Skip to content

feat: Add two new Secret Scanning API endpoints #3687

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
gmlewis merged 22 commits into from
Oct 7, 2025
Merged

feat: Add two new Secret Scanning API endpoints #3687

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
22 commits
Select commit Hold shift + click to select a range
f97ab6d
add PushProtectionBypasses and ScanHistory in secret scanning endpoints
Not-Dhananjay-Mishra Aug 18, 2025
895f152
use timestamp instead of time.Time
Not-Dhananjay-Mishra Aug 18, 2025
3a24cda
change method names
Not-Dhananjay-Mishra Aug 18, 2025
52ce83a
fix comments
Not-Dhananjay-Mishra Aug 18, 2025
9908a2d
add comments to struct and change some name
Not-Dhananjay-Mishra Aug 18, 2025
25437f3
fix comments
Not-Dhananjay-Mishra Aug 18, 2025
317ee25
fix comments
Not-Dhananjay-Mishra Aug 18, 2025
3ba69ca
Merge branch 'master' into feat-3686
Not-Dhananjay-Mishra Aug 18, 2025
4aa75c6
Merge branch 'master' into feat-3686
Not-Dhananjay-Mishra Aug 18, 2025
6f7860e
add omitempty
Not-Dhananjay-Mishra Aug 18, 2025
c7213dc
use omitempty where needed and adjust names
Not-Dhananjay-Mishra Aug 18, 2025
1d091ff
fix responsePushProtectionBypass
Not-Dhananjay-Mishra Aug 18, 2025
6606dd4
Merge branch 'master' into feat-3686
Not-Dhananjay-Mishra Aug 19, 2025
399ec39
Merge branch 'master' into feat-3686
gmlewis Sep 22, 2025
a4badd1
Merge branch 'master' into feat-3686
gmlewis Sep 22, 2025
3ccea73
Merge branch 'master' into feat-3686
gmlewis Sep 22, 2025
d92b8d2
change struct name
Not-Dhananjay-Mishra Sep 30, 2025
7dfdcfd
Merge branch 'master' into feat-3686
Not-Dhananjay-Mishra Sep 30, 2025
82cb264
Merge branch 'master' into feat-3686
Not-Dhananjay-Mishra Oct 1, 2025
cfa6d5e
Merge branch 'master' into feat-3686
Not-Dhananjay-Mishra Oct 7, 2025
71aa241
Merge branch 'google:master' into feat-3686
Not-Dhananjay-Mishra Oct 7, 2025
be5f36d
change context
Not-Dhananjay-Mishra Oct 7, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
change method names
  • Loading branch information
@Not-Dhananjay-Mishra
Not-Dhananjay-Mishra committed Aug 18, 2025
commit 3a24cda807745d650a4ec1d2f31b7e0c382a87a2
14 changes: 7 additions & 7 deletions github/secret_scanning.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -120,13 +120,13 @@ type SecretScanningAlertUpdateOptions struct {
ResolutionComment *string `json:"resolution_comment,omitempty"`
}

// CreatePushProtectionBypass represents the parameters for PushProtectionBypasses.
type CreatePushProtectionBypass struct {
// CreatePushProtectionBypass represents the parameters for CreatePushProtectionBypass.
type PushProtectionBypassRequest struct {
Reason string `json:"reason"`
PlaceholderID string `json:"placeholder_id"`
}

// PushProtectionBypass represents the responses from PushProtectionBypasses.
// PushProtectionBypass represents the responses from CreatePushProtectionBypass.
type PushProtectionBypass struct {
Reason string `json:"reason"`
ExpireAt *Timestamp `json:"expire_at"`
Expand Down Expand Up @@ -322,15 +322,15 @@ func (s *SecretScanningService) ListLocationsForAlert(ctx context.Context, owner
return locations, resp, nil
}

// PushProtectionBypasses creates a push protection bypass for a given repository.
// CreatePushProtectionBypass creates a push protection bypass for a given repository.
//
// To use this endpoint, you must be an administrator for the repository or organization, and you must use an access token with
// the repo scope or security_events scope.
//
// GitHub API docs: https://docs.github.com/rest/secret-scanning/secret-scanning#create-a-push-protection-bypass
//
//meta:operation POST /repos/{owner}/{repo}/secret-scanning/push-protection-bypasses
func (s *SecretScanningService) PushProtectionBypasses(ctx context.Context, owner, repo string, opts *CreatePushProtectionBypass) (*PushProtectionBypass, *Response, error) {
func (s *SecretScanningService) CreatePushProtectionBypass(ctx context.Context, owner, repo string, opts *PushProtectionBypassRequest) (*PushProtectionBypass, *Response, error) {
u := fmt.Sprintf("repos/%v/%v/secret-scanning/push-protection-bypasses", owner, repo)

req, err := s.client.NewRequest("POST", u, opts)
Expand All @@ -345,15 +345,15 @@ func (s *SecretScanningService) PushProtectionBypasses(ctx context.Context, owne
return reponsePushProtectionBypass, resp, nil
}

