After I switched to the new Github Token format, I am not able anymore to perform a call for this github API:
https://docs.github.com/en/rest/issues/comments#list-issue-comments
My script does the following:
[[ -z "$GITHUB_REPO_SLUG" ]] && export GITHUB_REPO_SLUG="$TRAVIS_REPO_SLUG"
GITHUB_API_BASE_URL="https://api.github.com/repos/${GITHUB_REPO_SLUG}"
GITHUB_AUTH_HEADER="Authorization: token $GITHUB_TOKEN"
comment_ids=$(curl -s -H "$GITHUB_AUTH_HEADER" "$GITHUB_API_BASE_URL/issues/$pull_request_id/comments" \
| jq --arg USER "$GITHUB_USER" -r '. | map(select(.user.login==$USER)) | map(.id) | .[]')
for comment_id in $(echo $comment_ids); do
jq -n -r --arg message "$message" '{ body: $message }' \
| curl -s -H "$GITHUB_AUTH_HEADER" "$GITHUB_API_BASE_URL/issues/comments/$comment_id" -X PATCH --data #- > /dev/null
echo "Edited comment with id $comment_id of PR $pull_request_id"
done
The api call that list comments ids responds:
{
"message": "Not Found",
"documentation_url": "https://docs.github.com/rest/reference/issues#list-issue-comments"
}
This still works using tokens in the old format, but doesn't with tokens in the new format.
Is there any way to use the GHP to call that api?
The github user associated with the github token must be provided writing access to the repository.
Since this was missing API responded 404 (default behaviour set for Github APIs).
Related
This curl command works as expected and shows when the repository was first created.
curl https://api.github.com/repos/RaRe-Technologies/gensim | grep created
"created_at": "2011-02-10T07:43:04Z",
But this does not show when a file in that repo was created.
curl
https://api.github.com/repos/RaRe-Technologies/gensim/blob/develop/gensim/scripts/make_wikicorpus.py
| grep created
Is there any way to find the date on which the file was introduced?
You can use https://api.github.com/repos/OWNER/REPO/commits?path=<path/to/file>, as described here.
The results of this request can then be parsed by jq, with the following options .[-1].commit.author.date.
This tells jq to get the last item of the array ([-1]), and then parse the value of commit, then author and then the date, which is the date of the commit.
So using the follwing command
curl "https://api.github.com/repos/RaRe-Technologies/gensim/commits?path=gensim/scripts/make_wikicor
pus.py" | jq -r ".[-1].commit.author.date"
will result in
2012-07-21T20:00:29Z
The alternative, using GitHub CLI gh, and its gh api command:
# Windows
gh api -X GET repos/RaRe-Technologies/gensim/commits \
-f path="gensim/scripts/make_wikicorpus.py" \
--jq ".[-1].commit.author.date"
# Linux
gh api -X GET repos/RaRe-Technologies/gensim/commits \
-f path='gensim/scripts/make_wikicorpus.py' \
--jq '.[-1].commit.author.date'
2012-07-21T20:00:29Z
You don't even need jq if you have gh installed.
I am trying to trigger the workflow_dispatch action for a GitHub workflow via REST but I am getting a "not found" error.
My question is similar to this one but the difference is that I am still getting the "not found" error even though the header indicates I am authenticated (the rate limit has increased to 5,000).
Here's my script:
#!/bin/bash
# https://docs.github.com/en/rest/reference/actions#create-a-workflow-dispatch-event
OWNER='myGithubOrganization'
REPO='myRepo'
WORKFLOW_ID='main.yml'
POST_URL="https://api.github.com/repos/$OWNER/$REPO/actions/workflows/$WORKFLOW_ID/dispatches"
echo "Calling $POST_URL"
GITHUB_PERSONAL_ACCESS_TOKEN=$(echo "$PLATFORM_VARIABLES" | base64 --decode | jq '.GITHUB_PERSONAL_ACCESS_TOKEN' --raw-output)
# -i to include headers.
curl \
-i \
-X POST \
-H "Accept: application/vnd.github.v3+json" \
-H "Authorization: token $GITHUB_PERSONAL_ACCESS_TOKEN" \
$POST_URL \
-d '{"ref":"ref"}'
In the headers, I see the rate limit has increased to 5,000, so I know I am logged in.
The personal access token has the following permissions:
repo
workflow
admin:org_hook
The personal access token is for a machine user.
In the repo settings, under "Collaborators and teams", the machine user account has the "Read" role.
What more do I need to do to trigger the workflow?
The machine user needs to have write access, not read access.
This is true even if the workflow does something like run CI tests and does not write any code.
I want to passively check the permissions (scopes) of a GitHub security token passively (without pushing something into a repository). I tried the following command. I replaced your_username: your access token and the URL of my repo. But it shows an error.
curl: (3) URL using bad/illegal format or missing URL
curl -u your_username:your_access_token \
-H "Accept: application/vnd.github.v3+json" \
https://api.github.com/repos/octocat/hello-world/collaborators/USERNAME/permission
If the goal is to determine which scopes a token has access to, check the response header with prefix x-oauth-scopes (using curl with -I):
$ GITHUB_TOKEN=ghp_DefineYourOwnToken
$ curl -sS -f -I -H "Authorization: token ${GITHUB_TOKEN}" https://api.github.com | grep ^x-oauth-scopes: | cut -d' ' -f2- | tr -d "[:space:]" | tr ',' '\n'
Note that tr -d "[:space:]" above is essential for removing some unusual whitespace, failing which a matching command such as grep -x doesn't subsequently work correctly.
Sample output 1:
gist
repo
workflow
Sample output 2:
delete:packages
public_repo
read:packages
repo:invite
repo:status
Credit: answer by VK
The GitHub API provides a lot of functionality, but is there a way to retrieve the build status for a commit? The GitHub UI provides information from the CI system we have configured, but I can't see this information exposed through the API?
