Migrate GitHub OAuth App to GitHub App

readthedocs/allauth/providers/githubapp/provider.py

@@ -0,0 +1,12 @@
+from allauth.socialaccount.providers.github.provider import GitHubProvider
+
+from readthedocs.allauth.providers.githubapp.views import GitHubAppOAuth2Adapter
+
+
+class GitHubAppProvider(GitHubProvider):
+    id = "githubapp"
+    name = "GitHub App"
+    oauth2_adapter_class = GitHubAppOAuth2Adapter
+
+
+provider_classes = [GitHubAppProvider]

readthedocs/allauth/providers/githubapp/urls.py

@@ -0,0 +1,5 @@
+from allauth.socialaccount.providers.oauth2.urls import default_urlpatterns
+
+from readthedocs.allauth.providers.githubapp.provider import GitHubAppProvider
+
+urlpatterns = default_urlpatterns(GitHubAppProvider)

readthedocs/allauth/providers/githubapp/views.py

@@ -0,0 +1,13 @@
+from allauth.socialaccount.providers.github.views import GitHubOAuth2Adapter
+from allauth.socialaccount.providers.oauth2.views import (
+    OAuth2CallbackView,
+    OAuth2LoginView,
+)
+
+
+class GitHubAppOAuth2Adapter(GitHubOAuth2Adapter):
+    provider_id = "githubapp"
+
+
+oauth2_login = OAuth2LoginView.adapter_view(GitHubAppOAuth2Adapter)
+oauth2_callback = OAuth2CallbackView.adapter_view(GitHubAppOAuth2Adapter)

readthedocs/core/adapters.py

@@ -3,8 +3,11 @@
 import structlog
 from allauth.account.adapter import DefaultAccountAdapter
 from allauth.socialaccount.adapter import DefaultSocialAccountAdapter
+from allauth.socialaccount.models import SocialAccount
+from allauth.socialaccount.providers.github.provider import GitHubProvider
 from django.utils.encoding import force_str
 
+from readthedocs.allauth.providers.githubapp.provider import GitHubAppProvider
 from readthedocs.core.utils import send_email_from_object
 from readthedocs.invitations.models import Invitation
 
@@ -65,3 +68,12 @@ def pre_social_login(self, request, sociallogin):
         sociallogin.email_addresses = [
             email for email in sociallogin.email_addresses if email.primary
         ]
+
+        provider = sociallogin.account.get_provider()
+        if provider.id == GitHubAppProvider.id and not sociallogin.is_existing:
+            social_account = SocialAccount.objects.filter(
+                provider=GitHubProvider.id,
+                uid=sociallogin.account.uid,
+            ).first()
+            if social_account:
+                sociallogin.connect(request, social_account.user)

readthedocs/core/views/hooks.py

@@ -15,7 +15,7 @@
 log = structlog.get_logger(__name__)
 
 
-def _build_version(project, slug, already_built=()):
+def _build_version(project, version):
     """
     Where we actually trigger builds for a project and slug.
 
@@ -27,24 +27,27 @@ def _build_version(project, slug, already_built=()):
     # Previously we were building the latest version (inactive or active)
     # when building the default version,
     # some users may have relied on this to update the version list #4450
-    version = project.versions.filter(active=True, slug=slug).first()
-    if version and slug not in already_built:
+    if version.active:
         log.info(
             "Building.",
             project_slug=project.slug,
             version_slug=version.slug,
         )
         trigger_build(project=project, version=version)
-        return slug
+        return version.slug
 
-    log.info("Not building.", version_slug=slug)
+    log.info("Not building.", version_slug=version.slug)
     return None
 
 
 def build_branches(project, branch_list):
     """
     Build the branches for a specific project.
 
+    .. warning::
+
+       Deprecated, use ``build_versions_from_names`` instead.
+
     Returns:
         to_build - a list of branches that were built
         not_building - a list of branches that we won't build
@@ -59,14 +62,43 @@ def build_branches(project, branch_list):
                 project_slug=project.slug,
                 version_slug=version.slug,
             )
-            ret = _build_version(project, version.slug, already_built=to_build)
+            if version.slug in to_build:
+                continue
+            ret = _build_version(project, version)
             if ret:
                 to_build.add(ret)
             else:
                 not_building.add(version.slug)
     return (to_build, not_building)
 
 
+def build_versions_from_names(project, version_names: list[tuple[str, str]]):
+    """
+    Build the branches or tags from the project.
+
+    :param project: Project instance
+    :param version_names: A list of tuples with the version name and type.
+    :returns: A tuple with the versions that were built and the versions that were not built.
+    """
+    to_build = set()
+    not_building = set()
+    for version_name, version_type in version_names:
+        for version in project.versions_from_name(version_name, version_type):
+            log.debug(
+                "Processing.",
+                project_slug=project.slug,
+                version_slug=version.slug,
+            )
+            if version.slug in to_build:
+                continue
+            triggered = _build_version(project, version)
+            if triggered:
+                to_build.add(triggered)
+            else:
+                not_building.add(version.slug)
+    return to_build, not_building
+
+
 def trigger_sync_versions(project):
     """
     Sync the versions of a repo using its latest version.

