Cannot retrieve PR reviews from a `private` repository


#1

Hi,

I have a private Integration (owned by an organisation) and both public and private repositories that the organisation owns. My Integration goes through the usual steps of getting an auth token via JWT and then the access token. The Integration I describe here is a test one that has permissions for everything to do with the repos. I can add both repos to the organisation owned Integration. I can now create a new PR for each repository, and get a collaborator to create an ‘APPROVED’ review.

I can now get the information for the PRs (these are real, both are issue #1), and they both return the expected information on the repos via the API. I am satisified the auth token is correct.

The first issue is that both repositories return the following similar URLs in the “_links” section (I have truncated, as these are not an issue):

For curl -v -XGET -H "Authorisation: token <authToken>" -H "Accept: application/vnd.github.black-cat-preview+json" https://api.github.com/repos/resin-io/procbots-private-test/pulls/1?access_token=<authToken>:

...
"_links": {
    "self": {
      "href": "https://api.github.com/repos/resin-io/procbots-private-test/pulls/1"
    },
    "html": {
      "href": "https://github.com/resin-io/procbots-private-test/pull/1"
    },
    "issue": {
      "href": "https://api.github.com/repos/resin-io/procbots-private-test/issues/1"
    },
    "comments": {
      "href": "https://api.github.com/repos/resin-io/procbots-private-test/issues/1/comments"
    },
    "review_comments": {
      "href": "https://api.github.com/repos/resin-io/procbots-private-test/pulls/1/comments"
    },
    "review_comment": {
      "href": "https://api.github.com/repos/resin-io/procbots-private-test/pulls/comments{/number}"
    },
    "commits": {
      "href": "https://api.github.com/repos/resin-io/procbots-private-test/pulls/1/commits"
    },
    "statuses": {
      "href": "https://api.github.com/repos/resin-io/procbots-private-test/statuses/8fb0d26374aef3563769fed3382a02d104f79e8f"
    }
  },

For `curl -v -XGET -H "Authorisation: token " -H “Accept: application/vnd.github.black-cat-preview+json” https://api.github.com/repos/resin-io/procbots-public-test/pulls/1?access_token=:

...
"_links": {
    "self": {
      "href": "https://api.github.com/repos/resin-io/procbots-public-test/pulls/1"
    },
    "html": {
      "href": "https://github.com/resin-io/procbots-public-test/pull/1"
    },
    "issue": {
      "href": "https://api.github.com/repos/resin-io/procbots-public-test/issues/1"
    },
    "comments": {
      "href": "https://api.github.com/repos/resin-io/procbots-public-test/issues/1/comments"
    },
    "review_comments": {
      "href": "https://api.github.com/repos/resin-io/procbots-public-test/pulls/1/comments"
    },
    "review_comment": {
      "href": "https://api.github.com/repos/resin-io/procbots-public-test/pulls/comments{/number}"
    },
    "commits": {
      "href": "https://api.github.com/repos/resin-io/procbots-public-test/pulls/1/commits"
    },
    "statuses": {
      "href": "https://api.github.com/repos/resin-io/procbots-public-test/statuses/3cd494da701af799214bd2a9a52f4eae57841c1b"
    }
  },

Note that the “review_comments” properties, eg:
{
“href”: “https://api.github.com/repos/resin-io/procbots-private-test/pulls/1/comments
},

These are different to those on this page https://developer.github.com/v3/pulls/reviews/, which specifies reviews on a PR are fetched with GET /repos/:owner/:repo/pulls/:number/reviews. In fact, getting the review comments with the returned URLs will give you an empty array.

That’s not a huge issue, and I already do what the API page says instead.

