Add support for interacting with repositories by id. #1120
Comments
|
Some initial thoughts:
This should be covered by the API supporting redirects which Octokit now follows correctly.
I'd love to hear more about this scenario and what you're looking to build here. With most of our operations (whether returning a task or an observable) we're interested in getting the data as soon as possible. If that scenario isn't suitable for your use case, perhaps there's something we can be doing in Octokit to address this. |
|
Unfortunately, I am pretty sure that repository redirects can be subverted by new repositories and new users. If I create To make matters worse, in the case of a name change a malicious user can actually mount an attack. Lets say See: https://help.github.com/articles/what-happens-when-i-change-my-username/ You are right, the As for what I am doing in my project, I am maniuplating repository objects via the GitHub API, primarily because library support for the GitHub API is superior to library support for the git protocol (which is a separate can of worms). In this case, interacting with a git repository via Octokit from an application is significantly easier than trying to use something like libgit2 (or any of the wrappers around it), especially when you want to work with the repository in-memory (not clone to disk). The most important bit for my scenario is that I am saving repository references in my own database for extended periods of time that would make my application susceptible to the above type of attack. At the least, I would need to save the Perhaps as a middle-ground, there could be a single method in Octokit that allows me to resolve an |
|
@Zoltu thanks for the extra information - and yes, there are certainly ways to subvert the process. I had a chat with one of the API team just now and he told me that we intend to support |
|
I've opened this up as a potential GSoC activity over in github/mentorships#112 |
|
Hi @shiftkey, |
|
@heshuimu have a look at our documentation - http://octokitnet.readthedocs.org/ - it's not 100% covered, but will give you an idea of the basics. Also, the open pull requests for the repository will give you an idea of what's in flight and how we work... |
|
@shiftkey Thank you sir! I appreciate it! |
|
Hello. |
|
Hello, @shiftkey! I want to implement this idea during GSoC 2016. I know that application period starting since 15 March and I will send my proposal after this date with usage of application form, but I have done some investigation of this task right now. I think that we could create overloaded method that use repository Id as main parameter for each method that use owner and repo name as their parameters. This is @Zoltu example: public interface IBlobsClient
{
Task<BlobReference> Create(String owner, String name, NewBlob newBlob);
Task<BlobReference> Create(String id, NewBlob newBlob);
Task<Blob> Get(String owner, String name, String reference);
Task<Blob> Get(String id, String reference);
}I found about 29 client interfaces in Octokit project that use owner and name of repository parameters, so we could create overload for each of theirs methods (I have counted about 175 methods in these interfaces). So, my proposal is create overload for each method that use owner and name parameters now and create test case for each of them. |
|
@dampir that all sounds reasonable |
|
👍 |
for GSoC 2016: Add support for interacting with repositories by id. octokit#1120 example
|
This post describes the work I've done for the GSoC 2016. Here are presented all PRs that I've created in order to add support into Octokit.NET for lookup by repository Id throughout GitHub APIs. I'm going to send the link to this post as work product submission for final evaluation of GSoC 2016. Here are additional links:
I want to say big thank you for all people that help me during GSoC period, especially for my mentor @shiftkey. 👍 🙏 Also I want to say big thank you for @ryangribble for help in review and merge of so big amount of PRs. 👍 🙏 Full list of clients that were changed during GSoC 2016:
|
|
This will be available in Octokit 0.21 which is almost ready to 🚢 |
nickfloyd
added
Type: Feature
and others
All of the commands that work with
https://api.github.com/repos/:owner/:repo/also work withhttps://api.github.com/repositories/:id/. If one desires to build an application that is resilient to change (e.g., repositories changing names, changing owners, owners changing name, etc.) then the application should be built against therepositoriesAPI rather than thereposAPI. Unfortunately, it appears that this library only supports thereposAPI.An application can be mostly resilient against change by saving the ID long term and then using the
repositoriesAPI to convert it to anowner/reporight before making the API calls they really want. This is still not great though as it can race and lead to very unexpected behavior if you are in the middle of a complex transaction (spanning multiple API calls) when the repository moves out from under you.Please add support for making API calls via ID rather than owner/repo so developers can avoid unexpected behavior.
Example:
Even better would be to abstract out the concept into a
Repoobject of some kind that can either be an ID or an owner/name. That way the public surface area doesn't need to be twice as big. However, deleting the old methods would be a breaking change and require a major version bump.The text was updated successfully, but these errors were encountered: