How can I get contributions.json of myself in a Gitlab CI pipeline with private contributions if "show private contributions" is off in the settings?
https://gitlab.com/users/GITLAB_USERNAME/calendar.json shows both public and private contributions if the logged in user is GITLAB_USERNAME.
https://gitlab.com/users/GITLAB_USERNAME/calendar.json shows only public contributions if the logged in user is not GITLAB_USERNAME and "show private contributions" is off for GITLAB_USERNAME.
I can do this with curl --cookie "_gitlab_session=..." https://gitlab.com/users/GITLAB_USERNAME/calendar.json where I have obtained the cookie by logging in through the web interface. The session cookie expires after 1 week by default.
I want an automated way to do this through a CI pipeline without simulating a log in and storing my password as a variable (insecure, and if I change my password, I need to update all of them).
I have tried using CI_JOB_TOKEN for authentication (like I do with API: curl --header "PRIVATE-TOKEN: $CI_JOB_TOKEN" "https://gitlab.com/api/v4/projects"), but only the public contributions are showing up.
You can't do it using calendar.json endpoint. You need to use events api.
You can collect all your events using personal token and events api curl --header "PRIVATE-TOKEN: <your_access_token>" https://gitlab.com/api/v4/users/:id/events
User id can be found using: https://gitlab.com/api/v4/users?username=YOUR_USERNAME
Instead of job token use personal access token to get access to gitlab api.
To filter out your results use parameters according to your needs. There is a lot more data than when gathering from https://gitlab.com/users/GITLAB_USERNAME/calendar.json url so you would need to process it.
NOTE:
https://gitlab.com/users/GITLAB_USERNAME/calendar.json is not api url but gitlab endpoint so gitlab token won't work for it.
Related
I have created a custom trigger form my project in GitLab and it works fine on branch 'main' via curl (with POST queries):
curl -X POST -F token=%myToken% -F ref=main https://%mygitlab%/api/v4/projects/82/trigger/pipeline
OR:
curl --request POST "https://%mygitlab%/api/v4/projects/82/trigger/pipeline?token=%myToken%&ref=main"
But I want to use webhook and try the next:
https://%mygitlab%/api/v4/projects/82/ref/main/trigger/pipeline?token=%myToken%
It doesn't work and returns 404:
{"error":"404 Not Found"}
What do I miss or do wrong? May be I must to configure something?
Your webhook URL https://%mygitlab%/api/v4/projects/82/ref/main/trigger/pipeline?token=%myToken% should work (use the token from Settings->CI/CD->Pipeline triggers), but the webhook request must be http POST.
This is why
curl https://%mygitlab%/api/v4/projects/82/ref/main/trigger/pipeline?token=%myToken%
will return 404, but
curl -X POST https://%mygitlab%/api/v4/projects/82/ref/main/trigger/pipeline?token=%myToken%
will work. I have the same behavior on my GitLab (Self-Managed).
It cannot find it because your repository is not public. You have to add the token parameter to login into your account so it is able to see your repo and succesfully trigger the pipeline.
The token parameter must contain an accessToken you generate in your personal gitlab account. Make sure you gave enough permission to the accessToken.
Also, instead of passing the ref in the url try:
https://gitlab.com/api/v4/projects/82/trigger/pipeline?token=%myToken%&ref=main
From gitlab's documentation, trigger API doesn't support Personal Access Token. To authenticate, there are two options: Pipeline Trigger Tokens or CI Job tokens.
There is documentation to add a new Pipeline Trigger Token at:
https://docs.gitlab.com/ee/ci/triggers/#adding-a-new-trigger
Basically, you have to go to your Settings > CI/CD under Pipelines Triggers to add a new trigger.
From there, you can apply the new token to your curls.
I'm trying to make a GitHub App that can view the private repositories and members of my organization that it's installed on. It has read access to "checks, members and metadata" on the installed apps page of the organization.
I can use the request curl -i -H "Authorization: token {token}" -H "Accept: application/vnd.github.machine-man-preview+json" https://api.github.com/installation/repositories to list the repositories and that seems to work, although I don't have private repositories on it right now to verify, but it does list the public ones.
However I can't seem to find an endpoint that lists the organization's private members for the installation, which is what I'm authenticated as. https://api.github.com/orgs/{org}/members shows just the public members of my organization, and if I try /members/{private member} I get a 302, which means my app is not a member of the organization. What am I doing wrong?
The access will be granted to user who is registered with the specific organization and similarly the application needs to have scope to access.
Refer scope in Organization Settings->Developer Settings-> Personal Access Tokens
Please find the reference below which are tested GITHUB APIs, please change the endpoint urls as per below suggestions.
Note: replace <> with your appropriate email, org details accordingly.
For accessing all the members(public & private):
curl -u "<user email address>" https://api.github.com/orgs/<organization name>/members
For accessing all the repos(public & private):
curl -u "<user email address>" https://api.github.com/orgs/<organization name>/repos?type=all
I've seen a couple questions on this asked on StackOverflow, but none have helped me. I can not get past the 'invalid_grant' error when trying to do an Authorize Code Grant on my 1 admin user in Docusign Sandbox environment.
