dependabot_secrets.go

Documentation: github.com/google/go-github/v47/github

     1  // Copyright 2022 The go-github AUTHORS. All rights reserved.
     2  //
     3  // Use of this source code is governed by a BSD-style
     4  // license that can be found in the LICENSE file.
     5  
     6  package github
     7  
     8  import (
     9  	"context"
    10  	"fmt"
    11  )
    12  
    13  func (s *DependabotService) getPublicKey(ctx context.Context, url string) (*PublicKey, *Response, error) {
    14  	req, err := s.client.NewRequest("GET", url, nil)
    15  	if err != nil {
    16  		return nil, nil, err
    17  	}
    18  
    19  	pubKey := new(PublicKey)
    20  	resp, err := s.client.Do(ctx, req, pubKey)
    21  	if err != nil {
    22  		return nil, resp, err
    23  	}
    24  
    25  	return pubKey, resp, nil
    26  }
    27  
    28  // GetRepoPublicKey gets a public key that should be used for Dependabot secret encryption.
    29  //
    30  // GitHub API docs: https://docs.github.com/en/rest/dependabot/secrets#get-a-repository-public-key
    31  func (s *DependabotService) GetRepoPublicKey(ctx context.Context, owner, repo string) (*PublicKey, *Response, error) {
    32  	url := fmt.Sprintf("repos/%v/%v/dependabot/secrets/public-key", owner, repo)
    33  	return s.getPublicKey(ctx, url)
    34  }
    35  
    36  // GetOrgPublicKey gets a public key that should be used for Dependabot secret encryption.
    37  //
    38  // GitHub API docs: https://docs.github.com/en/rest/dependabot/secrets#get-an-organization-public-key
    39  func (s *DependabotService) GetOrgPublicKey(ctx context.Context, org string) (*PublicKey, *Response, error) {
    40  	url := fmt.Sprintf("orgs/%v/dependabot/secrets/public-key", org)
    41  	return s.getPublicKey(ctx, url)
    42  }
    43  
    44  func (s *DependabotService) listSecrets(ctx context.Context, url string, opts *ListOptions) (*Secrets, *Response, error) {
    45  	u, err := addOptions(url, opts)
    46  	if err != nil {
    47  		return nil, nil, err
    48  	}
    49  
    50  	req, err := s.client.NewRequest("GET", u, nil)
    51  	if err != nil {
    52  		return nil, nil, err
    53  	}
    54  
    55  	secrets := new(Secrets)
    56  	resp, err := s.client.Do(ctx, req, &secrets)
    57  	if err != nil {
    58  		return nil, resp, err
    59  	}
    60  
    61  	return secrets, resp, nil
    62  }
    63  
    64  // ListRepoSecrets lists all Dependabot secrets available in a repository
    65  // without revealing their encrypted values.
    66  //
    67  // GitHub API docs: https://docs.github.com/en/rest/dependabot/secrets#list-repository-secrets
    68  func (s *DependabotService) ListRepoSecrets(ctx context.Context, owner, repo string, opts *ListOptions) (*Secrets, *Response, error) {
    69  	url := fmt.Sprintf("repos/%v/%v/dependabot/secrets", owner, repo)
    70  	return s.listSecrets(ctx, url, opts)
    71  }
    72  
    73  // ListOrgSecrets lists all Dependabot secrets available in an organization
    74  // without revealing their encrypted values.
    75  //
    76  // GitHub API docs: https://docs.github.com/en/rest/dependabot/secrets#list-organization-secrets
    77  func (s *DependabotService) ListOrgSecrets(ctx context.Context, org string, opts *ListOptions) (*Secrets, *Response, error) {
    78  	url := fmt.Sprintf("orgs/%v/dependabot/secrets", org)
    79  	return s.listSecrets(ctx, url, opts)
    80  }
    81  
    82  func (s *DependabotService) getSecret(ctx context.Context, url string) (*Secret, *Response, error) {
    83  	req, err := s.client.NewRequest("GET", url, nil)
    84  	if err != nil {
    85  		return nil, nil, err
    86  	}
    87  
    88  	secret := new(Secret)
    89  	resp, err := s.client.Do(ctx, req, secret)
    90  	if err != nil {
    91  		return nil, resp, err
    92  	}
    93  
    94  	return secret, resp, nil
    95  }
    96  
    97  // GetRepoSecret gets a single repository Dependabot secret without revealing its encrypted value.
