contrib: Allow use of github API authentication in github-merge

[laanwj]

Three commits I had locally for github-merge.py:

• Detailed reporting for http errors in github-merge: Print detailed error, this makes it easier to diagnose github API issues.
• Add support for http[s] URLs in github-merge: Sometimes it can be useful to use github-merge with read-only access (say, for reviewing and testing from untrusted VMs).
• Allow use of github API authentication in github-merge: The API request limit for unauthenticated requests is quite low. I started running into rate limiting errors. The limit for authenticated requests is much higher. This patch adds an optional configuration setting user.ghtoken that, when set, is used to authenticate requests to the API.

[maflcko]

Concept ACK. I have the same local patches, but probably did it less clean. Will take a look later.

[laanwj]

Removed the (if you want to GPG sign) intentionally here. I know it's unrelated to this patch, but GPG signing has been mandatory for forever and I don't think this one-line doc change warrants another commit.

[laanwj]

FWIW: There was some discussion on IRC about storing authentication tokens in the git configuration. According to @promag this is not a good idea (I guess because some people have these files under version control?). He suggests using an environment variable instead. I'm not sure if this is a good idea because environment variables 'leak' through /proc/<pid>/environ, and if you set it in .bashrc well that has exactly the same potential issue.

What I use myself is

[include]
    path = ~/.gitsecrets

Then the secrets files (with very restricted permissions) contains the ghtoken, and SMTP authentication for sending mail (for sending Linux patches).

[maflcko]

It is a read-only token, so the worst thing that could happen is that someone can get you rate-limited?

[gkrizek]

utACK f1bd219

@MarcoFalke It's whatever perms you set on the token. It seems like GitHub allows you to create permission-less tokens. So it shouldn't even have read access, if you create it as such. So in that case, yes. The worst thing is someone uses up all your requests and you get rate limited again.

[gkrizek]

Link to GitHub documentation on this:
https://developer.github.com/v3/#rate-limiting

Very small nit: you could also set User-Agent here. GitHub requires a User-Agent to be set for all API requests. I don't know of a case where urllib doesn't set one by default, but it might be nice to be explicit about it.
https://developer.github.com/v3/#user-agent-required

[laanwj]

It's whatever perms you set on the token

I think it's wise to set as little privileges on the token as possible. This is why in the documentation I suggest creating a token without extra privileges.

I don't know of a case where urllib doesn't set one by default, but it might be nice to be explicit about it.

urllib (in Python 3.x, which is the only version supported) sets the User Agent to Python-urllib/3.x. I think this is good enough?

[gkrizek]

token without extra privileges

Yes, totally. I wasn't trying to say to do anything different. Just saying that if you screw up and give the token full access, your attack surface is full access.

think this is good enough?

Yeah, that will definitely work and I don't see that changing. Just making a comment about User-Agent requirements if we wanted to be explicit about setting it.

[promag]

utACK

[fanquake]

Concept ACK

Add support for http[s] URLs in github-merge: Sometimes it can be useful to use github-merge with read-only access (say, for reviewing and testing from untrusted VMs).

👍

[laanwj]

Yeah, that will definitely work and I don't see that changing. Just making a comment about User-Agent requirements if we wanted to be explicit about setting it.

I think one argument for setting a custom User Agent here, other than the default python one, would be so that github knows what is using their API—simply by googling the UA string. But that starts to be relevant for scripts that generate a lot of traffic.

[fanquake]

post-merge utACK bcdd31f