> script to do something malicious with your repository.</p> <p>For now, I you can prevent the action from running altogether if the pull request comes from a fork by adding an <a href="https://help.github.com/en/actions/automating-your-workflow-with-github-actions/workflow-syntax-for-github-actions#jobsjob_idif" rel="noopener noreferrer"><code>if</code> statement</a><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="c1"># ...</span> <span class="na">jobs</span><span class="pi">:</span> <span class="na">pr_comment</span><span class="pi">:</span> <span class="na">runs-on</span><span class="pi">:</span> <span class="s">ubuntu-latest</span> <span class="na">if</span><span class="pi">:</span> <span class="s">eventPayload.pull_request.head.repo.fork == </span><span class="kc">false</span> <span class="na">steps</span><span class="pi">:</span> <span class="c1"># ...</span> </code></pre> </div> <p>Another alternative is to use GitHub Apps instead, which I will cover in my next blog post 😇</p> github javascript octokit Gregor Martynus Fri, 10 Jan 2020 23:44:53 +0000 https://dev.to/gr2m/github-api-authentication-personal-access-tokens-53kd https://dev.to/gr2m/github-api-authentication-personal-access-tokens-53kd <p>Personal Access Tokens are the easiest way to authenticate requests as a GitHub user. You can create a new Personal Access Token at <a href="https://github.com/settings/tokens/new" rel="noopener noreferrer">https://github.com/settings/tokens/new</a>.</p> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fthepracticaldev.s3.amazonaws.com%2Fi%2Fhua76w8dz9qh7zhpvzk1.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fthepracticaldev.s3.amazonaws.com%2Fi%2Fhua76w8dz9qh7zhpvzk1.png" alt="Create a personal access token screenshot"></a></p> <p>Set the <code>note</code> to something memorable. The scopes are pretty self-explanatory, only select what you are sure you will need. The <code>public_repo</code> scope is what you'll need in most cases, e.g. to retrieve, create or update all things related to repositories.</p> <p>The next screen will show you the token. Make sure to copy it somewhere safe as it won't be shown again.</p> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fthepracticaldev.s3.amazonaws.com%2Fi%2Fmfz56rp2vawjv5aarswe.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fthepracticaldev.s3.amazonaws.com%2Fi%2Fmfz56rp2vawjv5aarswe.png" alt="Personal Access Token created screenshot"></a></p> <p>You can now use that token, for example to retrieve the latest release of <a href="https://github.com/octokit/core.js" rel="noopener noreferrer">octokit/core.js</a> using <a href="https://curl.haxx.se/" rel="noopener noreferrer">curl</a> from your terminal</p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code> curl <span class="nt">--header</span> <span class="s2">"Authorization: token d64761df071c2bf517ceb063b279432ed2f89c62"</span> <span class="se">\</span> https://api.github.com/repos/octokit/core.js/releases/latest </code></pre> </div> <p>Or using <a href="https://developer.mozilla.org/en-US/docs/Web/API/Fetch_API/Using_Fetch" rel="noopener noreferrer">fetch</a> in a browser or <a href="https://github.com/bitinn/node-fetch/" rel="noopener noreferrer">node-fetch</a> in Node.js</p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code> <span class="kd">const</span> <span class="nx">response</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">fetch</span><span class="p">(</span> <span class="dl">"</span><span class="s2">https://api.github.com/repos/octokit/core.js/releases/latest</span><span class="dl">"</span><span class="p">,</span> <span class="p">{</span> <span class="na">headers</span><span class="p">:</span> <span class="p">{</span> <span class="na">authorization</span><span class="p">:</span> <span class="dl">"</span><span class="s2">token d64761df071c2bf517ceb063b279432ed2f89c62</span><span class="dl">"</span> <span class="p">}</span> <span class="p">}</span> <span class="p">)</span> <span class="nx">console</span><span class="p">.</span><span class="nf">log</span><span class="p">(</span><span class="k">await</span> <span class="nx">response</span><span class="p">.</span><span class="nf">json</span><span class="p">());</span> </code></pre> </div> <h1> Using the JavaScript Octokit </h1> <p>Authenticating using a personal access token is straight forward, so it's already built into <a href="https://github.com/octokit/core.js" rel="noopener noreferrer">https://github.com/octokit/core.js</a> and all libraries that are built upon it.</p> <p>Sending the above request would look like this in the browser</p> <div class="highlight js-code-highlight"> <pre class="highlight html"><code> <span class="nt">&lt;script </span><span class="na">type=</span><span class="s">"module"</span><span class="nt">&gt;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">Octokit</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">https://cdn.pika.dev/@octokit/core</span><span class="dl">"</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">octokit</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">Octokit</span><span class="p">({</span> <span class="na">auth</span><span class="p">:</span> <span class="dl">"</span><span class="s2">d64761df071c2bf517ceb063b279432ed2f89c62</span><span class="dl">"</span> <span class="p">});</span> <span class="nx">octokit</span><span class="p">.</span><span class="nf">request</span><span class="p">(</span><span class="dl">'</span><span class="s1">GET /repos/:owner/:repo/releases/latest</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="na">owner</span><span class="p">:</span> <span class="dl">"</span><span class="s2">octokit</span><span class="dl">"</span><span class="p">,</span> <span class="na">repo</span><span class="p">:</span> <span class="dl">"</span><span class="s2">core.js</span><span class="dl">"</span> <span class="p">}).</span><span class="nf">then</span><span class="p">(</span><span class="nx">response</span> <span class="o">=&gt;</span> <span class="nx">console</span><span class="p">.</span><span class="nf">log</span><span class="p">(</span><span class="nx">response</span><span class="p">.</span><span class="nx">data</span><span class="p">))</span> <span class="nt">&lt;/script&gt;</span> </code></pre> </div> <p>And like this in Node.js</p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code> <span class="kd">const</span> <span class="p">{</span> <span class="nx">Octokit</span> <span class="p">}</span> <span class="o">=</span> <span class="nf">require</span><span class="p">(</span><span class="dl">'</span><span class="s1">@octokit/rest</span><span class="dl">'</span><span class="p">)</span> <span class="kd">const</span> <span class="nx">octokit</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">Octokit</span><span class="p">({</span> <span class="na">auth</span><span class="p">:</span> <span class="dl">"</span><span class="s2">d64761df071c2bf517ceb063b279432ed2f89c62</span><span class="dl">"</span> <span class="p">});</span> <span class="nx">octokit</span><span class="p">.</span><span class="nf">request</span><span class="p">(</span><span class="dl">'</span><span class="s1">GET /repos/:owner/:repo/releases/latest</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="na">owner</span><span class="p">:</span> <span class="dl">"</span><span class="s2">octokit</span><span class="dl">"</span><span class="p">,</span> <span class="na">repo</span><span class="p">:</span> <span class="dl">"</span><span class="s2">core.js</span><span class="dl">"</span> <span class="p">}).</span><span class="nf">then</span><span class="p">(</span><span class="nx">response</span> <span class="o">=&gt;</span> <span class="nx">console</span><span class="p">.</span><span class="nf">log</span><span class="p">(</span><span class="nx">response</span><span class="p">.</span><span class="nx">data</span><span class="p">))</span> </code></pre> </div> <h1> Handling errors </h1> <p>If the token is invalid, the server will respond with a 401 status and a <code>"bad credentials"</code> message</p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code> curl <span class="nt">--header</span> <span class="s2">"Authorization: token invalid"</span> https://api.github.com/notifications <span class="o">{</span> <span class="s2">"message"</span>: <span class="s2">"Bad credentials"</span>, <span class="s2">"documentation_url"</span>: <span class="s2">"https://developer.github.com/v3"</span> <span class="o">}</span> </code></pre> </div> <p>If the token does not have the required scopes, the server will respond with a 403 status and an explanatory message</p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code> curl <span class="nt">--header</span> <span class="s2">"Authorization: token d64761df071c2bf517ceb063b279432ed2f89c62"</span> https://api.github.com/notifications <span class="o">{</span> <span class="s2">"message"</span>: <span class="s2">"Missing the 'notifications' scope."</span>, <span class="s2">"documentation_url"</span>: <span class="s2">"https://developer.github.com/v3/activity/notifications/#list-your-notifications"</span> <span class="o">}</span> </code></pre> </div> <p>New scopes cannot be added to existing tokens, you will have to create a new token with the required scopes selected to address <code>403</code> errors.</p> <h1> Limitations </h1> <p>Personal Access Tokens work great for personal usage. But if you plan to create a service or a CLI application that integrate with GitHub, there are better options that don't require the user to manually create and maintain tokens. I will write about all of them in the remaining posts of this series.</p> <p>Personal Access Tokens can be used in GitHub Actions if you want the script to act as your user account. Next week I'll talk about authenticating scripts run by <a href="https://github.com/features/actions" rel="noopener noreferrer">GitHub Actions</a>, and how to utilize the special <a href="https://help.github.com/en/actions/automating-your-workflow-with-github-actions/authenticating-with-the-github_token" rel="noopener noreferrer">GITHUB_TOKEN secret</a> as a simpler alternative to using Personal Access Tokens for most cases.</p> github javascript octokit Gregor Martynus Fri, 10 Jan 2020 23:44:44 +0000 https://dev.to/gr2m/github-api-authentication-introduction-39dj https://dev.to/gr2m/github-api-authentication-introduction-39dj <p>This is the first post of a series about different Authentication strategies for <a href="https://developer.github.com/">GitHub's APIs</a>. The different strategies that I plan to write about are</p> <ol> <li>Personal Access Tokens</li> <li>GitHub Actions</li> <li>Username &amp; Password (Basic)</li> <li>OAuth</li> <li>Webhooks</li> <li>GitHub Apps</li> <li>CLI</li> </ol> <p>Authenticating requests is required for <a href="https://developer.github.com/v4/">GitHub's GraphQL API</a> and strongly encouraged for <a href="https://developer.github.com/v3/">GitHub's REST API</a>.</p> <p>While it is possible to send unauthenticated REST API requests, only 60 requests per hour are permitted. Unauthenticated requests are rate limited based on IP addresses, so if you sent them from virtual servers such as most CI environments they are likely depleted most of the time.</p> <h1> Example </h1> <p>Sending an anonymous request responds with <code>X-RateLimit-*</code> headers stating that less than 60 more requests can be sent until the rate limit is reset. For this example, I'm using <a href="https://curl.haxx.se/">curl</a><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>curl <span class="nt">--head</span> https://api.github.com/repos/octokit/core.js/releases/latest X-RateLimit-Limit: 60 X-RateLimit-Remaining: 59 X-RateLimit-Reset: 1578690442 </code></pre> </div> <p>Sending the same request with an authorization header shows the increased rate limit<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>curl <span class="nt">--head</span> <span class="se">\</span> <span class="nt">--header</span> <span class="s2">"Authorization: token 70e98949b567d678f62ed81866a1cd54aaeee400"</span> <span class="se">\</span> https://api.github.com/repos/octokit/core.js/releases/latest X-RateLimit-Limit: 5000 X-RateLimit-Remaining: 4999 X-RateLimit-Reset: 1578690903 </code></pre> </div> <p>The string <code>70e98949b567d678f62ed81866a1cd54aaeee400</code> is an example of a personal access token, which I wrote about in <a href="https://dev.to/gr2m/github-api-authentication-personal-access-tokens-53kd">the next post of this series</a>.