The second, and main problem I am having however, is that for the public repo I can retrieve the list of PR reviews:

curl -v -XGET -H "Authorisation: token <authToken>" -H "Accept: application/vnd.github.black-cat-preview+json" https://api.github.com/repos/resin-io/procbots-public-test/pulls/1/reviews?access_token=<authToken>

*   Trying 192.30.253.117...
* Connected to api.github.com (192.30.253.117) port 443 (#0)
* TLS 1.2 connection using TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
* Server certificate: *.github.com
* Server certificate: DigiCert SHA2 High Assurance Server CA
* Server certificate: DigiCert High Assurance EV Root CA
> GET /repos/resin-io/procbots-public-test/pulls/1/reviews?access_token=<authToken> HTTP/1.1
> Host: api.github.com
> User-Agent: curl/7.43.0
> Authorisation: token <authToken>
> Accept: application/vnd.github.black-cat-preview+json
>
< HTTP/1.1 200 OK
< Server: GitHub.com
< Date: Tue, 14 Feb 2017 19:02:04 GMT
< Content-Type: application/json; charset=utf-8
< Content-Length: 1693
< Status: 200 OK
< X-RateLimit-Limit: 5000
< X-RateLimit-Remaining: 4977
< X-RateLimit-Reset: 1487101074
< Cache-Control: private, max-age=60, s-maxage=60
< Vary: Accept, Authorization, Cookie, X-GitHub-OTP
< ETag: "<tag>"
< X-GitHub-Media-Type: github.black-cat-preview; format=json
< Access-Control-Expose-Headers: ETag, Link, X-GitHub-OTP, X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Reset, X-OAuth-Scopes, X-Accepted-OAuth-Scopes, X-Poll-Interval
< Access-Control-Allow-Origin: *
< Content-Security-Policy: default-src 'none'
< Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
< X-Content-Type-Options: nosniff
< X-Frame-Options: deny
< X-XSS-Protection: 1; mode=block
< Vary: Accept-Encoding
< X-Served-By: dc1ce2bfb41810a06c705e83b388572d
< X-GitHub-Request-Id: F4C7:29C0:41CD71E:53D3677:58A3542B
<
[
  {
    "id": 21830779,
    "user": {
      "login": "sablekeech",
      "id": 25102929,
      "avatar_url": "https://avatars0.githubusercontent.com/u/25102929?v=3",
      "gravatar_id": "",
      "url": "https://api.github.com/users/sablekeech",
      "html_url": "https://github.com/sablekeech",
      "followers_url": "https://api.github.com/users/sablekeech/followers",
      "following_url": "https://api.github.com/users/sablekeech/following{/other_user}",
      "gists_url": "https://api.github.com/users/sablekeech/gists{/gist_id}",
      "starred_url": "https://api.github.com/users/sablekeech/starred{/owner}{/repo}",
      "subscriptions_url": "https://api.github.com/users/sablekeech/subscriptions",
      "organizations_url": "https://api.github.com/users/sablekeech/orgs",
      "repos_url": "https://api.github.com/users/sablekeech/repos",
      "events_url": "https://api.github.com/users/sablekeech/events{/privacy}",
      "received_events_url": "https://api.github.com/users/sablekeech/received_events",
      "type": "User",
      "site_admin": false
    },
    "body": "",
    "commit_id": "3cd494da701af799214bd2a9a52f4eae57841c1b",
    "state": "APPROVED",
    "html_url": "https://github.com/resin-io/procbots-public-test/pull/1#pullrequestreview-21830779",
    "pull_request_url": "https://api.github.com/repos/resin-io/procbots-public-test/pulls/1",
    "_links": {
      "html": {
        "href": "https://github.com/resin-io/procbots-public-test/pull/1#pullrequestreview-21830779"
      },
      "pull_request": {
        "href": "https://api.github.com/repos/resin-io/procbots-public-test/pulls/1"
      }
    },
    "submitted_at": "2017-02-14T18:46:05Z"
  }
]
* Connection #0 to host api.github.com left intact