    98  //
    99  // GitHub API docs: https://docs.github.com/en/rest/dependabot/secrets#get-a-repository-secret
   100  func (s *DependabotService) GetRepoSecret(ctx context.Context, owner, repo, name string) (*Secret, *Response, error) {
   101  	url := fmt.Sprintf("repos/%v/%v/dependabot/secrets/%v", owner, repo, name)
   102  	return s.getSecret(ctx, url)
   103  }
   104  
   105  // GetOrgSecret gets a single organization Dependabot secret without revealing its encrypted value.
   106  //
   107  // GitHub API docs: https://docs.github.com/en/rest/dependabot/secrets#get-an-organization-secret
   108  func (s *DependabotService) GetOrgSecret(ctx context.Context, org, name string) (*Secret, *Response, error) {
   109  	url := fmt.Sprintf("orgs/%v/dependabot/secrets/%v", org, name)
   110  	return s.getSecret(ctx, url)
   111  }
   112  
   113  // DependabotEncryptedSecret represents a secret that is encrypted using a public key for Dependabot.
   114  //
   115  // The value of EncryptedValue must be your secret, encrypted with
   116  // LibSodium (see documentation here: https://libsodium.gitbook.io/doc/bindings_for_other_languages)
   117  // using the public key retrieved using the GetPublicKey method.
   118  type DependabotEncryptedSecret struct {
   119  	Name                  string                           `json:"-"`
   120  	KeyID                 string                           `json:"key_id"`
   121  	EncryptedValue        string                           `json:"encrypted_value"`
   122  	Visibility            string                           `json:"visibility,omitempty"`
   123  	SelectedRepositoryIDs DependabotSecretsSelectedRepoIDs `json:"selected_repository_ids,omitempty"`
   124  }
   125  
   126  func (s *DependabotService) putSecret(ctx context.Context, url string, eSecret *DependabotEncryptedSecret) (*Response, error) {
   127  	req, err := s.client.NewRequest("PUT", url, eSecret)
   128  	if err != nil {
   129  		return nil, err
   130  	}
   131  
   132  	return s.client.Do(ctx, req, nil)
   133  }
   134  
   135  // CreateOrUpdateRepoSecret creates or updates a repository Dependabot secret with an encrypted value.
   136  //
   137  // GitHub API docs: https://docs.github.com/en/rest/dependabot/secrets#create-or-update-a-repository-secret
   138  func (s *DependabotService) CreateOrUpdateRepoSecret(ctx context.Context, owner, repo string, eSecret *DependabotEncryptedSecret) (*Response, error) {
   139  	url := fmt.Sprintf("repos/%v/%v/dependabot/secrets/%v", owner, repo, eSecret.Name)
   140  	return s.putSecret(ctx, url, eSecret)
   141  }
   142  
   143  // CreateOrUpdateOrgSecret creates or updates an organization Dependabot secret with an encrypted value.
   144  //
   145  // GitHub API docs: https://docs.github.com/en/rest/dependabot/secrets#create-or-update-an-organization-secret
   146  func (s *DependabotService) CreateOrUpdateOrgSecret(ctx context.Context, org string, eSecret *DependabotEncryptedSecret) (*Response, error) {
   147  	url := fmt.Sprintf("orgs/%v/dependabot/secrets/%v", org, eSecret.Name)
   148  	return s.putSecret(ctx, url, eSecret)
   149  }
   150  
   151  func (s *DependabotService) deleteSecret(ctx context.Context, url string) (*Response, error) {
   152  	req, err := s.client.NewRequest("DELETE", url, nil)
   153  	if err != nil {
   154  		return nil, err
   155  	}
   156  
   157  	return s.client.Do(ctx, req, nil)
   158  }
   159  
   160  // DeleteRepoSecret deletes a Dependabot secret in a repository using the secret name.
   161  //
   162  // GitHub API docs: https://docs.github.com/en/rest/dependabot/secrets#delete-a-repository-secret
   163  func (s *DependabotService) DeleteRepoSecret(ctx context.Context, owner, repo, name string) (*Response, error) {
   164  	url := fmt.Sprintf("repos/%v/%v/dependabot/secrets/%v", owner, repo, name)
   165  	return s.deleteSecret(ctx, url)
   166  }
   167  
   168  // DeleteOrgSecret deletes a Dependabot secret in an organization using the secret name.