I have 1 user, who is a DS Admin in the dashboard
I created a new App and obtained the Integrator Key/client_id and Secret Key
Using the guide, https://developers.docusign.com/esign-rest-api/guides/authentication/oauth2-code-grant
I have successfully called and granted permission to the user with
https://account-d.docusign.com/oauth/auth?
response_type=code&scope=signature%20impersonation&client_id=INTEGRATOR KEY&redirect_uri=https://www.docusign.com
and obtained the code returned
I have taken the Integrator Key and secret key, in form INTEGRATOR_KEY:SECRET_KEY and base64 encoded it.
I have tried using Postman and just straight up cURL call to obtain the access token. I have done this numerous times, with numerous new Apps created in Docusign Sandbox. They all return invalid_grant error.
cURL call
curl --header "Authorization: Basic BASE64ENCODING(INTEGRATOR_KEY:SECRET_KEY)" --data "grant_type=authorization_code&code=CODE_RETURNED_FROM_PERMISSION_GRANT" --request POST https://account-d.docusign.com/oauth/token
It's possible that DocuSign isn't able to correctly interpret your request because you're missing a Content-Type header.
Try adding Content-Type: application/x-www-form-urlencoded
The Authorization Code you receive back from DocuSign is only good for a couple of minutes. If you try to use it after that time then you'll receive the invalid grant error.
Also, if you are doing the Authorization Code Grant flow then you should not be requesting the impersonation scope. -- It is only for the JWT flow.
I am a little confused by Microsoft's scattered documentation.
I have created an application (https://learn.microsoft.com/en-us/azure/azure-resource-manager/resource-group-create-service-principal-portal), which means I now have:
Application ID
Key
Directory ID
I have gone into the KeyVault in Azure Portal, and I have granted permissions to the application.
For test purposes, I am trying to run a test via CURL. The basis I am using for this is the following Microsoft pages (https://learn.microsoft.com/en-us/azure/active-directory/develop/active-directory-protocols-oauth-service-to-service#request-an-access-token and https://learn.microsoft.com/en-us/rest/api/#create-the-request)
So, the first thing I do is get a token through the following call:
curl -d "grant_type=client_credentials&client_id=<removed_for_security>&client_secret=<removed_for_security>" https://login.microsoftonline.com/<removed_for_security>/oauth2/token
This returns a token.
I then (try to) use that token as follows:
curl -H "Authorization: Bearer <removed_for_security>” -vv https://<removed_for_security>.vault.azure.net/secrets/<removed_for_security>/<removed_for_security>
I get no content back, just "HTTP/1.1 401 Unauthorized"
You need to specify the resource you are requesting the token for.
curl -d "grant_type=client_credentials&client_id=<removed_for_security>&client_secret=<removed_for_security>&resource=https://vault.azure.net" https://login.microsoftonline.com/<removed_for_security>/oauth2/token
and also add the api version.
Ok, so I can confirm that the request you are doing is valid, for the most part, you forgot the API-version, but problem is not with the API version (it would tell you that).
https://xxx.vault.azure.net/secrets/xxx/?api-version=2015-06-01
this url works, so I guess the token is not right. The easiest way to check would be to go to JWT.io and paste the token there and see the contents, if they match with what the Key Vault expects. Probably you have a mismatch.
I'm trying to do what the title says, using GitHub's API, I'm trying to get the list of orgs any user belongs to... my problem, is that I can't find a way to do it.
According to the API's doc: https://developer.github.com/v3/orgs/ using this endpoint:
/users/:user/orgs
That should list them, but it's not doing it for my user, so I'm guessing this only lists orgs created by the user.
If this is the case, is there a way around it somehow, so I can get the list of organizations that any user belongs to?
It should but, as mentioned
For my account, I don't belong to any organization: https://api.github.com/users/VonC/orgs
defunk, however, is part of public orgs: https://api.github.com/users/defunkt/orgs
Since the list orgs API will only list public memberships, regardless of authentication. (more precisely, GET /orgs/{org}/memberships/{username})
If you need to fetch all of the organization memberships (public and private) for the authenticated user, use the List your organizations API instead.
Maybe your user is not part of any public orgs, only private ones.
More recently, using gh, the GitHub CLI after a gh auth login:
gh api \
-H "Accept: application/vnd.github+json" \
/user/orgs \
--jq ".[].login"
One line:
gh api -H "Accept: application/vnd.github+json" /user/orgs --jq ".[].login"
Use the route /user/memberships/orgs. For instance, using GitHub Cli:
$ gh api /user/memberships/orgs --jq '.[0].organization.login'
etsii2
If you still want to get the user's organizations that your authorization allows you to operate on in some way, you can use the List organizations for the authenticated user endpoint.
In cURL
curl \
-H "Accept: application/vnd.github+json" \
-H "Authorization: Bearer <YOUR-TOKEN>"\
-H "X-GitHub-Api-Version: 2022-11-28" \
https://api.github.com/user/orgs
where you need to substitute the <YOUR-TOKEN> by the access_token you get in the response after authentication.
In my case, using Postman
just call /user/orgs to retrieve all organizations public or private