</p> github octokit Gregor Martynus Fri, 03 Jan 2020 21:14:55 +0000 https://dev.to/gr2m/schedule-github-pull-request-merges-using-actions-h38 https://dev.to/gr2m/schedule-github-pull-request-merges-using-actions-h38 <p>There is currently no built-in feature to schedule a pull request merge on GitHub. But a little <a href="https://github.com/features/actions">GitHub Action</a> magic can fill in this gap.</p> <p>In this post, I'll explain </p> <ol> <li>How to set pull request status to "pending" and</li> <li>How to run a script on a schedule using GitHub Actions.</li> </ol> <p>If you want to explore the final code, check out the <a href="https://github.com/gr2m/merge-schedule-action#readme">Schedule Action on GitHub</a>.</p> <h1> How it works </h1> <p>In order to merge a pull request on a specified future date, you need two things</p> <ol> <li>Set the date for the merge</li> <li>Do the actual merge on the specified date</li> </ol> <p>For the first step, the action will look for a string in the pull request description that looks like this<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight markdown"><code>/schedule 2020-02-20 </code></pre> </div> <p>If it exists, it creates a pending status with an explanatory description.</p> <p>The 2nd step is a script that runs on a special <a href="https://help.github.com/en/actions/automating-your-workflow-with-github-actions/configuring-a-workflow#triggering-a-workflow-with-events"><code>schedule</code> event</a>. It will look for the string above in all open pull requests. If it finds any, it will merge the pull requests that are scheduled to be merged today.</p> <h2> Set the date for the merge </h2> <p>The workflow file for the first step will look like this, you can create it as <code>.github/workflows/schedule-merge.yml</code>, the file name does not matter, only the directory.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">name</span><span class="pi">:</span> <span class="s">Schedule Merge</span> <span class="na">on</span><span class="pi">:</span> <span class="na">pull_request</span><span class="pi">:</span> <span class="na">types</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">opened</span> <span class="pi">-</span> <span class="s">edited</span> <span class="na">jobs</span><span class="pi">:</span> <span class="na">schedule</span><span class="pi">:</span> <span class="na">runs-on</span><span class="pi">:</span> <span class="s">ubuntu-latest</span> <span class="na">steps</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">uses</span><span class="pi">:</span> <span class="s">actions/checkout@v2</span> <span class="pi">-</span> <span class="na">uses</span><span class="pi">:</span> <span class="s">actions/setup-node@v1</span> <span class="na">with</span><span class="pi">:</span> <span class="na">node-version</span><span class="pi">:</span> <span class="m">12</span> <span class="pi">-</span> <span class="na">run</span><span class="pi">:</span> <span class="s2">"</span><span class="s">npm</span><span class="nv"> </span><span class="s">ci"</span> <span class="pi">-</span> <span class="na">run</span><span class="pi">:</span> <span class="s2">"</span><span class="s">node</span><span class="nv"> </span><span class="s">./.github/actions/schedule-merge.js"</span> <span class="na">env</span><span class="pi">:</span> <span class="na">GITHUB_TOKEN</span><span class="pi">:</span> <span class="s">${{ secrets.GITHUB_TOKEN }}</span> </code></pre> </div> <p>The workflow is triggered each time a pull request is created or edited (such as a description update). Then it checks out the source code of your repository, it sets up Node and installs your dependencies as defined in <code>./package.json</code>. Then it runs the <code>./.github/actions/schedule.js</code> file that we still need to create, and passes in the <a href="https://help.github.com/en/actions/automating-your-workflow-with-github-actions/authenticating-with-the-github_token"><code>GITHUB_TOKEN</code></a>.</p> <p>A simplified <code>./.github/actions/schedule-merge.js</code> file would look like this (See <a href="https://github.com/gr2m/merge-schedule-action/blob/38d34a13ba7f6ce92ec5acd54d00095d3bef0a42/lib/handle_pull_request.js">gr2m/merge-schedule-action/lib/handle_pull_request.js</a> for a complete version).<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="c1">// make sure to `npm install @octokit/action`</span> <span class="kd">const</span> <span class="p">{</span> <span class="nx">Octokit</span> <span class="p">}</span> <span class="o">=</span> <span class="nx">require</span><span class="p">(</span><span class="dl">"</span><span class="s2">@octokit/action</span><span class="dl">"</span><span class="p">);</span> <span class="nx">scheduleMerge</span><span class="p">()</span> <span class="k">async</span> <span class="kd">function</span> <span class="nx">scheduleMerge</span><span class="p">()</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">octokit</span> <span class="o">=</span> <span class="k">new</span> <span class="nx">Octokit</span><span class="p">();</span> <span class="c1">// retrieve the full `pull_request` event payload</span> <span class="kd">const</span> <span class="nx">eventPayload</span> <span class="o">=</span> <span class="nx">require</span><span class="p">(</span><span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">GITHUB_EVENT_PATH</span><span class="p">);</span> <span class="c1">// find and parse the date string from the `/schedule ...