You can access the status for a particular ref
GET https://api.github.com/repos/:owner/:repo/commits/:ref/statuses
For the value of :ref, you can use a SHA, a branch name, or a tag name.
It doesn't provide status directly, but offers you to create a status
That means the CI can have a final build step which publishes the status to GitHub repo that way.
POST /repos/:owner/:repo/statuses/:sha
For example:
{
"state": "success",
"target_url": "https://example.com/build/status",
"description": "The build succeeded!",
"context": "continuous-integration/jenkins"
}
(and that, for a given SHA1)
See for instance "Github Commit Status API with Bamboo from Atlassian", where:
${bamboo.buildResultsUrl} is the GitHub commit SHA1:
<xxx> is a placeholder value, which can be replaced by a value, or a variable ${var} as shown here.
Add those to your plan as Script.
complete.sh:
# specs and cukes results are stored in JUnit format under test-reports
if (grep 'failures="[^0]"' test-reports/* || \
grep 'errors="[^0]"' test-reports/*); then
curl -H "Authorization: token <MY_TOKEN>" --request POST \
--data '{"state": "failure", "description": "Failed!", \
"target_url": "${bamboo.buildResultsUrl}"}' \
https://api.github.com/repos/<USER>/<REPO>/statuses/${bamboo.repository.revision.number} > /dev/null
else
curl -H "Authorization: token <MY_TOKEN>" --request POST \
--data '{"state": "success", "description": "Success!", \
"target_url": "${bamboo.buildResultsUrl}"}' \
https://api.github.com/repos/<USER>/<REPO>/statuses \
/${bamboo.repository.revision.number} > /dev/null
fi
pending.sh:
curl -H "Authorization: token <MY_TOKEN>" --request POST \
--data '{"state": "pending", "description": "Build is running", \
"target_url": "${bamboo.buildResultsUrl}"}' \
https://api.github.com/repos/<USER>/<REPO>/statuses/${bamboo.repository.revision.number} > /dev/null
Is there a simple way to use a cURL request to the REST API to access a file on my Sharepoint account? For example
curl -i -H "Authorization: Bearer <some-key-here>" https://mysharepoint.com/_api/web/Lists
I have read all the documentation about authentication and authorization for apps, but in this case I don't have an "application" that I can register. I simply need an API key of some kind to use in REST requests. How can I use the REST API in this way?
I appreciate any insight into this problem.
Create a bash script:
$ nano get_access_token.sh
Paste the next content to it, changing YourTenant, client_id, client_secret to your own values (you could get in Sharepoint's part below).
wwwauthenticate=$(curl -i -H "Authorization: Bearer" -s "https://YourTenant.sharepoint.com/_vti_bin/client.svc/" | grep -i "www-authenticate")
bearer_realm=$(echo $wwwauthenticate | awk -F"," '{print $1}' | awk -F"=" '{print $2}' | tr -d '"')
app_id=$(echo $wwwauthenticate | awk -F"," '{print $2}' | awk -F"=" '{print $2}' | tr -d '"')
grant_type="grant_type=client_credentials"
cl_id="client_id=c2xxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxx#$bearer_realm"
cl_secret="client_secret=3zzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzz"
res="resource=$app_id/YourTenant.sharepoint.com#$bearer_realm"
url="https://accounts.accesscontrol.windows.net/$bearer_realm/tokens/OAuth/2"
content_type="Conent-Type: application/x-www-form-urlencoded"
access_token=$(curl -X POST -H $content_type --data-urlencode $grant_type --data-urlencode $cl_id --data-urlencode $cl_secret --data-urlencode $res -s $url | awk -F":" '{print $NF}' | tr -d '"}')
echo $access_token
Apply proper permissions: chmod 700 get_access_token.sh
You could use curl with that token the next way:
curl -i -H "Authorization: Bearer $(./get_access_token.sh)" -H "Accept: application/json;odata=verbose" -s "https://YourTenant.sharepoint.com/_api/web"
You could replace ./ by the full path to the script.
Sharepoint's part:
Register a new app by
following https://YourTenant.sharepoint.com/_layouts/15/appregnew.aspx link
generating Client Id and ** Client Secret** values
filling Title, App Domain and Redirect URI fields (I've input localhost.com as on the picture - it works)
clicking Create button
Save somewhere into file the next parameters:
The app identifier has been successfully created.
Client Id: 898c898f-89238-43d0-4b2d-7a64c26f386a
Client Secret: 4/T+21I1DSoAJdOX9DL1Ne4KssEaP7rqb11gdtskhXn=
Title: SomeTitle
App Domain: localhost.com
Redirect URI: https://localhost.com/default.aspx
Apply permissions to this app by
following https://YourTennant.sharepoint.com/sites/SharePointRND/_layouts/15/appinv.aspx
inserting Client Id: 898c898f-89238-43d0-4b2d-7a64c26f386a into App Id field
clicking Lookup button
pasting into Permission Request XML the next code (in my case I needed only Read access, so I changed Rights value from FullControl to Read):
<AppPermissionRequests AllowAppOnlyPolicy="true">
<AppPermissionRequest Scope="http://sharepoint/content/sitecollection/web" Right="FullControl" />
</AppPermissionRequests>
Create bottom button clicking
Trust it button clicking
Here's Postman related but similar answer
If this is still relevant, this did it for me:
curl https://mysharepoint.com/_api/web/Lists -v --ntlm --negotiate -u user:password
You basically authenticate using ntlm (Note that some sharepoints might require Kerberos) and then can easily access the REST API like you can via browser.
Edit does not work with Office 365 apparently.