   169  //
   170  // GitHub API docs: https://docs.github.com/en/rest/dependabot/secrets#delete-an-organization-secret
   171  func (s *DependabotService) DeleteOrgSecret(ctx context.Context, org, name string) (*Response, error) {
   172  	url := fmt.Sprintf("orgs/%v/dependabot/secrets/%v", org, name)
   173  	return s.deleteSecret(ctx, url)
   174  }
   175  
   176  // ListSelectedReposForOrgSecret lists all repositories that have access to a Dependabot secret.
   177  //
   178  // GitHub API docs: https://docs.github.com/en/rest/dependabot/secrets#list-selected-repositories-for-an-organization-secret
   179  func (s *DependabotService) ListSelectedReposForOrgSecret(ctx context.Context, org, name string, opts *ListOptions) (*SelectedReposList, *Response, error) {
   180  	url := fmt.Sprintf("orgs/%v/dependabot/secrets/%v/repositories", org, name)
   181  	u, err := addOptions(url, opts)
   182  	if err != nil {
   183  		return nil, nil, err
   184  	}
   185  
   186  	req, err := s.client.NewRequest("GET", u, nil)
   187  	if err != nil {
   188  		return nil, nil, err
   189  	}
   190  
   191  	result := new(SelectedReposList)
   192  	resp, err := s.client.Do(ctx, req, result)
   193  	if err != nil {
   194  		return nil, resp, err
   195  	}
   196  
   197  	return result, resp, nil
   198  }
   199  
   200  // DependabotSecretsSelectedRepoIDs are the repository IDs that have access to the dependabot secrets.
   201  type DependabotSecretsSelectedRepoIDs []string
   202  
   203  // SetSelectedReposForOrgSecret sets the repositories that have access to a Dependabot secret.
   204  //
   205  // GitHub API docs: https://docs.github.com/en/rest/dependabot/secrets#set-selected-repositories-for-an-organization-secret
   206  func (s *DependabotService) SetSelectedReposForOrgSecret(ctx context.Context, org, name string, ids DependabotSecretsSelectedRepoIDs) (*Response, error) {
   207  	url := fmt.Sprintf("orgs/%v/dependabot/secrets/%v/repositories", org, name)
   208  	type repoIDs struct {
   209  		SelectedIDs DependabotSecretsSelectedRepoIDs `json:"selected_repository_ids"`
   210  	}
   211  
   212  	req, err := s.client.NewRequest("PUT", url, repoIDs{SelectedIDs: ids})
   213  	if err != nil {
   214  		return nil, err
   215  	}
   216  
   217  	return s.client.Do(ctx, req, nil)
   218  }
   219  
   220  // AddSelectedRepoToOrgSecret adds a repository to an organization Dependabot secret.
   221  //
   222  // GitHub API docs: https://docs.github.com/en/rest/dependabot/secrets#add-selected-repository-to-an-organization-secret
   223  func (s *DependabotService) AddSelectedRepoToOrgSecret(ctx context.Context, org, name string, repo *Repository) (*Response, error) {
   224  	url := fmt.Sprintf("orgs/%v/dependabot/secrets/%v/repositories/%v", org, name, *repo.ID)
   225  	req, err := s.client.NewRequest("PUT", url, nil)
   226  	if err != nil {
   227  		return nil, err
   228  	}
   229  
   230  	return s.client.Do(ctx, req, nil)
   231  }
   232  
   233  // RemoveSelectedRepoFromOrgSecret removes a repository from an organization Dependabot secret.
   234  //
   235  // GitHub API docs: https://docs.github.com/en/rest/dependabot/secrets#remove-selected-repository-from-an-organization-secret
   236  func (s *DependabotService) RemoveSelectedRepoFromOrgSecret(ctx context.Context, org, name string, repo *Repository) (*Response, error) {
   237  	url := fmt.Sprintf("orgs/%v/dependabot/secrets/%v/repositories/%v", org, name, *repo.ID)
   238  	req, err := s.client.NewRequest("DELETE", url, nil)
   239  	if err != nil {
   240  		return nil, err
   241  	}
   242  
   243  	return s.client.Do(ctx, req, nil)
   244  }
   245
View as plain text