` command</span> <span class="kd">const</span> <span class="nx">datestring</span> <span class="o">=</span> <span class="nx">getScheduleDateString</span><span class="p">(</span><span class="nx">eventPayload</span><span class="p">.</span><span class="nx">pull_request</span><span class="p">.</span><span class="nx">body</span><span class="p">);</span> <span class="k">if</span> <span class="p">(</span><span class="o">!</span><span class="nx">datestring</span><span class="p">)</span> <span class="p">{</span> <span class="nx">console</span><span class="p">.</span><span class="nx">log</span><span class="p">(</span><span class="s2">`No /schedule command found`</span><span class="p">);</span> <span class="k">return</span><span class="p">;</span> <span class="p">}</span> <span class="c1">// Create a check run using the REST API</span> <span class="c1">// https://developer.github.com/v3/checks/runs/#create-a-check-run</span> <span class="kd">const</span> <span class="p">{</span> <span class="nx">data</span> <span class="p">}</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">octokit</span><span class="p">.</span><span class="nx">request</span><span class="p">(</span><span class="dl">'</span><span class="s1">POST /repos/:owner/:repo/check-runs</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="na">owner</span><span class="p">:</span> <span class="nx">eventPayload</span><span class="p">.</span><span class="nx">repository</span><span class="p">.</span><span class="nx">owner</span><span class="p">.</span><span class="nx">login</span><span class="p">,</span> <span class="na">repo</span><span class="p">:</span> <span class="nx">eventPayload</span><span class="p">.</span><span class="nx">repository</span><span class="p">.</span><span class="nx">name</span><span class="p">,</span> <span class="na">name</span><span class="p">:</span> <span class="dl">"</span><span class="s2">Merge Schedule</span><span class="dl">"</span><span class="p">,</span> <span class="na">head_sha</span><span class="p">:</span> <span class="nx">eventPayload</span><span class="p">.</span><span class="nx">pull_request</span><span class="p">.</span><span class="nx">head</span><span class="p">.</span><span class="nx">sha</span><span class="p">,</span> <span class="na">status</span><span class="p">:</span> <span class="dl">"</span><span class="s2">in_progress</span><span class="dl">"</span><span class="p">,</span> <span class="na">output</span><span class="p">:</span> <span class="p">{</span> <span class="na">title</span><span class="p">:</span> <span class="s2">`Scheduled to me merged on </span><span class="p">${</span><span class="nx">datestring</span><span class="p">}</span><span class="s2">`</span><span class="p">,</span> <span class="na">summary</span><span class="p">:</span> <span class="dl">"</span><span class="s2">TO BE DONE: add useful summary</span><span class="dl">"</span> <span class="p">}</span> <span class="p">});</span> <span class="nx">console</span><span class="p">.</span><span class="nx">log</span><span class="p">(</span><span class="s2">`Check run created: </span><span class="p">${</span><span class="nx">data</span><span class="p">.</span><span class="nx">html_url</span><span class="p">}</span><span class="s2">`</span><span class="p">);</span> <span class="p">}</span> </code></pre> </div> <p>Now each time you create a pull request or update its description, the action will run and set a pending status if a <code>/schedule ...</code> command is found.</p> <h2> Merge a scheduled pull request </h2> <p>You can create the workflow file for the 2nd step as <code>.github/workflows/merge-scheduled.yml</code>. The <code>cron</code> syntax is rather complicated, but the <a href="https://crontab.guru/">https://crontab.guru/</a> website can be a great help.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">name</span><span class="pi">:</span> <span class="s">Merge Scheduled Pull Requests</span> <span class="na">on</span><span class="pi">:</span> <span class="na">schedule</span><span class="pi">:</span> <span class="c1"># https://crontab.guru/every-day-8am</span> <span class="pi">-</span> <span class="na">cron</span><span class="pi">:</span> <span class="s">0 8 * * *</span> <span class="na">jobs</span><span class="pi">:</span> <span class="na">merge</span><span class="pi">:</span> <span class="na">runs-on</span><span class="pi">:</span> <span class="s">ubuntu-latest</span> <span class="na">steps</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">uses</span><span class="pi">:</span> <span class="s">actions/checkout@v2</span> <span class="pi">-</span> <span class="na">uses</span><span class="pi">:</span> <span class="s">actions/setup-node@v1</span> <span class="na">with</span><span class="pi">:</span> <span class="na">node-version</span><span class="pi">:</span> <span class="m">12</span> <span class="pi">-</span> <span class="na">run</span><span class="pi">:</span> <span class="s2">"</span><span class="s">npm</span><span class="nv"> </span><span class="s">ci"</span> <span class="pi">-</span> <span class="na">run</span><span class="pi">:</span> <span class="s2">"</span><span class="s">node</span><span class="nv"> </span><span class="s">./.github/actions/merge.js"</span> <span class="na">env</span><span class="pi">:</span> <span class="na">GITHUB_TOKEN</span><span class="pi">:</span> <span class="s">${{ secrets.GITHUB_TOKEN }}</span> </code></pre> </div> <p>A simplified <code>./.github/actions/merge.js</code> file would look like this (See <a href="https://github.com/gr2m/merge-schedule-action/blob/38d34a13ba7f6ce92ec5acd54d00095d3bef0a42/lib/handle_schedule.js">gr2m/merge-schedule-action/lib/handle_schedule.js</a> for a complete version).