def put_secret(self, secret_name, secret_value):
"""Add or update one secret to the GitHub repo. """
# Encryption by hand in case the lib gets discontinued: https://gist.github.com/plocket/af03ac9326b2ae6d36c937b125b2ea0a
if value('secret_type_wanted') == 'org':
# PyGithub org secrets still missing: https://github.com/PyGithub/PyGithub/issues/1373#issuecomment-856616652
headers1, data = self.org._requester.requestJsonAndCheck(
"GET", f"{ self.org.url }/actions/secrets/public-key")
public_key = PublicKey.PublicKey(self.org._requester,
headers1,
data,
completed=True)
payload = public_key.encrypt(secret_value)
put_parameters = {
"key_id": public_key.key_id,
"encrypted_value": payload,
"visibility": "all",
}
status, headers, data = self.org._requester.requestJson(
"PUT",
f"{ self.org.url }/actions/secrets/{ secret_name }",
input=put_parameters)
elif value('secret_type_wanted') == 'repo':
# https://pygithub.readthedocs.io/en/latest/github_objects/Repository.html?highlight=secret#github.Repository.Repository.create_secret
self.repo.create_secret(secret_name, secret_value)
return self
def update_github(self):
"""If desired, set repo or org secrets. If desired, add test files to repo."""
if value('secret_type_wanted') == 'org' or value(
'secret_type_wanted') == 'repo':
self.create_secrets()
if value('wants_to_set_up_tests'):
self.make_new_branch()
self.push_files()
self.make_pull_request()
return self
def sum_if_defined(*pargs):
"""Lets you add up the value of variables that are not in a list"""
total = 0
for source in pargs:
if defined(source):
total += value(source)
return total
def use_default(variable, default):
"""Return either the variable value, or a default value, depending on value of global variable
use_default_values"""
if use_default_values:
return default
else:
return value(variable)
def value_if_defined(self) -> Any:
"""
Return the value of the field if it is defined, otherwise return an empty string.
Addendum should never trigger docassemble's variable gathering.
"""
if defined(self.field_name):
return value(self.field_name)
return ""
def sum_if_defined(*pargs):
"""
Return sum of all variables as a comma-separated list. Must put variable names in quotes.
"""
sum = 0
for var in pargs:
if defined(var):
sum += value(var)
return sum
def yes_no_unknown(var_name, condition, unknown="Unknown", placeholder=0):
"""Return 'unknown' if the value is None rather than False. Helper for PDF filling with
yesnomaybe fields"""
if condition:
return value(var_name)
elif condition is None:
return unknown
else:
return placeholder
def has_right_scopes(self, scopes):
"""Make sure the developer gave the token the right scopes"""
# TODO: discuss: Really if just setting repo secrets, only need repo permissions, but do we want to make it that complicated/inconsistent?
if value('secret_type_wanted') == 'org' and value(
'wants_to_set_up_tests'):
has_scopes = "admin:org" in scopes and "workflow" in scopes and "repo" in scopes
elif value('secret_type_wanted'
) == 'org' and not value('wants_to_set_up_tests'):
has_scopes = "admin:org" in scopes
else:
has_scopes = "workflow" in scopes and "repo" in scopes
if not has_scopes:
error = ErrorLikeObject(
message='Incorrect Personal Access Token scopes',
details=self.github_pat_scopes_error)
self.errors.append(error)
return has_scopes
def space(var_name, prefix=" ", suffix=""):
"""If the value as a string is defined, return it prefixed/suffixed. Defaults to prefix
of a space. Helps build a sentence with less cruft. Equivalent to SPACE function in
HotDocs."""
if (var_name and isinstance(var_name, str)
and re.search(r"[A-Za-z][A-Za-z0-9\_]*", var_name)
and defined(var_name) and value(var_name)):
return prefix + showifdef(var_name) + suffix
else:
return ""
def set_github_auth(self):
"""Get and set all the information needed to authorize to
GitHub and handle all possible errors."""
# Start clean. Other errors should have been handled already.
self.errors = []
# Check token credentials
self.github = Github(self.token)
user = self.github.get_user()
try:
self.user_name = user.login
except Exception as error1:
# github.GithubException.BadCredentialsException (401, 403)
log(error1.__dict__, 'console')
self.user_name = ''
error1.data['details'] = self.github_token_error
self.errors.append(error1)
if self.user_name != '':
self.has_right_scopes(self.github.oauth_scopes)
# If wants to do any repo stuff. Also defines self.owner_name if it's not defined already.
if value('secret_type_wanted') == 'repo' or value(
'wants_to_set_up_tests'):
self.repo = self.get_repo(self.repo_url)
if self.repo:
# TODO: Add branch name to confirmation page or final page?
# TODO: Allow user to pick a custom branch name or to push to default branch?
self.branch_name = self.get_free_branch_name()
self.has_correct_permissions()
# Auth for setting org secrets
if (value('secret_type_wanted') == 'org'):
self.org = self.get_org()
if self.org and user:
self.is_valid_org_admin(user, self.org.login)
return self
def rationalize(self):
if not isinstance(self.documents, (list, DAList)):
self.documents = [self.documents]
for document in self.documents:
if not isinstance(document, str):
raise Exception(
"SigningProcess.notify: the document references must consist of text strings only"
)
if not isinstance(value(document), DAFileCollection):
raise Exception(
"SigningProcess.notify: the document references must refer to DAFileCollection objects only"
)
if not isinstance(self.additional_people_to_notify, (list, DAList)):
self.additional_people_to_notify = [
self.additional_people_to_notify
]
for person in self.additional_people_to_notify:
if not isinstance(person, (Person, DAEmailRecipient)):
raise Exception(
"SigningProcess: an additional person to notify must be a person"
)
def docx_x_mark(var_name, var_eq=None):
if defined(var_name) and value(var_name) == var_eq:
return 'X'
else:
# two spaces is closer to the size of the X in Times New Roman. :shrug:
return ' '
def list_of_documents(self, refresh=False):
self.rationalize()
if refresh:
self.refresh_documents()
return [value(y) for y in self.documents]
