I'm using JavaScript and Octokit to dynamically create repositories in an organization and set a series of options.
Everything works, except adding write permissions to a team for the repository created.
Just to be clear, by write permission I mean the ones that can be set through the repository settings:
Settings > Collaborators and teams > Manage Acccess > Role: Write
What I've been trying to use so far, was the octokit.rest.teams.addOrUpdateRepoPermissionsInOrg function in Octokit, documented here, like this:
octokit.rest.teams.addOrUpdateRepoPermissionsInOrg({
org: "org-name",
team_slug: "team-name",
owner: "owner-name",
repo: "repo-name",
permission: "write",
}
When doing this, I receive a Validation Failed error.
Checking the relative documentation on the GitHub API docs, it effectively seems that the valid values for permission are: pull, push, admin, maintain, triage
So I guess that I'm simply using the wrong function.
But what's the correct one to change that kind of permission?
I managed to make it work: apparently, the push permission in the API corresponds to the write permission in the GitHub web interface.
FYI: this seems like a discrepancy, so I opened an issue.
I use cla-assistant as my GitHub Contributor License Agreement (CLA) management bot.
Is it possible to change the URL of the gist containing the CLA? (without having to export the list of users who signed the CLA, unlink the repository, relink the repository with a a new gist URL and import the user list)
This isn't possible.
From one of the repository maintainers on https://github.com/cla-assistant/cla-assistant/issues/223:
unfortunately not. It works only the (long) way you have described.
On both GitHub and GitLab, you can download a user's SSH public keys with a simple GET request to the URL https://server/username.keys,
for example:
curl https://github.com/unclebob.keys
This gives:
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEArmmGWKZ8UAO6myYW94liK4oMNBen6Sl7r0QAb6Et0y1kwCIBeBrHZhsSFQBzw0H517FeML9d+fBMSShZloMvw5x8nLQq5kbi4+8JXC4+CwW505fipjFY4ABj60BZioZn4Hndf8bwmCwXDHVtjfUeBD8b+Sjn7VNQ123rd1t5TLYDShk+2I4ldDhxbkFRqBF1gz3is4BsngdsHQp5AuuFWmiD2FRDRZDACdUyL8fUIP6O/3TAGFNKP2CG6//8+XHbQOYUaJ9RkSAJ453dx2PwDdiIXJyIJRO/q8wqWyRhA94XtJ77zP9BMyrRVnMClYcQoc9WBBlocp519l9vsp6jyQ==
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCoQ9S7V+CufAgwoehnf2TqsJ9LTsu8pUA3FgpS2mdVwcMcTs++8P5sQcXHLtDmNLpWN4k7NQgxaY1oXy5e25x/4VhXaJXWEt3luSw+Phv/PB2+aGLvqCUirsLTAD2r7ieMhd/pcVf/HlhNUQgnO1mupdbDyqZoGD/uCcJiYav8i/V7nJWJouHA8yq31XS2yqXp9m3VC7UZZHzUsVJA9Us5YqF0hKYeaGruIHR2bwoDF9ZFMss5t6/pzxMljU/ccYwvvRDdI7WX4o4+zLuZ6RWvsU6LGbbb0pQdB72tlV41fSefwFsk4JRdKbyV3Xjf25pV4IXOTcqhy+4JTB/jXxrF
Unfortunately, notice that there is no comment field at the end.
On GitHub and GitLab the comment field is there in the system, you can view and edit in your profile to easily distinguish your multiple keys from each other.
But when accessing using this method, both GitHub and GitLab drop the comment field, for some reason.
Is there an easy way to get the public keys from these services? I'm aware of the REST APIs, but as far as I know they return JSON, which is not so convenient for example if I want to simply redirect the output of curl to append to an authorized_keys file. If I have to parse JSON, that adds more complexity to my scripts I'd like to avoid.
That seems a security issue, where the comment content might leak some possibly sensitive data if it were returned (since you can set any comment in there).
That is why the very specification of that "get keys" feature in GitLab does include:
it "should not render the comment of the key" do
get :get_keys, username: user.username
expect(response.body).not_to match(/dummy#gitlab.com/)
end
Is there a way to trigger an automatic, custom tagging of a repository every time a pull request is merged in github ? for example...
After merging "pull request 8", id like to automatically tag the repository at that state as "$Major_Version.$pr_id".
The result might be "0.1.8".
Is this possible?
Worst case, if someone hasn't written a thing to do that yet, is to use the post-receive webhooks https://help.github.com/articles/post-receive-hooks
You'd need an internet-visible web server to do this, and some code to recognize the merge (it will have two parents) and see if it mentions a pull-request.
Need help on GitHub usage. I wonder if there is a way to communicate with a github.com user i.e. write the user a message when only username/id is given on their GitHub page? Does GitHub have this social feature?
