New Scripts for interacting with GitHub Apps and determining rate limits (#80)

mickeygousset · web-flow · commit a5fd5528e46a · 2024-06-14T09:17:56.000-05:00
* feat: initial version of script

* feat: Added 3 scripts related to GitHub Apps, updated ReadMe
diff --git a/api/README.md b/api/README.md
@@ -1,5 +1,9 @@
 # api
 
+## checking-github-app-rate-limits.sh
+
+This script checks the GitHub App's rate limit status by generating a JWT (JSON Web Token), obtaining an installation access token, and then querying the GitHub API for the rate limit information. It is useful for developers and administrators to monitor and manage their GitHub App's API usage.
+
 ## create-repo.sh
 
 Create an internal repo in an organization
@@ -37,3 +41,12 @@ Download a workflow artifact (e.g.: downloading the artifact from the build work
 Enables actions on a repository - similar to [gh cli example](./../api/enable-actions-on-repository.sh), but using `curl`
 
 [Documentation](https://docs.github.com/en/rest/reference/actions#set-github-actions-permissions-for-a-repository)
+
+## generate-jwt-from-github-app-and-find-org-installation-ids.sh
+
+This script generates a JWT (JSON Web Token) for a GitHub App and uses it to list the installations of the App. It is useful for developers and administrators who need to authenticate as a GitHub App to access GitHub API.
+
+## get-repo-info-using-github-app-and-show-api-rate-limit-info.sh
+
+This script is designed to generate a JWT (JSON Web Token) for authenticating as a GitHub App. It then uses this token to perform GitHub API requests, specifically to retrieve information about a specified repository 
+and display the current API rate limit status. This is particularly useful for developers and administrators who need to monitor their GitHub App's API usage and ensure it stays within the GitHub API rate limits.
diff --git a/api/checking-github-app-rate-limits.sh b/api/checking-github-app-rate-limits.sh
@@ -0,0 +1,118 @@
+#!/bin/bash
+
+# v1.0.0
+
+# This script checks the GitHub App's rate limit status by generating a JWT (JSON Web Token),
+# obtaining an installation access token, and then querying the GitHub API for the rate limit information.
+# It is useful for developers and administrators to monitor and manage their GitHub App's API usage.
+
+# Inputs:
+# 1. APP_ID: The unique identifier for the GitHub App. This should be passed as the first argument.
+# 2. PRIVATE_KEY_PATH: The file path to the private key of the GitHub App. This should be passed as the second argument.
+# 3. INSTALLATION_ID: The installation ID of the GitHub App. This should be passed as the third argument.
+# 4. --debug (optional): A flag that can be included to enable debug output. This can be placed anywhere in the command line.
+
+# How to call:
+# ./checking-github-app-rate-limits.sh [APP_ID] [PRIVATE_KEY_PATH] [INSTALLATION_ID]
+# ./checking-github-app-rate-limits.sh --debug [APP_ID] [PRIVATE_KEY_PATH] [INSTALLATION_ID]
+# ./checking-github-app-rate-limits.sh [APP_ID] [PRIVATE_KEY_PATH] [INSTALLATION_ID] --debug
+
+# Important Notes:
+# - The script requires `openssl`, `curl`, and `jq` to be installed on the system.
+# - The JWT generated by this script is valid for 10 minutes from its creation time.
+# - The script outputs the remaining API call count, which helps in understanding the current rate limit status.
+# - Ensure that the private key file path is correct and the file has appropriate read permissions.
+# - The `--debug` flag is useful for troubleshooting and understanding the script's flow.
