Skip to content

Release Notes v0.11.0

This release adds GitHub App authentication, SARIF upload helpers for Code Scanning, enhanced PR review capabilities, and a new --output-monthly CLI flag for incremental contribution tracking.

Highlights

  • GitHub App Authentication: Authenticate as a GitHub App installation for automated workflows and CI/CD pipelines
  • SARIF Upload: Integrate static analysis tools with GitHub Code Scanning
  • PR Review Functions: Add comments, reviews, and line-level feedback programmatically
  • Monthly Output: Track contributions incrementally with auto-merging JSON output

Breaking Changes

JSON Output Field Names

All JSON output fields have been renamed from snake_case to camelCase for consistency with common JSON conventions:

// Before (v0.10.0)
{
  "total_commits": 100,
  "commits_default_branch": 95,
  "month_name": "January"
}

// After (v0.11.0)
{
  "totalCommits": 100,
  "commitsDefaultBranch": 95,
  "monthName": "January"
}

Migration: If you're parsing the JSON output programmatically, update your field names accordingly.

New Features

GitHub App Authentication

Authenticate as a GitHub App installation for bot accounts in automated workflows:

import "github.com/grokify/gogithub/auth"

// Load config from environment variables
cfg, err := auth.LoadAppConfig()
if err != nil {
    panic(err)
}

// Create authenticated client
gh, err := auth.NewAppClient(ctx, cfg)
if err != nil {
    panic(err)
}

Environment variables:

Variable Description
GITHUB_APP_ID The GitHub App ID
GITHUB_INSTALLATION_ID Installation ID for target org/repo
GITHUB_PRIVATE_KEY_PATH Path to private key PEM file
GITHUB_PRIVATE_KEY Private key PEM content (alternative)

Or load from a config file:

cfg, err := auth.LoadAppConfigFromFile("~/.config/gogithub/app.json")

List installations to find the right installation ID:

installations, err := auth.ListAppInstallations(ctx, cfg)
for _, inst := range installations {
    fmt.Printf("ID: %d, Account: %s\n", inst.ID, inst.Account)
}

SARIF Upload for Code Scanning

Upload SARIF files from static analysis tools to GitHub Code Scanning:

import "github.com/grokify/gogithub/sarif"

// Upload and wait for processing
result, err := sarif.UploadAndWait(ctx, gh, "owner", "repo",
    "commit-sha",
    "refs/heads/main",
    sarifData,
    5*time.Minute,  // timeout
)

// Or upload a file directly
result, err := sarif.UploadFile(ctx, gh, "owner", "repo",
    "commit-sha",
    "refs/heads/main",
    "report.sarif",
)

// Check processing status
status, err := sarif.GetUploadStatus(ctx, gh, "owner", "repo", uploadID)

The package handles gzip compression and base64 encoding as required by the GitHub API.

PR Review Functions

New functions for code review workflows:

import "github.com/grokify/gogithub/pr"

// Get PR diff content
diff, err := pr.GetPRDiff(ctx, gh, "owner", "repo", 123)

// Submit a review
review, err := pr.CreateReview(ctx, gh, "owner", "repo", 123,
    pr.ReviewEventApprove,
    "LGTM! Great work.",
)

// Add a line comment
comment, err := pr.CreateLineComment(ctx, gh, "owner", "repo", 123,
    "abc123",           // commit SHA
    "src/main.go",      // file path
    "Consider using a constant here.",
    42,                 // line number
)

// Add a general comment
comment, err := pr.CreateIssueComment(ctx, gh, "owner", "repo", 123,
    "Thanks for the contribution!",
)

Review events:

Event Description
pr.ReviewEventApprove Approve the PR
pr.ReviewEventRequestChanges Request changes before merging
pr.ReviewEventComment General comment without approval status

Monthly Output Flag

Track contributions incrementally with the new --output-monthly flag:

# First run - creates the file
gogithub profile --user grokify --from 2024-01-01 --to 2024-01-31 \
    --output-monthly monthly.json

# Later - add more months (automatically merges)
gogithub profile --user grokify --from 2024-02-01 --to 2024-03-31 \
    --output-monthly monthly.json

The flag:

  • Creates a new file if it doesn't exist
  • Merges with existing data (new data overwrites same months)
  • Keeps months sorted in descending chronological order

Output format:

{
  "username": "grokify",
  "generatedAt": "2024-12-31T12:00:00Z",
  "months": [
    {
      "year": 2024,
      "month": 3,
      "monthName": "March",
      "commits": 120,
      "issues": 5,
      "prs": 10,
      "reviews": 15,
      "additions": 8000,
      "deletions": 3000
    }
  ]
}

New Packages

sarif

Upload SARIF analysis results to GitHub Code Scanning:

import "github.com/grokify/gogithub/sarif"

// Functions
sarif.Upload()           // Compress and upload SARIF data
sarif.UploadFile()       // Upload from file path
sarif.GetUploadStatus()  // Check processing status
sarif.WaitForProcessing() // Poll until complete
sarif.UploadAndWait()    // Upload with automatic polling

Dependencies

  • Added github.com/golang-jwt/jwt/v5 for GitHub App JWT signing
  • Updated github.com/grokify/mogo from v0.73.4 to v0.74.1
  • Updated github.com/grokify/gocharts/v2 from v2.26.9 to v2.27.0
  • Updated golang.org/x/oauth2 from v0.35.0 to v0.36.0

CI/CD Changes

  • Moved to reusable workflows from grokify/.github
  • Added CodeQL SAST workflow for security analysis
  • Renamed workflow files for consistency (ci.yaml to go-ci.yaml, etc.)

Tests

Added comprehensive unit tests for:

  • auth: AppConfig loading, path expansion, AuthError
  • checks: GetChecksStatus, AllChecksPassed
  • pr: PRError, ReviewEvent constants, MergeableState
  • search: Issue methods, Query builder

Upgrade Notes

  1. Update JSON parsing: If you parse CLI JSON output, update field names from snake_case to camelCase
  2. No import changes: No changes to import paths in this release
  3. New dependencies: The golang-jwt/jwt/v5 package is now a dependency for App authentication
go get github.com/grokify/gogithub@v0.11.0