Automatically Sign Commits Using GitHub API Instead of GitPython and …

…GPG (#45)

## what
- Removes GPG signing key option
- Updates commit signing to use `PyGitHub` instead of `GitPython` library

## why

- Commits are made using `GitPython`, while pull requests are handled with `PyGitHub`. I found that PyGitHub can also make commits, and it could leverage the Atmos App token to automatically sign them. Let me know if you'd be interested in testing this approach

## references

- [Commit Signing](https://github.com/nautilus-cyberneering/pygithub/blob/main/docs/how_to_sign_automatic_commits_in_github_actions.md)
- #44

action.yml

@@ -41,10 +41,6 @@ inputs:
     description: "Skip creation of remote branches and pull requests. Only print list of affected componented into file that is defined in 'outputs.affected-components-file'"
     required: false
     default: 'false'
-  gpg-key-id:
-    description: "GPG key ID to sign commits. Default ''"
-    required: false
-    default: ''
   pr-labels:
     description: "Comma or new line separated list of labels that will added on PR creation. Default: `component-update`"
     required: false
@@ -74,7 +70,6 @@ runs:
     EXCLUDE: ${{ inputs.exclude }}
     LOG_LEVEL: ${{ inputs.log-level }}
     DRY_RUN: ${{ inputs.dry-run }}
-    GPG_KEY_ID: ${{ inputs.gpg-key-id }}
     PR_LABELS: ${{ inputs.pr-labels }}
     PR_TITLE_TEMPLATE: ${{ inputs.pr-title-template }}
     PR_BODY_TEMPLATE: ${{ inputs.pr-body-template }}

entrypoint.sh

@@ -18,7 +18,6 @@ python3 src/main.py \
     --exclude "${EXCLUDE}" \
     --log-level ${LOG_LEVEL} \
     --dry-run ${DRY_RUN} \
-    --gpg-key-id "${GPG_KEY_ID}" \
     --pr-labels "${PR_LABELS}" \
     --pr-title-template "${PR_TITLE_TEMPLATE}" \
     --pr-body-template "${PR_BODY_TEMPLATE}" \

src/component_updater.py

@@ -275,8 +275,7 @@ def __does_component_needs_to_be_updated(self, original_component: AtmosComponen
         return needs_update
 
     def __create_branch_and_pr(self, repo_dir, original_component: AtmosComponent, updated_component: AtmosComponent, branch_name: str) -> PullRequestCreationResponse:
-        self.__github_provider.create_branch_and_push_all_changes(repo_dir,
-                                                                  branch_name,
+        self.__github_provider.create_branch_and_push_all_changes(repo_dir, branch_name,
                                                                   COMMIT_MESSAGE_TEMPLATE.format(
                                                                       component_name=updated_component.name,
                                                                       component_version=updated_component.version))

src/config.py

@@ -16,7 +16,6 @@ def __init__(self,
                  go_getter_tool: str,
                  dry_run: bool,
                  affected_components_file: str = '',
-                 gpg_key_id: str = '',
                  pr_title_template: str = '',
                  pr_body_template: str = '',
                  pr_labels: str = 'component-update'):
@@ -31,7 +30,6 @@ def __init__(self,
         self.dry_run: bool = dry_run
         self.components_download_dir: str = io.create_tmp_dir()
         self.skip_component_repo_fetching: bool = False
-        self.gpg_key_id: str = gpg_key_id
         self.pr_title_template: str = pr_title_template
         self.pr_body_template: str = pr_body_template
         self.pr_labels: List[str] = utils.parse_comma_or_new_line_separated_list(pr_labels)

src/github_provider.py

@@ -3,7 +3,7 @@
 from typing import Optional, Tuple, List
 import jinja2
 import git.repo
-from github import Github
+from github import Github, InputGitTreeElement
 from github.PullRequest import PullRequest
 from jinja2 import FileSystemLoader, Template
 from atmos_component import AtmosComponent
@@ -82,21 +82,39 @@ def get_branches(self, repo_dir: str):
 
         return set(branches)
 
-    def create_branch_and_push_all_changes(self, repo_dir: str, branch_name: str, commit_message: str):
-        repo = git.repo.Repo(repo_dir)
-
-        new_branch = repo.create_head(branch_name)
+    def create_branch_and_push_all_changes(self, repo_dir, branch_name: str, commit_message: str):
+        base_branch = self.__repo.get_branch(self.__repo.default_branch)
+        base_tree = self.__repo.get_git_tree(base_branch.commit.sha)
 
-        repo.git.checkout(new_branch)
-        repo.git.add("-A")
+        parent_commit = self.__repo.get_git_commit(base_branch.commit.sha)
 
-        if self.__config.gpg_key_id:
-            repo.git.commit('-S', f'--gpg-sign={self.__config.gpg_key_id}', '-m', commit_message)
-        else:
-            repo.index.commit(commit_message)
+        if self.__config.dry_run:
+            logging.info(f"Dry run: Changes pushed to branch {branch_name}")
+            return
 
-        if not self.__config.dry_run:
-            repo.git.push("--set-upstream", "origin", branch_name)
+        repo = git.repo.Repo(repo_dir)
+        diffs = repo.index.diff(None)
+        tree_elements = []
+        for d in diffs:
+            import os
+            with open(os.path.join(repo_dir, d.b_path), "r") as f:
+                content = f.read()
+                item = InputGitTreeElement(
+                    path=d.b_path,
+                    mode=str(oct(d.b_mode))[2:],
+                    type='commit',
+                    content=content
+                )
+                tree_elements.append(item)
+        # repo_dir
+        new_tree = self.__repo.create_git_tree(tree_elements, base_tree)
+        commit = self.__repo.create_git_commit(
+            message=commit_message,
+            tree=new_tree,
+            parents=[parent_commit]
+        )
+
+        self.__repo.create_git_ref(ref=f"refs/heads/{branch_name}", sha=commit.sha)
 
     def branch_exists(self, branch_name: str):
         remote_branch_name = f'origin/{branch_name}'

src/main.py

@@ -69,11 +69,6 @@ def main(github_api_token: str, config: Config):
               show_default=True,
               default="affected_components.json",
               help="Path to output file that will contain list of affected components in json format")
-@click.option('--gpg-key-id',
-              required=False,
-              show_default=True,
-              default="",
-              help="GPG key ID to sign commits")
 @click.option('--pr-title-template',
               required=False,
               show_default=True,
@@ -101,7 +96,6 @@ def cli_main(github_api_token,
              log_level,
              dry_run,
              affected_components_file,
-             gpg_key_id,
              pr_title_template,
              pr_body_template,
              pr_labels):
@@ -119,7 +113,6 @@ def cli_main(github_api_token,
                     go_getter_tool,
                     dry_run,
                     affected_components_file,
-                    gpg_key_id,
                     pr_title_template,
                     pr_body_template,
                     pr_labels)

src/requirements.txt

@@ -26,7 +26,7 @@ pluggy==1.0.0
 pycodestyle==2.10.0
 pycparser==2.21
 pyflakes==3.0.1
-PyGithub==1.58.1
+PyGithub==2.5.0
 PyJWT==2.6.0
 pylint==2.17.1
 PyNaCl==1.5.0