Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
github.com/starttoaster/go-github/v45
go-github is a Go client library for accessing the GitHub API v3.
Currently, go-github requires Go version 1.13 or greater. go-github tracks Go's version support policy. We do our best not to break older versions of Go if we don't have to, but due to tooling constraints, we don't always test older versions.
If you're interested in using the GraphQL API v4, the recommended library is shurcooL/githubv4.
go-github is compatible with modern Go releases in module mode, with Go installed:
go get github.com/google/go-github/v45
will resolve and add the package to the current development module, along with its dependencies.
Alternatively the same can be achieved if you use import in a package:
import "github.com/google/go-github/v45/github"
and run go get
without parameters.
Finally, to use the top-of-trunk version of this repo, use the following command:
go get github.com/google/go-github/v45@master
import "github.com/google/go-github/v45/github" // with go modules enabled (GO111MODULE=on or outside GOPATH)
import "github.com/google/go-github/github" // with go modules disabled
Construct a new GitHub client, then use the various services on the client to access different parts of the GitHub API. For example:
client := github.NewClient(nil)
// list all organizations for user "willnorris"
orgs, _, err := client.Organizations.List(context.Background(), "willnorris", nil)
Some API methods have optional parameters that can be passed. For example:
client := github.NewClient(nil)
// list public repositories for org "github"
opt := &github.RepositoryListByOrgOptions{Type: "public"}
repos, _, err := client.Repositories.ListByOrg(context.Background(), "github", opt)
The services of a client divide the API into logical chunks and correspond to the structure of the GitHub API documentation at https://docs.github.com/en/rest .
NOTE: Using the context package, one can easily
pass cancelation signals and deadlines to various services of the client for
handling a request. In case there is no context available, then context.Background()
can be used as a starting point.
For more sample code snippets, head over to the example directory.
The go-github library does not directly handle authentication. Instead, when
creating a new client, pass an http.Client
that can handle authentication for
you. The easiest and recommended way to do this is using the oauth2
library, but you can always use any other library that provides an
http.Client
. If you have an OAuth2 access token (for example, a personal
API token), you can use it with the oauth2 library using:
import "golang.org/x/oauth2"
func main() {
ctx := context.Background()
ts := oauth2.StaticTokenSource(
&oauth2.Token{AccessToken: "... your access token ..."},
)
tc := oauth2.NewClient(ctx, ts)
client := github.NewClient(tc)
// list all repositories for the authenticated user
repos, _, err := client.Repositories.List(ctx, "", nil)
}
Note that when using an authenticated Client, all calls made by the client will include the specified OAuth token. Therefore, authenticated clients should almost never be shared between different users.
See the oauth2 docs for complete instructions on using that library.
For API methods that require HTTP Basic Authentication, use the
BasicAuthTransport
.
GitHub Apps authentication can be provided by the ghinstallation package.
import (
"github.com/bradleyfalzon/ghinstallation/v2"
"github.com/google/go-github/v45/github"
)
func main() {
// Wrap the shared transport for use with the integration ID 1 authenticating with installation ID 99.
itr, err := ghinstallation.NewKeyFromFile(http.DefaultTransport, 1, 99, "2016-10-19.private-key.pem")
if err != nil {
// Handle error.
}
// Use installation transport with client.
client := github.NewClient(&http.Client{Transport: itr})
// Use client...
}
Note: In order to interact with certain APIs, for example writing a file to a repo, one must generate an installation token using the installation ID of the GitHub app and authenticate with the OAuth method mentioned above. See the examples.
GitHub imposes a rate limit on all API clients. Unauthenticated clients are
limited to 60 requests per hour, while authenticated clients can make up to
5,000 requests per hour. The Search API has a custom rate limit. Unauthenticated
clients are limited to 10 requests per minute, while authenticated clients
can make up to 30 requests per minute. To receive the higher rate limit when
making calls that are not issued on behalf of a user,
use UnauthenticatedRateLimitedTransport
.
The returned Response.Rate
value contains the rate limit information
from the most recent API call. If a recent enough response isn't
available, you can use RateLimits
to fetch the most up-to-date rate
limit data for the client.
