github

package
v0.13.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 7, 2025 License: MIT Imports: 18 Imported by: 0

Documentation

Overview

Package github provides GitHub API client with App authentication. handles JWT generation, installation token management, and automatic token refresh.

Package github provides PR compliance checking against branch protection rules.

Package github provides GitHub team management and membership sync.

Package github provides webhook event parsing and signature validation.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func ValidateWebhookSignature 

func ValidateWebhookSignature(payload []byte, signature string, secret string) error

ValidateWebhookSignature verifies HMAC-SHA256 webhook signature. returns error if signature is invalid or missing when required.

Types

type Client 

type Client struct {
	// contains filtered or unexported fields
}

Client wraps the GitHub API client with App authentication. automatically refreshes installation tokens before expiry.

func NewAppClient 

func NewAppClient(appID, installationID int64, privateKeyPEM []byte, org string) (*Client, error)

NewAppClient creates a GitHub App client with default base URL.

func NewAppClientWithBaseURL 

func NewAppClientWithBaseURL(appID, installationID int64, privateKeyPEM []byte, org, baseURL string) (*Client, error)

NewAppClientWithBaseURL creates a GitHub App client with custom base URL. supports GitHub Enterprise Server instances.

func (*Client) CheckPRCompliance 

func (c *Client) CheckPRCompliance(ctx context.Context, owner, repo string, prNumber int) (*PRComplianceResult, error)

CheckPRCompliance verifies if a merged PR met branch protection requirements. checks review requirements, status checks, and user bypass permissions.

func (*Client) Do 

func (c *Client) Do(ctx context.Context, req *http.Request) (*http.Response, error)

Do executes an HTTP request with authentication. ensures token is valid before executing request.

func (*Client) GetAppSlug 

func (c *Client) GetAppSlug(ctx context.Context) (string, error)

GetAppSlug fetches the GitHub App slug identifier. used to detect changes made by the app itself. requires JWT authentication (not installation token).

func (*Client) GetClient 

func (c *Client) GetClient() *github.Client

GetClient returns the underlying go-github client.

func (*Client) GetOrCreateTeam 

func (c *Client) GetOrCreateTeam(ctx context.Context, teamName, privacy string) (*github.Team, error)

GetOrCreateTeam fetches an existing team by slug or creates it if missing.

func (*Client) GetOrg 

func (c *Client) GetOrg() string

GetOrg returns the GitHub organization name.

func (*Client) GetTeamMembers 

func (c *Client) GetTeamMembers(ctx context.Context, teamSlug string) ([]string, error)

GetTeamMembers returns GitHub usernames of all team members.

func (*Client) IsExternalCollaborator 

func (c *Client) IsExternalCollaborator(ctx context.Context, username string) (bool, error)

IsExternalCollaborator checks if a user is an outside collaborator rather than an organization member. returns true if user is not a full org member.

func (*Client) ListOrgMembers 

func (c *Client) ListOrgMembers(ctx context.Context) ([]string, error)

ListOrgMembers returns all organization members excluding external collaborators.

func (*Client) SyncTeamMembers 

func (c *Client) SyncTeamMembers(ctx context.Context, teamSlug string, desiredMembers []string, safetyThreshold float64) (*TeamSyncResult, error)

SyncTeamMembers adds and removes members to match desired state. collects errors for individual operations but continues processing. skips removal of external collaborators (outside org members). applies safety threshold to prevent mass removal during outages.

type ComplianceViolation 

type ComplianceViolation struct {
	Type        string
	Description string
}

ComplianceViolation represents a single branch protection rule violation.

type MembershipEvent 

type MembershipEvent struct {
	Action       string               `json:"action"`
	Scope        string               `json:"scope"`
	Member       *github.User         `json:"member"`
	Team         *github.Team         `json:"team"`
	Organization *github.Organization `json:"organization"`
	Sender       *github.User         `json:"sender"`
	Installation *github.Installation `json:"installation"`
}

MembershipEvent represents a GitHub membership webhook payload.

func ParseMembershipEvent 

func ParseMembershipEvent(payload []byte) (*MembershipEvent, error)

ParseMembershipEvent unmarshals and validates a membership webhook.

func (*MembershipEvent) GetInstallationID 

func (e *MembershipEvent) GetInstallationID() int64

GetInstallationID returns the GitHub App installation ID.

func (*MembershipEvent) GetSenderLogin 

func (e *MembershipEvent) GetSenderLogin() string

GetSenderLogin returns the username of the user who triggered the event.

func (*MembershipEvent) GetSenderType 

func (e *MembershipEvent) GetSenderType() string

GetSenderType returns the sender's type (User or Bot).

func (*MembershipEvent) GetTeamSlug 

func (e *MembershipEvent) GetTeamSlug() string

GetTeamSlug returns the team's URL-friendly identifier.

func (*MembershipEvent) IsTeamScope 

func (e *MembershipEvent) IsTeamScope() bool

IsTeamScope returns true if the membership event is for a team.

type PRComplianceResult 

type PRComplianceResult struct {
	PR               *github.PullRequest
	BaseBranch       string
	Protection       *github.Protection
	BranchRules      *github.BranchRules
	Violations       []ComplianceViolation
	UserHasBypass    bool
	UserBypassReason string
}

PRComplianceResult contains PR compliance check results including violations and user bypass permissions.

func (*PRComplianceResult) HasViolations 

func (r *PRComplianceResult) HasViolations() bool

HasViolations returns true if any compliance violations were detected.

func (*PRComplianceResult) WasBypassed 

func (r *PRComplianceResult) WasBypassed() bool

WasBypassed returns true if violations exist and user had bypass permission.

type PullRequestEvent 

type PullRequestEvent struct {
	Action       string               `json:"action"`
	Number       int                  `json:"number"`
	PullRequest  *github.PullRequest  `json:"pull_request"`
	Repository   *github.Repository   `json:"repository"`
	Sender       *github.User         `json:"sender"`
	Installation *github.Installation `json:"installation"`
}

PullRequestEvent represents a GitHub pull_request webhook payload.

func ParsePullRequestEvent 

func ParsePullRequestEvent(payload []byte) (*PullRequestEvent, error)

ParsePullRequestEvent unmarshals and validates a pull_request webhook. returns error if required fields are missing.

func (*PullRequestEvent) GetBaseBranch 

func (e *PullRequestEvent) GetBaseBranch() string

GetBaseBranch returns the target branch name.

func (*PullRequestEvent) GetInstallationID 

func (e *PullRequestEvent) GetInstallationID() int64

GetInstallationID returns the GitHub App installation ID.

func (*PullRequestEvent) GetRepoFullName 

func (e *PullRequestEvent) GetRepoFullName() string

GetRepoFullName returns the repository in owner/name format.

func (*PullRequestEvent) GetRepoName 

func (e *PullRequestEvent) GetRepoName() string

GetRepoName returns the repository name without owner.

func (*PullRequestEvent) GetRepoOwner 

func (e *PullRequestEvent) GetRepoOwner() string

GetRepoOwner returns the repository owner login.

func (*PullRequestEvent) IsMerged 

func (e *PullRequestEvent) IsMerged() bool

IsMerged returns true if the PR was closed via merge.

type TeamChangeDetail 

type TeamChangeDetail struct {
	From string `json:"from"`
}

TeamChangeDetail contains the previous value before a change.

type TeamChanges 

type TeamChanges struct {
	Name        *TeamChangeDetail `json:"name,omitempty"`
	Description *TeamChangeDetail `json:"description,omitempty"`
	Privacy     *TeamChangeDetail `json:"privacy,omitempty"`
	Repository  *TeamChangeDetail `json:"repository,omitempty"`
}

TeamChanges contains details about what changed in a team event.

type TeamEvent 

type TeamEvent struct {
	Action       string               `json:"action"`
	Team         *github.Team         `json:"team"`
	Changes      *TeamChanges         `json:"changes,omitempty"`
	Repository   *github.Repository   `json:"repository,omitempty"`
	Organization *github.Organization `json:"organization"`
	Sender       *github.User         `json:"sender"`
	Installation *github.Installation `json:"installation"`
}

TeamEvent represents a GitHub team webhook payload.

func ParseTeamEvent 

func ParseTeamEvent(payload []byte) (*TeamEvent, error)

ParseTeamEvent unmarshals and validates a team webhook.

func (*TeamEvent) GetInstallationID 

func (e *TeamEvent) GetInstallationID() int64

GetInstallationID returns the GitHub App installation ID.

func (*TeamEvent) GetSenderLogin 

func (e *TeamEvent) GetSenderLogin() string

GetSenderLogin returns the username of the user who triggered the event.

func (*TeamEvent) GetSenderType 

func (e *TeamEvent) GetSenderType() string

GetSenderType returns the sender's type (User or Bot).

func (*TeamEvent) GetTeamSlug 

func (e *TeamEvent) GetTeamSlug() string

GetTeamSlug returns the team's URL-friendly identifier.

type TeamSyncResult 

type TeamSyncResult struct {
	TeamName               string
	MembersAdded           []string
	MembersRemoved         []string
	MembersSkippedExternal []string
	Errors                 []string
}

TeamSyncResult contains the results of syncing team membership.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.