Although GitHub removed the private messaging feature, there's still an alternative.
GitHub host git repositories. If the user you're willing to communicate with has ever committed some code, there are good chances you may reach your goal. Indeed, within each commit is stored some information about the author of the change or the one who accepted it.
Provided you're really dying to exchange with user user_test
Display the public activity page of the user: https://github.com/user_test?tab=activity
Search for an event stating "user_test pushed to [branch] at [repository]". There are usually good chances, they may have pushed one of his own commits. Ensure this is the case by clicking on the "View comparison..." link and make sure the user is listed as one of the committers.
Clone on your local machine the repository they pushed to: git clone https://github.com/..../repository.git
Checkout the branch they pushed to: git checkout [branch]
Display the latest commits: git log -50
As a committer/author, an email should be displayed along with the commit data.
Note: Every warning related to unsolicited email should apply there. Do not spam.
This method was working as of Jan 2023
Copy and paste the next line into your browser (feel free to
bookmark it): https://api.github.com/users/xxxxxxx/events/public
Find the GitHub username for which you want the email. Replace the
xxxxxxx in the URL with the person's GitHub username. Hit Enter.
Press Ctrl+F and search for “email”.
As suggested by qbolec, the above steps can be done by using this snippet:
<input id=username type="text" placeholder="github username or repo link">
<button onclick="fetch(`https://api.github.com/users/${username.value.replace(/^.*com[/]([^/]*).*$/,'$1')}/events/public`).then(e=> e.json()).then(e => [...new Set([].concat.apply([],e.filter(x => x.type==='PushEvent').map(x => x.payload.commits.map(c => c.author.email)))).values()]).then(x => results.innerText = x)">GO</button>
<div id=results></div>
Source: Matthew Ferree # Sourcecon
Simply create a dummy repo, open a new issue and use #xxxxx to notify the affected user.
If user has notification via e-mail enabled they will get an e-mail, if not they will notice on next login.
No need to search for e-mail address in commits or activity stream and privacy is respected.
For lazy people, like me, a snippet based on Nikhil's solution
<input id=username type="text" placeholder="github username or repo link">
<button onclick="fetch(`https://api.github.com/users/${username.value.replace(/^.*com[/]([^/]*).*$/,'$1')}/events/public`).then(e=> e.json()).then(e => [...new Set([].concat.apply([],e.filter(x => x.type==='PushEvent').map(x => x.payload.commits.map(c => c.author.email)))).values()]).then(x => results.innerText = x)">GO</button>
<div id=results></div>
Github said on April 3rd 2012 :
Today we're removing two features. They've been gathering dust for a while and it's time to throw them out : Fork Queue & Private Messaging
Source
Here is another way:
Browse someone's commit history (Click commits which is next to branch to see the whole commit history)
Click the commit that with the person's username because there might be so many of them
Then you should see the web address has a hash concatenated to the URL. Add .patch to this commit URL
You will probably see the person's email address there
Example: https://github.com/[username]/[reponame]/commit/[hash].patch
Source: Chris Herron # Sourcecon
Besides the removal of the github messaging service, usage was often not necessary due to many githubbers communicating with- and advocating twitter.
The advantage is that there is:
full transparency
better coverage
better search features for tweets
better archiving, for instance by the US Library of Congress
It is probably no coincidence that stackoverflow doesn't allow private messaging either, to ensure full transparency. The entire messaging issue is thoroughly discussed on meta-stackoverflow here.
Does GitHub have this social feature?
If the commit email is kept private, GitHub now (July 2020) proposes:
Users and organizations can now add Twitter usernames to their GitHub profiles
You can now add your Twitter username to your GitHub profile directly from your profile page, via profile settings, and also the REST API.
We've also added the latest changes:
Organization admins can now add Twitter usernames to their profile via organization profile settings and the REST API.
All users are now able to see Twitter usernames on user and organization profiles, as well as via the REST and GraphQL APIs.
When sponsorable maintainers and organizations add Twitter usernames to their profiles, we'll encourage new sponsors to include that Twitter username when they share their sponsorships on Twitter.
That could be a workaround to leave a message to a GitHub user.
Simplest solution that worked for me very well is just to put the username of that particular user or repository link of corresponding user!
<input id=username type="text" placeholder="Github Username or Repo link">
<button onclick="fetch(`https://api.github.com/users/${username.value.replace(/^.*com[/]([^/]*).*$/,'$1')}/events/public`).then(e=> e.json()).then(e => [...new Set([].concat.apply([],e.filter(x => x.type==='PushEvent').map(x => x.payload.commits.map(c => c.author.email)))).values()]).then(x => results.innerText = x)">GO, Get email!</button>
<div id=results></div>