Merge branch 'master' into bugfix/git-data-client-update-ref-force

Author: ckolek-figs

pom.xml

@@ -3,7 +3,7 @@
     <modelVersion>4.0.0</modelVersion>
     <name>github-java-client</name>
     <artifactId>github-client</artifactId>
-    <version>0.5.3-SNAPSHOT</version>
+    <version>0.5.6-SNAPSHOT</version>
 
     <parent>
         <groupId>com.spotify</groupId>
@@ -67,7 +67,7 @@
     <properties>
         <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
         <project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
-        <project.build.outputTimestamp>1764581460</project.build.outputTimestamp>
+        <project.build.outputTimestamp>1765470064</project.build.outputTimestamp>
         <spotbugs.excludeFilterFile>spotbugsexclude.xml</spotbugs.excludeFilterFile>
         <checkstyle.violationSeverity>error</checkstyle.violationSeverity>
         <checkstyle.config.location>checkstyle.xml</checkstyle.config.location>
@@ -85,7 +85,7 @@
         <objenesis.version>3.3</objenesis.version>
         <opencensus.version>0.31.1</opencensus.version>
         <okhttp.version>4.11.0</okhttp.version>
-        <opentelemetry.version>1.42.1</opentelemetry.version>
+        <opentelemetry.version>1.51.0</opentelemetry.version>
     </properties>
 
     <dependencyManagement>

src/main/java/com/spotify/github/v3/activity/events/EventType.java

@@ -0,0 +1,94 @@
+/*-
+ * -\-\-
+ * github-api
+ * --
+ * Copyright (C) 2016 - 2020 Spotify AB
+ * --
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ * 
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * -/-/-
+ */
+
+package com.spotify.github.v3.activity.events;
+
+public enum EventType {
+  BRANCH_PROTECTION_RULE,
+  CHECK_RUN,
+  CHECK_SUITE,
+  CODE_SCANNING_ALERT,
+  COMMIT_COMMENT,
+  CONTENT_REFERENCE,
+  CREATE,
+  DELETE,
+  DEPLOY_KEY,
+  DEPLOYMENT,
+  DEPLOYMENT_STATUS,
+  DISCUSSION,
+  DISCUSSION_COMMENT,
+  DOWNLOAD,
+  FOLLOW,
+  FORK,
+  FORK_APPLY,
+  GITHUB_APP_AUTHORIZATION,
+  GIST,
+  GOLLUM,
+  INSTALLATION,
+  INSTALLATION_REPOSITORIES,
+  INTEGRATION_INSTALLATION_REPOSITORIES,
+  ISSUE_COMMENT,
+  ISSUES,
+  LABEL,
+  MARKETPLACE_PURCHASE,
+  MEMBER,
+  MEMBERSHIP,
+  MERGE_QUEUE_ENTRY,
+  MERGE_GROUP,
+  META,
+  MILESTONE,
+  ORGANIZATION,
+  ORG_BLOCK,
+  PACKAGE,
+  PAGE_BUILD,
+  PROJECT_CARD,
+  PROJECT_COLUMN,
+  PROJECT,
+  PING,
+  PUBLIC,
+  PULL_REQUEST,
+  PULL_REQUEST_REVIEW,
+  PULL_REQUEST_REVIEW_COMMENT,
+  PULL_REQUEST_REVIEW_THREAD,
+  PUSH,
+  REGISTRY_PACKAGE,
+  RELEASE,
+  REPOSITORY_DISPATCH,
+  REPOSITORY,
+  REPOSITORY_IMPORT,
+  REPOSITORY_VULNERABILITY_ALERT,
+  SCHEDULE,
+  SECURITY_ADVISORY,
+  STAR,
+  STATUS,
+  TEAM,
+  TEAM_ADD,
+  WATCH,
+  WORKFLOW_JOB,
+  WORKFLOW_DISPATCH,
+  WORKFLOW_RUN,
+  UNKNOWN,
+  ALL;
+
+  @Override
+  public String toString() {
+    return this.name().toLowerCase();
+  }
+}