+
+
+# Initialize debug mode to off
+DEBUG_MODE=0
+
+# Function to handle debug messages
+debug() {
+    if [ "$DEBUG_MODE" -eq 1 ]; then
+        echo "DEBUG: $*"
+    fi
+}
+
+# Initialize an array to hold the remaining arguments after removing recognized flags
+REMAINING_ARGS=()
+
+# Process each argument
+while [ "$#" -gt 0 ]; do
+    case "$1" in
+        --debug)
+            DEBUG_MODE=1
+            shift # Remove --debug from the list of arguments
+            ;;
+        *)
+            # Collect unrecognized arguments
+            REMAINING_ARGS+=("$1")
+            shift # Move to the next argument
+            ;;
+    esac
+done
+
+# Check if we have at least three remaining arguments for APP_ID, PRIVATE_KEY_PATH, and INSTALLATION_ID
+if [ "${#REMAINING_ARGS[@]}" -lt 3 ]; then
+    echo "Usage: $0 [--debug] APP_ID PRIVATE_KEY_PATH INSTALLATION_ID"
+    exit 1
+fi
+
+# Assign the remaining arguments
+# GitHub App's ID
+APP_ID="${REMAINING_ARGS[0]}"
+# Path to your GitHub App's private key
+PRIVATE_KEY_PATH="${REMAINING_ARGS[1]}"
+# The installation ID of the GitHub App
+INSTALLATION_ID="${REMAINING_ARGS[2]}"
+
+# Generate JWT Header
+header=$(echo -n '{"alg":"RS256","typ":"JWT"}' | openssl base64 -e -A | tr '+/' '-_' | tr -d '=')
+debug "Header: $header"
+
+# Generate JWT Payload with issued at time and expiration time
+iat=$(date +%s)
+debug "Issued At Time: $iat"
+
+exp=$((iat + 600)) # JWT expiration time (10 minutes from now)
+debug "Expiration Time: $exp"
+
+payload=$(echo -n "{\"iat\":$iat,\"exp\":$exp,\"iss\":\"$APP_ID\"}" | openssl base64 -e -A | tr '+/' '-_' | tr -d '=')
+debug "Payload: $payload"
+
+# Sign the Header and Payload
+signature=$(echo -n "$header.$payload" | openssl dgst -binary -sha256 -sign "$PRIVATE_KEY_PATH" | openssl base64 -e -A | tr '+/' '-_' | tr -d '=')
+debug "Signature: $signature"
+
+# Concatenate Header, Payload, and Signature to form the JWT
+jwt_token="$header.$payload.$signature"
+debug "JWT Token: $jwt_token"
+
+# GitHub API URL to obtain an installation access token
+access_token_url="https://api.github.com/app/installations/$INSTALLATION_ID/access_tokens"
+debug "Access Token URL: $access_token_url"
+
+# Obtain an installation access token
+response=$(curl -X POST -s -H "Authorization: Bearer ${jwt_token}" -H "Accept: application/vnd.github.v3+json" "${access_token_url}")
+debug "Response: $response"
+
+# Extract the token from the response
+installation_token=$(echo "${response}" | jq -r '.token')
+
+# Use the installation token for API calls
+debug "Installation Token: ${installation_token}"
+
+# Correct GitHub API URL for checking the app's rate limit
+api_url="https://api.github.com/rate_limit"
+debug "API URL: $api_url"
+
+# Make a request to the GitHub API to get the rate limit status
+response=$(curl -s -H "Authorization: Bearer ${installation_token}" -H "Accept: application/vnd.github.machine-man-preview+json" "${api_url}")
+debug "Response: $response"
+
+# Parse the JSON response to get the remaining rate limit
+remaining_calls=$(echo "${response}" | jq '.resources.core.remaining')
+
+# Output the remaining API call count
+echo "Remaining API calls: ${remaining_calls}"
diff --git a/api/generate-jwt-from-github-app-and-find-org-installation-ids.sh b/api/generate-jwt-from-github-app-and-find-org-installation-ids.sh
@@ -0,0 +1,89 @@
+#!/bin/bash
+
+# v1.0.0
+
+# This script generates a JWT (JSON Web Token) for a GitHub App and uses it to list the installations of the App.
+# It is useful for developers and administrators who need to authenticate as a GitHub App to access GitHub API.
+
+# Inputs:
+# 1. APP_ID: The unique identifier for the GitHub App. This should be passed as the first argument.
+# 2. PRIVATE_KEY_PATH: The file path to the private key of the GitHub App. This should be passed as the second argument.
+# 3. --debug (optional): A flag that can be included to enable debug output. This can be placed anywhere in the command line.
+
+# How to call:
+# ./generate-jwt-from-github-app-and-find-installation-tokens.sh [APP_ID] [PRIVATE_KEY_PATH]
+# ./generate-jwt-from-github-app-and-find-installation-tokens.sh --debug [APP_ID] [PRIVATE_KEY_PATH]
+# ./generate-jwt-from-github-app-and-find-installation-tokens.sh [APP_ID] [PRIVATE_KEY_PATH] --debug
+
+# Important Notes:
+# - The script requires `openssl` and `curl` to be installed on the system.
+# - The JWT generated by this script is valid for 10 minutes from its creation time.
+# - The script outputs the generated JWT and the response from the GitHub API listing the installations.
+# - Ensure that the private key file path is correct and the file has appropriate read permissions.