<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">const</span> <span class="p">{</span> <span class="nx">Octokit</span> <span class="p">}</span> <span class="o">=</span> <span class="nx">require</span><span class="p">(</span><span class="dl">"</span><span class="s2">@octokit/action</span><span class="dl">"</span><span class="p">);</span> <span class="nx">merge</span><span class="p">()</span> <span class="k">async</span> <span class="kd">function</span> <span class="nx">merge</span><span class="p">()</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">octokit</span> <span class="o">=</span> <span class="k">new</span> <span class="nx">Octokit</span><span class="p">();</span> <span class="kd">const</span> <span class="p">[</span><span class="nx">owner</span><span class="p">,</span> <span class="nx">repo</span><span class="p">]</span> <span class="o">=</span> <span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">GITHUB_REPOSITORY</span><span class="p">.</span><span class="nx">split</span><span class="p">(</span><span class="dl">"</span><span class="s2">/</span><span class="dl">"</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">pullRequests</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">octokit</span><span class="p">.</span><span class="nx">paginate</span><span class="p">(</span> <span class="dl">"</span><span class="s2">GET /repos/:owner/:repo/pulls</span><span class="dl">"</span><span class="p">,</span> <span class="p">{</span> <span class="nx">owner</span><span class="p">,</span> <span class="nx">repo</span><span class="p">,</span> <span class="na">state</span><span class="p">:</span> <span class="dl">"</span><span class="s2">open</span><span class="dl">"</span> <span class="p">},</span> <span class="p">({</span> <span class="nx">data</span> <span class="p">})</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="k">return</span> <span class="nx">data</span><span class="p">.</span><span class="nx">filter</span><span class="p">(</span><span class="nx">hasScheduleCommand</span><span class="p">).</span><span class="nx">map</span><span class="p">(</span><span class="nx">pullRequest</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="k">return</span> <span class="p">{</span> <span class="na">number</span><span class="p">:</span> <span class="nx">pullRequest</span><span class="p">.</span><span class="nx">number</span><span class="p">,</span> <span class="na">html_url</span><span class="p">:</span> <span class="nx">pullRequest</span><span class="p">.</span><span class="nx">html_url</span><span class="p">,</span> <span class="na">scheduledDate</span><span class="p">:</span> <span class="nx">getScheduleDateString</span><span class="p">(</span><span class="nx">pullRequest</span><span class="p">.</span><span class="nx">body</span><span class="p">)</span> <span class="p">};</span> <span class="p">});</span> <span class="p">}</span> <span class="p">);</span> <span class="nx">console</span><span class="p">.</span><span class="nx">log</span><span class="p">(</span><span class="s2">`</span><span class="p">${</span><span class="nx">pullRequests</span><span class="p">.</span><span class="nx">length</span><span class="p">}</span><span class="s2"> scheduled pull requests found`</span><span class="p">);</span> <span class="k">if</span> <span class="p">(</span><span class="nx">pullRequests</span><span class="p">.</span><span class="nx">length</span> <span class="o">===</span> <span class="mi">0</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span><span class="p">;</span> <span class="p">}</span> <span class="kd">const</span> <span class="nx">duePullRequests</span> <span class="o">=</span> <span class="nx">pullRequests</span><span class="p">.</span><span class="nx">filter</span><span class="p">(</span> <span class="nx">pullRequest</span> <span class="o">=&gt;</span> <span class="k">new</span> <span class="nb">Date</span><span class="p">(</span><span class="nx">pullRequest</span><span class="p">.</span><span class="nx">scheduledDate</span><span class="p">)</span> <span class="o">&lt;</span> <span class="k">new</span> <span class="nb">Date</span><span class="p">()</span> <span class="p">);</span> <span class="nx">console</span><span class="p">.</span><span class="nx">log</span><span class="p">(</span><span class="s2">`</span><span class="p">${</span><span class="nx">duePullRequests</span><span class="p">.</span><span class="nx">length</span><span class="p">}</span><span class="s2"> due pull requests found`</span><span class="p">);</span> <span class="k">if</span> <span class="p">(</span><span class="nx">duePullRequests</span><span class="p">.</span><span class="nx">length</span> <span class="o">===</span> <span class="mi">0</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span><span class="p">;</span> <span class="p">}</span> <span class="k">for</span> <span class="k">await</span> <span class="p">(</span><span class="kd">const</span> <span class="nx">pullRequest</span> <span class="k">of</span> <span class="nx">duePullRequests</span><span class="p">)</span> <span class="p">{</span> <span class="k">await</span> <span class="nx">octokit</span><span class="p">.</span><span class="nx">pulls</span><span class="p">.</span><span class="nx">merge</span><span class="p">({</span> <span class="nx">owner</span><span class="p">,</span> <span class="nx">repo</span><span class="p">,</span> <span class="na">pull_number</span><span class="p">:</span> <span class="nx">pullRequest</span><span class="p">.</span><span class="nx">number</span> <span class="p">});</span> <span class="nx">console</span><span class="p">.</span><span class="nx">log</span><span class="p">(</span><span class="s2">`</span><span class="p">${</span><span class="nx">pullRequest</span><span class="p">.