src/main/java/com/spotify/github/v3/apps/requests/AccessTokenRequest.java

@@ -0,0 +1,53 @@
+/*-
+ * -\-\-
+ * github-api
+ * --
+ * Copyright (C) 2016 - 2020 Spotify AB
+ * --
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * -/-/-
+ */
+package com.spotify.github.v3.apps.requests;
+
+import com.fasterxml.jackson.annotation.JsonInclude;
+import com.fasterxml.jackson.annotation.JsonProperty;
+import com.fasterxml.jackson.databind.annotation.JsonDeserialize;
+import com.fasterxml.jackson.databind.annotation.JsonSerialize;
+import com.spotify.github.GithubStyle;
+import java.util.List;
+import java.util.Optional;
+import org.immutables.value.Value;
+
+/** Request to create an installation access token with repository scoping. */
+@Value.Immutable
+@GithubStyle
+@JsonSerialize(as = ImmutableAccessTokenRequest.class)
+@JsonDeserialize(as = ImmutableAccessTokenRequest.class)
+@JsonInclude(JsonInclude.Include.NON_EMPTY)
+public interface AccessTokenRequest {
+
+  /**
+   * List of repository names that the token should be scoped to.
+   *
+   * @return list of repository names
+   */
+  Optional<List<String>> repositories();
+
+  /**
+   * List of repository IDs that the token should be scoped to.
+   *
+   * @return list of repository IDs
+   */
+  @JsonProperty("repository_ids")
+  Optional<List<Integer>> repositoryIds();
+}

src/main/java/com/spotify/github/v3/clients/GithubAppClient.java

@@ -23,6 +23,7 @@
 import com.fasterxml.jackson.core.type.TypeReference;
 import com.google.common.collect.ImmutableMap;
 import com.spotify.github.v3.apps.InstallationRepositoriesResponse;
+import com.spotify.github.v3.apps.requests.AccessTokenRequest;
 import com.spotify.github.v3.checks.AccessToken;
 import com.spotify.github.v3.checks.App;
 import com.spotify.github.v3.checks.Installation;
@@ -155,12 +156,28 @@ public CompletableFuture<Installation> getUserInstallation() {
    * Authenticates as an installation
    *
    * @return an Installation Token
+   * @see #getAccessToken(Integer, AccessTokenRequest) for repository-scoped tokens
    */
   public CompletableFuture<AccessToken> getAccessToken(final Integer installationId) {
     final String path = String.format(GET_ACCESS_TOKEN_URL, installationId);
     return github.post(path, "", AccessToken.class, extraHeaders);
   }
 
+  /**
+   * Authenticates as an installation with repository scoping.
+   *
+   * @param installationId the installation ID
+   * @param request the access token request with optional repository scoping
+   * @return an Installation Token
+   * @see "https://docs.github.com/en/rest/apps/apps#create-an-installation-access-token-for-an-app"
+   */
+  public CompletableFuture<AccessToken> getAccessToken(
+      final Integer installationId,
+      final AccessTokenRequest request) {
+    final String path = String.format(GET_ACCESS_TOKEN_URL, installationId);
+    return github.post(path, github.json().toJsonUnchecked(request), AccessToken.class, extraHeaders);
+  }
+
   /**
    * Lists the repositories that an app installation can access.
    *

src/test/java/com/spotify/github/v3/clients/GithubAppClientTest.java

@@ -24,12 +24,16 @@
 import static java.nio.charset.Charset.defaultCharset;
 import static org.hamcrest.MatcherAssert.assertThat;
 import static org.hamcrest.Matchers.containsInAnyOrder;
+import static org.hamcrest.Matchers.containsString;
 import static org.hamcrest.core.Is.is;
 