+
+# Initialize debug mode to off
+DEBUG_MODE=0
+
+# Function to handle debug messages
+debug() {
+    if [ "$DEBUG_MODE" -eq 1 ]; then
+        echo "DEBUG: $*"
+    fi
+}
+
+# Initialize an array to hold the remaining arguments after removing recognized flags
+REMAINING_ARGS=()
+
+# Process each argument
+while [ "$#" -gt 0 ]; do
+    case "$1" in
+        --debug)
+            DEBUG_MODE=1
+            shift # Remove --debug from the list of arguments
+            ;;
+        *)
+            # Collect unrecognized arguments
+            REMAINING_ARGS+=("$1")
+            shift # Move to the next argument
+            ;;
+    esac
+done
+
+# Check if we have at least two remaining arguments for APP_ID and PRIVATE_KEY_PATH
+if [ "${#REMAINING_ARGS[@]}" -lt 2 ]; then
+    echo "Usage: $0 [--debug] APP_ID PRIVATE_KEY_PATH"
+    exit 1
+fi
+
+# Assign the remaining arguments
+# GitHub App's ID
+APP_ID="${REMAINING_ARGS[0]}"
+# Path to your GitHub App's private key
+PRIVATE_KEY_PATH="${REMAINING_ARGS[1]}"
+
+# Generate JWT Header
+header=$(echo -n '{"alg":"RS256","typ":"JWT"}' | openssl base64 -e -A | tr '+/' '-_' | tr -d '=')
+
+# Generate JWT Payload with issued at time and expiration time
+iat=$(date +%s)
+exp=$((iat + 600)) # JWT expiration time (10 minutes from now)
+payload=$(echo -n "{\"iat\":$iat,\"exp\":$exp,\"iss\":\"$APP_ID\"}" | openssl base64 -e -A | tr '+/' '-_' | tr -d '=')
+
+# Sign the Header and Payload
+signature=$(echo -n "$header.$payload" | openssl dgst -binary -sha256 -sign "$PRIVATE_KEY_PATH" | openssl base64 -e -A | tr '+/' '-_' | tr -d '=')
+
+# Concatenate Header, Payload, and Signature to form the JWT
+jwt="$header.$payload.$signature"
+
+echo $jwt
+
+# GitHub API URL to list installations
+api_url="https://api.github.com/app/installations"
+
+# Make a request to list installations
+response=$(curl -s -H "Authorization: Bearer ${jwt}" -H "Accept: application/vnd.github.machine-man-preview+json" "${api_url}")
+
+# Print the response
+echo "Installations: $response"
+
+debug "I am a debug statement, testing the debug switch. I should only appear if --debug is provided."
diff --git a/api/get-repo-info-using-github-app-and-show-api-rate-limit-info.sh b/api/get-repo-info-using-github-app-and-show-api-rate-limit-info.sh
@@ -0,0 +1,125 @@
+#!/bin/bash
+
+# v1.0.0
+
+# This script is designed to generate a JWT (JSON Web Token) for authenticating as a GitHub App.
+# It then uses this token to perform GitHub API requests, specifically to retrieve information about a specified repository
+# and display the current API rate limit status. This is particularly useful for developers and administrators
+# who need to monitor their GitHub App's API usage and ensure it stays within the GitHub API rate limits.
+
+# Inputs:
+# 1. APP_ID: The unique identifier for the GitHub App. This should be passed as the first argument.
+# 2. PRIVATE_KEY_PATH: The file path to the private key of the GitHub App. This should be passed as the second argument.
+# 3. INSTALLATION_ID: The installation ID of the GitHub App. This should be passed as the third argument.
+# 4. ORG_NAME: The name of the organization that owns the repository. This should be passed as the fourth argument.
+# 5. REPO_NAME: The name of the repository to retrieve information for. This should be passed as the fifth argument.
+# 6. --debug (optional): A flag that can be included to enable debug output. This can be placed anywhere in the command line.
+
+# How to call:
+# ./get-repo-info-using-github-app-and-show-api-rate-limit-info.sh [APP_ID] [PRIVATE_KEY_PATH] [INSTALLATION_ID] [ORG_NAME] [REPO_NAME]
+# ./get-repo-info-using-github-app-and-show-api-rate-limit-info.sh --debug [APP_ID] [PRIVATE_KEY_PATH] [INSTALLATION_ID] [ORG_NAME] [REPO_NAME]
+# ./get-repo-info-using-github-app-and-show-api-rate-limit-info.sh [APP_ID] [PRIVATE_KEY_PATH] [INSTALLATION_ID] [ORG_NAME] [REPO_NAME] --debug
+
+# Important Notes:
+# - The script requires `openssl` to generate the JWT and `curl` to make API requests.
+# - The JWT generated by this script is valid for 10 minutes from its creation time.
+# - Debug mode can be enabled to output detailed information about each step of the JWT creation and API request process.
+# - Ensure that the private key file path is correct and the file has appropriate read permissions.
+# - The script is intended for use with GitHub Apps and requires the APP_ID, PRIVATE_KEY_PATH, ORG_NAME, REPO_NAME, and INSTALLATION_ID to function correctly.
+
+# Initialize debug mode to off
+DEBUG_MODE=0
+
+# Function to handle debug messages
+debug() {
+  if [ "$DEBUG_MODE" -eq 1 ]; then
+    echo "DEBUG: $*"
+  fi
+}
+
+# Initialize an array to hold the remaining arguments after removing recognized flags
+REMAINING_ARGS=()
+
+# Process each argument
+while [ "$#" -gt 0 ]; do
+  case "$1" in
+    --debug)
+      DEBUG_MODE=1
+      shift # Remove --debug from the list of arguments
+      ;;
+    *)
+      # Collect unrecognized arguments
+      REMAINING_ARGS+=("$1")
+      shift # Move to the next argument
+      ;;
+  esac
+done
+
+# Check if we have at least four remaining arguments for APP_ID, PRIVATE_KEY_PATH, ORG_NAME, and REPO_NAME
+if [ "${#REMAINING_ARGS[@]}" -lt 4 ]; then
+  echo "Usage: $0 [--debug] APP_ID PRIVATE_KEY_PATH ORG_NAME REPO_NAME"
+  exit 1
+fi
+
+# Assign the remaining arguments
+APP_ID="${REMAINING_ARGS[0]}"
+PRIVATE_KEY_PATH="${REMAINING_ARGS[1]}"
+INSTALLATION_ID="${REMAINING_ARGS[2]}"
+ORG_NAME="${REMAINING_ARGS[3]}"
+REPO_NAME="${REMAINING_ARGS[4]}"
+
+# Generate JWT Header
+header=$(echo -n '{"alg":"RS256","typ":"JWT"}' | openssl base64 -e -A | tr '+/' '-_' | tr -d '=')
+debug "Header: $header"
+
+# Generate JWT Payload with issued at time and expiration time
+iat=$(date +%s)
+debug "Issued At Time: $iat"
+
+exp=$((iat + 600)) # JWT expiration time (10 minutes from now)
+debug "Expiration Time: $exp"
+
+payload=$(echo -n "{\"iat\":$iat,\"exp\":$exp,\"iss\":\"$APP_ID\"}" | openssl base64 -e -A | tr '+/' '-_' | tr -d '=')
+debug "Payload: $payload"
+
+# Sign the Header and Payload
+signature=$(echo -n "$header.$payload" | openssl dgst -binary -sha256 -sign "$PRIVATE_KEY_PATH" | openssl base64 -e -A | tr '+/' '-_' | tr -d '=')
+debug "Signature: $signature"
+
+# Concatenate Header, Payload, and Signature to form the JWT
+jwt_token="$header.$payload.$signature"
+debug "JWT Token: $jwt_token"
+
+# GitHub API URL to obtain an installation access token
+access_token_url="https://api.github.com/app/installations/$INSTALLATION_ID/access_tokens"
+debug "Access Token URL: $access_token_url"
+
+# Obtain an installation access token
+response=$(curl -X POST -s -H "Authorization: Bearer ${jwt_token}" -H "Accept: application/vnd.github.v3+json" "${access_token_url}")
+debug "Response: $response"
+
+# Extract the token from the response
+installation_token=$(echo "${response}" | jq -r '.token')
+
+# Use the installation token for API calls
+debug "Installation Token: ${installation_token}"
+
+api_url="https://api.github.com/repos/$ORG_NAME/$REPO_NAME"
+echo "API URL: $api_url"
+
+# Make API Call and save response and headers
+response=$(curl -i -s -H "Authorization: token ${installation_token}" -H "Accept: application/vnd.github.v3+json" "${api_url}")
+
+# Separate headers and body
+headers=$(echo "$response" | grep -Pzo '(?s)^.*?\r\n\r\n' | tr -d '\0')
+body=$(echo "$response" | sed -n '/^\r$/,$p' | tail -n +2)
+
+# Extract and echo rate limit information
+echo "x-ratelimit-limit: $(echo "$headers" | grep 'x-ratelimit-limit' | awk '{print $2}')"
+echo "x-ratelimit-remaining: $(echo "$headers" | grep 'x-ratelimit-remaining' | awk '{print $2}')"
+echo "x-ratelimit-used: $(echo "$headers" | grep 'x-ratelimit-used' | awk '{print $2}')"
+echo "x-ratelimit-reset: $(echo "$headers" | grep 'x-ratelimit-reset' | awk '{print $2}')"
+echo "x-ratelimit-resource: $(echo "$headers" | grep 'x-ratelimit-resource' | awk '{print $2}')"
+
+# Print the body of the response
+echo "Repository Info: $body"
