Fixed pre-commit issues

.isort.cfg

@@ -4,5 +4,5 @@ include_trailing_comma=True
 force_grid_wrap=0
 use_parentheses=True
 line_length=88
-known_third_party=deprecated,httpretty,jwt,pytest,requests,setuptools,urllib3
+known_third_party=deprecated,httpretty,jwt,nacl,pytest,requests,setuptools,urllib3
 known_first_party=github

github/PublicKey.py

@@ -0,0 +1,86 @@
+# -*- coding: utf-8 -*-
+
+############################ Copyrights and license ############################
+#                                                                              #
+# Copyright 2012 Vincent Jacques <vincent@vincent-jacques.net>                 #
+# Copyright 2012 Zearin <zearin@gonk.net>                                      #
+# Copyright 2013 AKFish <akfish@gmail.com>                                     #
+# Copyright 2013 Vincent Jacques <vincent@vincent-jacques.net>                 #
+# Copyright 2014 Vincent Jacques <vincent@vincent-jacques.net>                 #
+# Copyright 2016 Jannis Gebauer <ja.geb@me.com>                                #
+# Copyright 2016 Peter Buckley <dx-pbuckley@users.noreply.github.com>          #
+# Copyright 2018 Wan Liuyang <tsfdye@gmail.com>                                #
+# Copyright 2018 sfdye <tsfdye@gmail.com>                                      #
+#                                                                              #
+# This file is part of PyGithub.                                               #
+# http://pygithub.readthedocs.io/                                              #
+#                                                                              #
+# PyGithub is free software: you can redistribute it and/or modify it under    #
+# the terms of the GNU Lesser General Public License as published by the Free  #
+# Software Foundation, either version 3 of the License, or (at your option)    #
+# any later version.                                                           #
+#                                                                              #
+# PyGithub is distributed in the hope that it will be useful, but WITHOUT ANY  #
+# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS    #
+# FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more #
+# details.                                                                     #
+#                                                                              #
+# You should have received a copy of the GNU Lesser General Public License     #
+# along with PyGithub. If not, see <http://www.gnu.org/licenses/>.             #
+#                                                                              #
+################################################################################
+
+# https://docs.github.com/en/rest/reference/actions#example-encrypting-a-secret-using-python
+from base64 import b64encode
+
+from nacl import encoding, public
+
+import github.GithubObject
+
+
+def encrypt(public_key: str, secret_value: str) -> str:
+    """Encrypt a Unicode string using the public key."""
+    public_key = public.PublicKey(public_key.encode("utf-8"), encoding.Base64Encoder())
+    sealed_box = public.SealedBox(public_key)
+    encrypted = sealed_box.encrypt(secret_value.encode("utf-8"))
+    return b64encode(encrypted).decode("utf-8")
+
+
+class PublicKey(github.GithubObject.CompletableGithubObject):
+    """
+    This class represents either an organization public key or a repository public key.
+    The reference can be found here https://docs.github.com/en/rest/reference/actions#get-an-organization-public-key
+    or here https://docs.github.com/en/rest/reference/actions#get-a-repository-public-key
+    """
+
+    def __repr__(self):
+        return self.get__repr__({"key_id": self._key_id.value, "key": self._key.value})
+
+    @property
+    def key(self):
+        """
+        :type: string
+        """
+        self._completeIfNotSet(self._key)
+        return self._key.value
+
+    @property
+    def key_id(self):
+        """
+        :type: string
+        """
+        self._completeIfNotSet(self._key_id)
+        return self._key_id.value
+
+    def _initAttributes(self):
+        self._key = github.GithubObject.NotSet
+        self._key_id = github.GithubObject.NotSet
+
+    def _useAttributes(self, attributes):
+        if "key" in attributes:  # pragma no branch
+            self._key = self._makeStringAttribute(attributes["key"])
+        if "key_id" in attributes:  # pragma no branch
+            self._key_id = self._makeStringAttribute(attributes["key_id"])
+
+    def encrypt(self, unencrypted_value):
+        return encrypt(self._key.value, unencrypted_value)

github/PublicKey.pyi

@@ -0,0 +1,13 @@
+from typing import Any, Dict
+
+from github.GithubObject import CompletableGithubObject
+
+class PublicKey(CompletableGithubObject):
+    def __repr__(self) -> str: ...
+    def _initAttributes(self) -> None: ...
+    def _useAttributes(self, attributes: Dict[str, Any]) -> None: ...
+    @property
+    def key_id(self) -> str: ...
+    @property
+    def key(self) -> GitObject: ...
+    def encrypt(self, unencrypted_value: str) -> str: ...

github/Repository.py

@@ -121,6 +121,7 @@
 import github.Path
 import github.Permissions
 import github.Project
+import github.PublicKey
 import github.PullRequest
 import github.Referrer
 import github.Repository
@@ -1413,6 +1414,26 @@ def create_repository_dispatch(
         )
         return status == 204
 
+    def create_secret(self, secret_name, unencrypted_value):
+        """
+        :calls: `PUT /repos/:owner/:repo/actions/secrets/:secret_name <https://docs.github.com/en/rest/reference/actions#get-a-repository-secret>`_
+        :param secret_name: string
+        :param unencrypted_value: string
+        :rtype: bool
+        """
+        assert isinstance(secret_name, str), secret_name
+        assert isinstance(unencrypted_value, str), unencrypted_value
+        public_key = self.get_public_key()
+        payload = public_key.encrypt(unencrypted_value)
+        put_parameters = {
+            "key_id": public_key.key_id,
+            "encrypted_value": payload,
+        }
+        status, headers, data = self._requester.requestJson(
+            "PUT", self.url + "/actions/secrets/" + secret_name, input=put_parameters
+        )
+        return status == 201
+
     def create_source_import(
         self,
         vcs,
@@ -2666,6 +2687,18 @@ def get_network_events(self):
             None,
         )
 
+    def get_public_key(self):
+        """
+        :calls: `GET /repos/:owner/:repo/actions/secrets/public-key <https://docs.github.com/en/rest/reference/actions#get-a-repository-public-key>`_
+        :rtype: :class:`github.PublicKey.PublicKey`
+        """
+        headers, data = self._requester.requestJsonAndCheck(
+            "GET", self.url + "/actions/secrets/public-key"
+        )
+        return github.PublicKey.PublicKey(
+            self._requester, headers, data, completed=True
+        )
+
     def get_pull(self, number):
         """
         :calls: `GET /repos/:owner/:repo/pulls/:number <http://developer.github.com/v3/pulls>`_

github/Repository.pyi

@@ -34,6 +34,7 @@ from github.PaginatedList import PaginatedList
 from github.Path import Path
 from github.Permissions import Permissions
 from github.Project import Project
+from github.PublicKey import PublicKey
 from github.PullRequest import PullRequest
 from github.PullRequestComment import PullRequestComment
 from github.Referrer import Referrer
@@ -187,6 +188,7 @@ class Repository(CompletableGithubObject):
     def create_repository_dispatch(
         self, event_type: str, client_payload: Dict[str, Any]
     ) -> bool: ...
+    def create_secret(self, secret_name: str, unencrypted_value: str) -> bool: ...
     def create_source_import(
         self,
         vcs: str,
@@ -346,6 +348,7 @@ class Repository(CompletableGithubObject):
     def get_projects(
         self, state: Union[str, _NotSetType] = ...
     ) -> PaginatedList[Project]: ...
+    def get_public_key(self) -> PublicKey: ...
     def get_pull(self, number: int) -> PullRequest: ...
     def get_pulls(
         self,

requirements.txt

@@ -1,3 +1,4 @@
+pynacl
 requests>=2.14.0
 pyjwt
 sphinx<3

setup.py

@@ -99,7 +99,7 @@
             "Topic :: Software Development",
         ],
         python_requires=">=3.5",
-        install_requires=["deprecated", "pyjwt", "requests>=2.14.0"],
+        install_requires=["deprecated", "pyjwt", "pynacl", "requests>=2.14.0"],
         extras_require={"integrations": ["cryptography"]},
         tests_require=["cryptography", "httpretty>=0.9.6"],
     )

tests/PublicKey.py

@@ -0,0 +1,46 @@
+# -*- coding: utf-8 -*-
+
+############################ Copyrights and license ############################
+#                                                                              #
+# Copyright 2012 Vincent Jacques <vincent@vincent-jacques.net>                 #
+# Copyright 2012 Zearin <zearin@gonk.net>                                      #
+# Copyright 2013 Vincent Jacques <vincent@vincent-jacques.net>                 #
+# Copyright 2014 Vincent Jacques <vincent@vincent-jacques.net>                 #
+# Copyright 2016 Jannis Gebauer <ja.geb@me.com>                                #
+# Copyright 2016 Peter Buckley <dx-pbuckley@users.noreply.github.com>          #
+# Copyright 2017 Simon <spam@esemi.ru>                                         #
+# Copyright 2018 sfdye <tsfdye@gmail.com>                                      #
+#                                                                              #
+# This file is part of PyGithub.                                               #
+# http://pygithub.readthedocs.io/                                              #
+#                                                                              #
+# PyGithub is free software: you can redistribute it and/or modify it under    #
+# the terms of the GNU Lesser General Public License as published by the Free  #
+# Software Foundation, either version 3 of the License, or (at your option)    #
+# any later version.                                                           #
+#                                                                              #
+# PyGithub is distributed in the hope that it will be useful, but WITHOUT ANY  #
+# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS    #
+# FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more #
+# details.                                                                     #
+#                                                                              #
+# You should have received a copy of the GNU Lesser General Public License     #
+# along with PyGithub. If not, see <http://www.gnu.org/licenses/>.             #
+#                                                                              #
+################################################################################
+
+import datetime
+
+from . import Framework
+
+
+class PublicKey(Framework.TestCase):
+    def setUp(self):
+        super().setUp()
+        self.public_key = self.g.get_user().get_repo("PyGithub").get_public_key()
+
+    def testAttributes(self):
+        self.assertEqual(
+            self.public_key.key, "u5e1Z25+z8pmgVVt5Pd8k0z/sKpVL1MXYtRAecE4vm8="
+        )
+        self.assertEqual(self.public_key.key_id, "568250167242549743")

