Auto merge of #4963 - defuse:fix-updatecheck-token, r=nuttycom

Move the github API token out of updatecheck.py into an untracked file.
ZcashFoundation · Jan 28, 2021 · cc5574b · cc5574b
2 parents b9504db + 92da71b
commit cc5574b
Show file tree

Hide file tree

Showing 3 changed files with 28 additions and 5 deletions.
diff --git a/.gitignore b/.gitignore
@@ -120,3 +120,5 @@ contrib/debian/substvars
 src/fuzzing/*/input
 src/fuzzing/*/output
 src/fuzz.cpp
+
+.updatecheck-token
diff --git a/doc/release-process.md b/doc/release-process.md
@@ -32,6 +32,11 @@ Check that dependencies are up-to-date or have been postponed:
 $ ./qa/zcash/updatecheck.py
 ```
 
+If you are missing the `.updatecheck-token` file requried to run this script,
+please ask Taylor or another Zcash developer for a copy, or create an
+unprivileged personal access token for a github account and save it to the
+file in the format `username:hex-token`.
+
 If there are updates that have not been postponed, review their changelogs
 for urgent security fixes, and if there aren't any, postpone the update by
 adding a line to `qa/zcash/postponed-updates.txt`.

diff --git a/qa/zcash/updatecheck.py b/qa/zcash/updatecheck.py
@@ -39,10 +39,6 @@
 import datetime
 
 SOURCE_ROOT = os.path.join(os.path.dirname(os.path.realpath(__file__)), "..", "..")
-# The email for this account is taylor@electriccoin.co and the token does not
-# have any privileges.
-GITHUB_API_BASIC_AUTH_USER = "taylor-ecc"
-GITHUB_API_BASIC_AUTH_PASSWORD = "df2cb6d13a29837e9dc97c7db1eff058e8fa6618"
 
 def get_dependency_list():
     dependencies = [
@@ -107,6 +103,25 @@ def get_dependency_list():
 
     return dependencies
 
+class GitHubToken:
+    def __init__(self):
+        token_path = os.path.join(SOURCE_ROOT, ".updatecheck-token")
+        try:
+            with open(token_path) as f:
+                token = f.read().strip()
+                self._user = token.split(":")[0]
+                self._password = token.split(":")[1]
+        except:
+            print("Please make sure a GitHub API token is in .updatecheck-token in the root of this repository.")
+            print("The format is username:hex-token.")
+            sys.exit(1)
+
+    def user(self):
+        return self.user
+
+    def password(self):
+        return self.password
+
 class Version(list):
     def __init__(self, version_tuple):
         for part in version_tuple:
@@ -156,6 +171,7 @@ def __init__(self, org, repo, regex, testcases={}):
         self.repo = repo
         self.regex = regex
         self.testcases = testcases
+        self.token = GitHubToken()
 
         for tag, expected in testcases.items():
             match = re.match(self.regex, tag)
@@ -181,7 +197,7 @@ def known_releases(self):
 
     def all_tag_names(self):
         url = "https://api.github.com/repos/" + safe(self.org) + "/" + safe(self.repo) + "/git/refs/tags"
-        r = requests.get(url, auth=requests.auth.HTTPBasicAuth(GITHUB_API_BASIC_AUTH_USER, GITHUB_API_BASIC_AUTH_PASSWORD))
+        r = requests.get(url, auth=requests.auth.HTTPBasicAuth(self.token.user(), self.token.password()))
         if r.status_code != 200:
             raise RuntimeError("Request to GitHub tag API failed.")
         json = r.json()