Auto merge of #4963 - defuse:fix-updatecheck-token, r=nuttycom

Move the github API token out of updatecheck.py into an untracked file.
2021-01-28 16:38:34 +00:00 · 2021-01-28 16:38:34 +00:00 · cc5574b819
parent b9504dbb3f 92da71b0fe
commit cc5574b819
3 changed files with 28 additions and 5 deletions
--- a/.gitignore
+++ b/.gitignore
@ -120,3 +120,5 @@ contrib/debian/substvars
 src/fuzzing/*/input
 src/fuzzing/*/output
 src/fuzz.cpp
+
+.updatecheck-token
--- a/doc/release-process.md
+++ b/doc/release-process.md
@ -32,6 +32,11 @@ Check that dependencies are up-to-date or have been postponed:
 $ ./qa/zcash/updatecheck.py
 ```

+If you are missing the `.updatecheck-token` file requried to run this script,
+please ask Taylor or another Zcash developer for a copy, or create an
+unprivileged personal access token for a github account and save it to the
+file in the format `username:hex-token`.
+
 If there are updates that have not been postponed, review their changelogs
 for urgent security fixes, and if there aren't any, postpone the update by
 adding a line to `qa/zcash/postponed-updates.txt`.
--- a/qa/zcash/updatecheck.py
+++ b/qa/zcash/updatecheck.py
@ -39,10 +39,6 @@ import sys
 import datetime

 SOURCE_ROOT = os.path.join(os.path.dirname(os.path.realpath(__file__)), "..", "..")
-# The email for this account is taylor@electriccoin.co and the token does not
-# have any privileges.
-GITHUB_API_BASIC_AUTH_USER = "taylor-ecc"
-GITHUB_API_BASIC_AUTH_PASSWORD = "df2cb6d13a29837e9dc97c7db1eff058e8fa6618"

 def get_dependency_list():
    dependencies = [
@ -107,6 +103,25 @@ def get_dependency_list():

    return dependencies

+class GitHubToken:
+    def __init__(self):
+        token_path = os.path.join(SOURCE_ROOT, ".updatecheck-token")
+        try:
+            with open(token_path) as f:
+                token = f.read().strip()
+                self._user = token.split(":")[0]
+                self._password = token.split(":")[1]
+        except:
+            print("Please make sure a GitHub API token is in .updatecheck-token in the root of this repository.")
+            print("The format is username:hex-token.")
+            sys.exit(1)
+
+    def user(self):
+        return self.user
+
+    def password(self):
+        return self.password
+
 class Version(list):
    def __init__(self, version_tuple):
        for part in version_tuple:
@ -156,6 +171,7 @@ class GithubTagReleaseLister:
        self.repo = repo
        self.regex = regex
        self.testcases = testcases
+        self.token = GitHubToken()

        for tag, expected in testcases.items():
            match = re.match(self.regex, tag)
@ -181,7 +197,7 @@ class GithubTagReleaseLister:

    def all_tag_names(self):
        url = "https://api.github.com/repos/" + safe(self.org) + "/" + safe(self.repo) + "/git/refs/tags"
-        r = requests.get(url, auth=requests.auth.HTTPBasicAuth(GITHUB_API_BASIC_AUTH_USER, GITHUB_API_BASIC_AUTH_PASSWORD))
+        r = requests.get(url, auth=requests.auth.HTTPBasicAuth(self.token.user(), self.token.password()))
        if r.status_code != 200:
            raise RuntimeError("Request to GitHub tag API failed.")
        json = r.json()