// ScanHistory fetches the secret scanning history for a given repository.
// GetScanHistory fetches the secret scanning history for a given repository.
//
// To use this endpoint, you must be an administrator for the repository or organization, and you must use an access token with
// the repo scope or security_events scope and gitHub advanced security or secret scanning must be enabled.
//
// GitHub API docs: https://docs.github.com/rest/secret-scanning/secret-scanning#get-secret-scanning-scan-history-for-a-repository
//
//meta:operation GET /repos/{owner}/{repo}/secret-scanning/scan-history
func (s *SecretScanningService) ScanHistory(ctx context.Context, owner, repo string) (*SecretScanningResponse, *Response, error) {
func (s *SecretScanningService) GetScanHistory(ctx context.Context, owner, repo string) (*SecretScanningResponse, *Response, error) {
u := fmt.Sprintf("repos/%v/%v/secret-scanning/scan-history", owner, repo)

req, err := s.client.NewRequest("GET", u, nil)
Expand Down
34 changes: 17 additions & 17 deletions github/secret_scanning_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -617,7 +617,7 @@ func TestSecretScanningAlertUpdateOptions_Marshal(t *testing.T) {

testJSONMarshal(t, u, want)
}
func TestSecretScanningService_PushProtectionBypasses(t *testing.T) {
func TestSecretScanningService_CreatePushProtectionBypass(t *testing.T) {
t.Parallel()
client, mux, _ := setup(t)

Expand All @@ -626,9 +626,9 @@ func TestSecretScanningService_PushProtectionBypasses(t *testing.T) {

mux.HandleFunc(fmt.Sprintf("/repos/%v/%v/secret-scanning/push-protection-bypasses", owner, repo), func(w http.ResponseWriter, r *http.Request) {
testMethod(t, r, "POST")
var v *CreatePushProtectionBypass
var v *PushProtectionBypassRequest
assertNilError(t, json.NewDecoder(r.Body).Decode(&v))
want := &CreatePushProtectionBypass{Reason: "valid reason", PlaceholderID: "bypass-123"}
want := &PushProtectionBypassRequest{Reason: "valid reason", PlaceholderID: "bypass-123"}
if !cmp.Equal(v, want) {
t.Errorf("Request body = %+v, want %+v", v, want)
}
Expand All @@ -641,11 +641,11 @@ func TestSecretScanningService_PushProtectionBypasses(t *testing.T) {
})

ctx := context.Background()
opts := &CreatePushProtectionBypass{Reason: "valid reason", PlaceholderID: "bypass-123"}
opts := &PushProtectionBypassRequest{Reason: "valid reason", PlaceholderID: "bypass-123"}

bypass, _, err := client.SecretScanning.PushProtectionBypasses(ctx, owner, repo, opts)
bypass, _, err := client.SecretScanning.CreatePushProtectionBypass(ctx, owner, repo, opts)
if err != nil {
t.Errorf("SecretScanning.PushProtectionBypasses returned error: %v", err)
t.Errorf("SecretScanning.CreatePushProtectionBypass returned error: %v", err)
}

expireTime := Timestamp{time.Date(2018, time.January, 1, 0, 0, 0, 0, time.UTC)}
Expand All @@ -656,19 +656,19 @@ func TestSecretScanningService_PushProtectionBypasses(t *testing.T) {
}

if !cmp.Equal(bypass, want) {
t.Errorf("SecretScanning.PushProtectionBypasses returned %+v, want %+v", bypass, want)
t.Errorf("SecretScanning.CreatePushProtectionBypass returned %+v, want %+v", bypass, want)
}
const methodName = "PushProtectionBypasses"
const methodName = "CreatePushProtectionBypass"
testBadOptions(t, methodName, func() (err error) {
_, _, err = client.SecretScanning.PushProtectionBypasses(ctx, "\n", "\n", opts)
_, _, err = client.SecretScanning.CreatePushProtectionBypass(ctx, "\n", "\n", opts)
return err
})
testNewRequestAndDoFailure(t, methodName, client, func() (*Response, error) {
_, resp, err := client.SecretScanning.PushProtectionBypasses(ctx, "o", "r", opts)
_, resp, err := client.SecretScanning.CreatePushProtectionBypass(ctx, "o", "r", opts)
return resp, err
})
}
func TestSecretScanningService_ScanHistory(t *testing.T) {
func TestSecretScanningService_GetScanHistory(t *testing.T) {
t.Parallel()
client, mux, _ := setup(t)

Expand Down Expand Up @@ -703,9 +703,9 @@ func TestSecretScanningService_ScanHistory(t *testing.T) {

ctx := context.Background()

history, _, err := client.SecretScanning.ScanHistory(ctx, owner, repo)
history, _, err := client.SecretScanning.GetScanHistory(ctx, owner, repo)
if err != nil {
t.Errorf("SecretScanning.ScanHistory returned error: %v", err)
t.Errorf("SecretScanning.GetScanHistory returned error: %v", err)
}

startAt1 := Timestamp{time.Date(2025, time.July, 29, 9, 55, 0, 0, time.UTC)}
Expand All @@ -728,15 +728,15 @@ func TestSecretScanningService_ScanHistory(t *testing.T) {
}

if !cmp.Equal(history, want) {
t.Errorf("SecretScanning.ScanHistory returned %+v, want %+v", history, want)
t.Errorf("SecretScanning.GetScanHistory returned %+v, want %+v", history, want)
}
const methodName = "ScanHistory"
const methodName = "GetScanHistory"
testBadOptions(t, methodName, func() (err error) {
_, _, err = client.SecretScanning.ScanHistory(ctx, "\n", "\n")
_, _, err = client.SecretScanning.GetScanHistory(ctx, "\n", "\n")
return err
})
testNewRequestAndDoFailure(t, methodName, client, func() (*Response, error) {
_, resp, err := client.SecretScanning.ScanHistory(ctx, "o", "r")
_, resp, err := client.SecretScanning.GetScanHistory(ctx, "o", "r")
return resp, err
})
}