But for the private repo, I cannot:

curl -v -XGET -H "Authorisation: token <authToken>" -H "Accept: application/vnd.github.black-cat-preview+json" https://api.github.com/repos/resin-io/procbots-private-test/pulls/1/reviews?access_token=<authToken>
*   Trying 192.30.253.116...
* Connected to api.github.com (192.30.253.116) port 443 (#0)
* TLS 1.2 connection using TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
* Server certificate: *.github.com
* Server certificate: DigiCert SHA2 High Assurance Server CA
* Server certificate: DigiCert High Assurance EV Root CA
> GET /repos/resin-io/procbots-private-test/pulls/1/reviews?access_token=<authToken> HTTP/1.1
> Host: api.github.com
> User-Agent: curl/7.43.0
> Authorisation: token <authToken>
> Accept: application/vnd.github.black-cat-preview+json
>
< HTTP/1.1 422 Unprocessable Entity
< Server: GitHub.com
< Date: Tue, 14 Feb 2017 19:03:59 GMT
< Content-Type: application/json; charset=utf-8
< Content-Length: 252
< Status: 422 Unprocessable Entity
< X-RateLimit-Limit: 5000
< X-RateLimit-Remaining: 4974
< X-RateLimit-Reset: 1487101074
< X-GitHub-Media-Type: github.black-cat-preview; format=json
< Access-Control-Expose-Headers: ETag, Link, X-GitHub-OTP, X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Reset, X-OAuth-Scopes, X-Accepted-OAuth-Scopes, X-Poll-Interval
< Access-Control-Allow-Origin: *
< Content-Security-Policy: default-src 'none'
< Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
< X-Content-Type-Options: nosniff
< X-Frame-Options: deny
< X-XSS-Protection: 1; mode=block
< X-GitHub-Request-Id: F4E1:29C2:4662712:59C6132:58A3549F
<
{
  "message": "Validation Failed",
  "errors": [
    "Could not resolve to a node with the global id of 'MDExOlB1bGxSZXF1ZXN0MTA2MTUzMDQ2'."
  ],
  "documentation_url": "https://developer.github.com/v3/pulls/reviews/#list-reviews-on-a-pull-request"
}
* Connection #0 to host api.github.com left intact

This results in a failed request.

I do not understand why this occurs, given I can get access to almost everything else I need in the private repo (commits, issues, etc).

Any help would be greatly appreciated!

Thanks in advance.


#2

Hi @hedss, thanks for pointing out the link references. For the main problem of retrieving the reviews for a PR, that looks like a bug on our end. We’ve let the team working on that area know, and will update you when there’s a fix in place. Thanks!


#3

Thank you very much!


#4

Hi @hedss, I’m having the same (very annoying for me) issue. It seems that https://developer.github.com/v3/pulls/reviews/ is not available (yet ?) for integrations, as it is not listed there : https://developer.github.com/early-access/integrations/available-endpoints/ . So maybe @keavy knows when this will be officially available for early preview ? Or https://developer.github.com/early-access/integrations/available-endpoints/ is simply outdated ?
Thanks for letting me know !


#5

Hi @pdesgarets,
I have to admit, I’ve pretty much ignored the available endpoints listed, as I’ve managed to get more info than they state there (such as review comments for public repos, but not private!). It’s possible they’re there but not supported, but I’d far rather they weren’t enabled and we have a roadmap than being enabled but not stable.
Thanks for letting me know I’m not alone. :wink:


Pull Request Comments are not correctly escaped (unparseable JSON)
#6

Hi,

To confirm, yes the Pull Request Reviews API is not yet supported for integrations. Requests for public repositories may have worked in some cases, but until this is fully supported the API is now not enabled for Integrations - whether on public or private repositories - so those requests will return a 403 with a message that the endpoint is not accessible by Integrations.

The team is looking into enabling this API for Integrations, and we’ll update you here when that’s available. Thanks for your patience as we refine features through this Early Access period.

In general, the API documentation will indicate if an endpoint is enabled via the tooltip:
and the listing of available endpoints in the Early Access guide.


#7

Hi,
Thanks for the response. I look forward to this API being available to Integrations soon.


#8

Hi,
Then I’m sorry for having led to the disabling of an interesting feature…looking forward for the availability too.