V2.2.0

CHANGES.md

@@ -1,5 +1,20 @@
 # Changelog
 
+## 2.2.0
+* Add new ``github.add_repository_collaborator`` action which allows user to add a collaborator to repository.
+* Add new ``github.check_user_repository_collaborator`` action which allows user to check if an user is a collaborator's repository.
+* Add new ``github.get_repository_collaborators`` action which allows user to list the collaborators of repository.
+* Add new ``github.add_update_repository_team`` action which allows user to add a team to repository.
+* Add new ``github.check_team_permissions_for_repository`` action which allows user to check if a team has access to repository.
+* Add new ``github.create_organization_repository`` action which allows user to create an organization repository.
+* Add new ``github.create_repository_authenticated_user`` action which allows user to create a user repository.
+* Add new ``github.create_repository_from_template`` action which allows user to create a repository from a template repository.
+* Add new ``github.add_update_repository_environment`` action which allows user to create a repository deployment environment.
+* Bug fix on ``github.store_oauth_token`` to save the token correctly so that it can be read later.
+* Security improvement on ``github.store_oauth_token`` to encrypt the github token and hide it in web interface.
+* Add new ``github.create_branch``, ``github.get_branch``, ``github.delete_branch`` actions which allow user to create/get/delete a branch.
+* Add token to ``github.create_file``, ``github.create_pull``, ``github.update_file``.
+
 ## 2.1.3
 
 * Fix `update_branch_protection` action: dismissal users and teams can now be null in GitHub's API response.

README.md

@@ -97,16 +97,28 @@ StackStorm webhook handler.
 ## Actions
 
 * ``add_comment`` - Add comment to the provided issue / pull request.
+* ``add_repository_collaborator`` - Add a collaborator to repository.
+* ``add_update_repository_environment`` - Add a deployment environment to a repository.
 * ``add_status`` - Add commit status to the provided commit.
+* ``add_update_repository_team`` - Add/Update a team to repository.
+* ``create_branch`` - Create new branch.
 * ``create_file`` - Create new file.
 * ``create_issue`` - Create a new issue.
+* ``create_repository_authenticated_user`` - Create an user repository.
+* ``create_repository_from_template`` - Create a repository from template.
+* ``create_organization_repository`` - Create an organization repository.
 * ``create_pull`` - Create a new Pull Request.
+* ``check_team_permissions_for_repository`` - Check if a team has access to repository.
+* ``check_user_repository_collaborator`` - Check if an user is a collaborator's repository.
+* ``delete_branch`` - Remove branch.
 * ``delete_branch_protection`` - Remove branch protection settings.
+* ``get_branch`` - Get branch.
 * ``get_branch_protection`` - Get branch protection settings.
 * ``get_contents`` - Get repository or file contents.
 * ``get_issue`` - Retrieve information about a particular issue. Note: You
   only need to specify authentication token in the config if you use this
   action with a private repository.
+* ``get_repository_collaborators`` - List the collaborators of repository.
 * ``list_issues`` - List all the issues for a particular repo (includes pull
   requests since pull requests are just a special type of issues).
 * ``list_pulls`` - List all pull requests for a particular repo.

actions/add_repository_collaborator.py

@@ -0,0 +1,26 @@
+from lib.base import BaseGithubAction
+
+__all__ = [
+    'AddRepositoryCollaboratorAction'
+]
+
+
+class AddRepositoryCollaboratorAction(BaseGithubAction):
+    def run(self, api_user, owner, repo, username, github_type, permission):
+
+        enterprise = self._is_enterprise(github_type)
+
+        if api_user:
+            self.token = self._get_user_token(api_user, enterprise)
+
+        payload = {"permission": permission}
+
+        response = self._request("PUT",
+                        "/repos/{}/{}/collaborators/{}".format(owner, repo, username),
+                        payload,
+                        self.token,
+                        enterprise)
+
+        results = {'response': response}
+
+        return results

actions/add_repository_collaborator.yaml

@@ -0,0 +1,43 @@
+---
+name: add_repository_collaborator
+runner_type: python-script
+pack: github
+description: >
+  Add a repository collaborator.
+  Example:
+    st2 run github.add_repository_collaborator owner="organization" repo="reponame" username="collaborator" api_user="token_name"
+enabled: true
+entry_point: add_repository_collaborator.py
+parameters:
+  api_user:
+    type: "string"
+    description: "The API user"
+    default: "{{action_context.api_user|default(None)}}"
+  owner:
+    type: "string"
+    description: "The account owner of the repository. The name is not case sensitive."
+    required: true
+  repo:
+    type: "string"
+    description: "The name of the repository. The name is not case sensitive."
+    required: true
+  username:
+    type: "string"
+    description: "The handle for the GitHub user account."
+    required: true
+  github_type:
+    type: "string"
+    description: "The type of github API to target, if unset will use the configured pack default. Enterprise means self-hosted API, e.g. github.your-company.com. Online means api.github.com"
+    enum:
+      - enterprise
+      - online
+  permission:
+    type: "string"
+    description: "The permission to grant the collaborator. Only valid on organization-owned repositories. In addition to the enumerated values, you can also specify a custom repository role name, if the owning organization has defined any."
+    enum:
+      - "pull"
+      - "push"
+      - "admin"
+      - "maintain"
+      - "triage"
+    default: "push"

actions/add_update_repository_environment.py

@@ -0,0 +1,60 @@
+from lib.base import BaseGithubAction
+
+__all__ = [
+    'AddUpdateRepositoryEnvironmentAction'
+]
+
+
+class AddUpdateRepositoryEnvironmentAction(BaseGithubAction):
+
+    def _get_team_id(self, enterprise, org, name):
+        self.logger.debug("Getting team ID for name [%s]", name)
+        response = self._request("GET",
+                                f"/orgs/{org}/teams/{name}",
+                                None,
+                                self.token,
+                                enterprise) 
+        self.logger.debug("Found ID [%d] for name [%s]", response["id"], name)
+        return response["id"]
+
+    def run(self, api_user, environment,
+            owner, repo, github_type, reviewers, wait_timer, deployment_branch_policy):
+
+        enterprise = self._is_enterprise(github_type)
+
+        if api_user:
+            self.token = self._get_user_token(api_user, enterprise)
+
+        # Transforming team slug names in IDs
+        for reviewer in reviewers:
+            type = reviewer.get("type", None)
+            name = reviewer.get("name", None)
+            if type == "Team" and name:
+                del reviewer["name"]
+                reviewer["id"] = self._get_team_id(enterprise, owner, name)
+            elif type == "User" and name:
+                raise NotImplementedError("Providing reviewer of type user without ID is not implemented!")
+
+        payload = {
+            "wait_timer": int(wait_timer),
+            "reviewers": reviewers,
+            "deployment_branch_policy": deployment_branch_policy
+        }
+
+        self.logger.info(
+            "Adding/Updating environment [%s] with parameters [%s] for repo [%s/%s] with user [%s]", 
+            environment, payload, owner, repo, api_user)
+
+        try:
+            response = self._request("PUT",
+                                f"/repos/{owner}/{repo}/environments/{environment}",
+                                payload,
+                                self.token,
+                                enterprise)
+            results = {'response': response}
+            return results
+        except Exception as e:
+            self.logger.error("Could not add/update environment, error: %s", repr(e))
+            return (False, "Could not add/update environment, error: %s" % repr(e))
+
+        return (False, "Could not add/update environment for unknown reason!")

actions/add_update_repository_environment.yaml

@@ -0,0 +1,78 @@
+---
+name: add_update_repository_environment
+# https://docs.github.com/en/[email protected]/rest/deployments/environments
+runner_type: python-script
+pack: github
+description: >
+  Add or update a repository environment.
+  Example:
+    st2 run github.add_update_repository_environment owner="owner" repo="reponame" environment="test" reviewers='[{"type": "Team", "name": "test-team"}]' api_user="test" github_type=online
+enabled: true
+entry_point: add_update_repository_environment.py
+parameters:
+  # Repository parameters
+  owner:
+    type: "string"
+    description: "The account owner of the repository. The name is not case sensitive."
+    required: true
+  repo:
+    type: "string"
+    description: "The name of the repository. The name is not case sensitive."
+    required: true
+  # Authentication parameters
+  api_user:
+    type: "string"
+    description: "The API user"
+    default: "{{action_context.api_user|default(None)}}"
+  github_type:
+    type: "string"
+    description: "The type of github API to target, if unset will use the configured pack default. Enterprise means self-hosted API, e.g. github.your-company.com. Online means api.github.com"
+    enum:
+      - enterprise
+      - online
+  # Call-specific parameters :)
+  environment:
+    type: string
+    description: "The name of the environment"
+    required: true
+  wait_timer:
+    type: number
+    description: "The amount of time to delay a job after the job is initially triggered. The time (in minutes) must be an integer between 0 and 43,200 (30 days)."
+    required: false
+    default: 0
+  reviewers:
+    type: array
+    default: []
+    description: "The people or teams that may review jobs that reference the environment. You can list up to six users or teams as reviewers. The reviewers must have at least read access to the repository. Only one of the required reviewers needs to approve the job for it to proceed."
+    required: false
+    items:
+      type: object
+      properties:
+        type:
+          type: string
+          required: true
+          enum:
+          - "User"
+          - "Team"
+        id:
+          # Note, you MUST provide a id if the type is User.. otherwise you may provide the team name, and the script
+          # will detect the ID
+          type: number
+          required: false
+        name:
+          type: string
+          required: false
+  deployment_branch_policy:
+    type: object
+    description: "The type of deployment branch policy for this environment. To allow all branches to deploy, set to null."
+    required: false
+    default: null
+    properties:
+      protected_branches:
+        type: boolean
+        required: true
+        description: Whether only branches with branch protection rules can deploy to this environment. If protected_branches is true, custom_branch_policies must be false; if protected_branches is false, custom_branch_policies must be true.
+      custom_branch_policies:
+        type: boolean
+        required: true
+        description: Whether only branches that match the specified name patterns can deploy to this environment. If custom_branch_policies is true, protected_branches must be false; if custom_branch_policies is false, protected_branches must be true.