 import com.fasterxml.jackson.databind.ObjectMapper;
 import com.google.common.io.Resources;
 import com.spotify.github.FixtureHelper;
 import com.spotify.github.v3.apps.InstallationRepositoriesResponse;
+import com.spotify.github.v3.apps.requests.AccessTokenRequest;
+import com.spotify.github.v3.apps.requests.ImmutableAccessTokenRequest;
+import com.spotify.github.v3.checks.AccessToken;
 import com.spotify.github.v3.checks.App;
 import com.spotify.github.v3.checks.Installation;
 import java.io.File;
@@ -182,4 +186,68 @@ public void getAuthenticatedApp() throws Exception {
         recordedRequest.getHeaders().values("Authorization").get(0).startsWith("Bearer "),
         is(true));
   }
+
+  @Test
+  public void getAccessTokenWithoutScoping() throws Exception {
+    mockServer.enqueue(
+        new MockResponse()
+            .setResponseCode(201)
+            .setBody(FixtureHelper.loadFixture("githubapp/access-token.json")));
+
+    AccessToken token = client.getAccessToken(1234).join();
+
+    assertThat(token.token(), is("ghs_16C7e42F292c6912E7710c838347Ae178B4a"));
+
+    RecordedRequest recordedRequest = mockServer.takeRequest(1, TimeUnit.MILLISECONDS);
+    assertThat(recordedRequest.getMethod(), is("POST"));
+    assertThat(
+        recordedRequest.getRequestUrl().encodedPath(),
+        is("/app/installations/1234/access_tokens"));
+    assertThat(recordedRequest.getBody().readUtf8(), is(""));
+  }
+
+  @Test
+  public void getAccessTokenWithRepositoryScoping() throws Exception {
+    mockServer.enqueue(
+        new MockResponse()
+            .setResponseCode(201)
+            .setBody(FixtureHelper.loadFixture("githubapp/access-token.json")));
+
+    AccessTokenRequest request = ImmutableAccessTokenRequest.builder()
+        .repositories(List.of("Hello-World"))
+        .repositoryIds(List.of(1))
+        .build();
+
+    AccessToken token = client.getAccessToken(1234, request).join();
+
+    assertThat(token.token(), is("ghs_16C7e42F292c6912E7710c838347Ae178B4a"));
+
+    RecordedRequest recordedRequest = mockServer.takeRequest(1, TimeUnit.MILLISECONDS);
+    assertThat(recordedRequest.getMethod(), is("POST"));
+    assertThat(
+        recordedRequest.getRequestUrl().encodedPath(),
+        is("/app/installations/1234/access_tokens"));
+
+    String requestBody = recordedRequest.getBody().readUtf8();
+    assertThat(requestBody, containsString("\"repositories\":[\"Hello-World\"]"));
+    assertThat(requestBody, containsString("\"repository_ids\":[1]"));
+  }
+
+  @Test
+  public void getAccessTokenWithEmptyRequest() throws Exception {
+    mockServer.enqueue(
+        new MockResponse()
+            .setResponseCode(201)
+            .setBody(FixtureHelper.loadFixture("githubapp/access-token.json")));
+
+    AccessTokenRequest emptyRequest = ImmutableAccessTokenRequest.builder().build();
+
+    AccessToken token = client.getAccessToken(1234, emptyRequest).join();
+
+    assertThat(token.token(), is("ghs_16C7e42F292c6912E7710c838347Ae178B4a"));
+
+    RecordedRequest recordedRequest = mockServer.takeRequest(1, TimeUnit.MILLISECONDS);
+    String requestBody = recordedRequest.getBody().readUtf8();
+    assertThat(requestBody, is("{}"));
+  }
 }

src/test/resources/com/spotify/github/v3/githubapp/access-token.json

@@ -0,0 +1,4 @@
+{
+  "token": "ghs_16C7e42F292c6912E7710c838347Ae178B4a",
+  "expires_at": "2024-08-10T05:54:58Z"
+}