bug: fix private repo listing for a user#16
Conversation
dhellmann
force-pushed
the
fix-private-repo-list
branch
3 times, most recently
from
4b8b0f3 to
4c321dc
Compare
Private repositories are not included in the /users/$name/repos API results. Use /user/repos?affiliation=owner instead to list only owned repositories for the current authenticated user, including those marked private.
dhellmann
force-pushed
the
fix-private-repo-list
branch
from
4c321dc to
ecbdcd6
Compare
|
I'm not sure what's wrong with the pypy jobs. Those failures don't look related to the change, do they normally pass? |
|
Sorry for the delayed response, I'm on vacation and completely forgot to check my mail this week. (Not that I'm too sorry, that's the whole point of a vacation.)
Those are broken on git master as well. AFAICT what happened was that a newer GitHub Actions base image with a newer PyPy version triggers a bug in cattrs that causes those failures. cattrs has an (unreleased) fix for it, details at python-attrs/cattrs#253 |
| # user instead. This only works if the current token | ||
| # is associated with that user. | ||
| list_url = ('https://api.github.com/user/repos' | ||
| '?affiliation=owner&sort=full_name') |
There was a problem hiding this comment.
Uh, just to double-check, this branch is taken only when you provide a GitHub token?
Because by default include_private is True, but github_token is not set.
What does the GitHub API return if you try to GET /user/repos without any token? Which user does it pick?
I think I may have been too hasty in merging this...
There was a problem hiding this comment.
What does the GitHub API return if you try to GET /user/repos without any token? Which user does it pick?
Yeah, you get a 401 Unauthorized.
I'll add a fix.
There was a problem hiding this comment.
Fixed in 5048af6. I'd appreciate some testing that I haven't actually broken your use case with my fix ;)
There was a problem hiding this comment.
Sorry, yeah, this effectively requires the GitHub token when include_private is true. That's a breaking change in behavior, so I should have highlighted it.
I'd be happy to collaborate on improving that (docs, validation, etc.).
|
I've been thinking, and I'm uneasy about how the username passed to Is there a way to ask the GitHub API about the user name of the user whose token we're using to authenticate? |
|
It looks like the /user endpoint would to that. https://docs.github.com/en/developers/apps/building-github-apps/identifying-and-authorizing-users-for-github-apps I can work on adding validation. Should that happen on unit as well as when actually querying? |
I decided to only do the validation at runtime when the query would be invoked, because the init code path doesn't already run any queries and some users will just edit the file by hand without using the init option. See #19 |
2 participants
Private repositories are not included in the /users/$name/repos API
results. Use /user/repos?affiliation=owner instead to list only owned
repositories for the current authenticated user.
See https://docs.github.com/en/rest/repos/repos#list-repositories-for-a-user which says "Lists public repositories for the specified user" and https://docs.github.com/en/rest/repos/repos#list-repositories-for-the-authenticated-user for info on the
affiliationargument.