GitHub Gist API patch doesn't work? - github

I am creating anonymous Gists using Postman. The Gists get created successfully but when I try to patch them, I get:
{
"message": "Not Found",
"documentation_url": "https://developer.github.com/v3/gists/#edit-a-gist"
}
The URL I am using is:
https://api.github.com/gists/14694f43065a32ec28ad
If I do a GET, it works fine. If I do a PATCH, I get an error message.
What's wrong here?

You can read and create anonymous gists, but you cannot edit them. If you want to create, read, update and delete, use authentication.
In the Authentication section, it says:
You can read public gists and create them for anonymous users without a token; however, to read or write gists on a user's behalf the gist OAuth scope is required.
You will get the same 404–Not found error if you just try to git push some commits into an anonymous gist.
$ git push
Username for 'https://gist.github.com': IonicaBizau
Password for 'https://IonicaBizau#gist.github.com':
remote: Repository not found.
fatal: repository 'https://gist.github.com/anonymous/5801....d2f/' not found
They don't even provide an edit button on the Gist page, for anonymous gists. They do have a Delete button associated with the IP (any user having the anonymous Gist link, being connected on the same network, assuming they get the same public ip, can delete the anonymous gist).
Otherwise you have to contact support for deleting the anonymous gist.

Related

How to give write permission to a team for a repository using Octokit/GitHub API?

I'm using JavaScript and Octokit to dynamically create repositories in an organization and set a series of options.
Everything works, except adding write permissions to a team for the repository created.
Just to be clear, by write permission I mean the ones that can be set through the repository settings:
Settings > Collaborators and teams > Manage Acccess > Role: Write
What I've been trying to use so far, was the octokit.rest.teams.addOrUpdateRepoPermissionsInOrg function in Octokit, documented here, like this:
octokit.rest.teams.addOrUpdateRepoPermissionsInOrg({
org: "org-name",
team_slug: "team-name",
owner: "owner-name",
repo: "repo-name",
permission: "write",
}
When doing this, I receive a Validation Failed error.
Checking the relative documentation on the GitHub API docs, it effectively seems that the valid values for permission are: pull, push, admin, maintain, triage
So I guess that I'm simply using the wrong function.
But what's the correct one to change that kind of permission?
I managed to make it work: apparently, the push permission in the API corresponds to the write permission in the GitHub web interface.
FYI: this seems like a discrepancy, so I opened an issue.

I am not able to filter issue via github search api

I am a collaborator for a private repository and able to edit, push code, create issues, close issues, etc on it. I am trying to create a report of issues open and closed on the repository. To achieve this I needed to get issues based on time interval and label. I found that the GitHub search API will be useful for me.
I started out by creating a token (PAT) giving it the whole repo scope
Then to test the API I hit the below URL with the token
https://api.github.com/search/issues?q=repo:orgname/reponame
I am able to get the results.
Then I tried to narrow down by adding is:issue and is:closed qualifier using the same token
https://api.github.com/search/issues?q=repo:orgname/reponame+is:issue+is:closed
I got the below response
{
"message": "Validation Failed",
"errors": [
{
"message": "The listed users and repositories cannot be searched either because the resources do not exist or you do not have permission to view them.",
"resource": "Search",
"field": "q",
"code": "invalid"
}
],
"documentation_url": "https://docs.github.com/v3/search/"
}
The issues are present and I can search it on Github website, but couldn't via github search api. I am able to apply a repo qualifier but couldn't add any other qualifiers.
What am I missing here?
There's two things I've found that can cause this.
In your case it's likely permissions since your encoding appears to be fine.
Searching specifically for PRs or Issues on private repos requires 'content' permissions (this is incorrectly documented in the GitHub docs as requiring metadata permissions). If a user has no public repos but they do have private ones then you get a permission error like the above, rather than the empty response that you get if they have no repos of any kind or only public repos but no matching results.
The other thing I've found that causes this is incorrect encoding of the query. An easy error to make there (from experience) is having the + sign in the query and then encoding it. This encodes the + as %3A whereas what you want is a space between each query term. The space is then encoded as +. Making this encoding mistake will also result in the same permission/not found error.
I appreciate this is probably a little late for you, but hopefully it helps others.

Github API: Team permissions not updating

I am attempting to update a repository's team permissions through the Github API, similar to this question. However, despite having receiving a 204 response, the permission does not get updated. I have full admin access over the repo and the team. I am following the documentation here.
Code snippet in Python:
headers = {'Authorization': f'token {token}'}
parameters = {'permission': 'push'}
response = requests.put(f'https://api.github.com/teams/{team_id}/repos/{org}/{name}', headers=headers, params=parameters)
I have also tried with the key pair 'permission': 'write' because that is one of the five permission options that appears on the repo's collaborators page, but both receive a 204 response and do not actually update the permission.
I'm doing this on a large scale for a number of repos, so I need to be able to change the permissions programmatically for each repo based on the team. I cannot tell if this is an API issue or if my code is incorrect. Thank you!

