From 52c3d5f21e39c2efeeea842af166a38737332c22 Mon Sep 17 00:00:00 2001 From: per1234 Date: Tue, 23 Jan 2024 16:01:07 -0800 Subject: [PATCH 1/3] Add "Accept" header to GitHub API HTTP requests Providing this header is recommended by the GitHub REST API documentation. --- reportsizedeltas/reportsizedeltas.py | 8 ++++++-- reportsizedeltas/tests/test_reportsizedeltas.py | 8 +++++++- 2 files changed, 13 insertions(+), 3 deletions(-) diff --git a/reportsizedeltas/reportsizedeltas.py b/reportsizedeltas/reportsizedeltas.py index 948dfb3..584dd71 100644 --- a/reportsizedeltas/reportsizedeltas.py +++ b/reportsizedeltas/reportsizedeltas.py @@ -625,8 +625,12 @@ def raw_http_request(self, url: str, data: bytes | None = None): logger.info("Opening URL: " + url) - # GitHub recommends using user name as User-Agent (https://developer.github.com/v3/#user-agent-required) - headers = {"Authorization": "token " + self.token, "User-Agent": self.repository_name.split("/")[0]} + headers = { + "Accept": "application/vnd.github+json", + "Authorization": "token " + self.token, + # GitHub recommends using user name as User-Agent (https://developer.github.com/v3/#user-agent-required) + "User-Agent": self.repository_name.split("/")[0], + } request = urllib.request.Request(url=url, headers=headers, data=data) retry_count = 0 diff --git a/reportsizedeltas/tests/test_reportsizedeltas.py b/reportsizedeltas/tests/test_reportsizedeltas.py index f56a387..25e04a5 100644 --- a/reportsizedeltas/tests/test_reportsizedeltas.py +++ b/reportsizedeltas/tests/test_reportsizedeltas.py @@ -888,7 +888,13 @@ def test_raw_http_request(mocker): report_size_deltas.raw_http_request(url=url, data=data) urllib.request.Request.assert_called_once_with( - url=url, headers={"Authorization": "token " + token, "User-Agent": user_name}, data=data + url=url, + headers={ + "Accept": "application/vnd.github+json", + "Authorization": "token " + token, + "User-Agent": user_name, + }, + data=data, ) # URL is subject to GitHub API rate limiting report_size_deltas.handle_rate_limiting.assert_called_once() From 272dfead7e0b3f12ff7ba2b067b8df743257f45f Mon Sep 17 00:00:00 2001 From: per1234 Date: Tue, 23 Jan 2024 16:02:37 -0800 Subject: [PATCH 2/3] Use recommended form for "Authorization" header in GitHub API requests The previous "token" format works fine, but the "Bearer" format is the one used in the snippets in the GitHub REST API documentation so this format makes the code easier to understand. --- reportsizedeltas/reportsizedeltas.py | 2 +- reportsizedeltas/tests/test_reportsizedeltas.py | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/reportsizedeltas/reportsizedeltas.py b/reportsizedeltas/reportsizedeltas.py index 584dd71..b1639c4 100644 --- a/reportsizedeltas/reportsizedeltas.py +++ b/reportsizedeltas/reportsizedeltas.py @@ -627,7 +627,7 @@ def raw_http_request(self, url: str, data: bytes | None = None): headers = { "Accept": "application/vnd.github+json", - "Authorization": "token " + self.token, + "Authorization": "Bearer " + self.token, # GitHub recommends using user name as User-Agent (https://developer.github.com/v3/#user-agent-required) "User-Agent": self.repository_name.split("/")[0], } diff --git a/reportsizedeltas/tests/test_reportsizedeltas.py b/reportsizedeltas/tests/test_reportsizedeltas.py index 25e04a5..1f17e29 100644 --- a/reportsizedeltas/tests/test_reportsizedeltas.py +++ b/reportsizedeltas/tests/test_reportsizedeltas.py @@ -891,7 +891,7 @@ def test_raw_http_request(mocker): url=url, headers={ "Accept": "application/vnd.github+json", - "Authorization": "token " + token, + "Authorization": "Bearer " + token, "User-Agent": user_name, }, data=data, From 01f58115b43e56d6856eb38b84eb3533eeecd2af Mon Sep 17 00:00:00 2001 From: per1234 Date: Tue, 23 Jan 2024 16:04:21 -0800 Subject: [PATCH 3/3] Pin GitHub REST API version in requests Previously, the requests would use whatever version of the API is current, exposing the action to immediate breakage if GitHub released a new version of the REST API with relevant changes. GitHub provides the previous API for a minimum of 24 months after a new version is released, so pinning the REST API version used by the action via the `X-GitHub-Api-Version` HTTP header improves the stability of the action and allows the project maintainer to make a controlled migration to the new API version. --- reportsizedeltas/reportsizedeltas.py | 1 + reportsizedeltas/tests/test_reportsizedeltas.py | 1 + 2 files changed, 2 insertions(+) diff --git a/reportsizedeltas/reportsizedeltas.py b/reportsizedeltas/reportsizedeltas.py index b1639c4..8c6e448 100644 --- a/reportsizedeltas/reportsizedeltas.py +++ b/reportsizedeltas/reportsizedeltas.py @@ -630,6 +630,7 @@ def raw_http_request(self, url: str, data: bytes | None = None): "Authorization": "Bearer " + self.token, # GitHub recommends using user name as User-Agent (https://developer.github.com/v3/#user-agent-required) "User-Agent": self.repository_name.split("/")[0], + "X-GitHub-Api-Version": "2022-11-28", } request = urllib.request.Request(url=url, headers=headers, data=data) diff --git a/reportsizedeltas/tests/test_reportsizedeltas.py b/reportsizedeltas/tests/test_reportsizedeltas.py index 1f17e29..454f7a3 100644 --- a/reportsizedeltas/tests/test_reportsizedeltas.py +++ b/reportsizedeltas/tests/test_reportsizedeltas.py @@ -893,6 +893,7 @@ def test_raw_http_request(mocker): "Accept": "application/vnd.github+json", "Authorization": "Bearer " + token, "User-Agent": user_name, + "X-GitHub-Api-Version": "2022-11-28", }, data=data, )