tests/ReplayData/PublicKey.setUp.txt

@@ -0,0 +1,32 @@
+https
+GET
+api.github.com
+None
+/user
+{'Authorization': 'Basic login_and_password_removed', 'User-Agent': 'PyGithub/Python'}
+None
+200
+[('status', '200 OK'), ('x-ratelimit-remaining', '4980'), ('content-length', '801'), ('server', 'nginx/1.0.13'), ('connection', 'keep-alive'), ('x-ratelimit-limit', '5000'), ('etag', '"fc8367028bd9046f0b52929ea8657756"'), ('date', 'Thu, 10 May 2012 19:03:17 GMT'), ('content-type', 'application/json; charset=utf-8')]
+{"type":"User","owned_private_repos":5,"public_repos":10,"html_url":"https://github.com/jacquev6","blog":"http://vincent-jacques.net","collaborators":0,"following":24,"company":"Criteo","gravatar_id":"b68de5ae38616c296fa345d2b9df2225","avatar_url":"https://secure.gravatar.com/avatar/b68de5ae38616c296fa345d2b9df2225?d=https://a248.e.akamai.net/assets.github.com%2Fimages%2Fgravatars%2Fgravatar-140.png","public_gists":1,"followers":13,"url":"https://api.github.com/users/jacquev6","private_gists":5,"hireable":false,"login":"jacquev6","email":"vincent@vincent-jacques.net","disk_usage":16676,"plan":{"private_repos":5,"collaborators":1,"space":614400,"name":"micro"},"created_at":"2010-07-09T06:10:06Z","name":"Vincent Jacques","bio":"","id":327146,"total_private_repos":5,"location":"Paris, France"}
+
+https
+GET
+api.github.com
+None
+/repos/jacquev6/PyGithub
+{'Authorization': 'Basic login_and_password_removed', 'User-Agent': 'PyGithub/Python'}
+None
+200
+[('status', '200 OK'), ('x-ratelimit-remaining', '4979'), ('content-length', '1097'), ('server', 'nginx/1.0.13'), ('connection', 'keep-alive'), ('x-ratelimit-limit', '5000'), ('etag', '"b297a1eb78f994e828d8b625dae93910"'), ('date', 'Thu, 10 May 2012 19:03:18 GMT'), ('content-type', 'application/json; charset=utf-8')]
+{"homepage":"http://vincent-jacques.net/PyGithub","clone_url":"https://github.com/jacquev6/PyGithub.git","html_url":"https://github.com/jacquev6/PyGithub","url":"https://api.github.com/repos/jacquev6/PyGithub","has_downloads":true,"watchers":13,"permissions":{"admin":true,"pull":true,"push":true},"mirror_url":null,"git_url":"git://github.com/jacquev6/PyGithub.git","has_wiki":false,"has_issues":true,"fork":false,"forks":2,"language":"Python","size":196,"description":"Python library implementing the full Github API v3","private":false,"created_at":"2012-02-25T12:53:47Z","open_issues":15,"svn_url":"https://github.com/jacquev6/PyGithub","owner":{"url":"https://api.github.com/users/jacquev6","avatar_url":"https://secure.gravatar.com/avatar/b68de5ae38616c296fa345d2b9df2225?d=https://a248.e.akamai.net/assets.github.com%2Fimages%2Fgravatars%2Fgravatar-140.png","login":"jacquev6","gravatar_id":"b68de5ae38616c296fa345d2b9df2225","id":327146},"name":"PyGithub","pushed_at":"2012-05-10T18:49:21Z","id":3544490,"ssh_url":"git@github.com:jacquev6/PyGithub.git","updated_at":"2012-05-10T18:49:21Z"}
+
+https
+GET
+api.github.com
+None
+/repos/jacquev6/PyGithub/actions/secrets/public-key
+{'Authorization': 'Basic login_and_password_removed', 'User-Agent': 'PyGithub/Python'}
+None
+200
+[('status', '200 OK'), ('x-ratelimit-remaining', '4978'), ('content-length', '487'), ('server', 'nginx/1.0.13'), ('connection', 'keep-alive'), ('x-ratelimit-limit', '5000'), ('etag', '"1dd282b50e691f8f162ef9355dad8771"'), ('date', 'Thu, 10 May 2012 19:03:19 GMT'), ('content-type', 'application/json; charset=utf-8')]
+{"key": "u5e1Z25+z8pmgVVt5Pd8k0z/sKpVL1MXYtRAecE4vm8=", "key_id": "568250167242549743"}

