zecfoundation
/
zcashd
mirror of https://github.com/ZcashFoundation/zcashd.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Auto merge of #4963 - defuse:fix-updatecheck-token, r=nuttycom 

Move the github API token out of updatecheck.py into an untracked file.
This commit is contained in:
Homu 2021-01-28 16:38:34 +00:00
parent b9504dbb3f 92da71b0fe
commit cc5574b819
3 changed files with 28 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.gitignore vendored
View File

@ -120,3 +120,5 @@ contrib/debian/substvars
src/fuzzing/*/input src/fuzzing/*/input
src/fuzzing/*/output src/fuzzing/*/output
src/fuzz.cpp src/fuzz.cpp
.updatecheck-token

5
doc/release-process.md
View File

@ -32,6 +32,11 @@ Check that dependencies are up-to-date or have been postponed:
$ ./qa/zcash/updatecheck.py $ ./qa/zcash/updatecheck.py
``` ```
If you are missing the `.updatecheck-token` file requried to run this script,
please ask Taylor or another Zcash developer for a copy, or create an
unprivileged personal access token for a github account and save it to the
file in the format `username:hex-token`.
If there are updates that have not been postponed, review their changelogs If there are updates that have not been postponed, review their changelogs
for urgent security fixes, and if there aren't any, postpone the update by for urgent security fixes, and if there aren't any, postpone the update by
adding a line to `qa/zcash/postponed-updates.txt`. adding a line to `qa/zcash/postponed-updates.txt`.

26
qa/zcash/updatecheck.py
View File

@ -39,10 +39,6 @@ import sys
import datetime import datetime
SOURCE_ROOT = os.path.join(os.path.dirname(os.path.realpath(__file__)), "..", "..") SOURCE_ROOT = os.path.join(os.path.dirname(os.path.realpath(__file__)), "..", "..")
# The email for this account is taylor@electriccoin.co and the token does not
# have any privileges.
GITHUB_API_BASIC_AUTH_USER = "taylor-ecc"
GITHUB_API_BASIC_AUTH_PASSWORD = "df2cb6d13a29837e9dc97c7db1eff058e8fa6618"
def get_dependency_list(): def get_dependency_list():
dependencies = [ dependencies = [
@ -107,6 +103,25 @@ def get_dependency_list():
return dependencies return dependencies
class GitHubToken:
def __init__(self):
token_path = os.path.join(SOURCE_ROOT, ".updatecheck-token")
try:
with open(token_path) as f:
token = f.read().strip()
self._user = token.split(":")[0]
self._password = token.split(":")[1]
except:
print("Please make sure a GitHub API token is in .updatecheck-token in the root of this repository.")
print("The format is username:hex-token.")
sys.exit(1)
def user(self):
return self.user
def password(self):
return self.password
class Version(list): class Version(list):
def __init__(self, version_tuple): def __init__(self, version_tuple):
for part in version_tuple: for part in version_tuple:
@ -156,6 +171,7 @@ class GithubTagReleaseLister:
self.repo = repo self.repo = repo
self.regex = regex self.regex = regex
self.testcases = testcases self.testcases = testcases
self.token = GitHubToken()
for tag, expected in testcases.items(): for tag, expected in testcases.items():
match = re.match(self.regex, tag) match = re.match(self.regex, tag)
@ -181,7 +197,7 @@ class GithubTagReleaseLister:
def all_tag_names(self): def all_tag_names(self):
url = "https://api.github.com/repos/" + safe(self.org) + "/" + safe(self.repo) + "/git/refs/tags" url = "https://api.github.com/repos/" + safe(self.org) + "/" + safe(self.repo) + "/git/refs/tags"
r = requests.get(url, auth=requests.auth.HTTPBasicAuth(GITHUB_API_BASIC_AUTH_USER, GITHUB_API_BASIC_AUTH_PASSWORD)) r = requests.get(url, auth=requests.auth.HTTPBasicAuth(self.token.user(), self.token.password()))
if r.status_code != 200: if r.status_code != 200:
raise RuntimeError("Request to GitHub tag API failed.") raise RuntimeError("Request to GitHub tag API failed.")
json = r.json() json = r.json()