</span><span class="nx">html_url</span><span class="p">}</span><span class="s2"> merged`</span><span class="p">);</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <h2> Combining the workflow files </h2> <p>If you like, you can combine the two workflow files above into one, then run the correct script based on the event. It would look like this<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">name</span><span class="pi">:</span> <span class="s">Merge Scheduled Pull Requests</span> <span class="na">on</span><span class="pi">:</span> <span class="na">pull_request</span><span class="pi">:</span> <span class="na">types</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">opened</span> <span class="pi">-</span> <span class="s">edited</span> <span class="na">schedule</span><span class="pi">:</span> <span class="c1"># https://crontab.guru/every-day-8am</span> <span class="pi">-</span> <span class="na">cron</span><span class="pi">:</span> <span class="s">0 8 * * *</span> <span class="na">jobs</span><span class="pi">:</span> <span class="na">schedule</span><span class="pi">:</span> <span class="na">runs-on</span><span class="pi">:</span> <span class="s">ubuntu-latest</span> <span class="na">if</span><span class="pi">:</span> <span class="s">github.event_name == 'pull_request'</span> <span class="na">steps</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">uses</span><span class="pi">:</span> <span class="s">actions/checkout@v2</span> <span class="pi">-</span> <span class="na">uses</span><span class="pi">:</span> <span class="s">actions/setup-node@v1</span> <span class="na">with</span><span class="pi">:</span> <span class="na">node-version</span><span class="pi">:</span> <span class="m">12</span> <span class="pi">-</span> <span class="na">run</span><span class="pi">:</span> <span class="s2">"</span><span class="s">npm</span><span class="nv"> </span><span class="s">ci"</span> <span class="pi">-</span> <span class="na">run</span><span class="pi">:</span> <span class="s2">"</span><span class="s">node</span><span class="nv"> </span><span class="s">./.github/actions/schedule-merge.js"</span> <span class="na">env</span><span class="pi">:</span> <span class="na">GITHUB_TOKEN</span><span class="pi">:</span> <span class="s">${{ secrets.GITHUB_TOKEN }}</span> <span class="na">merge</span><span class="pi">:</span> <span class="na">runs-on</span><span class="pi">:</span> <span class="s">ubuntu-latest</span> <span class="na">if</span><span class="pi">:</span> <span class="s">github.event_name == 'schedule'</span> <span class="na">steps</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">uses</span><span class="pi">:</span> <span class="s">actions/checkout@v2</span> <span class="pi">-</span> <span class="na">uses</span><span class="pi">:</span> <span class="s">actions/setup-node@v1</span> <span class="na">with</span><span class="pi">:</span> <span class="na">node-version</span><span class="pi">:</span> <span class="m">12</span> <span class="pi">-</span> <span class="na">run</span><span class="pi">:</span> <span class="s2">"</span><span class="s">npm</span><span class="nv"> </span><span class="s">ci"</span> <span class="pi">-</span> <span class="na">run</span><span class="pi">:</span> <span class="s2">"</span><span class="s">node</span><span class="nv"> </span><span class="s">./.github/actions/merge.js"</span> <span class="na">env</span><span class="pi">:</span> <span class="na">GITHUB_TOKEN</span><span class="pi">:</span> <span class="s">${{ secrets.GITHUB_TOKEN }}</span> </code></pre> </div> <p>Learn more about the GitHub Action workflow syntax on <a href="https://help.github.com/en/actions/automating-your-workflow-with-github-actions/workflow-syntax-for-github-actions">GitHub help</a>.</p> <p>You can find my <code>merge-schedule</code> action on the GitHub Marketplace: <a href="https://github.com/marketplace/actions/merge-schedule">https://github.com/marketplace/actions/merge-schedule</a></p> github devops javascript Gregor Martynus Fri, 29 Nov 2019 22:39:45 +0000 https://dev.to/gr2m/automate-npm-releases-using-semantic-release-510c https://dev.to/gr2m/automate-npm-releases-using-semantic-release-510c <p>In an ideal world, the source code of an npm library is in sync with the versions published to the npm registry. </p> <p><strong>The problem</strong> is that the latest package versions published to npm are lacking behind their code. This results in</p> <ol> <li> <strong>Frustrated contributors</strong>, whose pull requests got merged and now wait to use the new version that includes their fixes or features</li> <li> <strong>Confused users</strong> that run into a bug that is marked as resolved on GitHub</li> <li> <strong>Stressed maintainers</strong> that are pressured by comments such as "When will this fix be released?" on closed issues and pull requests.</li> </ol> <p><strong>The solution</strong>: automation. Enter <a href="https://semantic-release.gitbook.io/semantic-release/">semantic-release</a></p> <p>In a nutshell, <code>semantic-release</code> relies on commit message conventions to calculate and publish a new version of your package. By default, the 3 conventions are</p> <ol> <li> <code>fix: ...</code> prefix in commit subject: triggers a fix release version, e.g. <code>1.2.3</code> → <code>1.2.4</code> </li> <li> <code>feat: ...</code> prefix in commit subject: triggers a feature version, e.g. <code>1.2.3</code> → <code>1.3.0</code> </li> <li> <code>BREAKING CHANGE:</code> in commit body: triggers breaking version release, e.g. <code>1.2.3</code> → <code>2.0.0</code> </li> </ol> <p><strong>That is all you need to learn.</strong></p> <p>Based on these conventions, new versions are continuously published to npm. Your code on GitHub and published versions on npm will never be out of sync again.