actions/add_update_repository_team.py

@@ -0,0 +1,27 @@
+from lib.base import BaseGithubAction
+
+__all__ = [
+    'AddUpdateRepositoryTeamAction'
+]
+
+
+class AddUpdateRepositoryTeamAction(BaseGithubAction):
+    def run(self, api_user, org, team_slug,
+            owner, repo, github_type, permission):
+
+        enterprise = self._is_enterprise(github_type)
+
+        if api_user:
+            self.token = self._get_user_token(api_user, enterprise)
+
+        payload = {"permission": permission}
+
+        response = self._request("PUT",
+                            "/orgs/{}/teams/{}/repos/{}/{}".format(org, team_slug, owner, repo),
+                            payload,
+                            self.token,
+                            enterprise)
+
+        results = {'response': response}
+
+        return results

actions/add_update_repository_team.yaml

@@ -0,0 +1,47 @@
+---
+name: add_update_repository_team
+runner_type: python-script
+pack: github
+description: >
+  Add or update repository team.
+  Example:
+    st2 run github.add_update_repository_team  org="organization" owner="owner" repo="reponame" team_slug="team_id" api_user="token_name"
+enabled: true
+entry_point: add_update_repository_team.py
+parameters:
+  api_user:
+    type: "string"
+    description: "The API user"
+    default: "{{action_context.api_user|default(None)}}"
+  org:
+    type: "string"
+    description: "The organization name. The name is not case sensitive."
+    required: true
+  team_slug:
+    type: "string"
+    description: "The slug of the team name."
+    required: true
+  owner:
+    type: "string"
+    description: "The account owner of the repository. The name is not case sensitive."
+    required: true
+  repo:
+    type: "string"
+    description: "The name of the repository. The name is not case sensitive."
+    required: true
+  github_type:
+    type: "string"
+    description: "The type of github API to target, if unset will use the configured pack default. Enterprise means self-hosted API, e.g. github.your-company.com. Online means api.github.com"
+    enum:
+      - enterprise
+      - online
+  permission:
+    type: "string"
+    description: "The permission to grant the team on this repository. In addition to the enumerated values, you can also specify a custom repository role name, if the owning organization has defined any. If no permission is specified, the team's permission attribute will be used to determine what permission to grant the team on this repository."
+    enum:
+      - "pull"
+      - "push"
+      - "admin"
+      - "maintain"
+      - "triage"
+    default: "pull"

actions/check_team_permissions_for_repository.py

@@ -0,0 +1,35 @@
+from lib.base import BaseGithubAction
+
+__all__ = [
+    'CheckTeamPermissionsForRepository'
+]
+
+
+class CheckTeamPermissionsForRepository(BaseGithubAction):
+    def run(self, api_user, org, team_slug, owner, repo, github_type):
+
+        enterprise = self._is_enterprise(github_type)
+
+        if api_user:
+            self.token = self._get_user_token(api_user, enterprise)
+
+        try:
+            self._request("GET",
+                          "/orgs/{}/teams/{}/repos/{}/{}".format(org, team_slug, owner, repo),
+                          {},
+                          self.token,
+                          enterprise)
+
+            results = {
+                'response': "The team {} has access to the repository {}".format(team_slug, repo)
+            }
+        except OSError as err:
+            raise err
+        except ValueError as err:
+            raise err
+        except Exception as err:
+            if str(err).find("404"):
+                results = {'response': "The team doesn't have access to the repository or was not found"}
+            else:
+                raise err
+        return results