ghinstallation

package module

v2.10.0 Latest Latest Go to latest Published: Mar 21, 2024 License: Apache-2.0 Imports: 15 Imported by: 180

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/bradleyfalzon/ghinstallation

Links

Open Source Insights

README ¶

ghinstallation

ghinstallation provides Transport, which implements http.RoundTripper to provide authentication as an installation for GitHub Apps.

This library is designed to provide automatic authentication for https://github.com/google/go-github or your own HTTP client.

See https://developer.github.com/apps/building-integrations/setting-up-and-registering-github-apps/about-authentication-options-for-github-apps/

Installation

Get the package:

GO111MODULE=on go get -u github.com/bradleyfalzon/ghinstallation/v2

GitHub Example

import "github.com/bradleyfalzon/ghinstallation/v2"

func main() {
    // Shared transport to reuse TCP connections.
    tr := http.DefaultTransport

    // Wrap the shared transport for use with the app ID 1 authenticating with installation ID 99.
    itr, err := ghinstallation.NewKeyFromFile(tr, 1, 99, "2016-10-19.private-key.pem")
    if err != nil {
        log.Fatal(err)
    }

    // Use installation transport with github.com/google/go-github
    client := github.NewClient(&http.Client{Transport: itr})
}

You can also use New() to load a key directly from a []byte.

GitHub Enterprise Example

For clients using GitHub Enterprise, set the base URL as follows:

import "github.com/bradleyfalzon/ghinstallation/v2"

const GitHubEnterpriseURL = "https://github.example.com/api/v3"

func main() {
    // Shared transport to reuse TCP connections.
    tr := http.DefaultTransport

    // Wrap the shared transport for use with the app ID 1 authenticating with installation ID 99.
    itr, err := ghinstallation.NewKeyFromFile(tr, 1, 99, "2016-10-19.private-key.pem")
    if err != nil {
        log.Fatal(err)
    }
    itr.BaseURL = GitHubEnterpriseURL

    // Use installation transport with github.com/google/go-github
    client := github.NewEnterpriseClient(GitHubEnterpriseURL, GitHubEnterpriseURL, &http.Client{Transport: itr})
}

What is app ID and installation ID

app ID is the GitHub App ID.
You can check as following :
Settings > Developer > settings > GitHub App > About item

installation ID is a part of WebHook request.
You can get the number to check the request.
Settings > Developer > settings > GitHub Apps > Advanced > Payload in Request tab

WebHook request
...
  "installation": {
    "id": `installation ID`
  }

Customizing signing behavior

Users can customize signing behavior by passing in a Signer implementation when creating an AppsTransport. For example, this can be used to create tokens backed by keys in a KMS system.

signer := &myCustomSigner{
  key: "https://url/to/key/vault",
}
atr := NewAppsTransportWithOptions(http.DefaultTransport, 1, WithSigner(signer))
tr := NewFromAppsTransport(atr, 99)

License

Apache 2.0

Dependencies

github.com/golang-jwt/jwt-go

Documentation ¶

Index ¶

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func GetReadWriter ¶

func GetReadWriter(i interface{}) (io.ReadWriter, error)

GetReadWriter converts a body interface into an io.ReadWriter object.

Types ¶

type AppsTransport ¶

type AppsTransport struct {
	BaseURL string // BaseURL is the scheme and host for GitHub API, defaults to https://api.github.com
	Client  Client // Client to use to refresh tokens, defaults to http.Client with provided transport
	// contains filtered or unexported fields
}

AppsTransport provides a http.RoundTripper by wrapping an existing http.RoundTripper and provides GitHub Apps authentication as a GitHub App.

Client can also be overwritten, and is useful to change to one which provides retry logic if you do experience retryable errors.

See https://developer.github.com/apps/building-integrations/setting-up-and-registering-github-apps/about-authentication-options-for-github-apps/

func NewAppsTransport ¶

func NewAppsTransport(tr http.RoundTripper, appID int64, privateKey []byte) (*AppsTransport, error)

NewAppsTransport returns a AppsTransport using private key. The key is parsed and if any errors occur the error is non-nil.

The provided tr http.RoundTripper should be shared between multiple installations to ensure reuse of underlying TCP connections.

The returned Transport's RoundTrip method is safe to be used concurrently.

func NewAppsTransportFromPrivateKey ¶

func NewAppsTransportFromPrivateKey(tr http.RoundTripper, appID int64, key *rsa.PrivateKey) *AppsTransport

NewAppsTransportFromPrivateKey returns an AppsTransport using a crypto/rsa.(*PrivateKey).

func NewAppsTransportKeyFromFile ¶

func NewAppsTransportKeyFromFile(tr http.RoundTripper, appID int64, privateKeyFile string) (*AppsTransport, error)

NewAppsTransportKeyFromFile returns a AppsTransport using a private key from file.