</p> <p>But semantic-release does much more than this:</p> <ol> <li>It creates GitHub releases to mirror the versions published to npm and adds changelogs based on above conventions and adds them to the GitHub releases. <a href="https://github.com/octokit/action.js/releases/tag/v1.2.0"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--5TmSBcxR--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://thepracticaldev.s3.amazonaws.com/i/nso643pk7dhng0qu0l52.png" alt="GitHub release" width="880" height="243"></a> </li> <li>It notifies contributors with comments in pull requests and resolved issues that a new version has been released <a href="https://github.com/octokit/action.js/pull/8#event-2829342950"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--GTcEv1xw--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://thepracticaldev.s3.amazonaws.com/i/j4m50043hioerpsirk67.png" alt="Comment by semantic-release" width="880" height="623"></a> </li> <li>It lets you control in a single place who can both merge changes into the <code>master</code> branch and publish new versions to npm.</li> </ol> <h3> Setup using GitHub Actions </h3> <p><code>semantic-release</code> supports a variety of CI providers, git hosts and package registries. For this example, I'll use GitHub Actions to publish to npm.</p> <p>Install semantic-release<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>npm <span class="nb">install</span> <span class="nt">--save-dev</span> semantic-release </code></pre> </div> <p>If this is an existing project, make sure to create a git tag that matches the last version in the npm registiry, using a <code>v</code> prefix. For example, if the last version published to npm is <code>2.0.4</code>, create a <code>v2.0.4</code> tag and push it to your repository.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>git tag v2.0.4 git push <span class="nt">--tags</span> </code></pre> </div> <p>No need to create a tag for new packages that have not yet been published.</p> <p>Next, replace the version in your <code>package.json</code> file with "0.0.0-development". The version will be updated automatically by semantic-release. You no longer need to worry about it.</p> <p>Next, create an npm token for your account at <code>https://www.npmjs.com/settings/[YOUR USERNAME]/tokens</code> with the <code>read and publish</code> setting. Copy that token and store it <a href="https://help.github.com/en/actions/automating-your-workflow-with-github-actions/creating-and-using-encrypted-secrets#creating-encrypted-secrets">in your repository's secrets</a> using the name <code>NPM_TOKEN</code>.</p> <p>Finally, create a <code>.github/workflows/release.yml</code> file to run semantic-release each time a change is pushed to your repository's <code>master</code> branch.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">name</span><span class="pi">:</span> <span class="s">Release</span> <span class="na">on</span><span class="pi">:</span> <span class="na">push</span><span class="pi">:</span> <span class="na">branches</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">master</span> <span class="na">jobs</span><span class="pi">:</span> <span class="na">release</span><span class="pi">:</span> <span class="na">name</span><span class="pi">:</span> <span class="s">release</span> <span class="na">runs-on</span><span class="pi">:</span> <span class="s">ubuntu-latest</span> <span class="na">steps</span><span class="pi">:</span> <span class="c1"># check out repository code and setup node</span> <span class="pi">-</span> <span class="na">uses</span><span class="pi">:</span> <span class="s">actions/checkout@v1</span> <span class="pi">-</span> <span class="na">uses</span><span class="pi">:</span> <span class="s">actions/setup-node@v1</span> <span class="na">with</span><span class="pi">:</span> <span class="na">node-version</span><span class="pi">:</span> <span class="s2">"</span><span class="s">12.x"</span> <span class="c1"># install dependencies and run semantic-release</span> <span class="pi">-</span> <span class="na">run</span><span class="pi">:</span> <span class="s">npm ci</span> <span class="pi">-</span> <span class="na">run</span><span class="pi">:</span> <span class="s">npx semantic-release</span> <span class="na">env</span><span class="pi">:</span> <span class="na">GITHUB_TOKEN</span><span class="pi">:</span> <span class="s">${{ secrets.GITHUB_TOKEN }}</span> <span class="na">NPM_TOKEN</span><span class="pi">:</span> <span class="s">${{ secrets.NPM_TOKEN }}</span> </code></pre> </div> <p>That's it. Next time you merge a pull request with commit messages following the conventions mentioned above, semantic-release will create the npm and GitHub releases as well as comments on the pull request and linked issues.</p> <h3> Closing words </h3> <p>You can see <code>semantic-release</code> in action all over my projects on GitHub. I usually make multiple releases each work day. I don't even think about it any longer. It frees up my time and thoughts to focus on the code instead of the chores around it.</p> <p>And lastly, a tip: automating releases goes hand-in-hand with automating dependency updates. Services such as <a href="https://greenkeeper.io">Greenkeeper</a> even follow the required commit conventions when they send their pull requests. Merging the PRs is all it takes to release a new version. I highly recommend to use them both!</p> github npm devops javascript Gregor Martynus Sat, 23 Nov 2019 00:17:58 +0000 https://dev.to/gr2m/automate-updates-of-prettier-standard-and-other-javascript-linting-tools-using-github-actions-nko https://dev.to/gr2m/automate-updates-of-prettier-standard-and-other-javascript-linting-tools-using-github-actions-nko <p>Automating npm dependencies using a service such as <a href="https://greenkeeper.io/" rel="noopener noreferrer">Greenkeeper</a> is great! I would not be able maintain as many projects without that kind of automation.</p> <p>However, linters such as <a href="https://prettier.io/" rel="noopener noreferrer">Prettier</a> or <a href="https://standardjs.com/" rel="noopener noreferrer">Standard</a> are different. Every fix or new feature version introduces new formatting rules and might break your tests. If that happens, you end up waking up to notifications such as this:</p> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fthepracticaldev.s3.amazonaws.com%2Fi%2Fz6p9gkf1qz1hbqf01fxm.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fthepracticaldev.s3.amazonaws.com%2Fi%2Fz6p9gkf1qz1hbqf01fxm.png" alt="List of broken prettier updates"></a></p> <p>In this blog post I will automate the updates of Prettier by creating pull requests which include the updated code. It won't prevent the issues from being created, but once merged the issues will get closed automatically.</p> <h2> Setup </h2> <ol> <li>Install <code>prettier</code> in a repository if you haven't yet. </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>npm <span class="nb">install</span> <span class="nt">--save-dev</span> prettier </code></pre> </div> <ol> <li>Add two scripts to your <code>package.json</code> file: one to lint, and one to fix linting errors when possible: </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="p">{</span><span class="w"> </span><span class="err">...</span><span class="w"> </span><span class="nl">"scripts"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="err">...</span><span class="p">,</span><span class="w"> </span><span class="nl">"lint"</span><span class="p">:</span><span class="w"> </span><span class="s2">"prettier --check '{src,test}/**/*' README.md package.json"</span><span class="p">,</span><span class="w"> </span><span class="nl">"lint:fix"</span><span class="p">:</span><span class="w"> </span><span class="s2">"prettier --write '{src,test}/**/*' README.md package.json"</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <p>Adapt the passed file patterns <code>'{src,test}/**/*' README.md package.json</code> as needed to match your files.</p> <ol> <li>Install the <a href="https://github.com/marketplace/greenkeeper" rel="noopener noreferrer">Greenkeeper</a> GitHub App. It's free for Open Source! You will receive an initial pull request that will update all your dependencies to their respective latest versions. Merge that pull request to finish the Greenkeeper setup.</li> <li>Create the file <code>.github/workflows/update-prettier.yml</code> </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">name</span><span class="pi">:</span> <span class="s">Update Prettier</span> <span class="na">on</span><span class="pi">:</span> <span class="na">push</span><span class="pi">:</span> <span class="na">branches</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">greenkeeper/prettier-*</span> <span class="na">jobs</span><span class="pi">:</span> <span class="na">update_prettier</span><span class="pi">:</span> <span class="na">runs-on</span><span class="pi">:</span> <span class="s">ubuntu-latest</span> <span class="na">steps</span><span class="pi">:</span> <span class="c1"># make your repository's code available to the action</span> <span class="pi">-</span> <span class="na">uses</span><span class="pi">:</span> <span class="s">actions/checkout@v1</span> <span class="c1"># setup Node 12. Change the version number to your preference</span> <span class="pi">-</span> <span class="na">uses</span><span class="pi">:</span> <span class="s">actions/setup-node@v1</span> <span class="na">with</span><span class="pi">:</span> <span class="na">version</span><span class="pi">:</span> <span class="m">12</span> <span class="c1"># Install your package dependencies</span> <span class="pi">-</span> <span class="na">run</span><span class="pi">:</span> <span class="s">npm ci</span> <span class="c1"># Fix linting errors with the new prettier version</span> <span class="pi">-</span> <span class="na">run</span><span class="pi">:</span> <span class="s">npm run lint:fix</span> <span class="c1"># Create a pull request if there are any changes</span> <span class="pi">-</span> <span class="na">uses</span><span class="pi">:</span> <span class="s">gr2m/create-or-update-pull-request-action@v1.x</span> <span class="na">env</span><span class="pi">:</span> <span class="na">GITHUB_TOKEN</span><span class="pi">:</span> <span class="s">${{ secrets.GITHUB_TOKEN }}</span> <span class="na">with</span><span class="pi">:</span> <span class="na">title</span><span class="pi">:</span> <span class="s2">"</span><span class="s">Prettier</span><span class="nv"> </span><span class="s">updated"</span> <span class="na">body</span><span class="pi">:</span> <span class="s2">"</span><span class="s">An</span><span class="nv"> </span><span class="s">update</span><span class="nv"> </span><span class="s">to</span><span class="nv"> </span><span class="s">prettier</span><span class="nv"> </span><span class="s">required</span><span class="nv"> </span><span class="s">updates</span><span class="nv"> </span><span class="s">to</span><span class="nv"> </span><span class="s">your</span><span class="nv"> </span><span class="s">code."</span> <span class="na">branch</span><span class="pi">:</span> <span class="s">${{ github.ref }}</span> <span class="na">commit-message</span><span class="pi">:</span> <span class="s2">"</span><span class="s">style:</span><span class="nv"> </span><span class="s">prettier"</span> </code></pre> </div> <p>This GitHub Action will run on the <a href="https://developer.github.com/v3/activity/events/types/#pushevent" rel="noopener noreferrer"><code>push</code> event</a>, but only if the branch starts with <code>greenkeeper/prettier-</code>. These are branches created as part of <a href="https://greenkeeper.io/faq.html#branch-deletions" rel="noopener noreferrer">Greenkeeper's real-time monitoring</a>. They get deleted again if your tests pass, otherwise Greenkeeper creates an issue like the ones shown in the screenshot above.</p> <p>That's it. Next time a new Prettier version is released, you should see the new "Update Prettier" action doing it's thing:</p> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fthepracticaldev.s3.amazonaws.com%2Fi%2Flafchhd1ityh5l5t6qm9.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fthepracticaldev.s3.amazonaws.com%2Fi%2Flafchhd1ityh5l5t6qm9.png" alt="Screenshot of Update Prettier action"></a></p> <p>You will see it in action with the next release of Prettier. I hope that will lower your maintenance overhead a little bit! Happy updating!</p> javascript github npm devops