To detect an API rate limit error, you can check if its type is *github.RateLimitError
:
repos, _, err := client.Repositories.List(ctx, "", nil)
if _, ok := err.(*github.RateLimitError); ok {
log.Println("hit rate limit")
}
Learn more about GitHub rate limiting at https://docs.github.com/en/rest/rate-limit .
Some endpoints may return a 202 Accepted status code, meaning that the information required is not yet ready and was scheduled to be gathered on the GitHub side. Methods known to behave like this are documented specifying this behavior.
To detect this condition of error, you can check if its type is
*github.AcceptedError
:
stats, _, err := client.Repositories.ListContributorsStats(ctx, org, repo)
if _, ok := err.(*github.AcceptedError); ok {
log.Println("scheduled on GitHub side")
}
The GitHub API has good support for conditional requests which will help
prevent you from burning through your rate limit, as well as help speed up your
application. go-github
does not handle conditional requests directly, but is
instead designed to work with a caching http.Transport
. We recommend using
https://github.com/gregjones/httpcache for that.
Learn more about GitHub conditional requests at https://docs.github.com/en/rest/overview/resources-in-the-rest-api#conditional-requests.
All structs for GitHub resources use pointer values for all non-repeated fields. This allows distinguishing between unset fields and those set to a zero-value. Helper functions have been provided to easily create these pointers for string, bool, and int values. For example:
// create a new private repository named "foo"
repo := &github.Repository{
Name: github.String("foo"),
Private: github.Bool(true),
}
client.Repositories.Create(ctx, "", repo)
Users who have worked with protocol buffers should find this pattern familiar.
All requests for resource collections (repos, pull requests, issues, etc.)
support pagination. Pagination options are described in the
github.ListOptions
struct and passed to the list methods directly or as an
embedded type of a more specific list options struct (for example
github.PullRequestListOptions
). Pages information is available via the
github.Response
struct.
client := github.NewClient(nil)
opt := &github.RepositoryListByOrgOptions{
ListOptions: github.ListOptions{PerPage: 10},
}
// get all pages of results
var allRepos []*github.Repository
for {
repos, resp, err := client.Repositories.ListByOrg(ctx, "github", opt)
if err != nil {
return err
}
allRepos = append(allRepos, repos...)
if resp.NextPage == 0 {
break
}
opt.Page = resp.NextPage
}
go-github
provides structs for almost all GitHub webhook events as well as functions to validate them and unmarshal JSON payloads from http.Request
structs.
func (s *GitHubEventMonitor) ServeHTTP(w http.ResponseWriter, r *http.Request) {
payload, err := github.ValidatePayload(r, s.webhookSecretKey)
if err != nil { ... }
event, err := github.ParseWebHook(github.WebHookType(r), payload)
if err != nil { ... }
switch event := event.(type) {
case *github.CommitCommentEvent:
processCommitCommentEvent(event)
case *github.CreateEvent:
processCreateEvent(event)
...
}
}
Furthermore, there are libraries like cbrgm/githubevents that build upon the example above and provide functions to subscribe callbacks to specific events.
For complete usage of go-github, see the full package docs.
go-github
The repo migueleliasweb/go-github-mock provides a way to mock responses. Check the repo for more details.
You can run integration tests from the test
directory. See the integration tests README.
I would like to cover the entire GitHub API and contributions are of course always welcome. The
calling pattern is pretty well established, so adding new methods is relatively
straightforward. See CONTRIBUTING.md
for details.
In general, go-github follows semver as closely as we can for tagging releases of the package. For self-contained libraries, the application of semantic versioning is relatively straightforward and generally understood. But because go-github is a client library for the GitHub API, which itself changes behavior, and because we are typically pretty aggressive about implementing preview features of the GitHub API, we've adopted the following versioning policy:
Preview functionality may take the form of entire methods or simply additional data returned from an otherwise non-preview method. Refer to the GitHub API documentation for details on preview functionality.
This library is distributed under the BSD-style license found in the LICENSE file.
FAQs
Unknown package
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.