func NewAppsTransportWithOptions ¶ added in v2.3.0

func NewAppsTransportWithOptions(tr http.RoundTripper, appID int64, opts ...AppsTransportOption) (*AppsTransport, error)

func (*AppsTransport) AppID ¶ added in v2.6.0

func (t *AppsTransport) AppID() int64

AppID returns the appID of the transport

func (*AppsTransport) RoundTrip ¶

func (t *AppsTransport) RoundTrip(req *http.Request) (*http.Response, error)

RoundTrip implements http.RoundTripper interface.

type AppsTransportOption ¶ added in v2.3.0

type AppsTransportOption func(*AppsTransport)

func WithSigner ¶ added in v2.3.0

func WithSigner(signer Signer) AppsTransportOption

WithSigner configures the AppsTransport to use the given Signer for generating JWT tokens.

type Client ¶

type Client interface {
	Do(*http.Request) (*http.Response, error)
}

Client is a HTTP client which sends a http.Request and returns a http.Response or an error.

type HTTPError ¶

type HTTPError struct {
	Message        string
	RootCause      error
	InstallationID int64
	Response       *http.Response
}

HTTPError represents a custom error for failing HTTP operations. Example in our usecase: refresh access token operation. It enables the caller to inspect the root cause and response.

func (*HTTPError) Error ¶

func (e *HTTPError) Error() string

func (*HTTPError) Unwrap ¶ added in v2.3.0

func (e *HTTPError) Unwrap() error

Unwrap implements the standard library's error wrapping. It unwraps to the root cause.

type RSASigner ¶ added in v2.3.0

type RSASigner struct {
	// contains filtered or unexported fields
}

RSASigner signs JWT tokens using RSA keys.

func NewRSASigner ¶ added in v2.3.0

func NewRSASigner(method *jwt.SigningMethodRSA, key *rsa.PrivateKey) *RSASigner

func (*RSASigner) Sign ¶ added in v2.3.0

func (s *RSASigner) Sign(claims jwt.Claims) (string, error)

Sign signs the JWT claims with the RSA key.

type Signer ¶ added in v2.3.0

type Signer interface {
	// Sign signs the given claims and returns a JWT token string, as specified
	// by [jwt.Token.SignedString]
	Sign(claims jwt.Claims) (string, error)
}

Signer is a JWT token signer. This is a wrapper around jwt.SigningMethod with predetermined key material.

type Transport ¶

type Transport struct {
	BaseURL string // BaseURL is the scheme and host for GitHub API, defaults to https://api.github.com
	Client  Client // Client to use to refresh tokens, defaults to http.Client with provided transport

	InstallationTokenOptions *github.InstallationTokenOptions // parameters restrict a token's access
	// contains filtered or unexported fields
}

Transport provides a http.RoundTripper by wrapping an existing http.RoundTripper and provides GitHub Apps authentication as an installation.

Client can also be overwritten, and is useful to change to one which provides retry logic if you do experience retryable errors.

See https://developer.github.com/apps/building-integrations/setting-up-and-registering-github-apps/about-authentication-options-for-github-apps/

func New ¶

func New(tr http.RoundTripper, appID, installationID int64, privateKey []byte) (*Transport, error)

New returns an Transport using private key. The key is parsed and if any errors occur the error is non-nil.

The provided tr http.RoundTripper should be shared between multiple installations to ensure reuse of underlying TCP connections.

The returned Transport's RoundTrip method is safe to be used concurrently.

func NewFromAppsTransport ¶

func NewFromAppsTransport(atr *AppsTransport, installationID int64) *Transport

NewFromAppsTransport returns a Transport using an existing *AppsTransport.

func NewKeyFromFile ¶

func NewKeyFromFile(tr http.RoundTripper, appID, installationID int64, privateKeyFile string) (*Transport, error)

NewKeyFromFile returns a Transport using a private key from file.

func (*Transport) AppID ¶ added in v2.6.0

func (t *Transport) AppID() int64

AppID returns the app ID associated with the transport

func (*Transport) Expiry ¶ added in v2.2.0

func (t *Transport) Expiry() (expiresAt time.Time, refreshAt time.Time, err error)

Expiry returns a transport token's expiration time and refresh time. There is a small grace period built in where a token will be refreshed before it expires. expiresAt is the actual token expiry, and refreshAt is when a call to Token() will cause it to be refreshed.

func (*Transport) InstallationID ¶ added in v2.6.0

func (t *Transport) InstallationID() int64

InstallationID returns the installation ID associated with the transport

func (*Transport) Permissions ¶

func (t *Transport) Permissions() (github.InstallationPermissions, error)

Permissions returns a transport token's GitHub installation permissions.

func (*Transport) Repositories ¶

func (t *Transport) Repositories() ([]github.Repository, error)

Repositories returns a transport token's GitHub repositories.

func (*Transport) RoundTrip ¶

func (t *Transport) RoundTrip(req *http.Request) (*http.Response, error)

RoundTrip implements http.RoundTripper interface.

func (*Transport) Token ¶

func (t *Transport) Token(ctx context.Context) (string, error)

Token checks the active token expiration and renews if necessary. Token returns a valid access token. If renewal fails an error is returned.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL