Skip to content

Bug 2024731 - Github-ETL needs to generate a new JWT each time it runs as the JWT is short lived and cannot be provided#14

Merged
dklawren merged 5 commits intomainfrom
api-key-fix
Mar 20, 2026
Merged

Bug 2024731 - Github-ETL needs to generate a new JWT each time it runs as the JWT is short lived and cannot be provided#14
dklawren merged 5 commits intomainfrom
api-key-fix

Conversation

@dklawren
Copy link
Contributor

@dklawren dklawren commented Mar 19, 2026

No description provided.

@dklawren
Bug 2024731 - Github-ETL needs to generate a new JWT each time it run…
1a88486 
…s as the JWT is short lived and cannot be provided
@dklawren dklawren requested a review from Copilot March 19, 2026 18:34
Copilot AI reviewed Mar 19, 2026
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR updates GitHub authentication for the ETL to use a GitHub App (App ID + private key) and generate short-lived JWTs at runtime rather than relying on a pre-provided token, aligning the runtime behavior with GitHub App JWT constraints.

Changes:

  • Add PyJWT (with crypto extras) to project dependencies and regenerate the hashed requirements.txt.
  • Implement GitHub App JWT generation and use it to obtain installation access tokens for GitHub API access.
  • Update documentation and container setup to reflect the GitHub App-based configuration.

Reviewed changes

Copilot reviewed 4 out of 5 changed files in this pull request and generated 5 comments.

Show a summary per file
File Description
requirements.txt Adds PyJWT + crypto dependency chain (and hashes) from pip-compile.
pyproject.toml Declares PyJWT[crypto] as a runtime dependency.
main.py Adds JWT generation and switches runtime auth inputs to GITHUB_APP_ID/GITHUB_PRIVATE_KEY.
README.md Updates setup/run instructions to use GitHub App credentials.
Dockerfile Updates base image to Python 3.14 slim.
Comments suppressed due to low confidence (1)

main.py:67

  • get_installation_access_token uses a parameter named jwt, which now conflicts with the imported jwt module name in this file. This shadowing makes the code harder to read and can be confusing during maintenance; consider renaming the parameter to something like github_jwt/app_jwt (and updating call sites).
def get_installation_access_token(
    jwt: str,
    repo: str,
    github_api_url: str,

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@dklawren dklawren requested a review from Copilot March 19, 2026 21:29
Copilot AI reviewed Mar 19, 2026
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR updates GitHub authentication to use a GitHub App by generating short-lived JWTs at runtime (instead of expecting a pre-provided JWT/PAT), and documents the new configuration. It also updates dependencies and aligns the runtime container Python version with the project’s Python baseline.

Changes:

  • Add GitHub App JWT generation and switch runtime auth to use GITHUB_APP_ID + GITHUB_PRIVATE_KEY.
  • Add PyJWT (with crypto extras) and related transitive dependencies.
  • Update docs and bump Docker base image to Python 3.14.

Reviewed changes

Copilot reviewed 4 out of 5 changed files in this pull request and generated 5 comments.

Show a summary per file
File Description
requirements.txt Adds PyJWT[crypto] and cryptography-related dependencies with hashes.
pyproject.toml Declares PyJWT[crypto] as a runtime dependency.
main.py Implements JWT generation and updates installation access token logic / env vars.
README.md Updates setup instructions to use GitHub App credentials and container env-file guidance.
Dockerfile Bumps base image to Python 3.14.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@dklawren dklawren requested review from cgsheeh, shtrom and zzzeid March 19, 2026 22:15
shtrom
shtrom approved these changes Mar 20, 2026
View reviewed changes
Copy link
Member

@shtrom shtrom left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM. Couple of comments/suggestions for later consideration, but this is good as is.

dklawren and others added 2 commits March 20, 2026 12:27
@dklawren @shtrom
Update README.md
ec774d5 
Co-authored-by: Olivier Mehani <shtrom-github@ssji.net>
@dklawren
Merge branch 'main' into api-key-fix
e41f410 
* main:
  Bug 2024636 - Add a duplicate check to make sure that we do not insert duplicate rows into big query for the same snapshot date
@dklawren dklawren merged commit baf75de into main Mar 20, 2026
4 checks passed
@dklawren dklawren deleted the api-key-fix branch March 20, 2026 17:00
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@shtrom shtrom shtrom approved these changes

@zzzeid zzzeid Awaiting requested review from zzzeid

@cgsheeh cgsheeh Awaiting requested review from cgsheeh

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@dklawren @shtrom