tests/ReplayData/Repository.testCreateSecret.txt

@@ -0,0 +1,21 @@
+https
+GET
+api.github.com
+None
+/repos/jacquev6/PyGithub/actions/secrets/public-key
+{'Authorization': 'Basic login_and_password_removed', 'User-Agent': 'PyGithub/Python'}
+None
+200
+[('status', '200 OK'), ('x-ratelimit-remaining', '4978'), ('content-length', '487'), ('server', 'nginx/1.0.13'), ('connection', 'keep-alive'), ('x-ratelimit-limit', '5000'), ('etag', '"1dd282b50e691f8f162ef9355dad8771"'), ('date', 'Thu, 10 May 2012 19:03:19 GMT'), ('content-type', 'application/json; charset=utf-8')]
+{"key": "u5e1Z25+z8pmgVVt5Pd8k0z/sKpVL1MXYtRAecE4vm8=", "key_id": "568250167242549743"}
+
+https
+PUT
+api.github.com
+None
+/repos/jacquev6/PyGithub/actions/secrets/secret-name
+{'Authorization': 'Basic login_and_password_removed', 'User-Agent': 'PyGithub/Python', 'Content-Type': 'application/json'}
+{"encrypted_value": "M+5Fm/BqTfB90h3nC7F3BoZuu3nXs+/KtpXwxm9gG211tbRo0F5UiN0OIfYT83CKcx9oKES9Va4E96/b", "key_id": "568250167242549743"}
+201
+[('Date', 'Fri, 17 Apr 2020 00:12:33 GMT'), ('Server', 'GitHub.com'), ('Content-Length', '2'), ('Content-Type', 'application/json; charset=utf-8'), ('Status', '201 Created'), ('X-RateLimit-Limit', '5000'), ('X-RateLimit-Remaining', '4984'), ('X-RateLimit-Reset', '1587085388'), ('X-OAuth-Scopes', 'read:org, repo, user'), ('X-Accepted-OAuth-Scopes', ''), ('X-GitHub-Media-Type', 'github.v3; format=json'), ('Access-Control-Expose-Headers', 'ETag, Link, Location, Retry-After, X-GitHub-OTP, X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Reset, X-OAuth-Scopes, X-Accepted-OAuth-Scopes, X-Poll-Interval, X-GitHub-Media-Type, Deprecation, Sunset'), ('Access-Control-Allow-Origin', '*'), ('Strict-Transport-Security', 'max-age=31536000; includeSubdomains; preload'), ('X-Frame-Options', 'deny'), ('X-Content-Type-Options', 'nosniff'), ('X-XSS-Protection', '1; mode=block'), ('Referrer-Policy', 'origin-when-cross-origin, strict-origin-when-cross-origin'), ('Content-Security-Policy', "default-src 'none'"), ('Vary', 'Accept-Encoding, Accept, X-Requested-With'), ('X-GitHub-Request-Id', 'C290:52DA:50234:B404B:5E98F470')]
+{}

tests/Repository.py

@@ -48,6 +48,7 @@
 ################################################################################
 
 import datetime
+from unittest import mock
 
 import github
 
@@ -438,6 +439,13 @@ def testCreateRepositoryDispatch(self):
         without_payload = self.repo.create_repository_dispatch("type")
         self.assertTrue(without_payload)
 
+    @mock.patch("github.PublicKey.encrypt")
+    def testCreateSecret(self, encrypt):
+        # encrypt returns a non-deterministic value, we need to mock it so the replay data matches
+        encrypt.return_value = "M+5Fm/BqTfB90h3nC7F3BoZuu3nXs+/KtpXwxm9gG211tbRo0F5UiN0OIfYT83CKcx9oKES9Va4E96/b"
+        result = self.repo.create_secret("secret-name", "secret-value")
+        self.assertTrue(result)
+
     def testCollaborators(self):
         lyloa = self.g.get_user("Lyloa")
         self.assertFalse(self.repo.has_in_collaborators(lyloa))