readthedocs/oauth/admin.py

@@ -3,12 +3,15 @@
 from django.contrib import admin
 
 from .models import (
+    GitHubAppInstallation,
     RemoteOrganization,
     RemoteOrganizationRelation,
     RemoteRepository,
     RemoteRepositoryRelation,
 )
 
+admin.site.register(GitHubAppInstallation)
+
 
 @admin.register(RemoteRepository)
 class RemoteRepositoryAdmin(admin.ModelAdmin):

readthedocs/oauth/migrations/0017_githubapp.py

@@ -0,0 +1,39 @@
+# Generated by Django 4.2.18 on 2025-02-03 21:58
+from django_safemigrate import Safe
+
+from django.db import migrations, models
+import django.db.models.deletion
+import django_extensions.db.fields
+
+
+class Migration(migrations.Migration):
+
+    safe = Safe.before_deploy
+
+    dependencies = [
+        ('oauth', '0016_deprecate_old_vcs'),
+    ]
+
+    operations = [
+        migrations.CreateModel(
+            name='GitHubAppInstallation',
+            fields=[
+                ('id', models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
+                ('created', django_extensions.db.fields.CreationDateTimeField(auto_now_add=True, verbose_name='created')),
+                ('modified', django_extensions.db.fields.ModificationDateTimeField(auto_now=True, verbose_name='modified')),
+                ('installation_id', models.PositiveBigIntegerField(db_index=True, help_text='The application installation ID', unique=True)),
+                ('target_id', models.PositiveBigIntegerField(help_text='A GitHub account ID, it can be from a user or an organization')),
+                ('target_type', models.CharField(choices=[('User', 'User'), ('Organization', 'Organization')], help_text='Account type that the target_id belongs to (user or organization)', max_length=255)),
+                ('extra_data', models.JSONField(default=dict, help_text='Extra data returned by the webhook when the installation is created')),
+            ],
+            options={
+                'get_latest_by': 'modified',
+                'abstract': False,
+            },
+        ),
+        migrations.AddField(
+            model_name='remoterepository',
+            name='github_app_installation',
+            field=models.ForeignKey(blank=True, null=True, on_delete=django.db.models.deletion.SET_NULL, related_name='repositories', to='oauth.githubappinstallation', verbose_name='GitHub App Installation'),
+        ),
+    ]

readthedocs/oauth/models.py

@@ -1,5 +1,7 @@
 """OAuth service models."""
 
+from functools import cached_property
+
 from allauth.socialaccount.models import SocialAccount
 from django.contrib.auth.models import User
 from django.core.validators import URLValidator
@@ -15,8 +17,46 @@
 from .querysets import RemoteOrganizationQuerySet, RemoteRepositoryQuerySet
 
 
-class RemoteOrganization(TimeStampedModel):
+class GitHubAccountType(models.TextChoices):
+    USER = "User", _("User")
+    ORGANIZATION = "Organization", _("Organization")
+
+
+class GitHubAppInstallation(TimeStampedModel):
+    installation_id = models.PositiveBigIntegerField(
+        help_text=_("The application installation ID"),
+        unique=True,
+        db_index=True,
+    )
+    target_id = models.PositiveBigIntegerField(
+        help_text=_("A GitHub account ID, it can be from a user or an organization"),
+    )
+    target_type = models.CharField(
+        help_text=_(
+            "Account type that the target_id belongs to (user or organization)"
+        ),
+        choices=GitHubAccountType.choices,
+        max_length=255,
+    )
+    extra_data = models.JSONField(
+        help_text=_(
+            "Extra data returned by the webhook when the installation is created"
+        ),
+        default=dict,
+    )
+
+    class Meta(TimeStampedModel.Meta):
+        pass
 
+    @cached_property
+    def service(self):
+        """Return the service for this installation."""
+        from readthedocs.oauth.services.githubapp import GitHubAppService
+
+        return GitHubAppService(self)
+
+
+class RemoteOrganization(TimeStampedModel):
     """
     Organization from remote service.
 
@@ -98,7 +138,6 @@ class Meta:
 
 
 class RemoteRepository(TimeStampedModel):
-
     """
     Remote importable repositories.
 
@@ -174,6 +213,20 @@ class RemoteRepository(TimeStampedModel):
         _("VCS provider"), choices=VCS_PROVIDER_CHOICES, max_length=32
     )
 
+    github_app_installation = models.ForeignKey(
+        GitHubAppInstallation,
+        verbose_name=_("GitHub App Installation"),
+        related_name="repositories",
+        null=True,
+        blank=True,
+        # Delete the repository if the installation is deleted?
+        # or keep the repository and just remove the installation?
+        # I think we should keep the repository, but only if it's linked to a project,
+        # since a user could re-install the app, they shouldn't need to
+        # manually link each project to the repository again.
+        on_delete=models.SET_NULL,
+    )
+
     objects = RemoteRepositoryQuerySet.as_manager()
 
     class Meta: