You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
refactor: migrate from github3.py to PyGithub (#587)
* refactor: migrate from github3.py to PyGithub
## What/Why
Replace github3.py (pinned at 4.0.1) with PyGithub (>=2.6.0) for GitHub API
interactions. PyGithub is more actively maintained and provides first-class
support for base_url, app auth, and installation tokens.
## Proof it works
176 tests passed, 32 subtests passed, 100% code coverage via `make test`.
## Risk + AI role
Medium -- touches all GitHub API interaction code (auth, repo operations,
exception handling). All changes AI-generated using Claude Opus 4.6 with
human review.
## Review focus
1. Auth flow in auth.py -- AppAuth/installation auth two-step pattern replaces
login_as_app_installation
2. dependabot_file.py -- directory_contents (tuples) merged into get_contents
(objects with .name), verify the or [] pattern in test mocks handles the
combined code path correctly
Signed-off-by: jmeridth <jmeridth@gmail.com>
* test: add coverage for missing app id/installation id guard
Signed-off-by: jmeridth <jmeridth@gmail.com>
* docs: fix return type in get_github_app_installation_token docstring
Signed-off-by: jmeridth <jmeridth@gmail.com>
* fix: narrow exception handling in get_github_app_installation_token
## What/Why
Narrow except clause from bare Exception to GithubException so that
misconfiguration errors (bad int() cast, JWT construction failures)
propagate instead of silently returning None and causing confusing 401s
downstream. Addresses PR review feedback from @zkoppert.
## Proof it works
All 14 tests in test_auth.py pass. Updated the request_failure test to
raise GithubException instead of bare Exception to match the narrowed
catch. Pylint clean (no new warnings).
## Risk + AI role
Low. AI-generated (Claude Opus 4.6) with human review.
## Review focus
Whether GithubException covers all the API/network error cases we want
to catch, or if additional specific exceptions should be included.
Signed-off-by: jmeridth <jmeridth@gmail.com>
* fix: use repo.owner.login for security-updates URLs and handle datetime in created_after filter
## What/Why
Fix two bugs exposed by the PyGithub migration: (1) repo.owner is now a
NamedUser object, not a string, so security-updates URLs rendered as
"repos/NamedUser(login=...)/..." and 404'd silently; (2) repo.created_at
is a datetime object but is_repo_created_date_before called
fromisoformat() on it, which raises TypeError.
## Proof it works
All 180 tests pass including 2 new tests for datetime input to
is_repo_created_date_before (both before and after filter date).
## Risk + AI role
Medium -- the repo.owner.login fix touches the security-updates code
path which is pragma: no cover. AI-generated (Claude Opus 4.6) with
human review.
## Review focus
Whether repo.owner.login is the correct attribute for all PyGithub
Repository objects (org-owned vs user-owned repos).
Signed-off-by: jmeridth <jmeridth@gmail.com>
---------
Signed-off-by: jmeridth <jmeridth@gmail.com>
0 commit comments