Download ssh public keys from GitHub and GitLab *with the comment field*

On both GitHub and GitLab, you can download a user's SSH public keys with a simple GET request to the URL https://server/username.keys, 
for example:
curl https://github.com/unclebob.keys
This gives:
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEArmmGWKZ8UAO6myYW94liK4oMNBen6Sl7r0QAb6Et0y1kwCIBeBrHZhsSFQBzw0H517FeML9d+fBMSShZloMvw5x8nLQq5kbi4+8JXC4+CwW505fipjFY4ABj60BZioZn4Hndf8bwmCwXDHVtjfUeBD8b+Sjn7VNQ123rd1t5TLYDShk+2I4ldDhxbkFRqBF1gz3is4BsngdsHQp5AuuFWmiD2FRDRZDACdUyL8fUIP6O/3TAGFNKP2CG6//8+XHbQOYUaJ9RkSAJ453dx2PwDdiIXJyIJRO/q8wqWyRhA94XtJ77zP9BMyrRVnMClYcQoc9WBBlocp519l9vsp6jyQ==  
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCoQ9S7V+CufAgwoehnf2TqsJ9LTsu8pUA3FgpS2mdVwcMcTs++8P5sQcXHLtDmNLpWN4k7NQgxaY1oXy5e25x/4VhXaJXWEt3luSw+Phv/PB2+aGLvqCUirsLTAD2r7ieMhd/pcVf/HlhNUQgnO1mupdbDyqZoGD/uCcJiYav8i/V7nJWJouHA8yq31XS2yqXp9m3VC7UZZHzUsVJA9Us5YqF0hKYeaGruIHR2bwoDF9ZFMss5t6/pzxMljU/ccYwvvRDdI7WX4o4+zLuZ6RWvsU6LGbbb0pQdB72tlV41fSefwFsk4JRdKbyV3Xjf25pV4IXOTcqhy+4JTB/jXxrF
Unfortunately, notice that there is no comment field at the end. 
On GitHub and GitLab the comment field is there in the system, you can view and edit in your profile to easily distinguish your multiple keys from each other.
But when accessing using this method, both GitHub and GitLab drop the comment field, for some reason.
Is there an easy way to get the public keys from these services? I'm aware of the REST APIs, but as far as I know they return JSON, which is not so convenient for example if I want to simply redirect the output of curl to append to an authorized_keys file. If I have to parse JSON, that adds more complexity to my scripts I'd like to avoid.
That seems a security issue, where the comment content might leak some possibly sensitive data if it were returned (since you can set any comment in there).
That is why the very specification of that "get keys" feature in GitLab does include:
it "should not render the comment of the key" do
get :get_keys, username: user.username
expect(response.body).not_to match(/dummy#gitlab.com/)
end

How to search for code in GitHub with GitHub API?

I'm trying to search for some piece of code using the GitHub API V3 given only the keyword, not limiting by user, organization, or repository.
For example, if I want to search for all pieces of code that contain the keyword "addClass", the results would be
https://github.com/search?q=addClass&type=Code&ref=searchresults without using GitHub API.
But how can I do the same thing through GitHub API? I tried https://api.github.com/search/code?q=addClass
It says "Must include at least one user, organization, or repository". How can I fix this?
You can do a code search without specifying a user/org/repo if you authenticate.
First, generate a personal access token for use for this purpose, from your Profile on GitHub's website:
Settings -> Developer Settings -> Personal Access Token -> Generate New Token (you can leave all access options unticked, since you're just using to make web requests)
Now, your original GET request will work and return results, if you append the token to it:
https://api.github.com/search/code?q=addClass&access_token=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
UPDATE: OCT 2021
As pointed out by a comment below, passing the token in via a query parameter (like above) is deprecated. You must now add it as an Authorization header.
e.g.
curl --location --request GET 'https://api.github.com/search/code?q=addClass +in:file +language:csharp' \
--header 'Authorization: Token xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'
or in Python:
import requests
url = "https://api.github.com/search/code?q=addClass +in:file +language:csharp"
headers = {
'Authorization': 'Token xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'
}
response = requests.request("GET", url, headers=headers)
print(response.text)
2020: As detailed in Mark Z.'s answer, using an authentication (Authorization': 'Token xxxx') allows for a code search.
get /search/code
You can use:
either a dedicated command-line tool like feinoujc/gh-search-cli
ghs code --extension js "import _ from 'lodash'"
or the official GitHub CLI gh, (after a gh auth login) as show in issue 5117:
gh api --method=GET "search/code?q=filename:test+extension:yaml+org:new-org"
Or even:
gh api --method=GET search/code -f q='filename:test extension:yaml org:new-org' \
--jq '.items[] | [.repository.full_name,.path,.sha] | #tsv'
That would get a line-based, tab-separated list of fields in this order: repo name, file path, git sha. (see gh help formatting)
2014 (original answer): That seems related to the new restriction "New Validation Rule for Beta Code Search API" (Oct. 2013)
In order to support the expected volume of requests, we’re applying a new validation rule to the Code Search API. Starting today, you will need to scope your code queries to a specific set of users, organizations, or repositories.
So, the example of the API search code mentions now:
Suppose you want to find the definition of the addClass function inside jQuery. Your query would look something like this:
https://api.github.com/search/code?q=addClass+in:file+language:js+repo:jquery/jquery
While Gihub does not currently support code search without repo, user, or organization (see VonC's answer), codesearch does index some sources from Github via the codesearch API, albeit with an API less fully featured out than Github's.
For example, to search for wget invocations indexed from Github, call
curl "https://searchcode.com/api/codesearch_I/?q=wget&src=2"
The optional src parameter picks the code source (e.g., Github, BitBucket) that should be searched, and you can find its integer value for a source by altering the parameters of faceted search in the codesearch UI. The current value of src for Github is 2.
You can verify that the returned results from the above example come from github.com by viewing the the repo property of results items.