Join GitHub today
GitHub is home to over 50 million developers working together to host and review code, manage projects, and build software together.Sign up
Add GitLab support #219
This PR primarily adds support for GitLab across Staticman's API
This includes the following notable changes:
Staticman API config
Staticman site config (
Some public APIs have been modified to expose their required parameters e.g. `authenticateWithCode(code, clientId, clientSecret)` or renamed in the case of `writeFileAndSendReview()`.
This class does not currently include OAuth authentication code as the authentication API (particularly for OAuth) for the GitHub service class also needs to be considered first.
This commit changes the GitHub class to require authentication credentials via OAuth or a Personal Access Token upon instantiation. The previous API required you to call an authentication method first before calling any of the other methods (which could potentially cause issues). As we will require authentication credentials at instantiation, there is no longer any need to have any authentication methods on the class, with the exception of the `requestOAuthAccessToken` method. This is a static method which *could* be refactored out of the class (to be determined later). Some additional polish in the tests has also been performed.
This commit replaces the deprecated `github` package with `@octokit/rest`. One of the major change is that API response bodies are wrapped under a `data`key (instead of being returned directly). Consequently, a large amount of refactoring was required to get the tests passing. Other changes include: - `user` parameter in API requests has been replaced by `owner`. This is probably to make the semantics more flexible for when it is not a user e.g. an organisation.
The new `gitlab` package uses `request-promise` which causes method name collisions when in the same project as `request-promise-native`. This is due to both of these packages attempting to attach the various Promise methods such as `then`, `catch`, etc. Once one of the `request-promise` implementations has configured `request` it will proceed to error if another implementation tries to attach the same methods again. To avoid any trouble, the default `request-promise` implementation using Bluebird will be used (as it is not possible to set the Promise implementation to be used by the `gitlab` API).
…ig tests This change primarily addresses the Staticman tests. It appears that most Staticman tests had been ignored by accident via an errant `jest.only` and were not actually running. Some of the site config tests were also failing and logging unnecessarily (this is due to a log statement from #176 still remaining in the codebase). The site config test helper `getConfig` has also been refactored to remove the special handling of the `recaptcha.secret`. Upon removal there doesn't seem to have been any notable problems and tests are passing (after some cleanup in relevant areas).
This commit abstracts some of the raw GitHub API calls being made - `getCurrentUser`, `deleteBranch` and `getReview` into the service class so that they can be generalised for GitLab as well. Notably, the `handlePR` controller current has some weird coding around how it handles the received webhook event from GitHub. Specifically, it seems that it would be easier to just delete the branch immediately upon receiving the webhook, rather than retrieving the PR and *then* deleting the branch. This requires more content before a refactor can be performed.
This commit stops credentials e.g. personal access tokens being leaked by the GitLab service class when an error is thrown. This is due to the underlying request errors exposing too many details, particularly from `request-promise`. To solve this, we just re-wrap errors with a new `ApiError` class which only exposes minimal details.
This commit fixes the `_pullFile` method which previously did not work correctly and simplifies the `_commitFile` method's API call.
This commit adds additional handling for the GitLab OAuth flow. As part of this we require additional site config options: - `githubAuth.redirectUri` - `gitlabAuth.clientId` - `gitlabAuth.clientSecret` - `gitlabAuth.redirectUri` Notably, the `githubAuth` controller has also been renamed to `auth` to be more generic sounding. Additional changes include: - Various OAuth has been refactored and moved around (in general) - Factory method for instantiating GitLab/GitHub. This is mostly just to remove the boilerplate of writing `switch` statements in many places.
This commit adds a `User` model to properly encapsulate what data should be exposed from the Staticman API and specifically narrow its scope. With the addition of the GitLab identity provider, we need to be conscious that the GitLab user data structure will not be the same as the GitHub user (or any future identity provider's user model). This could be problematic as: 1. We could expose private user data unintentionally. 2. Staticman consumers will be able too much access to the internal user API meaning they could become too reliant on parts that we do not want to expose long term.
This commit re-adds support for the v2 API's `/auth` endpoint by returning the raw GitHub user in the response `user` field. This has been removed accidentally when the API was upgraded to v3. Various other failing tests have also been fixed and OAuth tests have been separated into their own file.
This commit adds new handling for when entries are processed with the new `auth.required` config option set to true. Staticman will now check for an `auth-token` field (instead of a `github-token`) and use this to validate that the user is indeed authenticated already on either GitHub or GitLab. Backwards compatibility with the v2 API has been maintained but it should be analyzed if this is important as the code is somewhat messy as a result.
This commit speeds up the tests by up to ~4x (from ~48s to 12s). The slowness was due to the high cost of instantiating Convict from the site config every time a test was run. This is mostly due to all the validations/coercions that it must perform (such as RSA decryption) every single time. It is much faster to just clone the site config object. - `lodash` was used for the `cloneDeep` implementation.
* Update last modified time * Added missing ref attribute (mmistakes#1959) As suggested by @mmistakes in mmistakes#1948 (comment) * Use privacy aware embed options for YouTube & Vimeo (mmistakes#1964) * Update CHANGELOG and history * Punjabi Translation of ui-text (mmistakes#1962) * Punjabi Translation of ui-text There are more than 100 million native speakers of Punjabi language. I am one of them. More details about [punjabi on wikipedia](https://en.wikipedia.org/wiki/Punjabi_language). All the punjabi translations are perfect with the following exceptions- - in the variable name (_config.yml and words_per_minute) which are intentionally left in english. - meta_label is empty * Update CHANGELOG and history * Add support for utterances (mmistakes#1966) * Add support for utterances * Add utterances config documentation * Update CHANGELOG and history Close mmistakes#1909 * Update localized text list * Update README.md * Update theme documentation * Increase font-size * Increase padding * Add focus color * Adjust navigation toggles * Use dark syntax highlighting * Update CHANGELOG and history * Add Google Drive as video provider (mmistakes#1967) * Add Google Drive provider documentation * Update CHANGELOG and history * Changed schema.org to secure links (https) (mmistakes#1969) * Update CHANGELOG and history * Prevent current post from showing in the "You may also enjoy" (related (mmistakes#1976) posts) section * Update CHANGELOG and history * Change teaser image * Disable comments * Add hover state * Release 4.14.0