PyGithub
diff --git a/‎.github/workflows/ci.yml‎
Lines changed: 16 additions & 0 deletions b/‎.github/workflows/ci.yml‎
Lines changed: 16 additions & 0 deletions
diff --git a/‎.github/workflows/test-results.yml‎
Lines changed: 33 additions & 0 deletions b/‎.github/workflows/test-results.yml‎
Lines changed: 33 additions & 0 deletions
diff --git a/‎github/Auth.py‎
Lines changed: 29 additions & 16 deletions b/‎github/Auth.py‎
Lines changed: 29 additions & 16 deletions
diff --git a/‎github/CodeSecurityConfig.py‎
Lines changed: 216 additions & 0 deletions b/‎github/CodeSecurityConfig.py‎
Lines changed: 216 additions & 0 deletions
diff --git a/‎github/Commit.py‎
Lines changed: 1 addition & 1 deletion b/‎github/Commit.py‎
Lines changed: 1 addition & 1 deletion
@@ -39,6 +39,12 @@ jobs:
           pip install tox tox-gh-actions
       - name: Run tests
         run: tox
+      - name: Upload Test Results
+        if: always()
+        uses: actions/upload-artifact@v4
+        with:
+          name: Test Results (Python ${{ matrix.python-version }} on ${{ matrix.os-label }})
+          path: pytest.xml
       - name: Upload coverage to Codecov
         uses: codecov/codecov-action@v3
 
@@ -59,6 +65,16 @@ jobs:
         run: false
         shell: bash
 
+  event_file:
+    name: "Event File"
+    runs-on: ubuntu-latest
+    steps:
+      - name: Upload
+        uses: actions/upload-artifact@v4
+        with:
+          name: Event File
+          path: ${{ github.event_path }}
+
   draft:
     runs-on: ubuntu-latest
     needs: test_success
 
@@ -0,0 +1,33 @@
+name: Test Results
+
+on:
+  workflow_run:
+    workflows: ["CI"]
+    types:
+      - completed
+permissions: {}
+
+jobs:
+  test-results:
+    name: Test Results
+    if: github.event.workflow_run.conclusion != 'skipped'
+    runs-on: ubuntu-latest
+    permissions:
+      checks: write
+      pull-requests: write
+
+    steps:
+      - name: Download and Extract Artifacts
+        uses: dawidd6/action-download-artifact@e7466d1a7587ed14867642c2ca74b5bcc1e19a2d
+        with:
+          run_id: ${{ github.event.workflow_run.id }}
+          path: artifacts
+
+      - name: Publish Test Results
+        id: test-results
+        uses: EnricoMi/publish-unit-test-result-action@v2
+        with:
+          commit: ${{ github.event.workflow_run.head_sha }}
+          event_file: artifacts/Event File/event.json
+          event_name: ${{ github.event.workflow_run.event }}
+          files: "artifacts/**/*.xml"
@@ -31,7 +31,7 @@
 import time
 from abc import ABC
 from datetime import datetime, timedelta, timezone
-from typing import TYPE_CHECKING, Dict, Optional, Union
+from typing import TYPE_CHECKING, Callable, Dict, Optional, Union
 
 import jwt
 from requests import utils
@@ -43,6 +43,9 @@
 if TYPE_CHECKING:
     from github.GithubIntegration import GithubIntegration
 
+PrivateKeyGenerator = Callable[[], Union[str, bytes]]
+DictSignFunction = Callable[[dict], Union[str, bytes]]
+
 # For App authentication, time remaining before token expiration to request a new one
 ACCESS_TOKEN_REFRESH_THRESHOLD_SECONDS = 20
 TOKEN_REFRESH_THRESHOLD_TIMEDELTA = timedelta(seconds=ACCESS_TOKEN_REFRESH_THRESHOLD_SECONDS)
@@ -190,36 +193,49 @@ class AppAuth(JWT):
 
     """
 
+    @staticmethod
+    def create_jwt_sign(private_key_or_func: Union[str, PrivateKeyGenerator], jwt_algorithm: str) -> DictSignFunction:
+        def jwt_sign(payload: dict) -> Union[str, bytes]:
+            if callable(private_key_or_func):
+                private_key = private_key_or_func()
+            else:
+                private_key = private_key_or_func
+            return jwt.encode(payload, key=private_key, algorithm=jwt_algorithm)
+
+        return jwt_sign
+
+    # v3: move * above private_key
     def __init__(
         self,
         app_id: Union[int, str],
-        private_key: str,
+        private_key: Optional[Union[str, PrivateKeyGenerator]] = None,
+        *,
+        sign_func: Optional[DictSignFunction] = None,
         jwt_expiry: int = Consts.DEFAULT_JWT_EXPIRY,
         jwt_issued_at: int = Consts.DEFAULT_JWT_ISSUED_AT,
-        jwt_algorithm: str = Consts.DEFAULT_JWT_ALGORITHM,
     ):
         assert isinstance(app_id, (int, str)), app_id
         if isinstance(app_id, str):
             assert len(app_id) > 0, "app_id must not be empty"
-        assert isinstance(private_key, str)
-        assert len(private_key) > 0, "private_key must not be empty"
+        assert private_key is not None or sign_func is not None, "either private_key or sign_func must be given"
+        assert private_key is None or sign_func is None, "private_key or sign_func cannot both be given"
+        if private_key is not None:
+            assert isinstance(private_key, str) or callable(private_key)
+            if isinstance(private_key, str):
+                assert len(private_key) > 0, "private_key must not be empty"
+            sign_func = AppAuth.create_jwt_sign(private_key, Consts.DEFAULT_JWT_ALGORITHM)
         assert isinstance(jwt_expiry, int), jwt_expiry
         assert Consts.MIN_JWT_EXPIRY <= jwt_expiry <= Consts.MAX_JWT_EXPIRY, jwt_expiry
 
         self._app_id = app_id
-        self._private_key = private_key
+        self._sign_func = sign_func
         self._jwt_expiry = jwt_expiry
         self._jwt_issued_at = jwt_issued_at
-        self._jwt_algorithm = jwt_algorithm
 
     @property
     def app_id(self) -> Union[int, str]:
         return self._app_id
 
-    @property
-    def private_key(self) -> str:
-        return self._private_key
-
     @property
     def token(self) -> str:
         return self.create_jwt()
@@ -258,7 +274,8 @@ def create_jwt(self, expiration: Optional[int] = None) -> str:
             "exp": now + (expiration if expiration is not None else self._jwt_expiry),
             "iss": self._app_id,
         }
-        encrypted = jwt.encode(payload, key=self.private_key, algorithm=self._jwt_algorithm)
+        assert self._sign_func is not None
+        encrypted = self._sign_func(payload)
 
         if isinstance(encrypted, bytes):
             return encrypted.decode("utf-8")
@@ -331,10 +348,6 @@ def withRequester(self, requester: Requester) -> "AppInstallationAuth":
     def app_id(self) -> Union[int, str]:
         return self._app_auth.app_id
 
-    @property
-    def private_key(self) -> str:
-        return self._app_auth.private_key
-
     @property
     def installation_id(self) -> int:
         return self._installation_id
 
@@ -0,0 +1,216 @@
+############################ Copyrights and license ############################
+#                                                                              #
+# Copyright 2024 Bill Napier <napier@pobox.com>                                #
+#                                                                              #
+# This file is part of PyGithub.                                               #
+# http://pygithub.readthedocs.io/                                              #
+#                                                                              #
+# PyGithub is free software: you can redistribute it and/or modify it under    #
+# the terms of the GNU Lesser General Public License as published by the Free  #
+# Software Foundation, either version 3 of the License, or (at your option)    #
+# any later version.                                                           #
+#                                                                              #
+# PyGithub is distributed in the hope that it will be useful, but WITHOUT ANY  #
+# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS    #
+# FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more #
+# details.                                                                     #
+#                                                                              #
+# You should have received a copy of the GNU Lesser General Public License     #
+# along with PyGithub. If not, see <http://www.gnu.org/licenses/>.             #
+#                                                                              #
+################################################################################
+
+from __future__ import annotations
+
+from datetime import datetime
+from typing import Any
+
+from github.GithubObject import Attribute, NonCompletableGithubObject, NotSet
+
+
+class CodeSecurityConfig(NonCompletableGithubObject):
+    """
+    This class represents Configurations for Code Security.
+
+    The reference can be found here
+    https://docs.github.com/en/rest/code-security/configurations.
+
+    """
+
+    def _initAttributes(self) -> None:
+        self._id: Attribute[int] = NotSet
+        self._name: Attribute[str] = NotSet
+        self._advanced_security: Attribute[str] = NotSet
+        self._code_scanning_default_setup: Attribute[str] = NotSet
+        self._created_at: Attribute[datetime] = NotSet
+        self._dependabot_alerts: Attribute[str] = NotSet
+        self._dependabot_security_updates: Attribute[str] = NotSet
+        self._dependency_graph: Attribute[str] = NotSet
+        self._dependency_graph_autosubmit_action: Attribute[str] = NotSet
+        self._description: Attribute[str] = NotSet
+        self._enforcement: Attribute[str] = NotSet
+        self._html_url: Attribute[str] = NotSet
+        self._private_vulnerability_reporting: Attribute[str] = NotSet
+        self._secret_scanning: Attribute[str] = NotSet
+        self._secret_scanning_delegated_bypass: Attribute[str] = NotSet
+        self._secret_scanning_non_provider_patterns: Attribute[str] = NotSet
+        self._secret_scanning_push_protection: Attribute[str] = NotSet
+        self._secret_scanning_validity_checks: Attribute[str] = NotSet
+        self._target_type: Attribute[str] = NotSet
+        self._url: Attribute[str] = NotSet
+        self._updated_at: Attribute[datetime] = NotSet
+
+    def __repr__(self) -> str:
+        return self.get__repr__(
+            {
+                "id": self.id,
+                "name": self.name,
+                "description": self.description,
+            }
+        )
+
+    @property
+    def advanced_security(self) -> str:
+        return self._advanced_security.value
+
+    @property
+    def code_scanning_default_setup(self) -> str:
+        return self._code_scanning_default_setup.value
+
+    @property
+    def created_at(self) -> datetime:
+        return self._created_at.value
+
+    @property
+    def dependabot_alerts(self) -> str:
+        return self._dependabot_alerts.value
+
+    @property
+    def dependabot_security_updates(self) -> str:
+        return self._dependabot_security_updates.value
+
+    @property
+    def dependency_graph(self) -> str:
+        return self._dependency_graph.value
+
+    @property
+    def dependency_graph_autosubmit_action(self) -> str:
+        return self._dependency_graph_autosubmit_action.value
+
+    @property
+    def description(self) -> str:
+        return self._description.value
+
+    @property
+    def enforcement(self) -> str:
+        return self._enforcement.value
+
+    @property
+    def html_url(self) -> str:
+        return self._html_url.value
+
+    @property
+    def id(self) -> int:
+        return self._id.value
+
+    @property
+    def name(self) -> str:
+        return self._name.value
+
+    @property
+    def private_vulnerability_reporting(self) -> str:
+        return self._private_vulnerability_reporting.value
+
+    @property
+    def secret_scanning(self) -> str:
+        return self._secret_scanning.value
+
+    @property
+    def secret_scanning_delegated_bypass(self) -> str:
+        return self._secret_scanning_delegated_bypass.value
+
+    @property
+    def secret_scanning_non_provider_patterns(self) -> str:
+        return self._secret_scanning_non_provider_patterns.value
+
+    @property
+    def secret_scanning_push_protection(self) -> str:
+        return self._secret_scanning_push_protection.value
+
+    @property
+    def secret_scanning_validity_checks(self) -> str:
+        return self._secret_scanning_validity_checks.value
+
+    @property
+    def target_type(self) -> str:
+        return self._target_type.value
+
+    @property
+    def updated_at(self) -> datetime:
+        return self._updated_at.value
+
+    @property
+    def url(self) -> str:
+        return self._url.value
+
+    def _useAttributes(self, attributes: dict[str, Any]) -> None:
+        if "advanced_security" in attributes:  # pragma no branch
+            self._advanced_security = self._makeStringAttribute(attributes["advanced_security"])
+        if "code_scanning_default_setup" in attributes:  # pragma no branch
+            self._code_scanning_default_setup = self._makeStringAttribute(attributes["code_scanning_default_setup"])
+        if "created_at" in attributes:  # pragma no branch
+            assert attributes["created_at"] is None or isinstance(attributes["created_at"], str), attributes[
+                "created_at"
+            ]
+            self._created_at = self._makeDatetimeAttribute(attributes["created_at"])
+        if "dependabot_alerts" in attributes:  # pragma no branch
+            self._dependabot_alerts = self._makeStringAttribute(attributes["dependabot_alerts"])
+        if "dependabot_security_updates" in attributes:  # pragma no branch
+            self._dependabot_security_updates = self._makeStringAttribute(attributes["dependabot_security_updates"])
+        if "dependency_graph" in attributes:  # pragma no branch
+            self._dependency_graph = self._makeStringAttribute(attributes["dependency_graph"])
+        if "dependency_graph_autosubmit_action" in attributes:  # pragma no branch
+            self._dependency_graph_autosubmit_action = self._makeStringAttribute(
+                attributes["dependency_graph_autosubmit_action"]
+            )
+        if "description" in attributes:  # pragma no branch
+            self._description = self._makeStringAttribute(attributes["description"])
+        if "enforcement" in attributes:  # pragma no branch
+            self._enforcement = self._makeStringAttribute(attributes["enforcement"])
+        if "html_url" in attributes:  # pragma no branch
+            self._html_url = self._makeStringAttribute(attributes["html_url"])
+        if "id" in attributes:  # pragma no branch
+            self._id = self._makeIntAttribute(attributes["id"])
+        if "name" in attributes:  # pragma no branch
+            self._name = self._makeStringAttribute(attributes["name"])
+        if "private_vulnerability_reporting" in attributes:  # pragma no branch
+            self._private_vulnerability_reporting = self._makeStringAttribute(
+                attributes["private_vulnerability_reporting"]
+            )
+        if "secret_scanning" in attributes:  # pragma no branch
+            self._secret_scanning = self._makeStringAttribute(attributes["secret_scanning"])
+        if "secret_scanning_delegated_bypass" in attributes:  # pragma no branch
+            self._secret_scanning_delegated_bypass = self._makeStringAttribute(
+                attributes["secret_scanning_delegated_bypass"]
+            )
+        if "secret_scanning_non_provider_patterns" in attributes:  # pragma no branch
+            self._secret_scanning_non_provider_patterns = self._makeStringAttribute(
+                attributes["secret_scanning_non_provider_patterns"]
+            )
+        if "secret_scanning_push_protection" in attributes:  # pragma no branch
+            self._secret_scanning_push_protection = self._makeStringAttribute(
+                attributes["secret_scanning_push_protection"]
+            )
+        if "secret_scanning_validity_checks" in attributes:  # pragma no branch
+            self._secret_scanning_validity_checks = self._makeStringAttribute(
+                attributes["secret_scanning_validity_checks"]
+            )
+        if "target_type" in attributes:  # pragma no branch
+            self._target_type = self._makeStringAttribute(attributes["target_type"])
+        if "updated_at" in attributes:  # pragma no branch
+            assert attributes["updated_at"] is None or isinstance(attributes["updated_at"], str), attributes[
+                "updated_at"
+            ]
+            self._updated_at = self._makeDatetimeAttribute(attributes["updated_at"])
+        if "url" in attributes:  # pragma no branch
+            self._url = self._makeStringAttribute(attributes["url"])
@@ -82,7 +82,7 @@ class Commit(CompletableGithubObject):
     This class represents Commits.
 
     The reference can be found here
-    https://docs.github.com/en/rest/reference/git#commits
+    https://docs.github.com/en/rest/commits/commits#get-a-commit-object
 
     The OpenAPI schema can be found at
     - /components/schemas/branch-short/properties/commit