Merge pull request #6211 from sellout/updatecheck-token-path

Improve token handling in the updatecheck script
2022-10-26 12:15:29 -06:00 · 2022-10-26 12:15:29 -06:00 · e417ba89a6
parent f9871c4ca6 1296b646b3
commit e417ba89a6
2 changed files with 27 additions and 28 deletions
--- a/doc/release-process.md
+++ b/doc/release-process.md
@ -28,10 +28,10 @@ Check that dependencies are up-to-date or have been postponed:
 $ ./qa/zcash/updatecheck.py
 ```

-If you are missing the `.updatecheck-token` file required to run this script,
-please ask Taylor or another Zcash developer for a copy, or create an
-unprivileged personal access token for a github account and save it to the
-file in the format `username:hex-token`.
+You can optionally create a file `~/.local/share/zcash/updatecheck/token` (or
+`$XDG_DATA_HOME/zcash/updatecheck/token` if the `XDG_DATA_HOME` environment
+variable is set) to avoid running into GitHub rate limiting. Create an
+unprivileged personal access token on GitHub and copy the value into the file.

 If there are updates that have not been postponed, review their changelogs
 for urgent security fixes, and if there aren't any, postpone the update by
@ -59,9 +59,8 @@ The release script has the following dependencies:

 - `help2man`
 - `debchange` (part of the devscripts Debian package)
-
-You can optionally install the `progressbar2` Python module with pip to have a
-progress bar displayed during the build process.
+- the python modules `progressbar2` (optional - displays a progress bar),
+  `requests` and `xdg`

 ## Versioning

--- a/qa/zcash/updatecheck.py
+++ b/qa/zcash/updatecheck.py
@ -3,8 +3,7 @@
 # This script checks for updates to zcashd's dependencies.
 #
 # The SOURCE_ROOT constant specifies the location of the zcashd codebase to
-# check, and the GITHUB_API_* constants specify a personal access token for the
-# GitHub API, which need not have any special privileges.
+# check.
 #
 # All dependencies must be specified inside the get_dependency_list() function
 # below. A dependency is specified by:
@ -36,6 +35,7 @@ import requests
 import os
 import re
 import sys
+import xdg
 import datetime

 SOURCE_ROOT = os.path.join(os.path.dirname(os.path.realpath(__file__)), "..", "..")
@ -112,24 +112,22 @@ def get_dependency_list():

    return dependencies

-class GitHubToken:
-    def __init__(self):
-        token_path = os.path.join(SOURCE_ROOT, ".updatecheck-token")
-        try:
-            with open(token_path, encoding='utf8') as f:
-                token = f.read().strip()
-                self._user = token.split(":")[0]
-                self._password = token.split(":")[1]
-        except:
-            print("Please make sure a GitHub API token is in .updatecheck-token in the root of this repository.")
-            print("The format is username:hex-token.")
-            sys.exit(1)
+def parse_token():
+    token_path = os.path.realpath(os.path.join(SOURCE_ROOT, ".updatecheck-token"))
+    if not os.path.exists(token_path):
+        token_path = os.path.join(xdg.xdg_data_home(), "zcash/updatecheck/token")
+    try:
+        with open(token_path, encoding='utf8') as f:
+            token = f.read().strip()
+            return token.split(":")[-1]
+    except:
+        print("You are missing a GitHub API token. This script will probably still work, but")
+        print("you are more likely to hit an API rate limit. Create a file named")
+        print(token_path)
+        print("containing the token to silence this warning.")
+        return ()

-    def user(self):
-        return self.user
-
-    def password(self):
-        return self.password
+token = parse_token()

 class Version(list):
    def __init__(self, version_tuple):
@ -180,7 +178,6 @@ class GithubTagReleaseLister:
        self.repo = repo
        self.regex = regex
        self.testcases = testcases
-        self.token = GitHubToken()

        for tag, expected in testcases.items():
            match = re.match(self.regex, tag)
@ -206,7 +203,10 @@ class GithubTagReleaseLister:

    def all_tag_names(self):
        url = "https://api.github.com/repos/" + safe(self.org) + "/" + safe(self.repo) + "/git/refs/tags"
-        r = requests.get(url, auth=requests.auth.HTTPBasicAuth(self.token.user(), self.token.password()))
+        auth = {}
+        if token:
+            auth = { 'Authorization': 'Bearer ' + token }
+        r = requests.get(url, headers=auth)
        if r.status_code != 200:
            print("API request failed (error %d)" % (r.status_code,), file=sys.stderr)
            print(r.text, file=sys.stderr)