octokit/rest.js
Usage
Import the Octokit constructor based on your platform.
Browsers
@octokit/rest
directly from esm.sh
<script type="module">
import { Octokit } from "https://esm.sh/@octokit/rest";
</script>
Node
npm install @octokit/rest
import { Octokit } from "@octokit/rest";
import { Octokit } from "@octokit/rest";
Now instantiate your octokit API. All options are optional, but authentication is strongly encouraged.
const octokit = new Octokit({
You can set auth
to a personal access token string.
Learn more about authentication.
auth: "secret123",
Setting a user agent is required. It defaults to octokit/rest.js v1.2.3
where v1.2.3
is the current version of @octokit/rest
, but you should set it to something that identifies your app or script.
userAgent: 'myApp v1.2.3',
API Previews can be enabled globally by setting the previews
option. They can be set per-request as well.
Learn more about API Previews.
previews: ['jean-grey', 'symmetra'],
A default time zone can be enabled by setting the timeZone
option.
timeZone: 'Europe/Amsterdam',
Learn more about using time zones with the GitHub API.
In order to use Octokit with GitHub Enterprise, set the baseUrl
option.
baseUrl: 'https://api.github.com',
For custom logging, pass an object with debug
, info
, warn
and error
methods as the log
option.
Learn more about logging and debugging.
log: {
debug: () => {},
info: () => {},
warn: console.warn,
error: console.error
},
Custom request options can be passed as request.*
options. See @octokit/request
options. The same options can be passed to each endpoint request method.
request: {
agent: undefined,
fetch: undefined,
timeout: 0
}
})
Most of GitHub’s REST API endpoints have matching methods. All endpoint methods are asynchronous, in order to use await
in the code examples, we wrap them into an anonymous async function.
(async () => {
For example to retrieve a pull request, use octokit.rest.pulls.get()
. We recommend to use the search above to find the endpoint method you are looking for
const { data: pullRequest } = await octokit.rest.pulls.get({
owner: "octokit",
repo: "rest.js",
pull_number: 123,
});
Some API endpoints support alternative response formats, see Media types. For example, to request the above pull request in a diff format, pass the mediaType.format
option.
Learn more about request formats.
const { data: diff } = await octokit.rest.pulls.get({
owner: "octokit",
repo: "rest.js",
pull_number: 123,
mediaType: {
format: "diff",
},
});
For the API endpoints that do not have a matching method, such as the root endpoint or legacy endpoints, you can send custom requests.
Learn more about custom requests.
const { data: root } = await octokit.request("GET /");
You can also register custom endpoint methods, which is particularly useful if you participate in a private beta.
Learn more about custom endpoint methods.
await octokit.registerEndpoints({
misc: {
getRoot: {
method: "GET",
url: "/",
},
},
});
Some endpoints return a list which has to be paginated in order to retrieve the complete data set.
Learn more about pagination.
octokit.paginate(octokit.rest.issues.listForRepo, {
owner: 'octokit',
repo: 'rest.js'
})
.then(issues => {
// issues is an array of all issue objects
})
})
You can add more functionality with plugins. We recommend the retry and throttling plugins.
Learn more about throttling, automatic retries and building your own Plugins.
import { retry } from "@octokit/plugin-retry";
import { throttling } from "@octokit/plugin-throttling";
const MyOctokit = Octokit.plugin(retry, throttling);
Octokit.plugin()
returns a new constructor. The same options can be passed to the constructor. The options are passed on to all plugin functions as the 2nd argument.
const myOctokit = new MyOctokit({
auth: "secret123",
throttle: {
onRateLimit: (retryAfter, options) => {
myOctokit.log.warn(
`Request quota exhausted for request ${options.method} ${options.url}`,
);
if (options.request.retryCount === 0) {
// only retries once
myOctokit.log.info(`Retrying after ${retryAfter} seconds!`);
return true;
}
},
onSecondaryRateLimit: (retryAfter, options, octokit) => {
// does not retry, only logs a warning
octokit.log.warn(
`Secondary quota detected for request ${options.method} ${options.url}`,
);
},
},
retry: {
doNotRetry: ["429"],
},
});
Authentication
Authentication is optional for some REST API endpoints accessing public data, but is required for GraphQL queries. Using authentication also increases your API rate limit.
GitHub supports different authentication strategies:
- Personal access token (create). This is the default authentication strategy. Set the
options.auth
option to the token innew Octokit(options)
. Learn more about the built-in@octokit/auth-token
authentication strategy. - OAuth Apps: authenticate using user access token created by an OAuth app, to which you granted selected permissions, or as the OAuth App itself (OAuth using
client_id
andclient_secret
). Learn more about the optional@octokit/auth-oauth-app
authentication strategy - GitHub Apps: authenticate using an installation access token or as GitHub App itself. Learn more about the optional
@octokit/auth-app
authentication strategy. - GitHub Actions: authenticate using the
GITHUB_TOKEN
secret which is provided to GitHub Actions Workflows. Learn more about the optional@octokit/auth-action
authentication strategy.
Learn more about all official and community authentication strategies.
By default, @octokit/rest
authenticates using the token authentication strategy. Pass in a token using options.auth
. It can be a personal access token, an OAuth token, an installation access token or a JSON Web Token for GitHub App authentication. The Authorization
request header will be set according to the type of token.
import { Octokit } from "@octokit/rest";
const octokit = new Octokit({
auth: "mypersonalaccesstoken123",
});
// sends request with `Authorization: token mypersonalaccesstoken123` header
const { data } = await octokit.request("/user");
To use a different authentication strategy, set options.authStrategy
.
Here is an example for GitHub App authentication
import { Octokit } from "@octokit/rest";
import { createAppAuth } from "@octokit/auth-app";
const appOctokit = new Octokit({
authStrategy: createAppAuth,
auth: {
appId: 123,
privateKey: process.env.PRIVATE_KEY,
// optional: this will make appOctokit authenticate as app (JWT)
// or installation (access token), depending on the request URL
installationId: 123,
},
});
const { data } = await appOctokit.request("/app");
The .auth()
method returned by the current authentication strategy can be accessed at octokit.auth()
. Example
const { token } = await appOctokit.auth({
type: "installation",
// defaults to `options.auth.installationId` set in the constructor
installationId: 123,
});
Request formats & aborts
Some API endpoints support alternative response formats, see Media types.
For example, to request a pull request as diff format, set the mediaType.format
option
const { data: prDiff } = await octokit.rest.pulls.get({
owner: "octokit",
repo: "rest.js",
pull_number: 1278,
mediaType: {
format: "diff",
},
});
The AbortController interface can be used to abort one or more requests as and when desired. When the request is initiated, an AbortSignal instance can be passed as an option inside the request's options object.
const controller = new AbortController();
const { data: prDiff } = await octokit.rest.pulls.get({
owner: "octokit",
repo: "rest.js",
pull_number: 1278,
request: {
signal: controller.signal,
},
});
Use controller.abort()
to abort the request when desired.
Custom requests
To send custom requests you can use the lower-level octokit.request()
method
octokit.request("GET /");
The baseUrl
, headers and other defaults are already set. For more information on the octokit.request()
API see octokit/request.js
All the endpoint methods such as octokit.rest.repos.get()
are aliases of octokit.request()
with pre-bound default options. So you can use the @octokit/request
API to get the default options or get generic request option to use with your preferred request library.
const defaultOptions = octokit.rest.repos.get.endpoint.DEFAULTS;
const requestOptions = octokit.rest.repos.get.endpoint({
owner: "octokit",
repo: "rest.js",
});
Note that authentication is not applied when retrieving request options from the *.endpoint
APIs.
Pagination
All endpoint methods starting with .list*
do not return all results at once but instead return the first 30 items by default, see also GitHub’s REST API pagination documentation.
To automatically receive all results across all pages, you can use the octokit.paginate()
method:
octokit
.paginate("GET /repos/{owner}/{repo}/issues", {
owner: "octokit",
repo: "rest.js",
})
.then((issues) => {
// issues is an array of all issue objects. It is not wrapped in a { data, headers, status, url } object
// like results from `octokit.request()` or any of the endpoint methods such as `octokit.rest.issues.listForRepo()`
});
octokit.paginate()
accepts the same options as octokit.request()
. You can optionally pass an additional function to map the results from each response. The map must return a new value, usually an array with mapped data.
Note: the map function is called with the { data, headers, status, url }
response object. The data
property is guaranteed to be an array of the result items, even for list endpoints that respond with an object instead of an array, such as the search endpoints.
octokit
.paginate(
"GET /repos/{owner}/{repo}/issues",
{ owner: "octokit", repo: "rest.js" },
(response) => response.data.map((issue) => issue.title),
)
.then((issueTitles) => {
// issueTitles is now an array with the titles only
});
To stop paginating early, you can call the done()
function passed as 2nd argument to the response map function. Note that you still have to return the value you want to map the response to, otherwise the last response will be mapped to undefined.
octokit.paginate(
"GET /repos/{owner}/{repo}/issues",
{ owner: "octokit", repo: "rest.js" },
(response, done) => {
if (response.data.find((issue) => issue.body.includes("something"))) {
done();
}
return response.data;
},
);
To paginate responses for one of the registered endpoint methods such as octokit.rest.issues.listForRepo()
you can pass the method directly as first argument to octokit.paginate
:
octokit
.paginate(octokit.rest.issues.listForRepo, {
owner: "octokit",
repo: "rest.js",
})
.then((issues) => {
// issues is an array of all issue objects
});
If your runtime environment supports async iterators (such as most modern browsers and Node 10+), you can iterate through each response
for await (const response of octokit.paginate.iterator(
octokit.rest.issues.listForRepo,
{
owner: "octokit",
repo: "rest.js",
},
)) {
// do whatever you want with each response, break out of the loop, etc.
}
octokit.paginate.iterator()
accepts the same options as octokit.paginate()
.
Hooks
You can customize Octokit’s request lifecycle with hooks. Available methods are
octokit.hook.before("request", async (options) => {
validate(options);
});
octokit.hook.after("request", async (response, options) => {
console.log(`${options.method} ${options.url}: ${response.status}`);
});
octokit.hook.error("request", async (error, options) => {
if (error.status === 304) {
return findInCache(error.response.headers.etag);
}
throw error;
});
octokit.hook.wrap("request", async (request, options) => {
// add logic before, after, catch errors or replace the request altogether
return request(options);
});
See before-after-hook for more details on the 4 methods.
Custom endpoint methods
You can register custom endpoint methods such as octokit.rest.repos.get()
by extending the octokit object
Object.assign(octokit.foo, {
bar: {
method: "PATCH",
url: "/repos/{owner}/{repo}/foo",
headers: {
accept: "application/vnd.github.foo-bar-preview+json",
},
params: {
owner: {
required: true,
type: "string",
},
repo: {
required: true,
type: "string",
},
baz: {
required: true,
type: "string",
enum: ["qux", "quux", "quuz"],
},
},
},
});
octokit.foo.bar({
owner: "octokit",
repo: "rest.js",
baz: "quz",
});
This is useful when you participate in private beta features and prefer the convenience of methods for the new endpoints instead of using octokit.request()
.
Plugins
You can customize and extend Octokit’s functionality using plugins
// index.js
import { Octokit } from "@octokit/rest";
import myPlugin from "./lib/my-plugin.js";
import octokitPluginExample from "octokit-plugin-example";
const MyOctokit = Octokit.plugin(myPlugin, octokitPluginExample);
// lib/my-plugin.js
const plugin = (octokit, options = { greeting: "Hello" }) => {
// hook into the request lifecycle
octokit.hook.wrap("request", async (request, options) => {
const time = Date.now();
const response = await request(options);
octokit.log.info(
`${options.method} ${options.url} – ${response.status} in ${
Date.now() - time
}ms`,
);
return response;
});
// add a custom method: octokit.helloWorld()
return {
helloWorld: () => console.log(`${options.greeting}, world!`),
};
};
export default plugin;
.plugin
accepts a function or an array of functions.
We recommend using Octokit’s log methods to help users of your plugin with debugging.
You can add new methods to the octokit
instance passed as the first argument to
the plugin function. The 2nd argument is the options object passed to the
constructor when instantiating the octokit
client.
const octokit = new MyOctokit({ greeting: "Hola" });
octokit.helloWorld();
// Hola, world!
Throttling
When you send too many requests in too little time you will likely hit errors due to rate and/or abuse limits.
In order to automatically throttle requests as recommended in GitHub’s best practices for integrators, we recommend you install the @octokit/plugin-throttling
plugin.
The throttle.onSecondaryRateLimit
and throttle.onRateLimit
options are required.
Return true
from these functions to automatically retry the request after retryAfter
seconds. Return false
or undefined
to skip retry and throw the error. For rate limit errors, retryAfter
defaults to seconds until X-RateLimit-Reset
. For abuse errors, retryAfter
defaults to the retry-after
header but is a minimum of five seconds.
import { Octokit } from "@octokit/rest";
import { throttling } from "@octokit/plugin-throttling";
const MyOctokit = Octokit.plugin(throttling);
const octokit = new MyOctokit({
auth: "token " + process.env.TOKEN,
throttle: {
onRateLimit: (retryAfter, options) => {
octokit.log.warn(
`Request quota exhausted for request ${options.method} ${options.url}`,
);
// Retry twice after hitting a rate limit error, then give up
if (options.request.retryCount <= 2) {
console.log(`Retrying after ${retryAfter} seconds!`);
return true;
}
},
onSecondaryRateLimit: (retryAfter, options, octokit) => {
// does not retry, only logs a warning
octokit.log.warn(
`Secondary quota detected for request ${options.method} ${options.url}`,
);
},
},
});
Automatic retries
Many common request errors can be easily remediated by retrying the request. We recommend installing the @octokit/plugin-retry
plugin for Automatic retries in these cases
import { Octokit } from "@octokit/rest";
import { retry } from "@octokit/plugin-retry";
const MyOctokit = Octokit.plugin(retry);
const octokit = new MyOctokit();
// all requests sent with the `octokit` instance are now retried up to 3 times for recoverable errors.
Logging
Octokit
has 4 built-in log methods
octokit.log.debug(message[, additionalInfo])
octokit.log.info(message[, additionalInfo])
octokit.log.warn(message[, additionalInfo])
octokit.log.error(message[, additionalInfo])
They can be configured using the log
client option. By default, octokit.log.debug()
and octokit.log.info()
are no-ops, while the other two call console.warn()
and console.error()
respectively.
This is useful if you build reusable plugins.
Debug
The simplest way to receive debug information is to set the log
client option to console
.
import { Octokit } from "@octokit/rest";
const octokit = new Octokit({
log: console,
});
octokit.request("/");
This will log
request { method: 'GET',
baseUrl: 'https://api.github.com',
headers:
{ accept: 'application/vnd.github.v3+json',
'user-agent':
'octokit.js/0.0.0-development Node.js/10.15.0 (macOS Mojave; x64)' },
request: {},
url: '/' }
GET / - 200 in 514ms
If you like to support a configurable log level, we recommend using the console-log-level module
import { Octokit } from "@octokit/rest";
import consoleLogLevel from "console-log-level";
const octokit = new Octokit({
log: consoleLogLevel({ level: "info" }),
});
octokit.request("/");
This will only log
GET / - 200 in 514ms
Actions
Add custom labels to a self-hosted runner for an organization
Adds custom labels to a self-hosted runner configured in an organization.
Authenticated users must have admin access to the organization to use this endpoint.
OAuth tokens and personal access tokens (classic) need the admin:org
scope to use this endpoint.
octokit.rest.actions.addCustomLabelsToSelfHostedRunnerForOrg({
org,
runner_id,
labels,
});
Parameters
name | required | description |
---|---|---|
org | yes |
The organization name. The name is not case sensitive. |
runner_id | yes |
Unique identifier of the self-hosted runner. |
labels | yes |
The names of the custom labels to add to the runner. |
See also: GitHub Developer Guide documentation.
Add custom labels to a self-hosted runner for a repository
Adds custom labels to a self-hosted runner configured in a repository.
Authenticated users must have admin access to the organization to use this endpoint.
OAuth tokens and personal access tokens (classic) need the repo
scope to use this endpoint.
octokit.rest.actions.addCustomLabelsToSelfHostedRunnerForRepo({
owner,
repo,
runner_id,
labels,
});
Parameters
name | required | description |
---|---|---|
owner | yes |
The account owner of the repository. The name is not case sensitive. |
repo | yes |
The name of the repository without the |
runner_id | yes |
Unique identifier of the self-hosted runner. |
labels | yes |
The names of the custom labels to add to the runner. |
See also: GitHub Developer Guide documentation.
Add repository access to a self-hosted runner group in an organization
Adds a repository to the list of repositories that can access a self-hosted runner group. The runner group must have visibility
set to selected
. For more information, see "Create a self-hosted runner group for an organization."
OAuth tokens and personal access tokens (classic) need the admin:org
scope to use this endpoint.
octokit.rest.actions.addRepoAccessToSelfHostedRunnerGroupInOrg({
org,
runner_group_id,
repository_id,
});
Parameters
name | required | description |
---|---|---|
org | yes |
The organization name. The name is not case sensitive. |
runner_group_id | yes |
Unique identifier of the self-hosted runner group. |
repository_id | yes |
The unique identifier of the repository. |
See also: GitHub Developer Guide documentation.
Add selected repository to an organization secret
Adds a repository to an organization secret when the visibility
for
repository access is set to selected
. For more information about setting the visibility, see Create or
update an organization secret.
Authenticated users must have collaborator access to a repository to create, update, or read secrets.
OAuth tokens and personal access tokens (classic) need the admin:org
scope to use this endpoint. If the repository is private, OAuth tokens and personal access tokens (classic) need the repo
scope to use this endpoint.
octokit.rest.actions.addSelectedRepoToOrgSecret({
org,
secret_name,
repository_id,
});
Parameters
name | required | description |
---|---|---|
org | yes |
The organization name. The name is not case sensitive. |
secret_name | yes |
The name of the secret. |
repository_id | yes |
See also: GitHub Developer Guide documentation.
Add selected repository to an organization variable
Adds a repository to an organization variable that is available to selected repositories.
Organization variables that are available to selected repositories have their visibility
field set to selected
.
Authenticated users must have collaborator access to a repository to create, update, or read secrets.
OAuth tokens and personal access tokens (classic) need the admin:org
scope to use this endpoint. If the repository is private, OAuth tokens and personal access tokens (classic) need the repo
scope to use this endpoint.
octokit.rest.actions.addSelectedRepoToOrgVariable({
org,
name,
repository_id,
});
Parameters
name | required | description |
---|---|---|
org | yes |
The organization name. The name is not case sensitive. |
name | yes |
The name of the variable. |
repository_id | yes |
See also: GitHub Developer Guide documentation.
Approve a workflow run for a fork pull request
Approves a workflow run for a pull request from a public fork of a first time contributor. For more information, see "Approving workflow runs from public forks."
OAuth tokens and personal access tokens (classic) need the repo
scope to use this endpoint.
octokit.rest.actions.approveWorkflowRun({
owner,
repo,
run_id,
});
Parameters
name | required | description |
---|---|---|
owner | yes |
The account owner of the repository. The name is not case sensitive. |
repo | yes |
The name of the repository without the |
run_id | yes |
The unique identifier of the workflow run. |
See also: GitHub Developer Guide documentation.
Cancel a workflow run
Cancels a workflow run using its id
.
OAuth tokens and personal access tokens (classic) need the repo
scope to use this endpoint.
octokit.rest.actions.cancelWorkflowRun({
owner,
repo,
run_id,
});
Parameters
name | required | description |
---|---|---|
owner | yes |
The account owner of the repository. The name is not case sensitive. |
repo | yes |
The name of the repository without the |
run_id | yes |
The unique identifier of the workflow run. |
See also: GitHub Developer Guide documentation.
Create an environment variable
Create an environment variable that you can reference in a GitHub Actions workflow.
Authenticated users must have collaborator access to a repository to create, update, or read variables.
OAuth tokens and personal access tokens (classic) need the repo
scope to use this endpoint.
octokit.rest.actions.createEnvironmentVariable({
owner,
repo,
environment_name,
name,
value,
});
Parameters
name | required | description |
---|---|---|
owner | yes |
The account owner of the repository. The name is not case sensitive. |
repo | yes |
The name of the repository without the |
environment_name | yes |
The name of the environment. The name must be URL encoded. For example, any slashes in the name must be replaced with |
name | yes |
The name of the variable. |
value | yes |
The value of the variable. |
See also: GitHub Developer Guide documentation.
Create or update an environment secret
Creates or updates an environment secret with an encrypted value. Encrypt your secret using LibSodium. For more information, see "Encrypting secrets for the REST API."
Authenticated users must have collaborator access to a repository to create, update, or read secrets.
OAuth tokens and personal access tokens (classic) need the repo
scope to use this endpoint.
octokit.rest.actions.createOrUpdateEnvironmentSecret({
owner,
repo,
environment_name,
secret_name,
encrypted_value,
key_id,
});
Parameters
name | required | description |
---|---|---|
owner | yes |
The account owner of the repository. The name is not case sensitive. |
repo | yes |
The name of the repository without the |
environment_name | yes |
The name of the environment. The name must be URL encoded. For example, any slashes in the name must be replaced with |
secret_name | yes |
The name of the secret. |
encrypted_value | yes |
Value for your secret, encrypted with LibSodium using the public key retrieved from the Get an environment public key endpoint. |
key_id | yes |
ID of the key you used to encrypt the secret. |
See also: GitHub Developer Guide documentation.
Create or update an organization secret
Creates or updates an organization secret with an encrypted value. Encrypt your secret using
LibSodium. You must authenticate using an access
token with the admin:org
scope to use this endpoint. GitHub Apps must have the secrets
organization permission to
use this endpoint.
Example encrypting a secret using Node.js
Encrypt your secret using the tweetsodium library.
const sodium = require('tweetsodium');
const key = "base64-encoded-public-key";
const value = "plain-text-secret";
// Convert the message and key to Uint8Array's (Buffer implements that interface)
const messageBytes = Buffer.from(value);
const keyBytes = Buffer.from(key, 'base64');
// Encrypt using LibSodium.
const encryptedBytes = sodium.seal(messageBytes, keyBytes);
// Base64 the encrypted secret
const encrypted = Buffer.from(encryptedBytes).toString('base64');
console.log(encrypted);
Example encrypting a secret using Python
Encrypt your secret using pynacl with Python 3.
from base64 import b64encode
from nacl import encoding, public
def encrypt(public_key: str, secret_value: str) -> str:
"""Encrypt a Unicode string using the public key."""
public_key = public.PublicKey(public_key.encode("utf-8"), encoding.Base64Encoder())
sealed_box = public.SealedBox(public_key)
encrypted = sealed_box.encrypt(secret_value.encode("utf-8"))
return b64encode(encrypted).decode("utf-8")
Example encrypting a secret using C#
Encrypt your secret using the Sodium.Core package.
var secretValue = System.Text.Encoding.UTF8.GetBytes("mySecret");
var publicKey = Convert.FromBase64String("2Sg8iYjAxxmI2LvUXpJjkYrMxURPc8r+dB7TJyvvcCU=");
var sealedPublicKeyBox = Sodium.SealedPublicKeyBox.Create(secretValue, publicKey);
Console.WriteLine(Convert.ToBase64String(sealedPublicKeyBox));
Example encrypting a secret using Ruby
Encrypt your secret using the rbnacl gem.
require "rbnacl"
require "base64"
key = Base64.decode64("+ZYvJDZMHUfBkJdyq5Zm9SKqeuBQ4sj+6sfjlH4CgG0=")
public_key = RbNaCl::PublicKey.new(key)
box = RbNaCl::Boxes::Sealed.from_public_key(public_key)
encrypted_secret = box.encrypt("my_secret")
# Print the base64 encoded secret
puts Base64.strict_encode64(encrypted_secret)
octokit.rest.actions.createOrUpdateOrgSecret({
org,
secret_name,
visibility,
});
Parameters
name | required | description |
---|---|---|
org | yes |
The organization name. The name is not case sensitive. |
secret_name | yes |
The name of the secret. |
encrypted_value | no |
Value for your secret, encrypted with LibSodium using the public key retrieved from the Get an organization public key endpoint. |
key_id | no |
ID of the key you used to encrypt the secret. |
visibility | yes |
Which type of organization repositories have access to the organization secret. |
selected_repository_ids | no |
An array of repository ids that can access the organization secret. You can only provide a list of repository ids when the |
See also: GitHub Developer Guide documentation.
Create or update a repository secret
Creates or updates a repository secret with an encrypted value. Encrypt your secret using LibSodium. For more information, see "Encrypting secrets for the REST API."
Authenticated users must have collaborator access to a repository to create, update, or read secrets.
OAuth tokens and personal access tokens (classic) need the repo
scope to use this endpoint.
octokit.rest.actions.createOrUpdateRepoSecret({
owner,
repo,
secret_name,
});
Parameters
name | required | description |
---|---|---|
owner | yes |
The account owner of the repository. The name is not case sensitive. |
repo | yes |
The name of the repository without the |
secret_name | yes |
The name of the secret. |
encrypted_value | no |
Value for your secret, encrypted with LibSodium using the public key retrieved from the Get a repository public key endpoint. |
key_id | no |
ID of the key you used to encrypt the secret. |
See also: GitHub Developer Guide documentation.
Create an organization variable
Creates an organization variable that you can reference in a GitHub Actions workflow.
Authenticated users must have collaborator access to a repository to create, update, or read variables.
OAuth tokens and personal access tokens (classic) need theadmin:org
scope to use this endpoint. If the repository is private, OAuth tokens and personal access tokens (classic) need the repo
scope to use this endpoint.
octokit.rest.actions.createOrgVariable({
org,
name,
value,
visibility,
});
Parameters
name | required | description |
---|---|---|
org | yes |
The organization name. The name is not case sensitive. |
name | yes |
The name of the variable. |
value | yes |
The value of the variable. |
visibility | yes |
The type of repositories in the organization that can access the variable. |
selected_repository_ids | no |
An array of repository ids that can access the organization variable. You can only provide a list of repository ids when the |
See also: GitHub Developer Guide documentation.
Create a registration token for an organization
Returns a token that you can pass to the config
script. The token expires after one hour.
For example, you can replace TOKEN
in the following example with the registration token provided by this endpoint to configure your self-hosted runner:
./config.sh --url https://github.com/octo-org --token TOKEN
Authenticated users must have admin access to the organization to use this endpoint.
OAuth tokens and personal access tokens (classic) need theadmin:org
scope to use this endpoint. If the repository is private, OAuth tokens and personal access tokens (classic) need the repo
scope to use this endpoint.
octokit.rest.actions.createRegistrationTokenForOrg({
org,
});
Parameters
name | required | description |
---|---|---|
org | yes |
The organization name. The name is not case sensitive. |
See also: GitHub Developer Guide documentation.
Create a registration token for a repository
Returns a token that you can pass to the config
script. The token expires after one hour.
For example, you can replace TOKEN
in the following example with the registration token provided by this endpoint to configure your self-hosted runner:
./config.sh --url https://github.com/octo-org --token TOKEN
Authenticated users must have admin access to the repository to use this endpoint.
OAuth tokens and personal access tokens (classic) need the repo
scope to use this endpoint.
octokit.rest.actions.createRegistrationTokenForRepo({
owner,
repo,
});
Parameters
name | required | description |
---|---|---|
owner | yes |
The account owner of the repository. The name is not case sensitive. |
repo | yes |
The name of the repository without the |
See also: GitHub Developer Guide documentation.
Create a remove token for an organization
Returns a token that you can pass to the config
script to remove a self-hosted runner from an organization. The token expires after one hour.
For example, you can replace TOKEN
in the following example with the registration token provided by this endpoint to remove your self-hosted runner from an organization:
./config.sh remove --token TOKEN
Authenticated users must have admin access to the organization to use this endpoint.
OAuth tokens and personal access tokens (classic) need theadmin:org
scope to use this endpoint. If the repository is private, OAuth tokens and personal access tokens (classic) need the repo
scope to use this endpoint.
octokit.rest.actions.createRemoveTokenForOrg({
org,
});
Parameters
name | required | description |
---|---|---|
org | yes |
The organization name. The name is not case sensitive. |
See also: GitHub Developer Guide documentation.
Create a remove token for a repository
Returns a token that you can pass to the config
script to remove a self-hosted runner from an repository. The token expires after one hour.
For example, you can replace TOKEN
in the following example with the registration token provided by this endpoint to remove your self-hosted runner from an organization:
./config.sh remove --token TOKEN
Authenticated users must have admin access to the repository to use this endpoint.
OAuth tokens and personal access tokens (classic) need the repo
scope to use this endpoint.
octokit.rest.actions.createRemoveTokenForRepo({
owner,
repo,
});
Parameters
name | required | description |
---|---|---|
owner | yes |
The account owner of the repository. The name is not case sensitive. |
repo | yes |
The name of the repository without the |
See also: GitHub Developer Guide documentation.
Create a repository variable
Creates a repository variable that you can reference in a GitHub Actions workflow.
Authenticated users must have collaborator access to a repository to create, update, or read variables.
OAuth tokens and personal access tokens (classic) need the repo
scope to use this endpoint.
octokit.rest.actions.createRepoVariable({
owner,
repo,
name,
value,
});
Parameters
name | required | description |
---|---|---|
owner | yes |
The account owner of the repository. The name is not case sensitive. |
repo | yes |
The name of the repository without the |
name | yes |
The name of the variable. |
value | yes |
The value of the variable. |
See also: GitHub Developer Guide documentation.
Create a workflow dispatch event
You can use this endpoint to manually trigger a GitHub Actions workflow run. You can replace workflow_id
with the workflow file name. For example, you could use main.yaml
.
You must configure your GitHub Actions workflow to run when the workflow_dispatch
webhook event occurs. The inputs
are configured in the workflow file. For more information about how to configure the workflow_dispatch
event in the workflow file, see "Events that trigger workflows."
OAuth tokens and personal access tokens (classic) need the repo
scope to use this endpoint.
octokit.rest.actions.createWorkflowDispatch({
owner,
repo,
workflow_id,
ref,
});
Parameters
name | required | description |
---|---|---|
owner | yes |
The account owner of the repository. The name is not case sensitive. |
repo | yes |
The name of the repository without the |
workflow_id | yes |
The ID of the workflow. You can also pass the workflow file name as a string. |
ref | yes |
The git reference for the workflow. The reference can be a branch or tag name. |
inputs | no |
Input keys and values configured in the workflow file. The maximum number of properties is 10. Any default properties configured in the workflow file will be used when |
inputs.* | no |
See also: GitHub Developer Guide documentation.
Delete a GitHub Actions cache for a repository (using a cache ID)
Deletes a GitHub Actions cache for a repository, using a cache ID.
OAuth tokens and personal access tokens (classic) need the repo
scope to use this endpoint.
octokit.rest.actions.deleteActionsCacheById({
owner,
repo,
cache_id,
});
Parameters
name | required | description |
---|---|---|
owner | yes |
The account owner of the repository. The name is not case sensitive. |
repo | yes |
The name of the repository without the |
cache_id | yes |
The unique identifier of the GitHub Actions cache. |
See also: GitHub Developer Guide documentation.
Delete GitHub Actions caches for a repository (using a cache key)
Deletes one or more GitHub Actions caches for a repository, using a complete cache key. By default, all caches that match the provided key are deleted, but you can optionally provide a Git ref to restrict deletions to caches that match both the provided key and the Git ref.
OAuth tokens and personal access tokens (classic) need the repo
scope to use this endpoint.
octokit.rest.actions.deleteActionsCacheByKey({
owner,
repo,
key,
});
Parameters
name | required | description |
---|---|---|
owner | yes |
The account owner of the repository. The name is not case sensitive. |
repo | yes |
The name of the repository without the |
key | yes |
A key for identifying the cache. |
ref | no |
The full Git reference for narrowing down the cache. The |
See also: GitHub Developer Guide documentation.
Delete an artifact
Deletes an artifact for a workflow run.
OAuth tokens and personal access tokens (classic) need the repo
scope to use this endpoint.
octokit.rest.actions.deleteArtifact({
owner,
repo,
artifact_id,
});
Parameters
name | required | description |
---|---|---|
owner | yes |
The account owner of the repository. The name is not case sensitive. |
repo | yes |
The name of the repository without the |
artifact_id | yes |
The unique identifier of the artifact. |
See also: GitHub Developer Guide documentation.
Delete an environment secret
Deletes a secret in an environment using the secret name.
Authenticated users must have collaborator access to a repository to create, update, or read secrets.
OAuth tokens and personal access tokens (classic) need the repo
scope to use this endpoint.
octokit.rest.actions.deleteEnvironmentSecret({
owner,
repo,
environment_name,
secret_name,
});
Parameters
name | required | description |
---|---|---|
owner | yes |
The account owner of the repository. The name is not case sensitive. |
repo | yes |
The name of the repository without the |
environment_name | yes |
The name of the environment. The name must be URL encoded. For example, any slashes in the name must be replaced with |
secret_name | yes |
The name of the secret. |
See also: GitHub Developer Guide documentation.
Delete an environment variable
Deletes an environment variable using the variable name.
Authenticated users must have collaborator access to a repository to create, update, or read variables.
OAuth tokens and personal access tokens (classic) need the repo
scope to use this endpoint.
octokit.rest.actions.deleteEnvironmentVariable({
owner,
repo,
name,
environment_name,
});
Parameters
name | required | description |
---|---|---|
owner | yes |
The account owner of the repository. The name is not case sensitive. |
repo | yes |
The name of the repository without the |
name | yes |
The name of the variable. |
environment_name | yes |
The name of the environment. The name must be URL encoded. For example, any slashes in the name must be replaced with |
See also: GitHub Developer Guide documentation.
Delete an organization secret
Deletes a secret in an organization using the secret name.
Authenticated users must have collaborator access to a repository to create, update, or read secrets.
OAuth tokens and personal access tokens (classic) need theadmin:org
scope to use this endpoint. If the repository is private, OAuth tokens and personal access tokens (classic) need the repo
scope to use this endpoint.
octokit.rest.actions.deleteOrgSecret({
org,
secret_name,
});
Parameters
name | required | description |
---|---|---|
org | yes |
The organization name. The name is not case sensitive. |
secret_name | yes |
The name of the secret. |
See also: GitHub Developer Guide documentation.
Delete an organization variable
Deletes an organization variable using the variable name.
Authenticated users must have collaborator access to a repository to create, update, or read variables.
OAuth tokens and personal access tokens (classic) need theadmin:org
scope to use this endpoint. If the repository is private, OAuth tokens and personal access tokens (classic) need the repo
scope to use this endpoint.
octokit.rest.actions.deleteOrgVariable({
org,
name,
});
Parameters
name | required | description |
---|---|---|
org | yes |
The organization name. The name is not case sensitive. |
name | yes |
The name of the variable. |
See also: GitHub Developer Guide documentation.
Delete a repository secret
Deletes a secret in a repository using the secret name.
Authenticated users must have collaborator access to a repository to create, update, or read secrets.
OAuth tokens and personal access tokens (classic) need the repo
scope to use this endpoint.
octokit.rest.actions.deleteRepoSecret({
owner,
repo,
secret_name,
});
Parameters
name | required | description |
---|---|---|
owner | yes |
The account owner of the repository. The name is not case sensitive. |
repo | yes |
The name of the repository without the |
secret_name | yes |
The name of the secret. |
See also: GitHub Developer Guide documentation.
Delete a repository variable
Deletes a repository variable using the variable name.
Authenticated users must have collaborator access to a repository to create, update, or read variables.
OAuth tokens and personal access tokens (classic) need the repo
scope to use this endpoint.
octokit.rest.actions.deleteRepoVariable({
owner,
repo,
name,
});
Parameters
name | required | description |
---|---|---|
owner | yes |
The account owner of the repository. The name is not case sensitive. |
repo | yes |
The name of the repository without the |
name | yes |
The name of the variable. |
See also: GitHub Developer Guide documentation.
Delete a self-hosted runner from an organization
Forces the removal of a self-hosted runner from an organization. You can use this endpoint to completely remove the runner when the machine you were using no longer exists.
Authenticated users must have admin access to the organization to use this endpoint.
OAuth tokens and personal access tokens (classic) need theadmin:org
scope to use this endpoint. If the repository is private, OAuth tokens and personal access tokens (classic) need the repo
scope to use this endpoint.
octokit.rest.actions.deleteSelfHostedRunnerFromOrg({
org,
runner_id,
});
Parameters
name | required | description |
---|---|---|
org | yes |
The organization name. The name is not case sensitive. |
runner_id | yes |
Unique identifier of the self-hosted runner. |
See also: GitHub Developer Guide documentation.
Delete a self-hosted runner from a repository
Forces the removal of a self-hosted runner from a repository. You can use this endpoint to completely remove the runner when the machine you were using no longer exists.
Authenticated users must have admin access to the repository to use this endpoint.
OAuth tokens and personal access tokens (classic) need the repo
scope to use this endpoint.
octokit.rest.actions.deleteSelfHostedRunnerFromRepo({
owner,
repo,
runner_id,
});
Parameters
name | required | description |
---|---|---|
owner | yes |
The account owner of the repository. The name is not case sensitive. |
repo | yes |
The name of the repository without the |
runner_id | yes |
Unique identifier of the self-hosted runner. |
See also: GitHub Developer Guide documentation.
Delete a workflow run
Deletes a specific workflow run.
Anyone with write access to the repository can use this endpoint.
If the repository is private, OAuth tokens and personal access tokens (classic) need the repo
scope to use this endpoint.
octokit.rest.actions.deleteWorkflowRun({
owner,
repo,
run_id,
});
Parameters
name | required | description |
---|---|---|
owner | yes |
The account owner of the repository. The name is not case sensitive. |
repo | yes |
The name of the repository without the |
run_id | yes |
The unique identifier of the workflow run. |
See also: GitHub Developer Guide documentation.
Delete workflow run logs
Deletes all logs for a workflow run.
OAuth tokens and personal access tokens (classic) need the repo
scope to use this endpoint.
octokit.rest.actions.deleteWorkflowRunLogs({
owner,
repo,
run_id,
});
Parameters
name | required | description |
---|---|---|
owner | yes |
The account owner of the repository. The name is not case sensitive. |
repo | yes |
The name of the repository without the |
run_id | yes |
The unique identifier of the workflow run. |
See also: GitHub Developer Guide documentation.
Disable a selected repository for GitHub Actions in an organization
Removes a repository from the list of selected repositories that are enabled for GitHub Actions in an organization. To use this endpoint, the organization permission policy for enabled_repositories
must be configured to selected
. For more information, see "Set GitHub Actions permissions for an organization."
OAuth tokens and personal access tokens (classic) need the admin:org
scope to use this endpoint.
octokit.rest.actions.disableSelectedRepositoryGithubActionsOrganization({
org,
repository_id,
});
Parameters
name | required | description |
---|---|---|
org | yes |
The organization name. The name is not case sensitive. |
repository_id | yes |
The unique identifier of the repository. |
See also: GitHub Developer Guide documentation.
Disable a workflow
Disables a workflow and sets the state
of the workflow to disabled_manually
. You can replace workflow_id
with the workflow file name. For example, you could use main.yaml
.
OAuth tokens and personal access tokens (classic) need the repo
scope to use this endpoint.
octokit.rest.actions.disableWorkflow({
owner,
repo,
workflow_id,
});
Parameters
name | required | description |
---|---|---|
owner | yes |
The account owner of the repository. The name is not case sensitive. |
repo | yes |
The name of the repository without the |
workflow_id | yes |
The ID of the workflow. You can also pass the workflow file name as a string. |
See also: GitHub Developer Guide documentation.
Download an artifact
Gets a redirect URL to download an archive for a repository. This URL expires after 1 minute. Look for Location:
in
the response header to find the URL for the download. The :archive_format
must be zip
.
OAuth tokens and personal access tokens (classic) need the repo
scope to use this endpoint.
octokit.rest.actions.downloadArtifact({
owner,
repo,
artifact_id,
archive_format,
});
Parameters
name | required | description |
---|---|---|
owner | yes |
The account owner of the repository. The name is not case sensitive. |
repo | yes |
The name of the repository without the |
artifact_id | yes |
The unique identifier of the artifact. |
archive_format | yes |
See also: GitHub Developer Guide documentation.
Download job logs for a workflow run
Gets a redirect URL to download a plain text file of logs for a workflow job. This link expires after 1 minute. Look
for Location:
in the response header to find the URL for the download.
Anyone with read access to the repository can use this endpoint.
If the repository is private, OAuth tokens and personal access tokens (classic) need the repo
scope to use this endpoint.
octokit.rest.actions.downloadJobLogsForWorkflowRun({
owner,
repo,
job_id,
});
Parameters
name | required | description |
---|---|---|
owner | yes |
The account owner of the repository. The name is not case sensitive. |
repo | yes |
The name of the repository without the |
job_id | yes |
The unique identifier of the job. |
See also: GitHub Developer Guide documentation.
Download workflow run attempt logs
Gets a redirect URL to download an archive of log files for a specific workflow run attempt. This link expires after
1 minute. Look for Location:
in the response header to find the URL for the download.
Anyone with read access to the repository can use this endpoint.
If the repository is private, OAuth tokens and personal access tokens (classic) need the repo
scope to use this endpoint.
octokit.rest.actions.downloadWorkflowRunAttemptLogs({
owner,
repo,
run_id,
attempt_number,
});
Parameters
name | required | description |
---|---|---|
owner | yes |
The account owner of the repository. The name is not case sensitive. |
repo | yes |
The name of the repository without the |
run_id | yes |
The unique identifier of the workflow run. |
attempt_number | yes |
The attempt number of the workflow run. |
See also: GitHub Developer Guide documentation.
Download workflow run logs
Gets a redirect URL to download an archive of log files for a workflow run. This link expires after 1 minute. Look for
Location:
in the response header to find the URL for the download.
Anyone with read access to the repository can use this endpoint.
If the repository is private, OAuth tokens and personal access tokens (classic) need the repo
scope to use this endpoint.
octokit.rest.actions.downloadWorkflowRunLogs({
owner,
repo,
run_id,
});
Parameters
name | required | description |
---|---|---|
owner | yes |
The account owner of the repository. The name is not case sensitive. |
repo | yes |
The name of the repository without the |
run_id | yes |
The unique identifier of the workflow run. |
See also: GitHub Developer Guide documentation.
Enable a selected repository for GitHub Actions in an organization
Adds a repository to the list of selected repositories that are enabled for GitHub Actions in an organization. To use this endpoint, the organization permission policy for enabled_repositories
must be must be configured to selected
. For more information, see "Set GitHub Actions permissions for an organization."
OAuth tokens and personal access tokens (classic) need the admin:org
scope to use this endpoint.
octokit.rest.actions.enableSelectedRepositoryGithubActionsOrganization({
org,
repository_id,
});
Parameters
name | required | description |
---|---|---|
org | yes |
The organization name. The name is not case sensitive. |
repository_id | yes |
The unique identifier of the repository. |
See also: GitHub Developer Guide documentation.
Enable a workflow
Enables a workflow and sets the state
of the workflow to active
. You can replace workflow_id
with the workflow file name. For example, you could use main.yaml
.
OAuth tokens and personal access tokens (classic) need the repo
scope to use this endpoint.
octokit.rest.actions.enableWorkflow({
owner,
repo,
workflow_id,
});
Parameters
name | required | description |
---|---|---|
owner | yes |
The account owner of the repository. The name is not case sensitive. |
repo | yes |
The name of the repository without the |
workflow_id | yes |
The ID of the workflow. You can also pass the workflow file name as a string. |
See also: GitHub Developer Guide documentation.
Force cancel a workflow run
Cancels a workflow run and bypasses conditions that would otherwise cause a workflow execution to continue, such as an always()
condition on a job.
You should only use this endpoint to cancel a workflow run when the workflow run is not responding to POST /repos/{owner}/{repo}/actions/runs/{run_id}/cancel
.
OAuth tokens and personal access tokens (classic) need the repo
scope to use this endpoint.
octokit.rest.actions.forceCancelWorkflowRun({
owner,
repo,
run_id,
});
Parameters
name | required | description |
---|---|---|
owner | yes |
The account owner of the repository. The name is not case sensitive. |
repo | yes |
The name of the repository without the |
run_id | yes |
The unique identifier of the workflow run. |
See also: GitHub Developer Guide documentation.
Create configuration for a just-in-time runner for an organization
Generates a configuration that can be passed to the runner application at startup.
The authenticated user must have admin access to the organization.
OAuth tokens and personal access tokens (classic) need theadmin:org
scope to use this endpoint. If the repository is private, OAuth tokens and personal access tokens (classic) need the repo
scope to use this endpoint.
octokit.rest.actions.generateRunnerJitconfigForOrg({
org,
name,
runner_group_id,
labels,
});
Parameters
name | required | description |
---|---|---|
org | yes |
The organization name. The name is not case sensitive. |
name | yes |
The name of the new runner. |
runner_group_id | yes |
The ID of the runner group to register the runner to. |
labels | yes |
The names of the custom labels to add to the runner. Minimum items: 1. Maximum items: 100. |
work_folder | no |
The working directory to be used for job execution, relative to the runner install directory. |
See also: GitHub Developer Guide documentation.
Create configuration for a just-in-time runner for a repository
Generates a configuration that can be passed to the runner application at startup.
The authenticated user must have admin access to the repository.
OAuth tokens and personal access tokens (classic) need therepo
scope to use this endpoint.
octokit.rest.actions.generateRunnerJitconfigForRepo({
owner,
repo,
name,
runner_group_id,
labels,
});
Parameters
name | required | description |
---|---|---|
owner | yes |
The account owner of the repository. The name is not case sensitive. |
repo | yes |
The name of the repository without the |
name | yes |
The name of the new runner. |
runner_group_id | yes |
The ID of the runner group to register the runner to. |
labels | yes |
The names of the custom labels to add to the runner. Minimum items: 1. Maximum items: 100. |
work_folder | no |
The working directory to be used for job execution, relative to the runner install directory. |
See also: GitHub Developer Guide documentation.
List GitHub Actions caches for a repository
Lists the GitHub Actions caches for a repository.
OAuth tokens and personal access tokens (classic) need the repo
scope to use this endpoint.
octokit.rest.actions.getActionsCacheList({
owner,
repo,
});
Parameters
name | required | description |
---|---|---|
owner | yes |
The account owner of the repository. The name is not case sensitive. |
repo | yes |
The name of the repository without the |
per_page | no |
The number of results per page (max 100). For more information, see "Using pagination in the REST API." |
page | no |
The page number of the results to fetch. For more information, see "Using pagination in the REST API." |
ref | no |
The full Git reference for narrowing down the cache. The |
key | no |
An explicit key or prefix for identifying the cache |
sort | no |
The property to sort the results by. |
direction | no |
The direction to sort the results by. |
See also: GitHub Developer Guide documentation.
Get GitHub Actions cache usage for a repository
Gets GitHub Actions cache usage for a repository. The data fetched using this API is refreshed approximately every 5 minutes, so values returned from this endpoint may take at least 5 minutes to get updated.
Anyone with read access to the repository can use this endpoint.
If the repository is private, OAuth tokens and personal access tokens (classic) need the repo
scope to use this endpoint.
octokit.rest.actions.getActionsCacheUsage({
owner,
repo,
});
Parameters
name | required | description |
---|---|---|
owner | yes |
The account owner of the repository. The name is not case sensitive. |
repo | yes |
The name of the repository without the |
See also: GitHub Developer Guide documentation.
List repositories with GitHub Actions cache usage for an organization
Lists repositories and their GitHub Actions cache usage for an organization. The data fetched using this API is refreshed approximately every 5 minutes, so values returned from this endpoint may take at least 5 minutes to get updated.
OAuth tokens and personal access tokens (classic) need the read:org
scope to use this endpoint.
octokit.rest.actions.getActionsCacheUsageByRepoForOrg({
org,
});
Parameters
name | required | description |
---|---|---|
org | yes |
The organization name. The name is not case sensitive. |
per_page | no |
The number of results per page (max 100). For more information, see "Using pagination in the REST API." |
page | no |
The page number of the results to fetch. For more information, see "Using pagination in the REST API." |
See also: GitHub Developer Guide documentation.
Get GitHub Actions cache usage for an organization
Gets the total GitHub Actions cache usage for an organization. The data fetched using this API is refreshed approximately every 5 minutes, so values returned from this endpoint may take at least 5 minutes to get updated.
OAuth tokens and personal access tokens (classic) need the read:org
scope to use this endpoint.
octokit.rest.actions.getActionsCacheUsageForOrg({
org,
});
Parameters
name | required | description |
---|---|---|
org | yes |
The organization name. The name is not case sensitive. |
See also: GitHub Developer Guide documentation.
Get allowed actions and reusable workflows for an organization
Gets the selected actions and reusable workflows that are allowed in an organization. To use this endpoint, the organization permission policy for allowed_actions
must be configured to selected
. For more information, see "Set GitHub Actions permissions for an organization."
OAuth tokens and personal access tokens (classic) need the admin:org
scope to use this endpoint.
octokit.rest.actions.getAllowedActionsOrganization({
org,
});
Parameters
name | required | description |
---|---|---|
org | yes |
The organization name. The name is not case sensitive. |
See also: GitHub Developer Guide documentation.
Get allowed actions and reusable workflows for a repository
Gets the settings for selected actions and reusable workflows that are allowed in a repository. To use this endpoint, the repository policy for allowed_actions
must be configured to selected
. For more information, see "Set GitHub Actions permissions for a repository."
OAuth tokens and personal access tokens (classic) need the repo
scope to use this endpoint.
octokit.rest.actions.getAllowedActionsRepository({
owner,
repo,
});
Parameters
name | required | description |
---|---|---|
owner | yes |
The account owner of the repository. The name is not case sensitive. |
repo | yes |
The name of the repository without the |
See also: GitHub Developer Guide documentation.
Get an artifact
Gets a specific artifact for a workflow run.
Anyone with read access to the repository can use this endpoint.
If the repository is private, OAuth tokens and personal access tokens (classic) need the repo
scope to use this endpoint.
octokit.rest.actions.getArtifact({
owner,
repo,
artifact_id,
});
Parameters
name | required | description |
---|---|---|
owner | yes |
The account owner of the repository. The name is not case sensitive. |
repo | yes |
The name of the repository without the |
artifact_id | yes |
The unique identifier of the artifact. |
See also: GitHub Developer Guide documentation.
Get the customization template for an OIDC subject claim for a repository
Gets the customization template for an OpenID Connect (OIDC) subject claim.
OAuth tokens and personal access tokens (classic) need the repo
scope to use this endpoint.
octokit.rest.actions.getCustomOidcSubClaimForRepo({
owner,
repo,
});
Parameters
name | required | description |
---|---|---|
owner | yes |
The account owner of the repository. The name is not case sensitive. |
repo | yes |
The name of the repository without the |
See also: GitHub Developer Guide documentation.
Get an environment public key
Get the public key for an environment, which you need to encrypt environment secrets. You need to encrypt a secret before you can create or update secrets.
Anyone with read access to the repository can use this endpoint.
If the repository is private, OAuth tokens and personal access tokens (classic) need the repo
scope to use this endpoint.
octokit.rest.actions.getEnvironmentPublicKey({
owner,
repo,
environment_name,
});
Parameters
name | required | description |
---|---|---|
owner | yes |
The account owner of the repository. The name is not case sensitive. |
repo | yes |
The name of the repository without the |
environment_name | yes |
The name of the environment. The name must be URL encoded. For example, any slashes in the name must be replaced with |
See also: GitHub Developer Guide documentation.
Get an environment secret
Gets a single environment secret without revealing its encrypted value.
Authenticated users must have collaborator access to a repository to create, update, or read secrets.
OAuth tokens and personal access tokens (classic) need the repo
scope to use this endpoint.
octokit.rest.actions.getEnvironmentSecret({
owner,
repo,
environment_name,
secret_name,
});
Parameters
name | required | description |
---|---|---|
owner | yes |
The account owner of the repository. The name is not case sensitive. |
repo | yes |
The name of the repository without the |
environment_name | yes |
The name of the environment. The name must be URL encoded. For example, any slashes in the name must be replaced with |
secret_name | yes |
The name of the secret. |
See also: GitHub Developer Guide documentation.
Get an environment variable
Gets a specific variable in an environment.
Authenticated users must have collaborator access to a repository to create, update, or read variables.
OAuth tokens and personal access tokens (classic) need the repo
scope to use this endpoint.
octokit.rest.actions.getEnvironmentVariable({
owner,
repo,
environment_name,
name,
});
Parameters
name | required | description |
---|---|---|
owner | yes |
The account owner of the repository. The name is not case sensitive. |
repo | yes |
The name of the repository without the |
environment_name | yes |
The name of the environment. The name must be URL encoded. For example, any slashes in the name must be replaced with |
name | yes |
The name of the variable. |
See also: GitHub Developer Guide documentation.
Get default workflow permissions for an organization
Gets the default workflow permissions granted to the GITHUB_TOKEN
when running workflows in an organization,
as well as whether GitHub Actions can submit approving pull request reviews. For more information, see
"Setting the permissions of the GITHUB_TOKEN for your organization."
OAuth tokens and personal access tokens (classic) need the admin:org
scope to use this endpoint.
octokit.rest.actions.getGithubActionsDefaultWorkflowPermissionsOrganization({
org,
});
Parameters
name | required | description |
---|---|---|
org | yes |
The organization name. The name is not case sensitive. |
See also: GitHub Developer Guide documentation.
Get default workflow permissions for a repository
Gets the default workflow permissions granted to the GITHUB_TOKEN
when running workflows in a repository,
as well as if GitHub Actions can submit approving pull request reviews.
For more information, see "Setting the permissions of the GITHUB_TOKEN for your repository."
OAuth tokens and personal access tokens (classic) need the repo
scope to use this endpoint.
octokit.rest.actions.getGithubActionsDefaultWorkflowPermissionsRepository({
owner,
repo,
});
Parameters
name | required | description |
---|---|---|
owner | yes |
The account owner of the repository. The name is not case sensitive. |
repo | yes |
The name of the repository without the |
See also: GitHub Developer Guide documentation.
Get GitHub Actions permissions for an organization
Gets the GitHub Actions permissions policy for repositories and allowed actions and reusable workflows in an organization.
OAuth tokens and personal access tokens (classic) need the admin:org
scope to use this endpoint.
octokit.rest.actions.getGithubActionsPermissionsOrganization({
org,
});
Parameters
name | required | description |
---|---|---|
org | yes |
The organization name. The name is not case sensitive. |
See also: GitHub Developer Guide documentation.
Get GitHub Actions permissions for a repository
Gets the GitHub Actions permissions policy for a repository, including whether GitHub Actions is enabled and the actions and reusable workflows allowed to run in the repository.
OAuth tokens and personal access tokens (classic) need the repo
scope to use this endpoint.
octokit.rest.actions.getGithubActionsPermissionsRepository({
owner,
repo,
});
Parameters
name | required | description |
---|---|---|
owner | yes |
The account owner of the repository. The name is not case sensitive. |
repo | yes |
The name of the repository without the |
See also: GitHub Developer Guide documentation.
Get a job for a workflow run
Gets a specific job in a workflow run.
Anyone with read access to the repository can use this endpoint.
If the repository is private, OAuth tokens and personal access tokens (classic) need the repo
scope to use this endpoint.
octokit.rest.actions.getJobForWorkflowRun({
owner,
repo,
job_id,
});
Parameters
name | required | description |
---|---|---|
owner | yes |
The account owner of the repository. The name is not case sensitive. |
repo | yes |
The name of the repository without the |
job_id | yes |
The unique identifier of the job. |
See also: GitHub Developer Guide documentation.
Get an organization public key
Gets your public key, which you need to encrypt secrets. You need to encrypt a secret before you can create or update secrets.
The authenticated user must have collaborator access to a repository to create, update, or read secrets.
OAuth tokens and personal access tokens (classic) need theadmin:org
scope to use this endpoint. If the repository is private, OAuth tokens and personal access tokens (classic) need the repo
scope to use this endpoint.
octokit.rest.actions.getOrgPublicKey({
org,
});
Parameters
name | required | description |
---|---|---|
org | yes |
The organization name. The name is not case sensitive. |
See also: GitHub Developer Guide documentation.
Get an organization secret
Gets a single organization secret without revealing its encrypted value.
The authenticated user must have collaborator access to a repository to create, update, or read secrets
OAuth tokens and personal access tokens (classic) need theadmin:org
scope to use this endpoint. If the repository is private, OAuth tokens and personal access tokens (classic) need the repo
scope to use this endpoint.
octokit.rest.actions.getOrgSecret({
org,
secret_name,
});
Parameters
name | required | description |
---|---|---|
org | yes |
The organization name. The name is not case sensitive. |
secret_name | yes |
The name of the secret. |
See also: GitHub Developer Guide documentation.
Get an organization variable
Gets a specific variable in an organization.
The authenticated user must have collaborator access to a repository to create, update, or read variables.
OAuth tokens and personal access tokens (classic) need theadmin:org
scope to use this endpoint. If the repository is private, OAuth tokens and personal access tokens (classic) need the repo
scope to use this endpoint.
octokit.rest.actions.getOrgVariable({
org,
name,
});
Parameters
name | required | description |
---|---|---|
org | yes |
The organization name. The name is not case sensitive. |
name | yes |
The name of the variable. |
See also: GitHub Developer Guide documentation.
Get pending deployments for a workflow run
Get all deployment environments for a workflow run that are waiting for protection rules to pass.
Anyone with read access to the repository can use this endpoint.
If the repository is private, OAuth tokens and personal access tokens (classic) need the repo
scope to use this endpoint.
octokit.rest.actions.getPendingDeploymentsForRun({
owner,
repo,
run_id,
});
Parameters
name | required | description |
---|---|---|
owner | yes |
The account owner of the repository. The name is not case sensitive. |
repo | yes |
The name of the repository without the |
run_id | yes |
The unique identifier of the workflow run. |
See also: GitHub Developer Guide documentation.
Get GitHub Actions permissions for a repository
Deprecated: This method has been renamed to actions.getGithubActionsPermissionsRepository
Gets the GitHub Actions permissions policy for a repository, including whether GitHub Actions is enabled and the actions and reusable workflows allowed to run in the repository.
OAuth tokens and personal access tokens (classic) need the repo
scope to use this endpoint.
octokit.rest.actions.getRepoPermissions({
owner,
repo,
});
Parameters
name | required | description |
---|---|---|
owner | yes |
The account owner of the repository. The name is not case sensitive. |
repo | yes |
The name of the repository without the |
See also: GitHub Developer Guide documentation.
Get a repository public key
Gets your public key, which you need to encrypt secrets. You need to encrypt a secret before you can create or update secrets.
Anyone with read access to the repository can use this endpoint.
If the repository is private, OAuth tokens and personal access tokens (classic) need the repo
scope to use this endpoint.
octokit.rest.actions.getRepoPublicKey({
owner,
repo,
});
Parameters
name | required | description |
---|---|---|
owner | yes |
The account owner of the repository. The name is not case sensitive. |
repo | yes |
The name of the repository without the |
See also: GitHub Developer Guide documentation.
Get a repository secret
Gets a single repository secret without revealing its encrypted value.
The authenticated user must have collaborator access to the repository to use this endpoint.
OAuth app tokens and personal access tokens (classic) need the repo
scope to use this endpoint.
octokit.rest.actions.getRepoSecret({
owner,
repo,
secret_name,
});
Parameters
name | required | description |
---|---|---|
owner | yes |
The account owner of the repository. The name is not case sensitive. |
repo | yes |
The name of the repository without the |
secret_name | yes |
The name of the secret. |
See also: GitHub Developer Guide documentation.
Get a repository variable
Gets a specific variable in a repository.
The authenticated user must have collaborator access to the repository to use this endpoint.
OAuth app tokens and personal access tokens (classic) need the repo
scope to use this endpoint.
octokit.rest.actions.getRepoVariable({
owner,
repo,
name,
});
Parameters
name | required | description |
---|---|---|
owner | yes |
The account owner of the repository. The name is not case sensitive. |
repo | yes |
The name of the repository without the |
name | yes |
The name of the variable. |
See also: GitHub Developer Guide documentation.
Get the review history for a workflow run
Anyone with read access to the repository can use this endpoint.
OAuth app tokens and personal access tokens (classic) need the repo
scope to use this endpoint with a private repository.
octokit.rest.actions.getReviewsForRun({
owner,
repo,
run_id,
});
Parameters
name | required | description |
---|---|---|
owner | yes |
The account owner of the repository. The name is not case sensitive. |
repo | yes |
The name of the repository without the |
run_id | yes |
The unique identifier of the workflow run. |
See also: GitHub Developer Guide documentation.
Get a self-hosted runner for an organization
Gets a specific self-hosted runner configured in an organization.
Authenticated users must have admin access to the organization to use this endpoint.
OAuth app tokens and personal access tokens (classic) need the admin:org
scope to use this endpoint. If the repository is private, the repo
scope is also required.
octokit.rest.actions.getSelfHostedRunnerForOrg({
org,
runner_id,
});
Parameters
name | required | description |
---|---|---|
org | yes |
The organization name. The name is not case sensitive. |
runner_id | yes |
Unique identifier of the self-hosted runner. |
See also: GitHub Developer Guide documentation.
Get a self-hosted runner for a repository
Gets a specific self-hosted runner configured in a repository.
Authenticated users must have admin access to the repository to use this endpoint.
OAuth app tokens and personal access tokens (classic) need the repo
scope to use this endpoint.
octokit.rest.actions.getSelfHostedRunnerForRepo({
owner,
repo,
runner_id,
});
Parameters
name | required | description |
---|---|---|
owner | yes |
The account owner of the repository. The name is not case sensitive. |
repo | yes |
The name of the repository without the |
runner_id | yes |
Unique identifier of the self-hosted runner. |
See also: GitHub Developer Guide documentation.
Get a workflow
Gets a specific workflow. You can replace workflow_id
with the workflow
file name. For example, you could use main.yaml
.
Anyone with read access to the repository can use this endpoint.
OAuth app tokens and personal access tokens (classic) need the repo
scope to use this endpoint with a private repository.
octokit.rest.actions.getWorkflow({
owner,
repo,
workflow_id,
});
Parameters
name | required | description |
---|---|---|
owner | yes |
The account owner of the repository. The name is not case sensitive. |
repo | yes |
The name of the repository without the |
workflow_id | yes |
The ID of the workflow. You can also pass the workflow file name as a string. |
See also: GitHub Developer Guide documentation.
Get the level of access for workflows outside of the repository
Gets the level of access that workflows outside of the repository have to actions and reusable workflows in the repository. This endpoint only applies to private repositories. For more information, see "Allowing access to components in a private repository."
OAuth app tokens and personal access tokens (classic) need the repo
scope to use this endpoint.
octokit.rest.actions.getWorkflowAccessToRepository({
owner,
repo,
});
Parameters
name | required | description |
---|---|---|
owner | yes |
The account owner of the repository. The name is not case sensitive. |
repo | yes |
The name of the repository without the |
See also: GitHub Developer Guide documentation.
Get a workflow run
Gets a specific workflow run.
Anyone with read access to the repository can use this endpoint.
OAuth app tokens and personal access tokens (classic) need the repo
scope to use this endpoint with a private repository.
octokit.rest.actions.getWorkflowRun({
owner,
repo,
run_id,
});
Parameters
name | required | description |
---|---|---|
owner | yes |
The account owner of the repository. The name is not case sensitive. |
repo | yes |
The name of the repository without the |
run_id | yes |
The unique identifier of the workflow run. |
exclude_pull_requests | no |
If |
See also: GitHub Developer Guide documentation.
Get a workflow run attempt
Gets a specific workflow run attempt.
Anyone with read access to the repository can use this endpoint.
OAuth app tokens and personal access tokens (classic) need the repo
scope to use this endpoint with a private repository.
octokit.rest.actions.getWorkflowRunAttempt({
owner,
repo,
run_id,
attempt_number,
});
Parameters
name | required | description |
---|---|---|
owner | yes |
The account owner of the repository. The name is not case sensitive. |
repo | yes |
The name of the repository without the |
run_id | yes |
The unique identifier of the workflow run. |
attempt_number | yes |
The attempt number of the workflow run. |
exclude_pull_requests | no |
If |
See also: GitHub Developer Guide documentation.
Get workflow run usage
Gets the number of billable minutes and total run time for a specific workflow run. Billable minutes only apply to workflows in private repositories that use GitHub-hosted runners. Usage is listed for each GitHub-hosted runner operating system in milliseconds. Any job re-runs are also included in the usage. The usage does not include the multiplier for macOS and Windows runners and is not rounded up to the nearest whole minute. For more information, see "Managing billing for GitHub Actions".
Anyone with read access to the repository can use this endpoint.
OAuth app tokens and personal access tokens (classic) need the repo
scope to use this endpoint with a private repository.
octokit.rest.actions.getWorkflowRunUsage({
owner,
repo,
run_id,
});
Parameters
name | required | description |
---|---|---|
owner | yes |
The account owner of the repository. The name is not case sensitive. |
repo | yes |
The name of the repository without the |
run_id | yes |
The unique identifier of the workflow run. |
See also: GitHub Developer Guide documentation.
Get workflow usage
Gets the number of billable minutes used by a specific workflow during the current billing cycle. Billable minutes only apply to workflows in private repositories that use GitHub-hosted runners. Usage is listed for each GitHub-hosted runner operating system in milliseconds. Any job re-runs are also included in the usage. The usage does not include the multiplier for macOS and Windows runners and is not rounded up to the nearest whole minute. For more information, see "Managing billing for GitHub Actions".
You can replace workflow_id
with the workflow file name. For example, you could use main.yaml
.
Anyone with read access to the repository can use this endpoint.
OAuth app tokens and personal access tokens (classic) need the repo
scope to use this endpoint with a private repository.
octokit.rest.actions.getWorkflowUsage({
owner,
repo,
workflow_id,
});
Parameters
name | required | description |
---|---|---|
owner | yes |
The account owner of the repository. The name is not case sensitive. |
repo | yes |
The name of the repository without the |
workflow_id | yes |
The ID of the workflow. You can also pass the workflow file name as a string. |
See also: GitHub Developer Guide documentation.
List artifacts for a repository
Lists all artifacts for a repository.
Anyone with read access to the repository can use this endpoint.
OAuth app tokens and personal access tokens (classic) need the repo
scope to use this endpoint with a private repository.
octokit.rest.actions.listArtifactsForRepo({
owner,
repo,
});
Parameters
name | required | description |
---|---|---|
owner | yes |
The account owner of the repository. The name is not case sensitive. |
repo | yes |
The name of the repository without the |
per_page | no |
The number of results per page (max 100). For more information, see "Using pagination in the REST API." |
page | no |
The page number of the results to fetch. For more information, see "Using pagination in the REST API." |
name | no |
The name field of an artifact. When specified, only artifacts with this name will be returned. |
See also: GitHub Developer Guide documentation.
List environment secrets
Lists all secrets available in an environment without revealing their encrypted values.
Authenticated users must have collaborator access to a repository to create, update, or read secrets.
OAuth app tokens and personal access tokens (classic) need the repo
scope to use this endpoint.
octokit.rest.actions.listEnvironmentSecrets({
owner,
repo,
environment_name,
});
Parameters
name | required | description |
---|---|---|
owner | yes |
The account owner of the repository. The name is not case sensitive. |
repo | yes |
The name of the repository without the |
environment_name | yes |
The name of the environment. The name must be URL encoded. For example, any slashes in the name must be replaced with |
per_page | no |
The number of results per page (max 100). For more information, see "Using pagination in the REST API." |
page | no |
The page number of the results to fetch. For more information, see "Using pagination in the REST API." |
See also: GitHub Developer Guide documentation.
List environment variables
Lists all environment variables.
Authenticated users must have collaborator access to a repository to create, update, or read variables.
OAuth app tokens and personal access tokens (classic) need the repo
scope to use this endpoint.
octokit.rest.actions.listEnvironmentVariables({
owner,
repo,
environment_name,
});
Parameters
name | required | description |
---|---|---|
owner | yes |
The account owner of the repository. The name is not case sensitive. |
repo | yes |
The name of the repository without the |
environment_name | yes |
The name of the environment. The name must be URL encoded. For example, any slashes in the name must be replaced with |
per_page | no |
The number of results per page (max 30). For more information, see "Using pagination in the REST API." |
page | no |
The page number of the results to fetch. For more information, see "Using pagination in the REST API." |
See also: GitHub Developer Guide documentation.
List jobs for a workflow run
Lists jobs for a workflow run. You can use parameters to narrow the list of results. For more information about using parameters, see Parameters.
Anyone with read access to the repository can use this endpoint.
OAuth app tokens and personal access tokens (classic) need the repo
scope to use this endpoint with a private repository.
octokit.rest.actions.listJobsForWorkflowRun({
owner,
repo,
run_id,
});
Parameters
name | required | description |
---|---|---|
owner | yes |
The account owner of the repository. The name is not case sensitive. |
repo | yes |
The name of the repository without the |
run_id | yes |
The unique identifier of the workflow run. |
filter | no |
Filters jobs by their |
per_page | no |
The number of results per page (max 100). For more information, see "Using pagination in the REST API." |
page | no |
The page number of the results to fetch. For more information, see "Using pagination in the REST API." |
See also: GitHub Developer Guide documentation.
List jobs for a workflow run attempt
Lists jobs for a specific workflow run attempt. You can use parameters to narrow the list of results. For more information about using parameters, see Parameters.
Anyone with read access to the repository can use this endpoint.
OAuth app tokens and personal access tokens (classic) need the repo
scope to use this endpoint with a private repository.
octokit.rest.actions.listJobsForWorkflowRunAttempt({
owner,
repo,
run_id,
attempt_number,
});
Parameters
name | required | description |
---|---|---|
owner | yes |
The account owner of the repository. The name is not case sensitive. |
repo | yes |
The name of the repository without the |
run_id | yes |
The unique identifier of the workflow run. |
attempt_number | yes |
The attempt number of the workflow run. |
per_page | no |
The number of results per page (max 100). For more information, see "Using pagination in the REST API." |
page | no |
The page number of the results to fetch. For more information, see "Using pagination in the REST API." |
See also: GitHub Developer Guide documentation.
List labels for a self-hosted runner for an organization
Lists all labels for a self-hosted runner configured in an organization.
Authenticated users must have admin access to the organization to use this endpoint.
OAuth app tokens and personal access tokens (classic) need the admin:org
scope to use this endpoint. If the repository is private, the repo
scope is also required.
octokit.rest.actions.listLabelsForSelfHostedRunnerForOrg({
org,
runner_id,
});
Parameters
name | required | description |
---|---|---|
org | yes |
The organization name. The name is not case sensitive. |
runner_id | yes |
Unique identifier of the self-hosted runner. |
See also: GitHub Developer Guide documentation.
List labels for a self-hosted runner for a repository
Lists all labels for a self-hosted runner configured in a repository.
Authenticated users must have admin access to the repository to use this endpoint.
OAuth app tokens and personal access tokens (classic) need the repo
scope to use this endpoint.
octokit.rest.actions.listLabelsForSelfHostedRunnerForRepo({
owner,
repo,
runner_id,
});
Parameters
name | required | description |
---|---|---|
owner | yes |
The account owner of the repository. The name is not case sensitive. |
repo | yes |
The name of the repository without the |
runner_id | yes |
Unique identifier of the self-hosted runner. |
See also: GitHub Developer Guide documentation.
List organization secrets
Lists all secrets available in an organization without revealing their encrypted values.
Authenticated users must have collaborator access to a repository to create, update, or read secrets.
OAuth app tokens and personal access tokens (classic) need the admin:org
scope to use this endpoint. If the repository is private, the repo
scope is also required.
octokit.rest.actions.listOrgSecrets({
org,
});
Parameters
name | required | description |
---|---|---|
org | yes |
The organization name. The name is not case sensitive. |
per_page | no |
The number of results per page (max 100). For more information, see "Using pagination in the REST API." |
page | no |
The page number of the results to fetch. For more information, see "Using pagination in the REST API." |
See also: GitHub Developer Guide documentation.
List organization variables
Lists all organization variables.
Authenticated users must have collaborator access to a repository to create, update, or read variables.
OAuth app tokens and personal access tokens (classic) need the admin:org
scope to use this endpoint. If the repository is private, the repo
scope is also required.
octokit.rest.actions.listOrgVariables({
org,
});
Parameters
name | required | description |
---|---|---|
org | yes |
The organization name. The name is not case sensitive. |
per_page | no |
The number of results per page (max 30). For more information, see "Using pagination in the REST API." |
page | no |
The page number of the results to fetch. For more information, see "Using pagination in the REST API." |
See also: GitHub Developer Guide documentation.
List repository organization secrets
Lists all organization secrets shared with a repository without revealing their encrypted values.
Authenticated users must have collaborator access to a repository to create, update, or read secrets.
OAuth app tokens and personal access tokens (classic) need the repo
scope to use this endpoint.
octokit.rest.actions.listRepoOrganizationSecrets({
owner,
repo,
});
Parameters
name | required | description |
---|---|---|
owner | yes |
The account owner of the repository. The name is not case sensitive. |
repo | yes |
The name of the repository without the |
per_page | no |
The number of results per page (max 100). For more information, see "Using pagination in the REST API." |
page | no |
The page number of the results to fetch. For more information, see "Using pagination in the REST API." |
See also: GitHub Developer Guide documentation.
List repository organization variables
Lists all organization variables shared with a repository.
Authenticated users must have collaborator access to a repository to create, update, or read variables.
OAuth app tokens and personal access tokens (classic) need the repo
scope to use this endpoint.
octokit.rest.actions.listRepoOrganizationVariables({
owner,
repo,
});
Parameters
name | required | description |
---|---|---|
owner | yes |
The account owner of the repository. The name is not case sensitive. |
repo | yes |
The name of the repository without the |
per_page | no |
The number of results per page (max 30). For more information, see "Using pagination in the REST API." |
page | no |
The page number of the results to fetch. For more information, see "Using pagination in the REST API." |
See also: GitHub Developer Guide documentation.
List repository secrets
Lists all secrets available in a repository without revealing their encrypted values.
Authenticated users must have collaborator access to a repository to create, update, or read secrets.
OAuth app tokens and personal access tokens (classic) need the repo
scope to use this endpoint.
octokit.rest.actions.listRepoSecrets({
owner,
repo,
});
Parameters
name | required | description |
---|---|---|
owner | yes |
The account owner of the repository. The name is not case sensitive. |
repo | yes |
The name of the repository without the |
per_page | no |
The number of results per page (max 100). For more information, see "Using pagination in the REST API." |
page | no |
The page number of the results to fetch. For more information, see "Using pagination in the REST API." |
See also: GitHub Developer Guide documentation.
List repository variables
Lists all repository variables.
Authenticated users must have collaborator access to a repository to create, update, or read variables.
OAuth app tokens and personal access tokens (classic) need the repo
scope to use this endpoint.
octokit.rest.actions.listRepoVariables({
owner,
repo,
});
Parameters
name | required | description |
---|---|---|
owner | yes |
The account owner of the repository. The name is not case sensitive. |
repo | yes |
The name of the repository without the |
per_page | no |
The number of results per page (max 30). For more information, see "Using pagination in the REST API." |
page | no |
The page number of the results to fetch. For more information, see "Using pagination in the REST API." |
See also: GitHub Developer Guide documentation.
List repository workflows
Lists the workflows in a repository.
Anyone with read access to the repository can use this endpoint.
OAuth app tokens and personal access tokens (classic) need the repo
scope to use this endpoint with a private repository.
octokit.rest.actions.listRepoWorkflows({
owner,
repo,
});
Parameters
name | required | description |
---|---|---|
owner | yes |
The account owner of the repository. The name is not case sensitive. |
repo | yes |
The name of the repository without the |
per_page | no |
The number of results per page (max 100). For more information, see "Using pagination in the REST API." |
page | no |
The page number of the results to fetch. For more information, see "Using pagination in the REST API." |
See also: GitHub Developer Guide documentation.
List runner applications for an organization
Lists binaries for the runner application that you can download and run.
Authenticated users must have admin access to the organization to use this endpoint.
OAuth app tokens and personal access tokens (classic) need the admin:org
scope to use this endpoint. If the repository is private, the repo
scope is also required.
octokit.rest.actions.listRunnerApplicationsForOrg({
org,
});
Parameters
name | required | description |
---|---|---|
org | yes |
The organization name. The name is not case sensitive. |
See also: GitHub Developer Guide documentation.
List runner applications for a repository
Lists binaries for the runner application that you can download and run.
Authenticated users must have admin access to the repository to use this endpoint.
OAuth app tokens and personal access tokens (classic) need the repo
scope to use this endpoint.
octokit.rest.actions.listRunnerApplicationsForRepo({
owner,
repo,
});
Parameters
name | required | description |
---|---|---|
owner | yes |
The account owner of the repository. The name is not case sensitive. |
repo | yes |
The name of the repository without the |
See also: GitHub Developer Guide documentation.
List selected repositories for an organization secret
Lists all repositories that have been selected when the visibility
for repository access to a secret is set to selected
.
Authenticated users must have collaborator access to a repository to create, update, or read secrets.
OAuth app tokens and personal access tokens (classic) need the admin:org
scope to use this endpoint. If the repository is private, the repo
scope is also required.
octokit.rest.actions.listSelectedReposForOrgSecret({
org,
secret_name,
});
Parameters
name | required | description |
---|---|---|
org | yes |
The organization name. The name is not case sensitive. |
secret_name | yes |
The name of the secret. |
page | no |
The page number of the results to fetch. For more information, see "Using pagination in the REST API." |
per_page | no |
The number of results per page (max 100). For more information, see "Using pagination in the REST API." |
See also: GitHub Developer Guide documentation.
List selected repositories for an organization variable
Lists all repositories that can access an organization variable that is available to selected repositories.
Authenticated users must have collaborator access to a repository to create, update, or read variables.
OAuth app tokens and personal access tokens (classic) need the admin:org
scope to use this endpoint. If the repository is private, the repo
scope is also required.
octokit.rest.actions.listSelectedReposForOrgVariable({
org,
name,
});
Parameters
name | required | description |
---|---|---|
org | yes |
The organization name. The name is not case sensitive. |
name | yes |
The name of the variable. |
page | no |
The page number of the results to fetch. For more information, see "Using pagination in the REST API." |
per_page | no |
The number of results per page (max 100). For more information, see "Using pagination in the REST API." |
See also: GitHub Developer Guide documentation.
List selected repositories enabled for GitHub Actions in an organization
Lists the selected repositories that are enabled for GitHub Actions in an organization. To use this endpoint, the organization permission policy for enabled_repositories
must be configured to selected
. For more information, see "Set GitHub Actions permissions for an organization."
OAuth app tokens and personal access tokens (classic) need the admin:org
scope to use this endpoint.
octokit.rest.actions.listSelectedRepositoriesEnabledGithubActionsOrganization({
org,
});
Parameters
name | required | description |
---|---|---|
org | yes |
The organization name. The name is not case sensitive. |
per_page | no |
The number of results per page (max 100). For more information, see "Using pagination in the REST API." |
page | no |
The page number of the results to fetch. For more information, see "Using pagination in the REST API." |
See also: GitHub Developer Guide documentation.
List self-hosted runners for an organization
Lists all self-hosted runners configured in an organization.
Authenticated users must have admin access to the organization to use this endpoint.
OAuth app tokens and personal access tokens (classic) need the admin:org
scope to use this endpoint. If the repository is private, the repo
scope is also required.
octokit.rest.actions.listSelfHostedRunnersForOrg({
org,
});
Parameters
name | required | description |
---|---|---|
name | no |
The name of a self-hosted runner. |
org | yes |
The organization name. The name is not case sensitive. |
per_page | no |
The number of results per page (max 100). For more information, see "Using pagination in the REST API." |
page | no |
The page number of the results to fetch. For more information, see "Using pagination in the REST API." |
See also: GitHub Developer Guide documentation.
List self-hosted runners for a repository
Lists all self-hosted runners configured in a repository.
Authenticated users must have admin access to the repository to use this endpoint.
OAuth app tokens and personal access tokens (classic) need the repo
scope to use this endpoint.
octokit.rest.actions.listSelfHostedRunnersForRepo({
owner,
repo,
});
Parameters
name | required | description |
---|---|---|
name | no |
The name of a self-hosted runner. |
owner | yes |
The account owner of the repository. The name is not case sensitive. |
repo | yes |
The name of the repository without the |
per_page | no |
The number of results per page (max 100). For more information, see "Using pagination in the REST API." |
page | no |
The page number of the results to fetch. For more information, see "Using pagination in the REST API." |
See also: GitHub Developer Guide documentation.
List workflow run artifacts
Lists artifacts for a workflow run.
Anyone with read access to the repository can use this endpoint.
OAuth app tokens and personal access tokens (classic) need the repo
scope to use this endpoint with a private repository.
octokit.rest.actions.listWorkflowRunArtifacts({
owner,
repo,
run_id,
});
Parameters
name | required | description |
---|---|---|
owner | yes |
The account owner of the repository. The name is not case sensitive. |
repo | yes |
The name of the repository without the |
run_id | yes |
The unique identifier of the workflow run. |
per_page | no |
The number of results per page (max 100). For more information, see "Using pagination in the REST API." |
page | no |
The page number of the results to fetch. For more information, see "Using pagination in the REST API." |
name | no |
The name field of an artifact. When specified, only artifacts with this name will be returned. |
See also: GitHub Developer Guide documentation.
List workflow runs for a workflow
List all workflow runs for a workflow. You can replace workflow_id
with the workflow file name. For example, you could use main.yaml
. You can use parameters to narrow the list of results. For more information about using parameters, see Parameters.
Anyone with read access to the repository can use this endpoint
OAuth app tokens and personal access tokens (classic) need the repo
scope to use this endpoint with a private repository.
This endpoint will return up to 1,000 results for each search when using the following parameters: actor
, branch
, check_suite_id
, created
, event
, head_sha
, status
.
octokit.rest.actions.listWorkflowRuns({
owner,
repo,
workflow_id,
});
Parameters
name | required | description |
---|---|---|
owner | yes |
The account owner of the repository. The name is not case sensitive. |
repo | yes |
The name of the repository without the |
workflow_id | yes |
The ID of the workflow. You can also pass the workflow file name as a string. |
actor | no |
Returns someone's workflow runs. Use the login for the user who created the |
branch | no |
Returns workflow runs associated with a branch. Use the name of the branch of the |
event | no |
Returns workflow run triggered by the event you specify. For example, |
status | no |
Returns workflow runs with the check run |
per_page | no |
The number of results per page (max 100). For more information, see "Using pagination in the REST API." |
page | no |
The page number of the results to fetch. For more information, see "Using pagination in the REST API." |
created | no |
Returns workflow runs created within the given date-time range. For more information on the syntax, see "Understanding the search syntax." |
exclude_pull_requests | no |
If |
check_suite_id | no |
Returns workflow runs with the |
head_sha | no |
Only returns workflow runs that are associated with the specified |
See also: GitHub Developer Guide documentation.
List workflow runs for a repository
Lists all workflow runs for a repository. You can use parameters to narrow the list of results. For more information about using parameters, see Parameters.
Anyone with read access to the repository can use this endpoint.
OAuth app tokens and personal access tokens (classic) need the repo
scope to use this endpoint with a private repository.
This endpoint will return up to 1,000 results for each search when using the following parameters: actor
, branch
, check_suite_id
, created
, event
, head_sha
, status
.
octokit.rest.actions.listWorkflowRunsForRepo({
owner,
repo,
});
Parameters
name | required | description |
---|---|---|
owner | yes |
The account owner of the repository. The name is not case sensitive. |
repo | yes |
The name of the repository without the |
actor | no |
Returns someone's workflow runs. Use the login for the user who created the |
branch | no |
Returns workflow runs associated with a branch. Use the name of the branch of the |
event | no |
Returns workflow run triggered by the event you specify. For example, |
status | no |
Returns workflow runs with the check run |
per_page | no |
The number of results per page (max 100). For more information, see "Using pagination in the REST API." |
page | no |
The page number of the results to fetch. For more information, see "Using pagination in the REST API." |
created | no |
Returns workflow runs created within the given date-time range. For more information on the syntax, see "Understanding the search syntax." |
exclude_pull_requests | no |
If |
check_suite_id | no |
Returns workflow runs with the |
head_sha | no |
Only returns workflow runs that are associated with the specified |
See also: GitHub Developer Guide documentation.
Re-run a job from a workflow run
Re-run a job and its dependent jobs in a workflow run.
OAuth app tokens and personal access tokens (classic) need the repo
scope to use this endpoint.
octokit.rest.actions.reRunJobForWorkflowRun({
owner,
repo,
job_id,
});
Parameters
name | required | description |
---|---|---|
owner | yes |
The account owner of the repository. The name is not case sensitive. |
repo | yes |
The name of the repository without the |
job_id | yes |
The unique identifier of the job. |
enable_debug_logging | no |
Whether to enable debug logging for the re-run. |
See also: GitHub Developer Guide documentation.
Re-run a workflow
Re-runs your workflow run using its id
.
OAuth app tokens and personal access tokens (classic) need the repo
scope to use this endpoint.
octokit.rest.actions.reRunWorkflow({
owner,
repo,
run_id,
});
Parameters
name | required | description |
---|---|---|
owner | yes |
The account owner of the repository. The name is not case sensitive. |
repo | yes |
The name of the repository without the |
run_id | yes |
The unique identifier of the workflow run. |
enable_debug_logging | no |
Whether to enable debug logging for the re-run. |
See also: GitHub Developer Guide documentation.
Re-run failed jobs from a workflow run
Re-run all of the failed jobs and their dependent jobs in a workflow run using the id
of the workflow run.
OAuth app tokens and personal access tokens (classic) need the repo
scope to use this endpoint.
octokit.rest.actions.reRunWorkflowFailedJobs({
owner,
repo,
run_id,
});
Parameters
name | required | description |
---|---|---|
owner | yes |
The account owner of the repository. The name is not case sensitive. |
repo | yes |
The name of the repository without the |
run_id | yes |
The unique identifier of the workflow run. |
enable_debug_logging | no |
Whether to enable debug logging for the re-run. |
See also: GitHub Developer Guide documentation.
Remove all custom labels from a self-hosted runner for an organization
Remove all custom labels from a self-hosted runner configured in an organization. Returns the remaining read-only labels from the runner.
Authenticated users must have admin access to the organization to use this endpoint.
OAuth app tokens and personal access tokens (classic) need the admin:org
scope to use this endpoint. If the repository is private, the repo
scope is also required.
octokit.rest.actions.removeAllCustomLabelsFromSelfHostedRunnerForOrg({
org,
runner_id,
});
Parameters
name | required | description |
---|---|---|
org | yes |
The organization name. The name is not case sensitive. |
runner_id | yes |
Unique identifier of the self-hosted runner. |
See also: GitHub Developer Guide documentation.
Remove all custom labels from a self-hosted runner for a repository
Remove all custom labels from a self-hosted runner configured in a repository. Returns the remaining read-only labels from the runner.
Authenticated users must have admin access to the repository to use this endpoint.
OAuth app tokens and personal access tokens (classic) need the repo
scope to use this endpoint.
octokit.rest.actions.removeAllCustomLabelsFromSelfHostedRunnerForRepo({
owner,
repo,
runner_id,
});
Parameters
name | required | description |
---|---|---|
owner | yes |
The account owner of the repository. The name is not case sensitive. |
repo | yes |
The name of the repository without the |
runner_id | yes |
Unique identifier of the self-hosted runner. |
See also: GitHub Developer Guide documentation.
Remove a custom label from a self-hosted runner for an organization
Remove a custom label from a self-hosted runner configured in an organization. Returns the remaining labels from the runner.
This endpoint returns a 404 Not Found
status if the custom label is not
present on the runner.
Authenticated users must have admin access to the organization to use this endpoint.
OAuth app tokens and personal access tokens (classic) need the admin:org
scope to use this endpoint. If the repository is private, the repo
scope is also required.
octokit.rest.actions.removeCustomLabelFromSelfHostedRunnerForOrg({
org,
runner_id,
name,
});
Parameters
name | required | description |
---|---|---|
org | yes |
The organization name. The name is not case sensitive. |
runner_id | yes |
Unique identifier of the self-hosted runner. |
name | yes |
The name of a self-hosted runner's custom label. |
See also: GitHub Developer Guide documentation.
Remove a custom label from a self-hosted runner for a repository
Remove a custom label from a self-hosted runner configured in a repository. Returns the remaining labels from the runner.
This endpoint returns a 404 Not Found
status if the custom label is not
present on the runner.
Authenticated users must have admin access to the repository to use this endpoint.
OAuth app tokens and personal access tokens (classic) need the repo
scope to use this endpoint.
octokit.rest.actions.removeCustomLabelFromSelfHostedRunnerForRepo({
owner,
repo,
runner_id,
name,
});
Parameters
name | required | description |
---|---|---|
owner | yes |
The account owner of the repository. The name is not case sensitive. |
repo | yes |
The name of the repository without the |
runner_id | yes |
Unique identifier of the self-hosted runner. |
name | yes |
The name of a self-hosted runner's custom label. |
See also: GitHub Developer Guide documentation.
Remove selected repository from an organization secret
Removes a repository from an organization secret when the visibility
for repository access is set to selected
. The visibility is set when you Create
or update an organization secret.
Authenticated users must have collaborator access to a repository to create, update, or read secrets.
OAuth app tokens and personal access tokens (classic) need the admin:org
scope to use this endpoint. If the repository is private, the repo
scope is also required.
octokit.rest.actions.removeSelectedRepoFromOrgSecret({
org,
secret_name,
repository_id,
});
Parameters
name | required | description |
---|---|---|
org | yes |
The organization name. The name is not case sensitive. |
secret_name | yes |
The name of the secret. |
repository_id | yes |
See also: GitHub Developer Guide documentation.
Remove selected repository from an organization variable
Removes a repository from an organization variable that is
available to selected repositories. Organization variables that are available to
selected repositories have their visibility
field set to selected
.
Authenticated users must have collaborator access to a repository to create, update, or read variables.
OAuth app tokens and personal access tokens (classic) need the admin:org
scope to use this endpoint. If the repository is private, the repo
scope is also required.
octokit.rest.actions.removeSelectedRepoFromOrgVariable({
org,
name,
repository_id,
});
Parameters
name | required | description |
---|---|---|
org | yes |
The organization name. The name is not case sensitive. |
name | yes |
The name of the variable. |
repository_id | yes |
See also: GitHub Developer Guide documentation.
Review custom deployment protection rules for a workflow run
Approve or reject custom deployment protection rules provided by a GitHub App for a workflow run. For more information, see "Using environments for deployment."
[!NOTE] GitHub Apps can only review their own custom deployment protection rules. To approve or reject pending deployments that are waiting for review from a specific person or team, see
POST /repos/{owner}/{repo}/actions/runs/{run_id}/pending_deployments
.
OAuth app tokens and personal access tokens (classic) need the repo
scope to use this endpoint with a private repository.
octokit.rest.actions.reviewCustomGatesForRun({
owner,
repo,
run_id,
});
Parameters
name | required | description |
---|---|---|
owner | yes |
The account owner of the repository. The name is not case sensitive. |
repo | yes |
The name of the repository without the |
run_id | yes |
The unique identifier of the workflow run. |
See also: GitHub Developer Guide documentation.
Review pending deployments for a workflow run
Approve or reject pending deployments that are waiting on approval by a required reviewer.
Required reviewers with read access to the repository contents and deployments can use this endpoint.
OAuth app tokens and personal access tokens (classic) need the repo
scope to use this endpoint.
octokit.rest.actions.reviewPendingDeploymentsForRun({
owner,
repo,
run_id,
environment_ids,
state,
comment,
});
Parameters
name | required | description |
---|---|---|
owner | yes |
The account owner of the repository. The name is not case sensitive. |
repo | yes |
The name of the repository without the |
run_id | yes |
The unique identifier of the workflow run. |
environment_ids | yes |
The list of environment ids to approve or reject |
state | yes |
Whether to approve or reject deployment to the specified environments. |
comment | yes |
A comment to accompany the deployment review |
See also: GitHub Developer Guide documentation.
Set allowed actions and reusable workflows for an organization
Sets the actions and reusable workflows that are allowed in an organization. To use this endpoint, the organization permission policy for allowed_actions
must be configured to selected
. For more information, see "Set GitHub Actions permissions for an organization."
OAuth app tokens and personal access tokens (classic) need the admin:org
scope to use this endpoint.
octokit.rest.actions.setAllowedActionsOrganization({
org,
});
Parameters
name | required | description |
---|---|---|
org | yes |
The organization name. The name is not case sensitive. |
github_owned_allowed | no |
Whether GitHub-owned actions are allowed. For example, this includes the actions in the |
verified_allowed | no |
Whether actions from GitHub Marketplace verified creators are allowed. Set to |
patterns_allowed | no |
Specifies a list of string-matching patterns to allow specific action(s) and reusable workflow(s). Wildcards, tags, and SHAs are allowed. For example,
|
See also: GitHub Developer Guide documentation.
Set allowed actions and reusable workflows for a repository
Sets the actions and reusable workflows that are allowed in a repository. To use this endpoint, the repository permission policy for allowed_actions
must be configured to selected
. For more information, see "Set GitHub Actions permissions for a repository."
OAuth app tokens and personal access tokens (classic) need the repo
scope to use this endpoint.
octokit.rest.actions.setAllowedActionsRepository({
owner,
repo,
});
Parameters
name | required | description |
---|---|---|
owner | yes |
The account owner of the repository. The name is not case sensitive. |
repo | yes |
The name of the repository without the |
github_owned_allowed | no |
Whether GitHub-owned actions are allowed. For example, this includes the actions in the |
verified_allowed | no |
Whether actions from GitHub Marketplace verified creators are allowed. Set to |
patterns_allowed | no |
Specifies a list of string-matching patterns to allow specific action(s) and reusable workflow(s). Wildcards, tags, and SHAs are allowed. For example,
|
See also: GitHub Developer Guide documentation.
Set custom labels for a self-hosted runner for an organization
Remove all previous custom labels and set the new custom labels for a specific self-hosted runner configured in an organization.
Authenticated users must have admin access to the organization to use this endpoint.
OAuth app tokens and personal access tokens (classic) need the admin:org
scope to use this endpoint. If the repository is private, the repo
scope is also required.
octokit.rest.actions.setCustomLabelsForSelfHostedRunnerForOrg({
org,
runner_id,
labels,
});
Parameters
name | required | description |
---|---|---|
org | yes |
The organization name. The name is not case sensitive. |
runner_id | yes |
Unique identifier of the self-hosted runner. |
labels | yes |
The names of the custom labels to set for the runner. You can pass an empty array to remove all custom labels. |
See also: GitHub Developer Guide documentation.
Set custom labels for a self-hosted runner for a repository
Remove all previous custom labels and set the new custom labels for a specific self-hosted runner configured in a repository.
Authenticated users must have admin access to the repository to use this endpoint.
OAuth app tokens and personal access tokens (classic) need the repo
scope to use this endpoint.
octokit.rest.actions.setCustomLabelsForSelfHostedRunnerForRepo({
owner,
repo,
runner_id,
labels,
});
Parameters
name | required | description |
---|---|---|
owner | yes |
The account owner of the repository. The name is not case sensitive. |
repo | yes |
The name of the repository without the |
runner_id | yes |
Unique identifier of the self-hosted runner. |
labels | yes |
The names of the custom labels to set for the runner. You can pass an empty array to remove all custom labels. |
See also: GitHub Developer Guide documentation.
Set the customization template for an OIDC subject claim for a repository
Sets the customization template and opt-in
or opt-out
flag for an OpenID Connect (OIDC) subject claim for a repository.
OAuth app tokens and personal access tokens (classic) need the repo
scope to use this endpoint.
octokit.rest.actions.setCustomOidcSubClaimForRepo({
owner,
repo,
use_default,
});
Parameters
name | required | description |
---|---|---|
owner | yes |
The account owner of the repository. The name is not case sensitive. |
repo | yes |
The name of the repository without the |
use_default | yes |
Whether to use the default template or not. If |
include_claim_keys | no |
Array of unique strings. Each claim key can only contain alphanumeric characters and underscores. |
See also: GitHub Developer Guide documentation.
Set default workflow permissions for an organization
Sets the default workflow permissions granted to the GITHUB_TOKEN
when running workflows in an organization, and sets if GitHub Actions
can submit approving pull request reviews. For more information, see
"Setting the permissions of the GITHUB_TOKEN for your organization."
OAuth app tokens and personal access tokens (classic) need the admin:org
scope to use this endpoint.
octokit.rest.actions.setGithubActionsDefaultWorkflowPermissionsOrganization({
org,
});
Parameters
name | required | description |
---|---|---|
org | yes |
The organization name. The name is not case sensitive. |
default_workflow_permissions | no |
The default workflow permissions granted to the GITHUB_TOKEN when running workflows. |
can_approve_pull_request_reviews | no |
Whether GitHub Actions can approve pull requests. Enabling this can be a security risk. |
See also: GitHub Developer Guide documentation.
Set default workflow permissions for a repository
Sets the default workflow permissions granted to the GITHUB_TOKEN
when running workflows in a repository, and sets if GitHub Actions
can submit approving pull request reviews.
For more information, see "Setting the permissions of the GITHUB_TOKEN for your repository."
OAuth app tokens and personal access tokens (classic) need the repo
scope to use this endpoint.
octokit.rest.actions.setGithubActionsDefaultWorkflowPermissionsRepository({
owner,
repo,
});
Parameters
name | required | description |
---|---|---|
owner | yes |
The account owner of the repository. The name is not case sensitive. |
repo | yes |
The name of the repository without the |
default_workflow_permissions | no |
The default workflow permissions granted to the GITHUB_TOKEN when running workflows. |
can_approve_pull_request_reviews | no |
Whether GitHub Actions can approve pull requests. Enabling this can be a security risk. |
See also: GitHub Developer Guide documentation.
Set GitHub Actions permissions for an organization
Sets the GitHub Actions permissions policy for repositories and allowed actions and reusable workflows in an organization.
OAuth app tokens and personal access tokens (classic) need the admin:org
scope to use this endpoint.
octokit.rest.actions.setGithubActionsPermissionsOrganization({
org,
enabled_repositories,
});
Parameters
name | required | description |
---|---|---|
org | yes |
The organization name. The name is not case sensitive. |
enabled_repositories | yes |
The policy that controls the repositories in the organization that are allowed to run GitHub Actions. |
allowed_actions | no |
The permissions policy that controls the actions and reusable workflows that are allowed to run. |
See also: GitHub Developer Guide documentation.
Set GitHub Actions permissions for a repository
Sets the GitHub Actions permissions policy for enabling GitHub Actions and allowed actions and reusable workflows in the repository.
OAuth app tokens and personal access tokens (classic) need the repo
scope to use this endpoint.
octokit.rest.actions.setGithubActionsPermissionsRepository({
owner,
repo,
enabled,
});
Parameters
name | required | description |
---|---|---|
owner | yes |
The account owner of the repository. The name is not case sensitive. |
repo | yes |
The name of the repository without the |
enabled | yes |
Whether GitHub Actions is enabled on the repository. |
allowed_actions | no |
The permissions policy that controls the actions and reusable workflows that are allowed to run. |
See also: GitHub Developer Guide documentation.
Set selected repositories for an organization secret
Replaces all repositories for an organization secret when the visibility
for repository access is set to selected
. The visibility is set when you Create
or update an organization secret.
Authenticated users must have collaborator access to a repository to create, update, or read secrets.
OAuth app tokens and personal access tokens (classic) need the admin:org
scope to use this endpoint. If the repository is private, the repo
scope is also required.
octokit.rest.actions.setSelectedReposForOrgSecret({
org,
secret_name,
selected_repository_ids,
});
Parameters
name | required | description |
---|---|---|
org | yes |
The organization name. The name is not case sensitive. |
secret_name | yes |
The name of the secret. |
selected_repository_ids | yes |
An array of repository ids that can access the organization secret. You can only provide a list of repository ids when the |
See also: GitHub Developer Guide documentation.
Set selected repositories for an organization variable
Replaces all repositories for an organization variable that is available
to selected repositories. Organization variables that are available to selected
repositories have their visibility
field set to selected
.
Authenticated users must have collaborator access to a repository to create, update, or read variables.
OAuth app tokens and personal access tokens (classic) need the admin:org
scope to use this endpoint. If the repository is private, the repo
scope is also required.
octokit.rest.actions.setSelectedReposForOrgVariable({
org,
name,
selected_repository_ids,
});
Parameters
name | required | description |
---|---|---|
org | yes |
The organization name. The name is not case sensitive. |
name | yes |
The name of the variable. |
selected_repository_ids | yes |
The IDs of the repositories that can access the organization variable. |
See also: GitHub Developer Guide documentation.
Set selected repositories enabled for GitHub Actions in an organization
Replaces the list of selected repositories that are enabled for GitHub Actions in an organization. To use this endpoint, the organization permission policy for enabled_repositories
must be configured to selected
. For more information, see "Set GitHub Actions permissions for an organization."
OAuth app tokens and personal access tokens (classic) need the admin:org
scope to use this endpoint.
octokit.rest.actions.setSelectedRepositoriesEnabledGithubActionsOrganization({
org,
selected_repository_ids,
});
Parameters
name | required | description |
---|---|---|
org | yes |
The organization name. The name is not case sensitive. |
selected_repository_ids | yes |
List of repository IDs to enable for GitHub Actions. |
See also: GitHub Developer Guide documentation.
Set the level of access for workflows outside of the repository
Sets the level of access that workflows outside of the repository have to actions and reusable workflows in the repository. This endpoint only applies to private repositories. For more information, see "Allowing access to components in a private repository".
OAuth app tokens and personal access tokens (classic) need the repo
scope to use this endpoint.
octokit.rest.actions.setWorkflowAccessToRepository({
owner,
repo,
access_level,
});
Parameters
name | required | description |
---|---|---|
owner | yes |
The account owner of the repository. The name is not case sensitive. |
repo | yes |
The name of the repository without the |
access_level | yes |
Defines the level of access that workflows outside of the repository have to actions and reusable workflows within the repository.
|
See also: GitHub Developer Guide documentation.
Update an environment variable
Updates an environment variable that you can reference in a GitHub Actions workflow.
Authenticated users must have collaborator access to a repository to create, update, or read variables.
OAuth app tokens and personal access tokens (classic) need the repo
scope to use this endpoint.
octokit.rest.actions.updateEnvironmentVariable({
owner,
repo,
environment_name,
});
Parameters
name | required | description |
---|---|---|
owner | yes |
The account owner of the repository. The name is not case sensitive. |
repo | yes |
The name of the repository without the |
name | no |
The name of the variable. |
environment_name | yes |
The name of the environment. The name must be URL encoded. For example, any slashes in the name must be replaced with |
value | no |
The value of the variable. |
See also: GitHub Developer Guide documentation.
Update an organization variable
Updates an organization variable that you can reference in a GitHub Actions workflow.
Authenticated users must have collaborator access to a repository to create, update, or read variables.
OAuth app tokens and personal access tokens (classic) need the admin:org
scope to use this endpoint. If the repository is private, the repo
scope is also required.
octokit.rest.actions.updateOrgVariable({
org,
});
Parameters
name | required | description |
---|---|---|
org | yes |
The organization name. The name is not case sensitive. |
name | no |
The name of the variable. |
value | no |
The value of the variable. |
visibility | no |
The type of repositories in the organization that can access the variable. |
selected_repository_ids | no |
An array of repository ids that can access the organization variable. You can only provide a list of repository ids when the |
See also: GitHub Developer Guide documentation.
Update a repository variable
Updates a repository variable that you can reference in a GitHub Actions workflow.
Authenticated users must have collaborator access to a repository to create, update, or read variables.
OAuth app tokens and personal access tokens (classic) need the repo
scope to use this endpoint.
octokit.rest.actions.updateRepoVariable({
owner,
repo,
});
Parameters
name | required | description |
---|---|---|
owner | yes |
The account owner of the repository. The name is not case sensitive. |
repo | yes |
The name of the repository without the |
name | no |
The name of the variable. |
value | no |
The value of the variable. |
See also: GitHub Developer Guide documentation.
Activity
Check if a repository is starred by the authenticated user
Whether the authenticated user has starred the repository.
octokit.rest.activity.checkRepoIsStarredByAuthenticatedUser({
owner,
repo,
});
Parameters
name | required | description |
---|---|---|
owner | yes |
The account owner of the repository. The name is not case sensitive. |
repo | yes |
The name of the repository without the |
See also: GitHub Developer Guide documentation.
Delete a repository subscription
This endpoint should only be used to stop watching a repository. To control whether or not you wish to receive notifications from a repository, set the repository's subscription manually.
octokit.rest.activity.deleteRepoSubscription({
owner,
repo,
});
Parameters
name | required | description |
---|---|---|
owner | yes |
The account owner of the repository. The name is not case sensitive. |
repo | yes |
The name of the repository without the |
See also: GitHub Developer Guide documentation.
Delete a thread subscription
Mutes all future notifications for a conversation until you comment on the thread or get an @mention. If you are watching the repository of the thread, you will still receive notifications. To ignore future notifications for a repository you are watching, use the Set a thread subscription endpoint and set ignore
to true
.
octokit.rest.activity.deleteThreadSubscription({
thread_id,
});
Parameters
name | required | description |
---|---|---|
thread_id | yes |
The unique identifier of the notification thread. This corresponds to the value returned in the |
See also: GitHub Developer Guide documentation.
Get feeds
Lists the feeds available to the authenticated user. The response provides a URL for each feed. You can then get a specific feed by sending a request to one of the feed URLs.
- Timeline: The GitHub global public timeline
- User: The public timeline for any user, using
uri_template
. For more information, see "Hypermedia." - Current user public: The public timeline for the authenticated user
- Current user: The private timeline for the authenticated user
- Current user actor: The private timeline for activity created by the authenticated user
- Current user organizations: The private timeline for the organizations the authenticated user is a member of.
- Security advisories: A collection of public announcements that provide information about security-related vulnerabilities in software on GitHub.
By default, timeline resources are returned in JSON. You can specify the application/atom+xml
type in the Accept
header to return timeline resources in Atom format. For more information, see "Media types."
[!NOTE] Private feeds are only returned when authenticating via Basic Auth since current feed URIs use the older, non revocable auth tokens.
octokit.rest.activity.getFeeds();
Parameters
This endpoint has no parameters
See also: GitHub Developer Guide documentation.
Get a repository subscription
Gets information about whether the authenticated user is subscribed to the repository.
octokit.rest.activity.getRepoSubscription({
owner,
repo,
});
Parameters
name | required | description |
---|---|---|
owner | yes |
The account owner of the repository. The name is not case sensitive. |
repo | yes |
The name of the repository without the |
See also: GitHub Developer Guide documentation.
Get a thread
Gets information about a notification thread.
octokit.rest.activity.getThread({
thread_id,
});
Parameters
name | required | description |
---|---|---|
thread_id | yes |
The unique identifier of the notification thread. This corresponds to the value returned in the |
See also: GitHub Developer Guide documentation.
Get a thread subscription for the authenticated user
This checks to see if the current user is subscribed to a thread. You can also get a repository subscription.
Note that subscriptions are only generated if a user is participating in a conversation--for example, they've replied to the thread, were @mentioned, or manually subscribe to a thread.
octokit.rest.activity.getThreadSubscriptionForAuthenticatedUser({
thread_id,
});
Parameters
name | required | description |
---|---|---|
thread_id | yes |
The unique identifier of the notification thread. This corresponds to the value returned in the |
See also: GitHub Developer Guide documentation.
List events for the authenticated user
If you are authenticated as the given user, you will see your private events. Otherwise, you'll only see public events. Optional: use the fine-grained token with following permission set to view private events: "Events" user permissions (read).
[!NOTE] This API is not built to serve real-time use cases. Depending on the time of day, event latency can be anywhere from 30s to 6h.
octokit.rest.activity.listEventsForAuthenticatedUser({
username,
});
Parameters
name | required | description |
---|---|---|
username | yes |
The handle for the GitHub user account. |
per_page | no |
The number of results per page (max 100). For more information, see "Using pagination in the REST API." |
page | no |
The page number of the results to fetch. For more information, see "Using pagination in the REST API." |
See also: GitHub Developer Guide documentation.
List notifications for the authenticated user
List all notifications for the current user, sorted by most recently updated.
octokit.rest.activity.listNotificationsForAuthenticatedUser();
Parameters
name | required | description |
---|---|---|
all | no |
If |
participating | no |
If |
since | no |
Only show results that were last updated after the given time. This is a timestamp in ISO 8601 format: |
before | no |
Only show notifications updated before the given time. This is a timestamp in ISO 8601 format: |
page | no |
The page number of the results to fetch. For more information, see "Using pagination in the REST API." |
per_page | no |
The number of results per page (max 50). For more information, see "Using pagination in the REST API." |
See also: GitHub Developer Guide documentation.
List organization events for the authenticated user
This is the user's organization dashboard. You must be authenticated as the user to view this.
[!NOTE] This API is not built to serve real-time use cases. Depending on the time of day, event latency can be anywhere from 30s to 6h.
octokit.rest.activity.listOrgEventsForAuthenticatedUser({
username,
org,
});
Parameters
name | required | description |
---|---|---|
username | yes |
The handle for the GitHub user account. |
org | yes |
The organization name. The name is not case sensitive. |
per_page | no |
The number of results per page (max 100). For more information, see "Using pagination in the REST API." |
page | no |
The page number of the results to fetch. For more information, see "Using pagination in the REST API." |
See also: GitHub Developer Guide documentation.
List public events
[!NOTE] This API is not built to serve real-time use cases. Depending on the time of day, event latency can be anywhere from 30s to 6h.
octokit.rest.activity.listPublicEvents();
Parameters
name | required | description |
---|---|---|
per_page | no |
The number of results per page (max 100). For more information, see "Using pagination in the REST API." |
page | no |
The page number of the results to fetch. For more information, see "Using pagination in the REST API." |
See also: GitHub Developer Guide documentation.
List public events for a network of repositories
[!NOTE] This API is not built to serve real-time use cases. Depending on the time of day, event latency can be anywhere from 30s to 6h.
octokit.rest.activity.listPublicEventsForRepoNetwork({
owner,
repo,
});
Parameters
name | required | description |
---|---|---|
owner | yes |
The account owner of the repository. The name is not case sensitive. |
repo | yes |
The name of the repository without the |
per_page | no |
The number of results per page (max 100). For more information, see "Using pagination in the REST API." |
page | no |
The page number of the results to fetch. For more information, see "Using pagination in the REST API." |
See also: GitHub Developer Guide documentation.
List public events for a user
[!NOTE] This API is not built to serve real-time use cases. Depending on the time of day, event latency can be anywhere from 30s to 6h.
octokit.rest.activity.listPublicEventsForUser({
username,
});
Parameters
name | required | description |
---|---|---|
username | yes |
The handle for the GitHub user account. |
per_page | no |
The number of results per page (max 100). For more information, see "Using pagination in the REST API." |
page | no |
The page number of the results to fetch. For more information, see "Using pagination in the REST API." |
See also: GitHub Developer Guide documentation.
List public organization events
[!NOTE] This API is not built to serve real-time use cases. Depending on the time of day, event latency can be anywhere from 30s to 6h.
octokit.rest.activity.listPublicOrgEvents({
org,
});
Parameters
name | required | description |
---|---|---|
org | yes |
The organization name. The name is not case sensitive. |
per_page | no |
The number of results per page (max 100). For more information, see "Using pagination in the REST API." |
page | no |
The page number of the results to fetch. For more information, see "Using pagination in the REST API." |
See also: GitHub Developer Guide documentation.
List events received by the authenticated user
These are events that you've received by watching repositories and following users. If you are authenticated as the given user, you will see private events. Otherwise, you'll only see public events.
[!NOTE] This API is not built to serve real-time use cases. Depending on the time of day, event latency can be anywhere from 30s to 6h.
octokit.rest.activity.listReceivedEventsForUser({
username,
});
Parameters
name | required | description |
---|---|---|
username | yes |
The handle for the GitHub user account. |
per_page | no |
The number of results per page (max 100). For more information, see "Using pagination in the REST API." |
page | no |
The page number of the results to fetch. For more information, see "Using pagination in the REST API." |
See also: GitHub Developer Guide documentation.
List public events received by a user
[!NOTE] This API is not built to serve real-time use cases. Depending on the time of day, event latency can be anywhere from 30s to 6h.
octokit.rest.activity.listReceivedPublicEventsForUser({
username,
});
Parameters
name | required | description |
---|---|---|
username | yes |
The handle for the GitHub user account. |
per_page | no |
The number of results per page (max 100). For more information, see "Using pagination in the REST API." |
page | no |
The page number of the results to fetch. For more information, see "Using pagination in the REST API." |
See also: GitHub Developer Guide documentation.
List repository events
[!NOTE] This API is not built to serve real-time use cases. Depending on the time of day, event latency can be anywhere from 30s to 6h.
octokit.rest.activity.listRepoEvents({
owner,
repo,
});
Parameters
name | required | description |
---|---|---|
owner | yes |
The account owner of the repository. The name is not case sensitive. |
repo | yes |
The name of the repository without the |
per_page | no |
The number of results per page (max 100). For more information, see "Using pagination in the REST API." |
page | no |
The page number of the results to fetch. For more information, see "Using pagination in the REST API." |
See also: GitHub Developer Guide documentation.
List repository notifications for the authenticated user
Lists all notifications for the current user in the specified repository.
octokit.rest.activity.listRepoNotificationsForAuthenticatedUser({
owner,
repo,
});
Parameters
name | required | description |
---|---|---|
owner | yes |
The account owner of the repository. The name is not case sensitive. |
repo | yes |
The name of the repository without the |
all | no |
If |
participating | no |
If |
since | no |
Only show results that were last updated after the given time. This is a timestamp in ISO 8601 format: |
before | no |
Only show notifications updated before the given time. This is a timestamp in ISO 8601 format: |
per_page | no |
The number of results per page (max 100). For more information, see "Using pagination in the REST API." |
page | no |
The page number of the results to fetch. For more information, see "Using pagination in the REST API." |
See also: GitHub Developer Guide documentation.
List repositories starred by the authenticated user
Lists repositories the authenticated user has starred.
This endpoint supports the following custom media types. For more information, see "Media types."
application/vnd.github.star+json
: Includes a timestamp of when the star was created.
octokit.rest.activity.listReposStarredByAuthenticatedUser();
Parameters
name | required | description |
---|---|---|
sort | no |
The property to sort the results by. |
direction | no |
The direction to sort the results by. |
per_page | no |
The number of results per page (max 100). For more information, see "Using pagination in the REST API." |
page | no |
The page number of the results to fetch. For more information, see "Using pagination in the REST API." |
See also: GitHub Developer Guide documentation.
List repositories starred by a user
Lists repositories a user has starred.
This endpoint supports the following custom media types. For more information, see "Media types."
application/vnd.github.star+json
: Includes a timestamp of when the star was created.
octokit.rest.activity.listReposStarredByUser({
username,
});
Parameters
name | required | description |
---|---|---|
username | yes |
The handle for the GitHub user account. |
sort | no |
The property to sort the results by. |
direction | no |
The direction to sort the results by. |
per_page | no |
The number of results per page (max 100). For more information, see "Using pagination in the REST API." |
page | no |
The page number of the results to fetch. For more information, see "Using pagination in the REST API." |
See also: GitHub Developer Guide documentation.
List repositories watched by a user
Lists repositories a user is watching.
octokit.rest.activity.listReposWatchedByUser({
username,
});
Parameters
name | required | description |
---|---|---|
username | yes |
The handle for the GitHub user account. |
per_page | no |
The number of results per page (max 100). For more information, see "Using pagination in the REST API." |
page | no |
The page number of the results to fetch. For more information, see "Using pagination in the REST API." |
See also: GitHub Developer Guide documentation.
List stargazers
Lists the people that have starred the repository.
This endpoint supports the following custom media types. For more information, see "Media types."
application/vnd.github.star+json
: Includes a timestamp of when the star was created.
octokit.rest.activity.listStargazersForRepo({
owner,
repo,
});
Parameters
name | required | description |
---|---|---|
owner | yes |
The account owner of the repository. The name is not case sensitive. |
repo | yes |
The name of the repository without the |
per_page | no |
The number of results per page (max 100). For more information, see "Using pagination in the REST API." |
page | no |
The page number of the results to fetch. For more information, see "Using pagination in the REST API." |
See also: GitHub Developer Guide documentation.
List repositories watched by the authenticated user
Lists repositories the authenticated user is watching.
octokit.rest.activity.listWatchedReposForAuthenticatedUser();
Parameters
name | required | description |
---|---|---|
per_page | no |
The number of results per page (max 100). For more information, see "Using pagination in the REST API." |
page | no |
The page number of the results to fetch. For more information, see "Using pagination in the REST API." |
See also: GitHub Developer Guide documentation.
List watchers
Lists the people watching the specified repository.
octokit.rest.activity.listWatchersForRepo({
owner,
repo,
});
Parameters
name | required | description |
---|---|---|
owner | yes |
The account owner of the repository. The name is not case sensitive. |
repo | yes |
The name of the repository without the |
per_page | no |
The number of results per page (max 100). For more information, see "Using pagination in the REST API." |
page | no |
The page number of the results to fetch. For more information, see "Using pagination in the REST API." |
See also: GitHub Developer Guide documentation.
Mark notifications as read
Marks all notifications as "read" for the current user. If the number of notifications is too large to complete in one request, you will receive a 202 Accepted
status and GitHub will run an asynchronous process to mark notifications as "read." To check whether any "unread" notifications remain, you can use the List notifications for the authenticated user endpoint and pass the query parameter all=false
.
octokit.rest.activity.markNotificationsAsRead();
Parameters
name | required | description |
---|---|---|
last_read_at | no |
Describes the last point that notifications were checked. Anything updated since this time will not be marked as read. If you omit this parameter, all notifications are marked as read. This is a timestamp in ISO 8601 format: |
read | no |
Whether the notification has been read. |
See also: GitHub Developer Guide documentation.
Mark repository notifications as read
Marks all notifications in a repository as "read" for the current user. If the number of notifications is too large to complete in one request, you will receive a 202 Accepted
status and GitHub will run an asynchronous process to mark notifications as "read." To check whether any "unread" notifications remain, you can use the List repository notifications for the authenticated user endpoint and pass the query parameter all=false
.
octokit.rest.activity.markRepoNotificationsAsRead({
owner,
repo,
});
Parameters
name | required | description |
---|---|---|
owner | yes |
The account owner of the repository. The name is not case sensitive. |
repo | yes |
The name of the repository without the |
last_read_at | no |
Describes the last point that notifications were checked. Anything updated since this time will not be marked as read. If you omit this parameter, all notifications are marked as read. This is a timestamp in ISO 8601 format: |
See also: GitHub Developer Guide documentation.
Mark a thread as done
Marks a thread as "done." Marking a thread as "done" is equivalent to marking a notification in your notification inbox on GitHub as done: https://github.com/notifications.
octokit.rest.activity.markThreadAsDone({
thread_id,
});
Parameters
name | required | description |
---|---|---|
thread_id | yes |
The unique identifier of the notification thread. This corresponds to the value returned in the |
See also: GitHub Developer Guide documentation.
Mark a thread as read
Marks a thread as "read." Marking a thread as "read" is equivalent to clicking a notification in your notification inbox on GitHub: https://github.com/notifications.
octokit.rest.activity.markThreadAsRead({
thread_id,
});
Parameters
name | required | description |
---|---|---|
thread_id | yes |
The unique identifier of the notification thread. This corresponds to the value returned in the |
See also: GitHub Developer Guide documentation.
Set a repository subscription
If you would like to watch a repository, set subscribed
to true
. If you would like to ignore notifications made within a repository, set ignored
to true
. If you would like to stop watching a repository, delete the repository's subscription completely.
octokit.rest.activity.setRepoSubscription({
owner,
repo,
});
Parameters
name | required | description |
---|---|---|
owner | yes |
The account owner of the repository. The name is not case sensitive. |
repo | yes |
The name of the repository without the |
subscribed | no |
Determines if notifications should be received from this repository. |
ignored | no |
Determines if all notifications should be blocked from this repository. |
See also: GitHub Developer Guide documentation.
Set a thread subscription
If you are watching a repository, you receive notifications for all threads by default. Use this endpoint to ignore future notifications for threads until you comment on the thread or get an @mention.
You can also use this endpoint to subscribe to threads that you are currently not receiving notifications for or to subscribed to threads that you have previously ignored.
Unsubscribing from a conversation in a repository that you are not watching is functionally equivalent to the Delete a thread subscription endpoint.
octokit.rest.activity.setThreadSubscription({
thread_id,
});
Parameters
name | required | description |
---|---|---|
thread_id | yes |
The unique identifier of the notification thread. This corresponds to the value returned in the |
ignored | no |
Whether to block all notifications from a thread. |
See also: GitHub Developer Guide documentation.
Star a repository for the authenticated user
Note that you'll need to set Content-Length
to zero when calling out to this endpoint. For more information, see "HTTP method."
octokit.rest.activity.starRepoForAuthenticatedUser({
owner,
repo,
});
Parameters
name | required | description |
---|---|---|
owner | yes |
The account owner of the repository. The name is not case sensitive. |
repo | yes |
The name of the repository without the |
See also: GitHub Developer Guide documentation.
Unstar a repository for the authenticated user
Unstar a repository that the authenticated user has previously starred.
octokit.rest.activity.unstarRepoForAuthenticatedUser({
owner,
repo,
});
Parameters
name | required | description |
---|---|---|
owner | yes |
The account owner of the repository. The name is not case sensitive. |
repo | yes |
The name of the repository without the |
See also: GitHub Developer Guide documentation.
Apps
Add a repository to an app installation
Deprecated: This method has been renamed to apps.addRepoToInstallationForAuthenticatedUser
Add a single repository to an installation. The authenticated user must have admin access to the repository.
This endpoint only works for PATs (classic) with the repo
scope.
octokit.rest.apps.addRepoToInstallation({
installation_id,
repository_id,
});
Parameters
name | required | description |
---|---|---|
installation_id | yes |
The unique identifier of the installation. |
repository_id | yes |
The unique identifier of the repository. |
See also: GitHub Developer Guide documentation.
Add a repository to an app installation
Add a single repository to an installation. The authenticated user must have admin access to the repository.
This endpoint only works for PATs (classic) with the repo
scope.
octokit.rest.apps.addRepoToInstallationForAuthenticatedUser({
installation_id,
repository_id,
});
Parameters
name | required | description |
---|---|---|
installation_id | yes |
The unique identifier of the installation. |
repository_id | yes |
The unique identifier of the repository. |
See also: GitHub Developer Guide documentation.
Check a token
OAuth applications and GitHub applications with OAuth authorizations can use this API method for checking OAuth token validity without exceeding the normal rate limits for failed login attempts. Authentication works differently with this particular endpoint. Invalid tokens will return 404 NOT FOUND
.
octokit.rest.apps.checkToken({
client_id,
access_token,
});
Parameters
name | required | description |
---|---|---|
client_id | yes |
The client ID of the GitHub app. |
access_token | yes |
The access_token of the OAuth or GitHub application. |
See also: GitHub Developer Guide documentation.
Create a GitHub App from a manifest
Use this endpoint to complete the handshake necessary when implementing the GitHub App Manifest flow. When you create a GitHub App with the manifest flow, you receive a temporary code
used to retrieve the GitHub App's id
, pem
(private key), and webhook_secret
.
octokit.rest.apps.createFromManifest({
code,
});
Parameters
name | required | description |
---|---|---|
code | yes |
See also: GitHub Developer Guide documentation.
Create an installation access token for an app
Creates an installation access token that enables a GitHub App to make authenticated API requests for the app's installation on an organization or individual account. Installation tokens expire one hour from the time you create them. Using an expired token produces a status code of 401 - Unauthorized
, and requires creating a new installation token. By default the installation token has access to all repositories that the installation can access.
Optionally, you can use the repositories
or repository_ids
body parameters to specify individual repositories that the installation access token can access. If you don't use repositories
or repository_ids
to grant access to specific repositories, the installation access token will have access to all repositories that the installation was granted access to. The installation access token cannot be granted access to repositories that the installation was not granted access to. Up to 500 repositories can be listed in this manner.
Optionally, use the permissions
body parameter to specify the permissions that the installation access token should have. If permissions
is not specified, the installation access token will have all of the permissions that were granted to the app. The installation access token cannot be granted permissions that the app was not granted.
You must use a JWT to access this endpoint.
octokit.rest.apps.createInstallationAccessToken({
installation_id,
});
Parameters
name | required | description |
---|---|---|
installation_id | yes |
The unique identifier of the installation. |
repositories | no |
List of repository names that the token should have access to |
repository_ids | no |
List of repository IDs that the token should have access to |
permissions | no |
The permissions granted to the user access token. |
permissions.actions | no |
The level of permission to grant the access token for GitHub Actions workflows, workflow runs, and artifacts. |
permissions.administration | no |
The level of permission to grant the access token for repository creation, deletion, settings, teams, and collaborators creation. |
permissions.checks | no |
The level of permission to grant the access token for checks on code. |
permissions.codespaces | no |
The level of permission to grant the access token to create, edit, delete, and list Codespaces. |
permissions.contents | no |
The level of permission to grant the access token for repository contents, commits, branches, downloads, releases, and merges. |
permissions.dependabot_secrets | no |
The leve of permission to grant the access token to manage Dependabot secrets. |
permissions.deployments | no |
The level of permission to grant the access token for deployments and deployment statuses. |
permissions.environments | no |
The level of permission to grant the access token for managing repository environments. |
permissions.issues | no |
The level of permission to grant the access token for issues and related comments, assignees, labels, and milestones. |
permissions.metadata | no |
The level of permission to grant the access token to search repositories, list collaborators, and access repository metadata. |
permissions.packages | no |
The level of permission to grant the access token for packages published to GitHub Packages. |
permissions.pages | no |
The level of permission to grant the access token to retrieve Pages statuses, configuration, and builds, as well as create new builds. |
permissions.pull_requests | no |
The level of permission to grant the access token for pull requests and related comments, assignees, labels, milestones, and merges. |
permissions.repository_custom_properties | no |
The level of permission to grant the access token to view and edit custom properties for a repository, when allowed by the property. |
permissions.repository_hooks | no |
The level of permission to grant the access token to manage the post-receive hooks for a repository. |
permissions.repository_projects | no |
The level of permission to grant the access token to manage repository projects, columns, and cards. |
permissions.secret_scanning_alerts | no |
The level of permission to grant the access token to view and manage secret scanning alerts. |
permissions.secrets | no |
The level of permission to grant the access token to manage repository secrets. |
permissions.security_events | no |
The level of permission to grant the access token to view and manage security events like code scanning alerts. |
permissions.single_file | no |
The level of permission to grant the access token to manage just a single file. |
permissions.statuses | no |
The level of permission to grant the access token for commit statuses. |
permissions.vulnerability_alerts | no |
The level of permission to grant the access token to manage Dependabot alerts. |
permissions.workflows | no |
The level of permission to grant the access token to update GitHub Actions workflow files. |
permissions.members | no |
The level of permission to grant the access token for organization teams and members. |
permissions.organization_administration | no |
The level of permission to grant the access token to manage access to an organization. |
permissions.organization_custom_roles | no |
The level of permission to grant the access token for custom repository roles management. |
permissions.organization_custom_org_roles | no |
The level of permission to grant the access token for custom organization roles management. |
permissions.organization_custom_properties | no |
The level of permission to grant the access token for custom property management. |
permissions.organization_copilot_seat_management | no |
The level of permission to grant the access token for managing access to GitHub Copilot for members of an organization with a Copilot Business subscription. This property is in public preview and is subject to change. |
permissions.organization_announcement_banners | no |
The level of permission to grant the access token to view and manage announcement banners for an organization. |
permissions.organization_events | no |
The level of permission to grant the access token to view events triggered by an activity in an organization. |
permissions.organization_hooks | no |
The level of permission to grant the access token to manage the post-receive hooks for an organization. |
permissions.organization_personal_access_tokens | no |
The level of permission to grant the access token for viewing and managing fine-grained personal access token requests to an organization. |
permissions.organization_personal_access_token_requests | no |
The level of permission to grant the access token for viewing and managing fine-grained personal access tokens that have been approved by an organization. |
permissions.organization_plan | no |
The level of permission to grant the access token for viewing an organization's plan. |
permissions.organization_projects | no |
The level of permission to grant the access token to manage organization projects and projects public preview (where available). |
permissions.organization_packages | no |
The level of permission to grant the access token for organization packages published to GitHub Packages. |
permissions.organization_secrets | no |
The level of permission to grant the access token to manage organization secrets. |
permissions.organization_self_hosted_runners | no |
The level of permission to grant the access token to view and manage GitHub Actions self-hosted runners available to an organization. |
permissions.organization_user_blocking | no |
The level of permission to grant the access token to view and manage users blocked by the organization. |
permissions.team_discussions | no |
The level of permission to grant the access token to manage team discussions and related comments. |
permissions.email_addresses | no |
The level of permission to grant the access token to manage the email addresses belonging to a user. |
permissions.followers | no |
The level of permission to grant the access token to manage the followers belonging to a user. |
permissions.git_ssh_keys | no |
The level of permission to grant the access token to manage git SSH keys. |
permissions.gpg_keys | no |
The level of permission to grant the access token to view and manage GPG keys belonging to a user. |
permissions.interaction_limits | no |
The level of permission to grant the access token to view and manage interaction limits on a repository. |
permissions.profile | no |
The level of permission to grant the access token to manage the profile settings belonging to a user. |
permissions.starring | no |
The level of permission to grant the access token to list and manage repositories a user is starring. |
See also: GitHub Developer Guide documentation.
Delete an app authorization
OAuth and GitHub application owners can revoke a grant for their application and a specific user. You must provide a valid OAuth access_token
as an input parameter and the grant for the token's owner will be deleted.
Deleting an application's grant will also delete all OAuth tokens associated with the application for the user. Once deleted, the application will have no access to the user's account and will no longer be listed on the application authorizations settings screen within GitHub.
octokit.rest.apps.deleteAuthorization({
client_id,
access_token,
});
Parameters
name | required | description |
---|---|---|
client_id | yes |
The client ID of the GitHub app. |
access_token | yes |
The OAuth access token used to authenticate to the GitHub API. |
See also: GitHub Developer Guide documentation.
Delete an installation for the authenticated app
Uninstalls a GitHub App on a user, organization, or business account. If you prefer to temporarily suspend an app's access to your account's resources, then we recommend the "Suspend an app installation" endpoint.
You must use a JWT to access this endpoint.
octokit.rest.apps.deleteInstallation({
installation_id,
});
Parameters
name | required | description |
---|---|---|
installation_id | yes |
The unique identifier of the installation. |
See also: GitHub Developer Guide documentation.
Delete an app token
OAuth or GitHub application owners can revoke a single token for an OAuth application or a GitHub application with an OAuth authorization.
octokit.rest.apps.deleteToken({
client_id,
access_token,
});
Parameters
name | required | description |
---|---|---|
client_id | yes |
The client ID of the GitHub app. |
access_token | yes |
The OAuth access token used to authenticate to the GitHub API. |
See also: GitHub Developer Guide documentation.
Get the authenticated app
Returns the GitHub App associated with the authentication credentials used. To see how many app installations are associated with this GitHub App, see the installations_count
in the response. For more details about your app's installations, see the "List installations for the authenticated app" endpoint.
You must use a JWT to access this endpoint.
octokit.rest.apps.getAuthenticated();
Parameters
This endpoint has no parameters
See also: GitHub Developer Guide documentation.
Get an app
[!NOTE] The
:app_slug
is just the URL-friendly name of your GitHub App. You can find this on the settings page for your GitHub App (e.g.,https://github.com/settings/apps/:app_slug
).
octokit.rest.apps.getBySlug({
app_slug,
});
Parameters
name | required | description |
---|---|---|
app_slug | yes |
See also: GitHub Developer Guide documentation.
Get an installation for the authenticated app
Enables an authenticated GitHub App to find an installation's information using the installation id.
You must use a JWT to access this endpoint.
octokit.rest.apps.getInstallation({
installation_id,
});
Parameters
name | required | description |
---|---|---|
installation_id | yes |
The unique identifier of the installation. |
See also: GitHub Developer Guide documentation.
Get an organization installation for the authenticated app
Enables an authenticated GitHub App to find the organization's installation information.
You must use a JWT to access this endpoint.
octokit.rest.apps.getOrgInstallation({
org,
});
Parameters
name | required | description |
---|---|---|
org | yes |
The organization name. The name is not case sensitive. |
See also: GitHub Developer Guide documentation.
Get a repository installation for the authenticated app
Enables an authenticated GitHub App to find the repository's installation information. The installation's account type will be either an organization or a user account, depending which account the repository belongs to.
You must use a JWT to access this endpoint.
octokit.rest.apps.getRepoInstallation({
owner,
repo,
});
Parameters
name | required | description |
---|---|---|
owner | yes |
The account owner of the repository. The name is not case sensitive. |
repo | yes |
The name of the repository without the |
See also: GitHub Developer Guide documentation.
Get a subscription plan for an account
Shows whether the user or organization account actively subscribes to a plan listed by the authenticated GitHub App. When someone submits a plan change that won't be processed until the end of their billing cycle, you will also see the upcoming pending change.
GitHub Apps must use a JWT to access this endpoint. OAuth apps must use basic authentication with their client ID and client secret to access this endpoint.
octokit.rest.apps.getSubscriptionPlanForAccount({
account_id,
});
Parameters
name | required | description |
---|---|---|
account_id | yes |
account_id parameter |
See also: GitHub Developer Guide documentation.
Get a subscription plan for an account (stubbed)
Shows whether the user or organization account actively subscribes to a plan listed by the authenticated GitHub App. When someone submits a plan change that won't be processed until the end of their billing cycle, you will also see the upcoming pending change.
GitHub Apps must use a JWT to access this endpoint. OAuth apps must use basic authentication with their client ID and client secret to access this endpoint.
octokit.rest.apps.getSubscriptionPlanForAccountStubbed({
account_id,
});
Parameters
name | required | description |
---|---|---|
account_id | yes |
account_id parameter |
See also: GitHub Developer Guide documentation.
Get a user installation for the authenticated app
Enables an authenticated GitHub App to find the user’s installation information.
You must use a JWT to access this endpoint.
octokit.rest.apps.getUserInstallation({
username,
});
Parameters
name | required | description |
---|---|---|
username | yes |
The handle for the GitHub user account. |
See also: GitHub Developer Guide documentation.
Get a webhook configuration for an app
Returns the webhook configuration for a GitHub App. For more information about configuring a webhook for your app, see "Creating a GitHub App."
You must use a JWT to access this endpoint.
octokit.rest.apps.getWebhookConfigForApp();
Parameters
This endpoint has no parameters
See also: GitHub Developer Guide documentation.
Get a delivery for an app webhook
Returns a delivery for the webhook configured for a GitHub App.
You must use a JWT to access this endpoint.
octokit.rest.apps.getWebhookDelivery({
delivery_id,
});
Parameters
name | required | description |
---|---|---|
delivery_id | yes |
See also: GitHub Developer Guide documentation.
List accounts for a plan
Returns user and organization accounts associated with the specified plan, including free plans. For per-seat pricing, you see the list of accounts that have purchased the plan, including the number of seats purchased. When someone submits a plan change that won't be processed until the end of their billing cycle, you will also see the upcoming pending change.
GitHub Apps must use a JWT to access this endpoint. OAuth apps must use basic authentication with their client ID and client secret to access this endpoint.
octokit.rest.apps.listAccountsForPlan({
plan_id,
});
Parameters
name | required | description |
---|---|---|
plan_id | yes |
The unique identifier of the plan. |
sort | no |
The property to sort the results by. |
direction | no |
To return the oldest accounts first, set to |
per_page | no |
The number of results per page (max 100). For more information, see "Using pagination in the REST API." |
page | no |
The page number of the results to fetch. For more information, see "Using pagination in the REST API." |
See also: GitHub Developer Guide documentation.
List accounts for a plan (stubbed)
Returns repository and organization accounts associated with the specified plan, including free plans. For per-seat pricing, you see the list of accounts that have purchased the plan, including the number of seats purchased. When someone submits a plan change that won't be processed until the end of their billing cycle, you will also see the upcoming pending change.
GitHub Apps must use a JWT to access this endpoint. OAuth apps must use basic authentication with their client ID and client secret to access this endpoint.
octokit.rest.apps.listAccountsForPlanStubbed({
plan_id,
});
Parameters
name | required | description |
---|---|---|
plan_id | yes |
The unique identifier of the plan. |
sort | no |
The property to sort the results by. |
direction | no |
To return the oldest accounts first, set to |
per_page | no |
The number of results per page (max 100). For more information, see "Using pagination in the REST API." |
page | no |
The page number of the results to fetch. For more information, see "Using pagination in the REST API." |
See also: GitHub Developer Guide documentation.
List repositories accessible to the user access token
List repositories that the authenticated user has explicit permission (:read
, :write
, or :admin
) to access for an installation.
The authenticated user has explicit permission to access repositories they own, repositories where they are a collaborator, and repositories that they can access through an organization membership.
The access the user has to each repository is included in the hash under the permissions
key.
octokit.rest.apps.listInstallationReposForAuthenticatedUser({
installation_id,
});
Parameters
name | required | description |
---|---|---|
installation_id | yes |
The unique identifier of the installation. |
per_page | no |
The number of results per page (max 100). For more information, see "Using pagination in the REST API." |
page | no |
The page number of the results to fetch. For more information, see "Using pagination in the REST API." |
See also: GitHub Developer Guide documentation.
List installation requests for the authenticated app
Lists all the pending installation requests for the authenticated GitHub App.
octokit.rest.apps.listInstallationRequestsForAuthenticatedApp();
Parameters
name | required | description |
---|---|---|
per_page | no |
The number of results per page (max 100). For more information, see "Using pagination in the REST API." |
page | no |
The page number of the results to fetch. For more information, see "Using pagination in the REST API." |
See also: GitHub Developer Guide documentation.
List installations for the authenticated app
You must use a JWT to access this endpoint.
The permissions the installation has are included under the permissions
key.
octokit.rest.apps.listInstallations();
Parameters
name | required | description |
---|---|---|
per_page | no |
The number of results per page (max 100). |
page | no |
Page number of the results to fetch. |
since | no |
Only show results that were last updated after the given time. This is a timestamp in ISO 8601 format: |
outdated | no |
See also: GitHub Developer Guide documentation.
List app installations accessible to the user access token
Lists installations of your GitHub App that the authenticated user has explicit permission (:read
, :write
, or :admin
) to access.
The authenticated user has explicit permission to access repositories they own, repositories where they are a collaborator, and repositories that they can access through an organization membership.
You can find the permissions for the installation under the permissions
key.
octokit.rest.apps.listInstallationsForAuthenticatedUser();
Parameters
name | required | description |
---|---|---|
per_page | no |
The number of results per page (max 100). For more information, see "Using pagination in the REST API." |
page | no |
The page number of the results to fetch. For more information, see "Using pagination in the REST API." |
See also: GitHub Developer Guide documentation.
List plans
Lists all plans that are part of your GitHub Marketplace listing.
GitHub Apps must use a JWT to access this endpoint. OAuth apps must use basic authentication with their client ID and client secret to access this endpoint.
octokit.rest.apps.listPlans();
Parameters
name | required | description |
---|---|---|
per_page | no |
The number of results per page (max 100). For more information, see "Using pagination in the REST API." |
page | no |
The page number of the results to fetch. For more information, see "Using pagination in the REST API." |
See also: GitHub Developer Guide documentation.
List plans (stubbed)
Lists all plans that are part of your GitHub Marketplace listing.
GitHub Apps must use a JWT to access this endpoint. OAuth apps must use basic authentication with their client ID and client secret to access this endpoint.
octokit.rest.apps.listPlansStubbed();
Parameters
name | required | description |
---|---|---|
per_page | no |
The number of results per page (max 100). For more information, see "Using pagination in the REST API." |
page | no |
The page number of the results to fetch. For more information, see "Using pagination in the REST API." |
See also: GitHub Developer Guide documentation.
List repositories accessible to the app installation
List repositories that an app installation can access.
octokit.rest.apps.listReposAccessibleToInstallation();
Parameters
name | required | description |
---|---|---|
per_page | no |
The number of results per page (max 100). For more information, see "Using pagination in the REST API." |
page | no |
The page number of the results to fetch. For more information, see "Using pagination in the REST API." |
See also: GitHub Developer Guide documentation.
List subscriptions for the authenticated user
Lists the active subscriptions for the authenticated user.
octokit.rest.apps.listSubscriptionsForAuthenticatedUser();
Parameters
name | required | description |
---|---|---|
per_page | no |
The number of results per page (max 100). For more information, see "Using pagination in the REST API." |
page | no |
The page number of the results to fetch. For more information, see "Using pagination in the REST API." |
See also: GitHub Developer Guide documentation.
List subscriptions for the authenticated user (stubbed)
Lists the active subscriptions for the authenticated user.
octokit.rest.apps.listSubscriptionsForAuthenticatedUserStubbed();
Parameters
name | required | description |
---|---|---|
per_page | no |
The number of results per page (max 100). For more information, see "Using pagination in the REST API." |
page | no |
The page number of the results to fetch. For more information, see "Using pagination in the REST API." |
See also: GitHub Developer Guide documentation.
List deliveries for an app webhook
Returns a list of webhook deliveries for the webhook configured for a GitHub App.
You must use a JWT to access this endpoint.
octokit.rest.apps.listWebhookDeliveries();
Parameters
name | required | description |
---|---|---|
per_page | no |
The number of results per page (max 100). For more information, see "Using pagination in the REST API." |
cursor | no |
Used for pagination: the starting delivery from which the page of deliveries is fetched. Refer to the |
See also: GitHub Developer Guide documentation.
Redeliver a delivery for an app webhook
Redeliver a delivery for the webhook configured for a GitHub App.
You must use a JWT to access this endpoint.
octokit.rest.apps.redeliverWebhookDelivery({
delivery_id,
});
Parameters
name | required | description |
---|---|---|
delivery_id | yes |
See also: GitHub Developer Guide documentation.
Remove a repository from an app installation
Deprecated: This method has been renamed to apps.removeRepoFromInstallationForAuthenticatedUser
Remove a single repository from an installation. The authenticated user must have admin access to the repository. The installation must have the repository_selection
of selected
.
This endpoint only works for PATs (classic) with the repo
scope.
octokit.rest.apps.removeRepoFromInstallation({
installation_id,
repository_id,
});
Parameters
name | required | description |
---|---|---|
installation_id | yes |
The unique identifier of the installation. |
repository_id | yes |
The unique identifier of the repository. |
See also: GitHub Developer Guide documentation.
Remove a repository from an app installation
Remove a single repository from an installation. The authenticated user must have admin access to the repository. The installation must have the repository_selection
of selected
.
This endpoint only works for PATs (classic) with the repo
scope.
octokit.rest.apps.removeRepoFromInstallationForAuthenticatedUser({
installation_id,
repository_id,
});
Parameters
name | required | description |
---|---|---|
installation_id | yes |
The unique identifier of the installation. |
repository_id | yes |
The unique identifier of the repository. |
See also: GitHub Developer Guide documentation.
Reset a token
OAuth applications and GitHub applications with OAuth authorizations can use this API method to reset a valid OAuth token without end-user involvement. Applications must save the "token" property in the response because changes take effect immediately. Invalid tokens will return 404 NOT FOUND
.
octokit.rest.apps.resetToken({
client_id,
access_token,
});
Parameters
name | required | description |
---|---|---|
client_id | yes |
The client ID of the GitHub app. |
access_token | yes |
The access_token of the OAuth or GitHub application. |
See also: GitHub Developer Guide documentation.
Revoke an installation access token
Revokes the installation token you're using to authenticate as an installation and access this endpoint.
Once an installation token is revoked, the token is invalidated and cannot be used. Other endpoints that require the revoked installation token must have a new installation token to work. You can create a new token using the "Create an installation access token for an app" endpoint.
octokit.rest.apps.revokeInstallationAccessToken();
Parameters
This endpoint has no parameters
See also: GitHub Developer Guide documentation.
Create a scoped access token
Use a non-scoped user access token to create a repository-scoped and/or permission-scoped user access token. You can specify which repositories the token can access and which permissions are granted to the token.
Invalid tokens will return 404 NOT FOUND
.
octokit.rest.apps.scopeToken({
client_id,
access_token,
});
Parameters
name | required | description |
---|---|---|
client_id | yes |
The client ID of the GitHub app. |
access_token | yes |
The access token used to authenticate to the GitHub API. |
target | no |
The name of the user or organization to scope the user access token to. Required unless |
target_id | no |
The ID of the user or organization to scope the user access token to. Required unless |
repositories | no |
The list of repository names to scope the user access token to. |
repository_ids | no |
The list of repository IDs to scope the user access token to. |
permissions | no |
The permissions granted to the user access token. |
permissions.actions | no |
The level of permission to grant the access token for GitHub Actions workflows, workflow runs, and artifacts. |
permissions.administration | no |
The level of permission to grant the access token for repository creation, deletion, settings, teams, and collaborators creation. |
permissions.checks | no |
The level of permission to grant the access token for checks on code. |
permissions.codespaces | no |
The level of permission to grant the access token to create, edit, delete, and list Codespaces. |
permissions.contents | no |
The level of permission to grant the access token for repository contents, commits, branches, downloads, releases, and merges. |
permissions.dependabot_secrets | no |
The leve of permission to grant the access token to manage Dependabot secrets. |
permissions.deployments | no |
The level of permission to grant the access token for deployments and deployment statuses. |
permissions.environments | no |
The level of permission to grant the access token for managing repository environments. |
permissions.issues | no |
The level of permission to grant the access token for issues and related comments, assignees, labels, and milestones. |
permissions.metadata | no |
The level of permission to grant the access token to search repositories, list collaborators, and access repository metadata. |
permissions.packages | no |
The level of permission to grant the access token for packages published to GitHub Packages. |
permissions.pages | no |
The level of permission to grant the access token to retrieve Pages statuses, configuration, and builds, as well as create new builds. |
permissions.pull_requests | no |
The level of permission to grant the access token for pull requests and related comments, assignees, labels, milestones, and merges. |
permissions.repository_custom_properties | no |
The level of permission to grant the access token to view and edit custom properties for a repository, when allowed by the property. |
permissions.repository_hooks | no |
The level of permission to grant the access token to manage the post-receive hooks for a repository. |
permissions.repository_projects | no |
The level of permission to grant the access token to manage repository projects, columns, and cards. |
permissions.secret_scanning_alerts | no |
The level of permission to grant the access token to view and manage secret scanning alerts. |
permissions.secrets | no |
The level of permission to grant the access token to manage repository secrets. |
permissions.security_events | no |
The level of permission to grant the access token to view and manage security events like code scanning alerts. |
permissions.single_file | no |
The level of permission to grant the access token to manage just a single file. |
permissions.statuses | no |
The level of permission to grant the access token for commit statuses. |
permissions.vulnerability_alerts | no |
The level of permission to grant the access token to manage Dependabot alerts. |
permissions.workflows | no |
The level of permission to grant the access token to update GitHub Actions workflow files. |
permissions.members | no |
The level of permission to grant the access token for organization teams and members. |
permissions.organization_administration | no |
The level of permission to grant the access token to manage access to an organization. |
permissions.organization_custom_roles | no |
The level of permission to grant the access token for custom repository roles management. |
permissions.organization_custom_org_roles | no |
The level of permission to grant the access token for custom organization roles management. |
permissions.organization_custom_properties | no |
The level of permission to grant the access token for custom property management. |
permissions.organization_copilot_seat_management | no |
The level of permission to grant the access token for managing access to GitHub Copilot for members of an organization with a Copilot Business subscription. This property is in public preview and is subject to change. |
permissions.organization_announcement_banners | no |
The level of permission to grant the access token to view and manage announcement banners for an organization. |
permissions.organization_events | no |
The level of permission to grant the access token to view events triggered by an activity in an organization. |
permissions.organization_hooks | no |
The level of permission to grant the access token to manage the post-receive hooks for an organization. |
permissions.organization_personal_access_tokens | no |
The level of permission to grant the access token for viewing and managing fine-grained personal access token requests to an organization. |
permissions.organization_personal_access_token_requests | no |
The level of permission to grant the access token for viewing and managing fine-grained personal access tokens that have been approved by an organization. |
permissions.organization_plan | no |
The level of permission to grant the access token for viewing an organization's plan. |
permissions.organization_projects | no |
The level of permission to grant the access token to manage organization projects and projects public preview (where available). |
permissions.organization_packages | no |
The level of permission to grant the access token for organization packages published to GitHub Packages. |
permissions.organization_secrets | no |
The level of permission to grant the access token to manage organization secrets. |
permissions.organization_self_hosted_runners | no |
The level of permission to grant the access token to view and manage GitHub Actions self-hosted runners available to an organization. |
permissions.organization_user_blocking | no |
The level of permission to grant the access token to view and manage users blocked by the organization. |
permissions.team_discussions | no |
The level of permission to grant the access token to manage team discussions and related comments. |
permissions.email_addresses | no |
The level of permission to grant the access token to manage the email addresses belonging to a user. |
permissions.followers | no |
The level of permission to grant the access token to manage the followers belonging to a user. |
permissions.git_ssh_keys | no |
The level of permission to grant the access token to manage git SSH keys. |
permissions.gpg_keys | no |
The level of permission to grant the access token to view and manage GPG keys belonging to a user. |
permissions.interaction_limits | no |
The level of permission to grant the access token to view and manage interaction limits on a repository. |
permissions.profile | no |
The level of permission to grant the access token to manage the profile settings belonging to a user. |
permissions.starring | no |
The level of permission to grant the access token to list and manage repositories a user is starring. |
See also: GitHub Developer Guide documentation.
Suspend an app installation
Suspends a GitHub App on a user, organization, or business account, which blocks the app from accessing the account's resources. When a GitHub App is suspended, the app's access to the GitHub API or webhook events is blocked for that account.
You must use a JWT to access this endpoint.
octokit.rest.apps.suspendInstallation({
installation_id,
});
Parameters
name | required | description |
---|---|---|
installation_id | yes |
The unique identifier of the installation. |
See also: GitHub Developer Guide documentation.
Unsuspend an app installation
Removes a GitHub App installation suspension.
You must use a JWT to access this endpoint.
octokit.rest.apps.unsuspendInstallation({
installation_id,
});
Parameters
name | required | description |
---|---|---|
installation_id | yes |
The unique identifier of the installation. |
See also: GitHub Developer Guide documentation.
Update a webhook configuration for an app
Updates the webhook configuration for a GitHub App. For more information about configuring a webhook for your app, see "Creating a GitHub App."
You must use a JWT to access this endpoint.
octokit.rest.apps.updateWebhookConfigForApp();
Parameters
name | required | description |
---|---|---|
url | no |
The URL to which the payloads will be delivered. |
content_type | no |
The media type used to serialize the payloads. Supported values include |
secret | no |
If provided, the |
insecure_ssl | no |
See also: GitHub Developer Guide documentation.
Billing
Get GitHub Actions billing for an organization
Gets the summary of the free and paid GitHub Actions minutes used.
Paid minutes only apply to workflows in private repositories that use GitHub-hosted runners. Minutes used is listed for each GitHub-hosted runner operating system. Any job re-runs are also included in the usage. The usage returned includes any minute multipliers for macOS and Windows runners, and is rounded up to the nearest whole minute. For more information, see "Managing billing for GitHub Actions".
OAuth app tokens and personal access tokens (classic) need the repo
or admin:org
scope to use this endpoint.
octokit.rest.billing.getGithubActionsBillingOrg({
org,
});
Parameters
name | required | description |
---|---|---|
org | yes |
The organization name. The name is not case sensitive. |
See also: GitHub Developer Guide documentation.
Get GitHub Actions billing for a user
Gets the summary of the free and paid GitHub Actions minutes used.
Paid minutes only apply to workflows in private repositories that use GitHub-hosted runners. Minutes used is listed for each GitHub-hosted runner operating system. Any job re-runs are also included in the usage. The usage returned includes any minute multipliers for macOS and Windows runners, and is rounded up to the nearest whole minute. For more information, see "Managing billing for GitHub Actions".
OAuth app tokens and personal access tokens (classic) need the user
scope to use this endpoint.
octokit.rest.billing.getGithubActionsBillingUser({
username,
});
Parameters
name | required | description |
---|---|---|
username | yes |
The handle for the GitHub user account. |
See also: GitHub Developer Guide documentation.
Get billing usage report for an organization
Gets a report of the total usage for an organization. To use this endpoint, you must be an administrator of an organization within an enterprise or an organization account.
Note: This endpoint is only available to organizations with access to the enhanced billing platform. For more information, see "About the enhanced billing platform."
octokit.rest.billing.getGithubBillingUsageReportOrg({
org,
});
Parameters
name | required | description |
---|---|---|
org | yes |
The organization name. The name is not case sensitive. |
year | no |
If specified, only return results for a single year. The value of |
month | no |
If specified, only return results for a single month. The value of |
day | no |
If specified, only return results for a single day. The value of |
hour | no |
If specified, only return results for a single hour. The value of |
See also: GitHub Developer Guide documentation.
Get GitHub Packages billing for an organization
Gets the free and paid storage used for GitHub Packages in gigabytes.
Paid minutes only apply to packages stored for private repositories. For more information, see "Managing billing for GitHub Packages."
OAuth app tokens and personal access tokens (classic) need the repo
or admin:org
scope to use this endpoint.
octokit.rest.billing.getGithubPackagesBillingOrg({
org,
});
Parameters
name | required | description |
---|---|---|
org | yes |
The organization name. The name is not case sensitive. |
See also: GitHub Developer Guide documentation.
Get GitHub Packages billing for a user
Gets the free and paid storage used for GitHub Packages in gigabytes.
Paid minutes only apply to packages stored for private repositories. For more information, see "Managing billing for GitHub Packages."
OAuth app tokens and personal access tokens (classic) need the user
scope to use this endpoint.
octokit.rest.billing.getGithubPackagesBillingUser({
username,
});
Parameters
name | required | description |
---|---|---|
username | yes |
The handle for the GitHub user account. |
See also: GitHub Developer Guide documentation.
Get shared storage billing for an organization
Gets the estimated paid and estimated total storage used for GitHub Actions and GitHub Packages.
Paid minutes only apply to packages stored for private repositories. For more information, see "Managing billing for GitHub Packages."
OAuth app tokens and personal access tokens (classic) need the repo
or admin:org
scope to use this endpoint.
octokit.rest.billing.getSharedStorageBillingOrg({
org,
});
Parameters
name | required | description |
---|---|---|
org | yes |
The organization name. The name is not case sensitive. |
See also: GitHub Developer Guide documentation.
Get shared storage billing for a user
Gets the estimated paid and estimated total storage used for GitHub Actions and GitHub Packages.
Paid minutes only apply to packages stored for private repositories. For more information, see "Managing billing for GitHub Packages."
OAuth app tokens and personal access tokens (classic) need the user
scope to use this endpoint.
octokit.rest.billing.getSharedStorageBillingUser({
username,
});
Parameters
name | required | description |
---|---|---|
username | yes |
The handle for the GitHub user account. |
See also: GitHub Developer Guide documentation.
Checks
Create a check run
Note: The Checks API only looks for pushes in the repository where the check suite or check run were created. Pushes to a branch in a forked repository are not detected and return an empty pull_requests
array.
Creates a new check run for a specific commit in a repository. Your GitHub App must have the checks:write
permission to create check runs.
In a check suite, GitHub limits the number of check runs with the same name to 1000. Once these check runs exceed 1000, GitHub will start to automatically delete older check runs.
octokit.rest.checks.create({
owner,
repo,
name,
head_sha,
output.title,
output.summary,
output.annotations[].path,
output.annotations[].start_line,
output.annotations[].end_line,
output.annotations[].annotation_level,
output.annotations[].message,
output.images[].alt,
output.images[].image_url,
actions[].label,
actions[].description,
actions[].identifier
})
Parameters
name | required | description |
---|---|---|
owner | yes |
The account owner of the repository. The name is not case sensitive. |
repo | yes |
The name of the repository. The name is not case sensitive. |
name | yes |
The name of the check. For example, "code-coverage". |
head_sha | yes |
The SHA of the commit. |
details_url | no |
The URL of the integrator's site that has the full details of the check. If the integrator does not provide this, then the homepage of the GitHub app is used. |
external_id | no |
A reference for the run on the integrator's system. |
status | no |
The current status. |
started_at | no |
The time that the check run began. This is a timestamp in ISO 8601 format: |
conclusion | no |
Required if you provide |
completed_at | no |
The time the check completed. This is a timestamp in ISO 8601 format: |
output | no |
Check runs can accept a variety of data in the |
output.title | yes |
The title of the check run. |
output.summary | yes |
The summary of the check run. This parameter supports Markdown. Maximum length: 65535 characters. |
output.text | no |
The details of the check run. This parameter supports Markdown. Maximum length: 65535 characters. |
output.annotations | no |
Adds information from your analysis to specific lines of code. Annotations are visible on GitHub in the Checks and Files changed tab of the pull request. The Checks API limits the number of annotations to a maximum of 50 per API request. To create more than 50 annotations, you have to make multiple requests to the Update a check run endpoint. Each time you update the check run, annotations are appended to the list of annotations that already exist for the check run. GitHub Actions are limited to 10 warning annotations and 10 error annotations per step. For details about how you can view annotations on GitHub, see "About status checks". |
output.annotations[].path | yes |
The path of the file to add an annotation to. For example, |
output.annotations[].start_line | yes |
The start line of the annotation. Line numbers start at 1. |
output.annotations[].end_line | yes |
The end line of the annotation. |
output.annotations[].start_column | no |
The start column of the annotation. Annotations only support |
output.annotations[].end_column | no |
The end column of the annotation. Annotations only support |
output.annotations[].annotation_level | yes |
The level of the annotation. |
output.annotations[].message | yes |
A short description of the feedback for these lines of code. The maximum size is 64 KB. |
output.annotations[].title | no |
The title that represents the annotation. The maximum size is 255 characters. |
output.annotations[].raw_details | no |
Details about this annotation. The maximum size is 64 KB. |
output.images | no |
Adds images to the output displayed in the GitHub pull request UI. |
output.images[].alt | yes |
The alternative text for the image. |
output.images[].image_url | yes |
The full URL of the image. |
output.images[].caption | no |
A short image description. |
actions | no |
Displays a button on GitHub that can be clicked to alert your app to do additional tasks. For example, a code linting app can display a button that automatically fixes detected errors. The button created in this object is displayed after the check run completes. When a user clicks the button, GitHub sends the |
actions[].label | yes |
The text to be displayed on a button in the web UI. The maximum size is 20 characters. |
actions[].description | yes |
A short explanation of what this action would do. The maximum size is 40 characters. |
actions[].identifier | yes |
A reference for the action on the integrator's system. The maximum size is 20 characters. |
See also: GitHub Developer Guide documentation.
Create a check suite
Creates a check suite manually. By default, check suites are automatically created when you create a check run. You only need to use this endpoint for manually creating check suites when you've disabled automatic creation using "Update repository preferences for check suites".
[!NOTE] The Checks API only looks for pushes in the repository where the check suite or check run were created. Pushes to a branch in a forked repository are not detected and return an empty
pull_requests
array and anull
value forhead_branch
.
OAuth apps and personal access tokens (classic) cannot use this endpoint.
octokit.rest.checks.createSuite({
owner,
repo,
head_sha,
});
Parameters
name | required | description |
---|---|---|
owner | yes |
The account owner of the repository. The name is not case sensitive. |
repo | yes |
The name of the repository without the |
head_sha | yes |
The sha of the head commit. |
See also: GitHub Developer Guide documentation.
Get a check run
Gets a single check run using its id
.
[!NOTE] The Checks API only looks for pushes in the repository where the check suite or check run were created. Pushes to a branch in a forked repository are not detected and return an empty
pull_requests
array.
OAuth app tokens and personal access tokens (classic) need the repo
scope to use this endpoint on a private repository.
octokit.rest.checks.get({
owner,
repo,
check_run_id,
});
Parameters
name | required | description |
---|---|---|
owner | yes |
The account owner of the repository. The name is not case sensitive. |
repo | yes |
The name of the repository without the |
check_run_id | yes |
The unique identifier of the check run. |
See also: GitHub Developer Guide documentation.
Get a check suite
Gets a single check suite using its id
.
[!NOTE] The Checks API only looks for pushes in the repository where the check suite or check run were created. Pushes to a branch in a forked repository are not detected and return an empty
pull_requests
array and anull
value forhead_branch
.
OAuth app tokens and personal access tokens (classic) need the repo
scope to use this endpoint on a private repository.
octokit.rest.checks.getSuite({
owner,
repo,
check_suite_id,
});
Parameters
name | required | description |
---|---|---|
owner | yes |
The account owner of the repository. The name is not case sensitive. |
repo | yes |
The name of the repository without the |
check_suite_id | yes |
The unique identifier of the check suite. |
See also: GitHub Developer Guide documentation.
List check run annotations
Lists annotations for a check run using the annotation id
.
OAuth app tokens and personal access tokens (classic) need the repo
scope to use this endpoint on a private repository.
octokit.rest.checks.listAnnotations({
owner,
repo,
check_run_id,
});
Parameters
name | required | description |
---|---|---|
owner | yes |
The account owner of the repository. The name is not case sensitive. |
repo | yes |
The name of the repository without the |
check_run_id | yes |
The unique identifier of the check run. |
per_page | no |
The number of results per page (max 100). For more information, see "Using pagination in the REST API." |
page | no |
The page number of the results to fetch. For more information, see "Using pagination in the REST API." |
See also: GitHub Developer Guide documentation.
List check runs for a Git reference
Lists check runs for a commit ref. The ref
can be a SHA, branch name, or a tag name.
[!NOTE] The endpoints to manage checks only look for pushes in the repository where the check suite or check run were created. Pushes to a branch in a forked repository are not detected and return an empty
pull_requests
array.
If there are more than 1000 check suites on a single git reference, this endpoint will limit check runs to the 1000 most recent check suites. To iterate over all possible check runs, use the List check suites for a Git reference endpoint and provide the check_suite_id
parameter to the List check runs in a check suite endpoint.
OAuth app tokens and personal access tokens (classic) need the repo
scope to use this endpoint on a private repository.
octokit.rest.checks.listForRef({
owner,
repo,
ref,
});
Parameters
name | required | description |
---|---|---|
owner | yes |
The account owner of the repository. The name is not case sensitive. |
repo | yes |
The name of the repository without the |
ref | yes |
The commit reference. Can be a commit SHA, branch name ( |
check_name | no |
Returns check runs with the specified |
status | no |
Returns check runs with the specified |
filter | no |
Filters check runs by their |
per_page | no |
The number of results per page (max 100). For more information, see "Using pagination in the REST API." |
page | no |
The page number of the results to fetch. For more information, see "Using pagination in the REST API." |
app_id | no |
See also: GitHub Developer Guide documentation.
List check runs in a check suite
Lists check runs for a check suite using its id
.
[!NOTE] The endpoints to manage checks only look for pushes in the repository where the check suite or check run were created. Pushes to a branch in a forked repository are not detected and return an empty
pull_requests
array.
OAuth app tokens and personal access tokens (classic) need the repo
scope to use this endpoint on a private repository.
octokit.rest.checks.listForSuite({
owner,
repo,
check_suite_id,
});
Parameters
name | required | description |
---|---|---|
owner | yes |
The account owner of the repository. The name is not case sensitive. |
repo | yes |
The name of the repository without the |
check_suite_id | yes |
The unique identifier of the check suite. |
check_name | no |
Returns check runs with the specified |
status | no |
Returns check runs with the specified |
filter | no |
Filters check runs by their |
per_page | no |
The number of results per page (max 100). For more information, see "Using pagination in the REST API." |
page | no |
The page number of the results to fetch. For more information, see "Using pagination in the REST API." |
See also: GitHub Developer Guide documentation.
List check suites for a Git reference
Lists check suites for a commit ref
. The ref
can be a SHA, branch name, or a tag name.
[!NOTE] The endpoints to manage checks only look for pushes in the repository where the check suite or check run were created. Pushes to a branch in a forked repository are not detected and return an empty
pull_requests
array and anull
value forhead_branch
.
OAuth app tokens and personal access tokens (classic) need the repo
scope to use this endpoint on a private repository.
octokit.rest.checks.listSuitesForRef({
owner,
repo,
ref,
});
Parameters
name | required | description |
---|---|---|
owner | yes |
The account owner of the repository. The name is not case sensitive. |
repo | yes |
The name of the repository without the |
ref | yes |
The commit reference. Can be a commit SHA, branch name ( |
app_id | no |
Filters check suites by GitHub App |
check_name | no |
Returns check runs with the specified |
per_page | no |
The number of results per page (max 100). For more information, see "Using pagination in the REST API." |
page | no |
The page number of the results to fetch. For more information, see "Using pagination in the REST API." |
See also: GitHub Developer Guide documentation.
Rerequest a check run
Triggers GitHub to rerequest an existing check run, without pushing new code to a repository. This endpoint will trigger the check_run
webhook event with the action rerequested
. When a check run is rerequested
, its status
is reset to queued
and the conclusion
is cleared.
For more information about how to re-run GitHub Actions jobs, see "Re-run a job from a workflow run".
OAuth apps and personal access tokens (classic) cannot use this endpoint.
octokit.rest.checks.rerequestRun({
owner,
repo,
check_run_id,
});
Parameters
name | required | description |
---|---|---|
owner | yes |
The account owner of the repository. The name is not case sensitive. |
repo | yes |
The name of the repository without the |
check_run_id | yes |
The unique identifier of the check run. |
See also: GitHub Developer Guide documentation.
Rerequest a check suite
Triggers GitHub to rerequest an existing check suite, without pushing new code to a repository. This endpoint will trigger the check_suite
webhook event with the action rerequested
. When a check suite is rerequested
, its status
is reset to queued
and the conclusion
is cleared.
OAuth apps and personal access tokens (classic) cannot use this endpoint.
octokit.rest.checks.rerequestSuite({
owner,
repo,
check_suite_id,
});
Parameters
name | required | description |
---|---|---|
owner | yes |
The account owner of the repository. The name is not case sensitive. |
repo | yes |
The name of the repository without the |
check_suite_id | yes |
The unique identifier of the check suite. |
See also: GitHub Developer Guide documentation.
Update repository preferences for check suites
Changes the default automatic flow when creating check suites. By default, a check suite is automatically created each time code is pushed to a repository. When you disable the automatic creation of check suites, you can manually Create a check suite. You must have admin permissions in the repository to set preferences for check suites.
octokit.rest.checks.setSuitesPreferences({
owner,
repo,
auto_trigger_checks[].app_id,
auto_trigger_checks[].setting
})
Parameters
name | required | description |
---|---|---|
owner | yes |
The account owner of the repository. The name is not case sensitive. |
repo | yes |
The name of the repository without the |
auto_trigger_checks | no |
Enables or disables automatic creation of CheckSuite events upon pushes to the repository. Enabled by default. |
auto_trigger_checks[].app_id | yes |
The |
auto_trigger_checks[].setting | yes |
Set to |
See also: GitHub Developer Guide documentation.
Update a check run
Updates a check run for a specific commit in a repository.
[!NOTE] The endpoints to manage checks only look for pushes in the repository where the check suite or check run were created. Pushes to a branch in a forked repository are not detected and return an empty
pull_requests
array.
OAuth apps and personal access tokens (classic) cannot use this endpoint.
octokit.rest.checks.update({
owner,
repo,
check_run_id,
output.summary,
output.annotations[].path,
output.annotations[].start_line,
output.annotations[].end_line,
output.annotations[].annotation_level,
output.annotations[].message,
output.images[].alt,
output.images[].image_url,
actions[].label,
actions[].description,
actions[].identifier
})
Parameters
name | required | description |
---|---|---|
owner | yes |
The account owner of the repository. The name is not case sensitive. |
repo | yes |
The name of the repository without the |
check_run_id | yes |
The unique identifier of the check run. |
name | no |
The name of the check. For example, "code-coverage". |
details_url | no |
The URL of the integrator's site that has the full details of the check. |
external_id | no |
A reference for the run on the integrator's system. |
started_at | no |
This is a timestamp in ISO 8601 format: |
status | no |
The current status of the check run. Only GitHub Actions can set a status of |
conclusion | no |
Required if you provide |
completed_at | no |
The time the check completed. This is a timestamp in ISO 8601 format: |
output | no |
Check runs can accept a variety of data in the |
output.title | no |
Required. |
output.summary | yes |
Can contain Markdown. |
output.text | no |
Can contain Markdown. |
output.annotations | no |
Adds information from your analysis to specific lines of code. Annotations are visible in GitHub's pull request UI. Annotations are visible in GitHub's pull request UI. The Checks API limits the number of annotations to a maximum of 50 per API request. To create more than 50 annotations, you have to make multiple requests to the Update a check run endpoint. Each time you update the check run, annotations are appended to the list of annotations that already exist for the check run. GitHub Actions are limited to 10 warning annotations and 10 error annotations per step. For details about annotations in the UI, see "About status checks". |
output.annotations[].path | yes |
The path of the file to add an annotation to. For example, |
output.annotations[].start_line | yes |
The start line of the annotation. Line numbers start at 1. |
output.annotations[].end_line | yes |
The end line of the annotation. |
output.annotations[].start_column | no |
The start column of the annotation. Annotations only support |
output.annotations[].end_column | no |
The end column of the annotation. Annotations only support |
output.annotations[].annotation_level | yes |
The level of the annotation. |
output.annotations[].message | yes |
A short description of the feedback for these lines of code. The maximum size is 64 KB. |
output.annotations[].title | no |
The title that represents the annotation. The maximum size is 255 characters. |
output.annotations[].raw_details | no |
Details about this annotation. The maximum size is 64 KB. |
output.images | no |
Adds images to the output displayed in the GitHub pull request UI. |
output.images[].alt | yes |
The alternative text for the image. |
output.images[].image_url | yes |
The full URL of the image. |
output.images[].caption | no |
A short image description. |
actions | no |
Possible further actions the integrator can perform, which a user may trigger. Each action includes a |
actions[].label | yes |
The text to be displayed on a button in the web UI. The maximum size is 20 characters. |
actions[].description | yes |
A short explanation of what this action would do. The maximum size is 40 characters. |
actions[].identifier | yes |
A reference for the action on the integrator's system. The maximum size is 20 characters. |
See also: GitHub Developer Guide documentation.
Code-Scanning
Commit an autofix for a code scanning alert
Commits an autofix for a code scanning alert.
If an autofix is commited as a result of this request, then this endpoint will return a 201 Created response.
OAuth app tokens and personal access tokens (classic) need the repo
scope to use this endpoint with private or public repositories, or the public_repo
scope to use this endpoint with only public repositories.
octokit.rest.codeScanning.commitAutofix({
owner,
repo,
alert_number,
});
Parameters
name | required | description |
---|---|---|
owner | yes |
The account owner of the repository. The name is not case sensitive. |
repo | yes |
The name of the repository without the |
alert_number | yes |
The number that identifies an alert. You can find this at the end of the URL for a code scanning alert within GitHub, and in the |
target_ref | no |
The Git reference of target branch for the commit. Branch needs to already exist. For more information, see "Git References" in the Git documentation. |
message | no |
Commit message to be used. |
See also: GitHub Developer Guide documentation.
Create an autofix for a code scanning alert
Creates an autofix for a code scanning alert.
If a new autofix is to be created as a result of this request or is currently being generated, then this endpoint will return a 202 Accepted response.
If an autofix already exists for a given alert, then this endpoint will return a 200 OK response.
OAuth app tokens and personal access tokens (classic) need the security_events
scope to use this endpoint with private or public repositories, or the public_repo
scope to use this endpoint with only public repositories.
octokit.rest.codeScanning.createAutofix({
owner,
repo,
alert_number,
});
Parameters
name | required | description |
---|---|---|
owner | yes |
The account owner of the repository. The name is not case sensitive. |
repo | yes |
The name of the repository without the |
alert_number | yes |
The number that identifies an alert. You can find this at the end of the URL for a code scanning alert within GitHub, and in the |
See also: GitHub Developer Guide documentation.
Create a CodeQL variant analysis
Creates a new CodeQL variant analysis, which will run a CodeQL query against one or more repositories.
Get started by learning more about running CodeQL queries at scale with Multi-Repository Variant Analysis.
Use the owner
and repo
parameters in the URL to specify the controller repository that
will be used for running GitHub Actions workflows and storing the results of the CodeQL variant analysis.
OAuth app tokens and personal access tokens (classic) need the repo
scope to use this endpoint.
octokit.rest.codeScanning.createVariantAnalysis({
owner,
repo,
});
Parameters
name | required | description |
---|---|---|
owner | yes |
The account owner of the repository. The name is not case sensitive. |
repo | yes |
The name of the repository without the |
See also: GitHub Developer Guide documentation.
Delete a code scanning analysis from a repository
Deletes a specified code scanning analysis from a repository.
You can delete one analysis at a time. To delete a series of analyses, start with the most recent analysis and work backwards. Conceptually, the process is similar to the undo function in a text editor.
When you list the analyses for a repository, one or more will be identified as deletable in the response:
"deletable": true
An analysis is deletable when it's the most recent in a set of analyses. Typically, a repository will have multiple sets of analyses for each enabled code scanning tool, where a set is determined by a unique combination of analysis values:
ref
tool
category
If you attempt to delete an analysis that is not the most recent in a set, you'll get a 400 response with the message:
Analysis specified is not deletable.
The response from a successful DELETE
operation provides you with
two alternative URLs for deleting the next analysis in the set:
next_analysis_url
and confirm_delete_url
.
Use the next_analysis_url
URL if you want to avoid accidentally deleting the final analysis
in a set. This is a useful option if you want to preserve at least one analysis
for the specified tool in your repository.
Use the confirm_delete_url
URL if you are content to remove all analyses for a tool.
When you delete the last analysis in a set, the value of next_analysis_url
and confirm_delete_url
in the 200 response is null
.
As an example of the deletion process, let's imagine that you added a workflow that configured a particular code scanning tool to analyze the code in a repository. This tool has added 15 analyses: 10 on the default branch, and another 5 on a topic branch. You therefore have two separate sets of analyses for this tool. You've now decided that you want to remove all of the analyses for the tool. To do this you must make 15 separate deletion requests. To start, you must find an analysis that's identified as deletable. Each set of analyses always has one that's identified as deletable. Having found the deletable analysis for one of the two sets, delete this analysis and then continue deleting the next analysis in the set until they're all deleted. Then repeat the process for the second set. The procedure therefore consists of a nested loop:
Outer loop:
-
List the analyses for the repository, filtered by tool.
-
Parse this list to find a deletable analysis. If found:
Inner loop:
- Delete the identified analysis.
- Parse the response for the value of
confirm_delete_url
and, if found, use this in the next iteration.
The above process assumes that you want to remove all trace of the tool's analyses from the GitHub user interface, for the specified repository, and it therefore uses the confirm_delete_url
value. Alternatively, you could use the next_analysis_url
value, which would leave the last analysis in each set undeleted to avoid removing a tool's analysis entirely.
OAuth app tokens and personal access tokens (classic) need the repo
scope to use this endpoint with private or public repositories, or the public_repo
scope to use this endpoint with only public repositories.
octokit.rest.codeScanning.deleteAnalysis({
owner,
repo,
analysis_id,
});
Parameters
name | required | description |
---|---|---|
owner | yes |
The account owner of the repository. The name is not case sensitive. |
repo | yes |
The name of the repository without the |
analysis_id | yes |
The ID of the analysis, as returned from the |
confirm_delete | no |
Allow deletion if the specified analysis is the last in a set. If you attempt to delete the final analysis in a set without setting this parameter to |
See also: GitHub Developer Guide documentation.
Delete a CodeQL database
Deletes a CodeQL database for a language in a repository.
OAuth app tokens and personal access tokens (classic) need the repo
scope to use this endpoint with private or public repositories, or the public_repo
scope to use this endpoint with only public repositories.
octokit.rest.codeScanning.deleteCodeqlDatabase({
owner,
repo,
language,
});
Parameters
name | required | description |
---|---|---|
owner | yes |
The account owner of the repository. The name is not case sensitive. |
repo | yes |
The name of the repository without the |
language | yes |
The language of the CodeQL database. |
See also: GitHub Developer Guide documentation.
Get a code scanning alert
Gets a single code scanning alert.
OAuth app tokens and personal access tokens (classic) need the security_events
scope to use this endpoint with private or public repositories, or the public_repo
scope to use this endpoint with only public repositories.
octokit.rest.codeScanning.getAlert({
owner,
repo,
alert_number,
});
Parameters
name | required | description |
---|---|---|
owner | yes |
The account owner of the repository. The name is not case sensitive. |
repo | yes |
The name of the repository without the |
alert_number | yes |
The number that identifies an alert. You can find this at the end of the URL for a code scanning alert within GitHub, and in the |
alert_id | no |
The number that identifies an alert. You can find this at the end of the URL for a code scanning alert within GitHub, and in the |
See also: GitHub Developer Guide documentation.
Get a code scanning analysis for a repository
Gets a specified code scanning analysis for a repository.
The default JSON response contains fields that describe the analysis. This includes the Git reference and commit SHA to which the analysis relates, the datetime of the analysis, the name of the code scanning tool, and the number of alerts.
The rules_count
field in the default response give the number of rules
that were run in the analysis.
For very old analyses this data is not available,
and 0
is returned in this field.
This endpoint supports the following custom media types. For more information, see "Media types."
application/sarif+json
: Instead of returning a summary of the analysis, this endpoint returns a subset of the analysis data that was uploaded. The data is formatted as SARIF version 2.1.0. It also returns additional data such as thegithub/alertNumber
andgithub/alertUrl
properties.
OAuth app tokens and personal access tokens (classic) need the security_events
scope to use this endpoint with private or public repositories, or the public_repo
scope to use this endpoint with only public repositories.
octokit.rest.codeScanning.getAnalysis({
owner,
repo,
analysis_id,
});
Parameters
name | required | description |
---|---|---|
owner | yes |
The account owner of the repository. The name is not case sensitive. |
repo | yes |
The name of the repository without the |
analysis_id | yes |
The ID of the analysis, as returned from the |
See also: GitHub Developer Guide documentation.
Get the status of an autofix for a code scanning alert
Gets the status and description of an autofix for a code scanning alert.
OAuth app tokens and personal access tokens (classic) need the security_events
scope to use this endpoint with private or public repositories, or the public_repo
scope to use this endpoint with only public repositories.
octokit.rest.codeScanning.getAutofix({
owner,
repo,
alert_number,
});
Parameters
name | required | description |
---|---|---|
owner | yes |
The account owner of the repository. The name is not case sensitive. |
repo | yes |
The name of the repository without the |
alert_number | yes |
The number that identifies an alert. You can find this at the end of the URL for a code scanning alert within GitHub, and in the |
See also: GitHub Developer Guide documentation.
Get a CodeQL database for a repository
Gets a CodeQL database for a language in a repository.
By default this endpoint returns JSON metadata about the CodeQL database. To
download the CodeQL database binary content, set the Accept
header of the request
to application/zip
, and make sure
your HTTP client is configured to follow redirects or use the Location
header
to make a second request to get the redirect URL.
OAuth app tokens and personal access tokens (classic) need the repo
scope to use this endpoint with private or public repositories, or the public_repo
scope to use this endpoint with only public repositories.
octokit.rest.codeScanning.getCodeqlDatabase({
owner,
repo,
language,
});
Parameters
name | required | description |
---|---|---|
owner | yes |
The account owner of the repository. The name is not case sensitive. |
repo | yes |
The name of the repository without the |
language | yes |
The language of the CodeQL database. |
See also: GitHub Developer Guide documentation.
Get a code scanning default setup configuration
Gets a code scanning default setup configuration.
OAuth app tokens and personal access tokens (classic) need the repo
scope to use this endpoint with private or public repositories, or the public_repo
scope to use this endpoint with only public repositories.
octokit.rest.codeScanning.getDefaultSetup({
owner,
repo,
});
Parameters
name | required | description |
---|---|---|
owner | yes |
The account owner of the repository. The name is not case sensitive. |
repo | yes |
The name of the repository without the |
See also: GitHub Developer Guide documentation.
Get information about a SARIF upload
Gets information about a SARIF upload, including the status and the URL of the analysis that was uploaded so that you can retrieve details of the analysis. For more information, see "Get a code scanning analysis for a repository."
OAuth app tokens and personal access tokens (classic) need the security_events
scope to use this endpoint with private or public repositories, or the public_repo
scope to use this endpoint with only public repositories.
octokit.rest.codeScanning.getSarif({
owner,
repo,
sarif_id,
});
Parameters
name | required | description |
---|---|---|
owner | yes |
The account owner of the repository. The name is not case sensitive. |
repo | yes |
The name of the repository without the |
sarif_id | yes |
The SARIF ID obtained after uploading. |
See also: GitHub Developer Guide documentation.
Get the summary of a CodeQL variant analysis
Gets the summary of a CodeQL variant analysis.
OAuth app tokens and personal access tokens (classic) need the security_events
scope to use this endpoint with private or public repositories, or the public_repo
scope to use this endpoint with only public repositories.
octokit.rest.codeScanning.getVariantAnalysis({
owner,
repo,
codeql_variant_analysis_id,
});
Parameters
name | required | description |
---|---|---|
owner | yes |
The account owner of the repository. The name is not case sensitive. |
repo | yes |
The name of the repository without the |
codeql_variant_analysis_id | yes |
The unique identifier of the variant analysis. |
See also: GitHub Developer Guide documentation.
Get the analysis status of a repository in a CodeQL variant analysis
Gets the analysis status of a repository in a CodeQL variant analysis.
OAuth app tokens and personal access tokens (classic) need the security_events
scope to use this endpoint with private or public repositories, or the public_repo
scope to use this endpoint with only public repositories.
octokit.rest.codeScanning.getVariantAnalysisRepoTask({
owner,
repo,
codeql_variant_analysis_id,
repo_owner,
repo_name,
});
Parameters
name | required | description |
---|---|---|
owner | yes |
The account owner of the repository. The name is not case sensitive. |
repo | yes |
The name of the controller repository. |
codeql_variant_analysis_id | yes |
The ID of the variant analysis. |
repo_owner | yes |
The account owner of the variant analysis repository. The name is not case sensitive. |
repo_name | yes |
The name of the variant analysis repository. |
See also: GitHub Developer Guide documentation.
List instances of a code scanning alert
Lists all instances of the specified code scanning alert.
OAuth app tokens and personal access tokens (classic) need the security_events
scope to use this endpoint with private or public repositories, or the public_repo
scope to use this endpoint with only public repositories.
octokit.rest.codeScanning.listAlertInstances({
owner,
repo,
alert_number,
});
Parameters
name | required | description |
---|---|---|
owner | yes |
The account owner of the repository. The name is not case sensitive. |
repo | yes |
The name of the repository without the |
alert_number | yes |
The number that identifies an alert. You can find this at the end of the URL for a code scanning alert within GitHub, and in the |
page | no |
The page number of the results to fetch. For more information, see "Using pagination in the REST API." |
per_page | no |
The number of results per page (max 100). For more information, see "Using pagination in the REST API." |
ref | no |
The Git reference for the results you want to list. The |
pr | no |
The number of the pull request for the results you want to list. |
See also: GitHub Developer Guide documentation.
List code scanning alerts for an organization
Lists code scanning alerts for the default branch for all eligible repositories in an organization. Eligible repositories are repositories that are owned by organizations that you own or for which you are a security manager. For more information, see "Managing security managers in your organization."
The authenticated user must be an owner or security manager for the organization to use this endpoint.
OAuth app tokens and personal access tokens (classic) need the security_events
or repo
s cope to use this endpoint with private or public repositories, or the public_repo
scope to use this endpoint with only public repositories.
octokit.rest.codeScanning.listAlertsForOrg({
org,
});
Parameters
name | required | description |
---|---|---|
org | yes |
The organization name. The name is not case sensitive. |
tool_name | no |
The name of a code scanning tool. Only results by this tool will be listed. You can specify the tool by using either |
tool_guid | no |
The GUID of a code scanning tool. Only results by this tool will be listed. Note that some code scanning tools may not include a GUID in their analysis data. You can specify the tool by using either |
before | no |
A cursor, as given in the Link header. If specified, the query only searches for results before this cursor. For more information, see "Using pagination in the REST API." |
after | no |
A cursor, as given in the Link header. If specified, the query only searches for results after this cursor. For more information, see "Using pagination in the REST API." |
page | no |
The page number of the results to fetch. For more information, see "Using pagination in the REST API." |
per_page | no |
The number of results per page (max 100). For more information, see "Using pagination in the REST API." |
direction | no |
The direction to sort the results by. |
state | no |
If specified, only code scanning alerts with this state will be returned. |
sort | no |
The property by which to sort the results. |
severity | no |
If specified, only code scanning alerts with this severity will be returned. |
See also: GitHub Developer Guide documentation.
List code scanning alerts for a repository
Lists all open code scanning alerts for the default branch (usually main
or master
). You must use an access token with the security_events
scope to use
this endpoint with private repos, the public_repo
scope also grants permission to read
security events on public repos only. GitHub Apps must have the security_events
read
permission to use this endpoint.
The response includes a most_recent_instance
object.
This provides details of the most recent instance of this alert
for the default branch or for the specified Git reference
(if you used ref
in the request).
octokit.rest.codeScanning.listAlertsForRepo({
owner,
repo,
});
Parameters
name | required | description |
---|---|---|
owner | yes |
The account owner of the repository. The name is not case sensitive. |
repo | yes |
The name of the repository. The name is not case sensitive. |
tool_name | no |
The name of a code scanning tool. Only results by this tool will be listed. You can specify the tool by using either |
tool_guid | no |
The GUID of a code scanning tool. Only results by this tool will be listed. Note that some code scanning tools may not include a GUID in their analysis data. You can specify the tool by using either |
page | no |
Page number of the results to fetch. |
per_page | no |
The number of results per page (max 100). |
ref | no |
The Git reference for the results you want to list. The |
direction | no |
The direction to sort the results by. |
sort | no |
The property by which to sort the results. |
state | no |
Set to |
See also: GitHub Developer Guide documentation.
List instances of a code scanning alert
Deprecated: This method has been renamed to codeScanning.listAlertInstances
Lists all instances of the specified code scanning alert.
OAuth app tokens and personal access tokens (classic) need the security_events
scope to use this endpoint with private or public repositories, or the public_repo
scope to use this endpoint with only public repositories.
octokit.rest.codeScanning.listAlertsInstances({
owner,
repo,
alert_number,
});
Parameters
name | required | description |
---|---|---|
owner | yes |
The account owner of the repository. The name is not case sensitive. |
repo | yes |
The name of the repository without the |
alert_number | yes |
The number that identifies an alert. You can find this at the end of the URL for a code scanning alert within GitHub, and in the |
page | no |
The page number of the results to fetch. For more information, see "Using pagination in the REST API." |
per_page | no |
The number of results per page (max 100). For more information, see "Using pagination in the REST API." |
ref | no |
The Git reference for the results you want to list. The |
pr | no |
The number of the pull request for the results you want to list. |
See also: GitHub Developer Guide documentation.
List CodeQL databases for a repository
Lists the CodeQL databases that are available in a repository.
OAuth app tokens and personal access tokens (classic) need the repo
scope to use this endpoint with private or public repositories, or the public_repo
scope to use this endpoint with only public repositories.
octokit.rest.codeScanning.listCodeqlDatabases({
owner,
repo,
});
Parameters
name | required | description |
---|---|---|
owner | yes |
The account owner of the repository. The name is not case sensitive. |
repo | yes |
The name of the repository without the |
See also: GitHub Developer Guide documentation.
List code scanning analyses for a repository
Lists the details of all code scanning analyses for a repository,
starting with the most recent.
The response is paginated and you can use the page
and per_page
parameters
to list the analyses you're interested in.
By default 30 analyses are listed per page.
The rules_count
field in the response give the number of rules
that were run in the analysis.
For very old analyses this data is not available,
and 0
is returned in this field.
[!WARNING] > Closing down notice: The
tool_name
field is closing down and will, in future, not be included in the response for this endpoint. The example response reflects this change. The tool name can now be found inside thetool
field.
OAuth app tokens and personal access tokens (classic) need the security_events
scope to use this endpoint with private or public repositories, or the public_repo
scope to use this endpoint with only public repositories.
octokit.rest.codeScanning.listRecentAnalyses({
owner,
repo,
});
Parameters
name | required | description |
---|---|---|
owner | yes |
The account owner of the repository. The name is not case sensitive. |
repo | yes |
The name of the repository without the |
tool_name | no |
The name of a code scanning tool. Only results by this tool will be listed. You can specify the tool by using either |
tool_guid | no |
The GUID of a code scanning tool. Only results by this tool will be listed. Note that some code scanning tools may not include a GUID in their analysis data. You can specify the tool by using either |
page | no |
The page number of the results to fetch. For more information, see "Using pagination in the REST API." |
per_page | no |
The number of results per page (max 100). For more information, see "Using pagination in the REST API." |
pr | no |
The number of the pull request for the results you want to list. |
ref | no |
The Git reference for the analyses you want to list. The |
sarif_id | no |
Filter analyses belonging to the same SARIF upload. |
direction | no |
The direction to sort the results by. |
sort | no |
The property by which to sort the results. |
See also: GitHub Developer Guide documentation.
Update a code scanning alert
Updates the status of a single code scanning alert.
OAuth app tokens and personal access tokens (classic) need the security_events
scope to use this endpoint with private or public repositories, or the public_repo
scope to use this endpoint with only public repositories.
octokit.rest.codeScanning.updateAlert({
owner,
repo,
alert_number,
state,
});
Parameters
name | required | description |
---|---|---|
owner | yes |
The account owner of the repository. The name is not case sensitive. |
repo | yes |
The name of the repository without the |
alert_number | yes |
The number that identifies an alert. You can find this at the end of the URL for a code scanning alert within GitHub, and in the |
state | yes |
Sets the state of the code scanning alert. You must provide |
dismissed_reason | no |
Required when the state is dismissed. The reason for dismissing or closing the alert. |
dismissed_comment | no |
The dismissal comment associated with the dismissal of the alert. |
See also: GitHub Developer Guide documentation.
Update a code scanning default setup configuration
Updates a code scanning default setup configuration.
OAuth app tokens and personal access tokens (classic) need the repo
scope to use this endpoint with private or public repositories, or the public_repo
scope to use this endpoint with only public repositories.
octokit.rest.codeScanning.updateDefaultSetup({
owner,
repo,
});
Parameters
name | required | description |
---|---|---|
owner | yes |
The account owner of the repository. The name is not case sensitive. |
repo | yes |
The name of the repository without the |
state | no |
The desired state of code scanning default setup. |
runner_type | no |
Runner type to be used. |
runner_label | no |
Runner label to be used if the runner type is labeled. |
query_suite | no |
CodeQL query suite to be used. |
languages | no |
CodeQL languages to be analyzed. |
See also: GitHub Developer Guide documentation.
Upload an analysis as SARIF data
Uploads SARIF data containing the results of a code scanning analysis to make the results available in a repository. For troubleshooting information, see "Troubleshooting SARIF uploads."
There are two places where you can upload code scanning results.
- If you upload to a pull request, for example
--ref refs/pull/42/merge
or--ref refs/pull/42/head
, then the results appear as alerts in a pull request check. For more information, see "Triaging code scanning alerts in pull requests." - If you upload to a branch, for example
--ref refs/heads/my-branch
, then the results appear in the Security tab for your repository. For more information, see "Managing code scanning alerts for your repository."
You must compress the SARIF-formatted analysis data that you want to upload, using gzip
, and then encode it as a Base64 format string. For example:
gzip -c analysis-data.sarif | base64 -w0
SARIF upload supports a maximum number of entries per the following data objects, and an analysis will be rejected if any of these objects is above its maximum value. For some objects, there are additional values over which the entries will be ignored while keeping the most important entries whenever applicable. To get the most out of your analysis when it includes data above the supported limits, try to optimize the analysis configuration. For example, for the CodeQL tool, identify and remove the most noisy queries. For more information, see "SARIF results exceed one or more limits."
SARIF data | Maximum values | Additional limits |
---|---|---|
Runs per file | 20 | |
Results per run | 25,000 | Only the top 5,000 results will be included, prioritized by severity. |
Rules per run | 25,000 | |
Tool extensions per run | 100 | |
Thread Flow Locations per result | 10,000 | Only the top 1,000 Thread Flow Locations will be included, using prioritization. |
Location per result | 1,000 | Only 100 locations will be included. |
Tags per rule | 20 | Only 10 tags will be included. |
The 202 Accepted
response includes an id
value.
You can use this ID to check the status of the upload by using it in the /sarifs/{sarif_id}
endpoint.
For more information, see "Get information about a SARIF upload."
OAuth app tokens and personal access tokens (classic) need the security_events
scope to use this endpoint with private or public repositories, or the public_repo
scope to use this endpoint with only public repositories.
This endpoint is limited to 1,000 requests per hour for each user or app installation calling it.
octokit.rest.codeScanning.uploadSarif({
owner,
repo,
commit_sha,
ref,
sarif,
});
Parameters
name | required | description |
---|---|---|
owner | yes |
The account owner of the repository. The name is not case sensitive. |
repo | yes |
The name of the repository without the |
commit_sha | yes |
The SHA of the commit to which the analysis you are uploading relates. |
ref | yes |
The full Git reference, formatted as |
sarif | yes |
A Base64 string representing the SARIF file to upload. You must first compress your SARIF file using |
checkout_uri | no |
The base directory used in the analysis, as it appears in the SARIF file. This property is used to convert file paths from absolute to relative, so that alerts can be mapped to their correct location in the repository. |
started_at | no |
The time that the analysis run began. This is a timestamp in ISO 8601 format: |
tool_name | no |
The name of the tool used to generate the code scanning analysis. If this parameter is not used, the tool name defaults to "API". If the uploaded SARIF contains a tool GUID, this will be available for filtering using the |
validate | no |
Whether the SARIF file will be validated according to the code scanning specifications. This parameter is intended to help integrators ensure that the uploaded SARIF files are correctly rendered by code scanning. |
See also: GitHub Developer Guide documentation.
Code-Security
Attach a configuration to repositories
Attach a code security configuration to a set of repositories. If the repositories specified are already attached to a configuration, they will be re-attached to the provided configuration.
If insufficient GHAS licenses are available to attach the configuration to a repository, only free features will be enabled.
The authenticated user must be an administrator or security manager for the organization to use this endpoint.
OAuth app tokens and personal access tokens (classic) need the write:org
scope to use this endpoint.
octokit.rest.codeSecurity.attachConfiguration({
org,
configuration_id,
scope,
});
Parameters
name | required | description |
---|---|---|
org | yes |
The organization name. The name is not case sensitive. |
configuration_id | yes |
The unique identifier of the code security configuration. |
scope | yes |
The type of repositories to attach the configuration to. |
selected_repository_ids | no |
An array of repository IDs to attach the configuration to. You can only provide a list of repository ids when the |
See also: GitHub Developer Guide documentation.
Attach an enterprise configuration to repositories
Attaches an enterprise code security configuration to repositories. If the repositories specified are already attached to a configuration, they will be re-attached to the provided configuration.
If insufficient GHAS licenses are available to attach the configuration to a repository, only free features will be enabled.
The authenticated user must be an administrator for the enterprise to use this endpoint.
OAuth app tokens and personal access tokens (classic) need the admin:enterprise
scope to use this endpoint.
octokit.rest.codeSecurity.attachEnterpriseConfiguration({
enterprise,
configuration_id,
scope,
});
Parameters
name | required | description |
---|---|---|
enterprise | yes |
The slug version of the enterprise name. You can also substitute this value with the enterprise id. |
configuration_id | yes |
The unique identifier of the code security configuration. |
scope | yes |
The type of repositories to attach the configuration to. |
See also: GitHub Developer Guide documentation.
Create a code security configuration
Creates a code security configuration in an organization.
The authenticated user must be an administrator or security manager for the organization to use this endpoint.
OAuth app tokens and personal access tokens (classic) need the write:org
scope to use this endpoint.
octokit.rest.codeSecurity.createConfiguration({
org,
name,
description,
secret_scanning_delegated_bypass_options.reviewers[].reviewer_id,
secret_scanning_delegated_bypass_options.reviewers[].reviewer_type
})
Parameters
name | required | description |
---|---|---|
org | yes |
The organization name. The name is not case sensitive. |
name | yes |
The name of the code security configuration. Must be unique within the organization. |
description | yes |
A description of the code security configuration |
advanced_security | no |
The enablement status of GitHub Advanced Security |
dependency_graph | no |
The enablement status of Dependency Graph |
dependency_graph_autosubmit_action | no |
The enablement status of Automatic dependency submission |
dependency_graph_autosubmit_action_options | no |
Feature options for Automatic dependency submission |
dependency_graph_autosubmit_action_options.labeled_runners | no |
Whether to use runners labeled with 'dependency-submission' or standard GitHub runners. |
dependabot_alerts | no |
The enablement status of Dependabot alerts |
dependabot_security_updates | no |
The enablement status of Dependabot security updates |
code_scanning_default_setup | no |
The enablement status of code scanning default setup |
code_scanning_default_setup_options | no |
Feature options for code scanning default setup |
code_scanning_default_setup_options.runner_type | no |
Whether to use labeled runners or standard GitHub runners. |
code_scanning_default_setup_options.runner_label | no |
The label of the runner to use for code scanning default setup when runner_type is 'labeled'. |
secret_scanning | no |
The enablement status of secret scanning |
secret_scanning_push_protection | no |
The enablement status of secret scanning push protection |
secret_scanning_delegated_bypass | no |
The enablement status of secret scanning delegated bypass |
secret_scanning_delegated_bypass_options | no |
Feature options for secret scanning delegated bypass |
secret_scanning_delegated_bypass_options.reviewers | no |
The bypass reviewers for secret scanning delegated bypass |
secret_scanning_delegated_bypass_options.reviewers[].reviewer_id | yes |
The ID of the team or role selected as a bypass reviewer |
secret_scanning_delegated_bypass_options.reviewers[].reviewer_type | yes |
The type of the bypass reviewer |
secret_scanning_validity_checks | no |
The enablement status of secret scanning validity checks |
secret_scanning_non_provider_patterns | no |
The enablement status of secret scanning non provider patterns |
private_vulnerability_reporting | no |
The enablement status of private vulnerability reporting |
enforcement | no |
The enforcement status for a security configuration |
See also: GitHub Developer Guide documentation.
Create a code security configuration for an enterprise
Creates a code security configuration in an enterprise.
The authenticated user must be an administrator of the enterprise in order to use this endpoint.
OAuth app tokens and personal access tokens (classic) need the admin:enterprise
scope to use this endpoint.
octokit.rest.codeSecurity.createConfigurationForEnterprise({
enterprise,
name,
description,
});
Parameters
name | required | description |
---|---|---|
enterprise | yes |
The slug version of the enterprise name. You can also substitute this value with the enterprise id. |
name | yes |
The name of the code security configuration. Must be unique within the enterprise. |
description | yes |
A description of the code security configuration |
advanced_security | no |
The enablement status of GitHub Advanced Security |
dependency_graph | no |
The enablement status of Dependency Graph |
dependency_graph_autosubmit_action | no |
The enablement status of Automatic dependency submission |
dependency_graph_autosubmit_action_options | no |
Feature options for Automatic dependency submission |
dependency_graph_autosubmit_action_options.labeled_runners | no |
Whether to use runners labeled with 'dependency-submission' or standard GitHub runners. |
dependabot_alerts | no |
The enablement status of Dependabot alerts |
dependabot_security_updates | no |
The enablement status of Dependabot security updates |
code_scanning_default_setup | no |
The enablement status of code scanning default setup |
code_scanning_default_setup_options | no |
Feature options for code scanning default setup |
code_scanning_default_setup_options.runner_type | no |
Whether to use labeled runners or standard GitHub runners. |
code_scanning_default_setup_options.runner_label | no |
The label of the runner to use for code scanning default setup when runner_type is 'labeled'. |
secret_scanning | no |
The enablement status of secret scanning |
secret_scanning_push_protection | no |
The enablement status of secret scanning push protection |
secret_scanning_validity_checks | no |
The enablement status of secret scanning validity checks |
secret_scanning_non_provider_patterns | no |
The enablement status of secret scanning non provider patterns |
private_vulnerability_reporting | no |
The enablement status of private vulnerability reporting |
enforcement | no |
The enforcement status for a security configuration |
See also: GitHub Developer Guide documentation.
Delete a code security configuration
Deletes the desired code security configuration from an organization. Repositories attached to the configuration will retain their settings but will no longer be associated with the configuration.
The authenticated user must be an administrator or security manager for the organization to use this endpoint.
OAuth app tokens and personal access tokens (classic) need the write:org
scope to use this endpoint.
octokit.rest.codeSecurity.deleteConfiguration({
org,
configuration_id,
});
Parameters
name | required | description |
---|---|---|
org | yes |
The organization name. The name is not case sensitive. |
configuration_id | yes |
The unique identifier of the code security configuration. |
See also: GitHub Developer Guide documentation.
Delete a code security configuration for an enterprise
Deletes a code security configuration from an enterprise. Repositories attached to the configuration will retain their settings but will no longer be associated with the configuration.
The authenticated user must be an administrator for the enterprise to use this endpoint.
OAuth app tokens and personal access tokens (classic) need the admin:enterprise
scope to use this endpoint.
octokit.rest.codeSecurity.deleteConfigurationForEnterprise({
enterprise,
configuration_id,
});
Parameters
name | required | description |
---|---|---|
enterprise | yes |
The slug version of the enterprise name. You can also substitute this value with the enterprise id. |
configuration_id | yes |
The unique identifier of the code security configuration. |
See also: GitHub Developer Guide documentation.
Detach configurations from repositories
Detach code security configuration(s) from a set of repositories. Repositories will retain their settings but will no longer be associated with the configuration.
The authenticated user must be an administrator or security manager for the organization to use this endpoint.
OAuth app tokens and personal access tokens (classic) need the write:org
scope to use this endpoint.
octokit.rest.codeSecurity.detachConfiguration({
org,
});
Parameters
name | required | description |
---|---|---|
org | yes |
The organization name. The name is not case sensitive. |
selected_repository_ids | no |
An array of repository IDs to detach from configurations. |
See also: GitHub Developer Guide documentation.
Get a code security configuration
Gets a code security configuration available in an organization.
The authenticated user must be an administrator or security manager for the organization to use this endpoint.
OAuth app tokens and personal access tokens (classic) need the write:org
scope to use this endpoint.
octokit.rest.codeSecurity.getConfiguration({
org,
configuration_id,
});
Parameters
name | required | description |
---|---|---|
org | yes |
The organization name. The name is not case sensitive. |
configuration_id | yes |
The unique identifier of the code security configuration. |
See also: GitHub Developer Guide documentation.
Get the code security configuration associated with a repository
Get the code security configuration that manages a repository's code security settings.
The authenticated user must be an administrator or security manager for the organization to use this endpoint.
OAuth app tokens and personal access tokens (classic) need the repo
scope to use this endpoint.
octokit.rest.codeSecurity.getConfigurationForRepository({
owner,
repo,
});
Parameters
name | required | description |
---|---|---|
owner | yes |
The account owner of the repository. The name is not case sensitive. |
repo | yes |
The name of the repository without the |
See also: GitHub Developer Guide documentation.
Get code security configurations for an enterprise
Lists all code security configurations available in an enterprise.
The authenticated user must be an administrator of the enterprise in order to use this endpoint.
OAuth app tokens and personal access tokens (classic) need the read:enterprise
scope to use this endpoint.
octokit.rest.codeSecurity.getConfigurationsForEnterprise({
enterprise,
});
Parameters
name | required | description |
---|---|---|
enterprise | yes |
The slug version of the enterprise name. You can also substitute this value with the enterprise id. |
per_page | no |
The number of results per page (max 100). For more information, see "Using pagination in the REST API." |
before | no |
A cursor, as given in the Link header. If specified, the query only searches for results before this cursor. For more information, see "Using pagination in the REST API." |
after | no |
A cursor, as given in the Link header. If specified, the query only searches for results after this cursor. For more information, see "Using pagination in the REST API." |
See also: GitHub Developer Guide documentation.
Get code security configurations for an organization
Lists all code security configurations available in an organization.
The authenticated user must be an administrator or security manager for the organization to use this endpoint.
OAuth app tokens and personal access tokens (classic) need the write:org
scope to use this endpoint.
octokit.rest.codeSecurity.getConfigurationsForOrg({
org,
});
Parameters
name | required | description |
---|---|---|
org | yes |
The organization name. The name is not case sensitive. |
target_type | no |
The target type of the code security configuration |
per_page | no |
The number of results per page (max 100). For more information, see "Using pagination in the REST API." |
before | no |
A cursor, as given in the Link header. If specified, the query only searches for results before this cursor. For more information, see "Using pagination in the REST API." |
after | no |
A cursor, as given in the Link header. If specified, the query only searches for results after this cursor. For more information, see "Using pagination in the REST API." |
See also: GitHub Developer Guide documentation.
Get default code security configurations
Lists the default code security configurations for an organization.
The authenticated user must be an administrator or security manager for the organization to use this endpoint.
OAuth app tokens and personal access tokens (classic) need the write:org
scope to use this endpoint.
octokit.rest.codeSecurity.getDefaultConfigurations({
org,
});
Parameters
name | required | description |
---|---|---|
org | yes |
The organization name. The name is not case sensitive. |
See also: GitHub Developer Guide documentation.
Get default code security configurations for an enterprise
Lists the default code security configurations for an enterprise.
The authenticated user must be an administrator of the enterprise in order to use this endpoint.
OAuth app tokens and personal access tokens (classic) need the read:enterprise
scope to use this endpoint.
octokit.rest.codeSecurity.getDefaultConfigurationsForEnterprise({
enterprise,
});
Parameters
name | required | description |
---|---|---|
enterprise | yes |
The slug version of the enterprise name. You can also substitute this value with the enterprise id. |
See also: GitHub Developer Guide documentation.
Get repositories associated with a code security configuration
Lists the repositories associated with a code security configuration in an organization.
The authenticated user must be an administrator or security manager for the organization to use this endpoint.
OAuth app tokens and personal access tokens (classic) need the write:org
scope to use this endpoint.
octokit.rest.codeSecurity.getRepositoriesForConfiguration({
org,
configuration_id,
});
Parameters
name | required | description |
---|---|---|
org | yes |
The organization name. The name is not case sensitive. |
configuration_id | yes |
The unique identifier of the code security configuration. |
per_page | no |
The number of results per page (max 100). For more information, see "Using pagination in the REST API." |
before | no |
A cursor, as given in the Link header. If specified, the query only searches for results before this cursor. For more information, see "Using pagination in the REST API." |
after | no |
A cursor, as given in the Link header. If specified, the query only searches for results after this cursor. For more information, see "Using pagination in the REST API." |
status | no |
A comma-separated list of statuses. If specified, only repositories with these attachment statuses will be returned. Can be: |
See also: GitHub Developer Guide documentation.
Get repositories associated with an enterprise code security configuration
Lists the repositories associated with an enterprise code security configuration in an organization.
The authenticated user must be an administrator of the enterprise in order to use this endpoint.
OAuth app tokens and personal access tokens (classic) need the read:enterprise
scope to use this endpoint.
octokit.rest.codeSecurity.getRepositoriesForEnterpriseConfiguration({
enterprise,
configuration_id,
});
Parameters
name | required | description |
---|---|---|
enterprise | yes |
The slug version of the enterprise name. You can also substitute this value with the enterprise id. |
configuration_id | yes |
The unique identifier of the code security configuration. |
per_page | no |
The number of results per page (max 100). For more information, see "Using pagination in the REST API." |
before | no |
A cursor, as given in the Link header. If specified, the query only searches for results before this cursor. For more information, see "Using pagination in the REST API." |
after | no |
A cursor, as given in the Link header. If specified, the query only searches for results after this cursor. For more information, see "Using pagination in the REST API." |
status | no |
A comma-separated list of statuses. If specified, only repositories with these attachment statuses will be returned. Can be: |
See also: GitHub Developer Guide documentation.
Retrieve a code security configuration of an enterprise
Gets a code security configuration available in an enterprise.
The authenticated user must be an administrator of the enterprise in order to use this endpoint.
OAuth app tokens and personal access tokens (classic) need the read:enterprise
scope to use this endpoint.
octokit.rest.codeSecurity.getSingleConfigurationForEnterprise({
enterprise,
configuration_id,
});
Parameters
name | required | description |
---|---|---|
enterprise | yes |
The slug version of the enterprise name. You can also substitute this value with the enterprise id. |
configuration_id | yes |
The unique identifier of the code security configuration. |
See also: GitHub Developer Guide documentation.
Set a code security configuration as a default for an organization
Sets a code security configuration as a default to be applied to new repositories in your organization.
This configuration will be applied to the matching repository type (all, none, public, private and internal) by default when they are created.
The authenticated user must be an administrator or security manager for the organization to use this endpoint.
OAuth app tokens and personal access tokens (classic) need the write:org
scope to use this endpoint.
octokit.rest.codeSecurity.setConfigurationAsDefault({
org,
configuration_id,
});
Parameters
name | required | description |
---|---|---|
org | yes |
The organization name. The name is not case sensitive. |
configuration_id | yes |
The unique identifier of the code security configuration. |
default_for_new_repos | no |
Specify which types of repository this security configuration should be applied to by default. |
See also: GitHub Developer Guide documentation.
Set a code security configuration as a default for an enterprise
Sets a code security configuration as a default to be applied to new repositories in your enterprise.
This configuration will be applied by default to the matching repository type when created, but only for organizations within the enterprise that do not already have a default code security configuration set.
The authenticated user must be an administrator for the enterprise to use this endpoint.
OAuth app tokens and personal access tokens (classic) need the admin:enterprise
scope to use this endpoint.
octokit.rest.codeSecurity.setConfigurationAsDefaultForEnterprise({
enterprise,
configuration_id,
});
Parameters
name | required | description |
---|---|---|
enterprise | yes |
The slug version of the enterprise name. You can also substitute this value with the enterprise id. |
configuration_id | yes |
The unique identifier of the code security configuration. |
default_for_new_repos | no |
Specify which types of repository this security configuration should be applied to by default. |
See also: GitHub Developer Guide documentation.
Update a code security configuration
Updates a code security configuration in an organization.
The authenticated user must be an administrator or security manager for the organization to use this endpoint.
OAuth app tokens and personal access tokens (classic) need the write:org
scope to use this endpoint.
octokit.rest.codeSecurity.updateConfiguration({
org,
configuration_id,
secret_scanning_delegated_bypass_options.reviewers[].reviewer_id,
secret_scanning_delegated_bypass_options.reviewers[].reviewer_type
})
Parameters
name | required | description |
---|---|---|
org | yes |
The organization name. The name is not case sensitive. |
configuration_id | yes |
The unique identifier of the code security configuration. |
name | no |
The name of the code security configuration. Must be unique within the organization. |
description | no |
A description of the code security configuration |
advanced_security | no |
The enablement status of GitHub Advanced Security |
dependency_graph | no |
The enablement status of Dependency Graph |
dependency_graph_autosubmit_action | no |
The enablement status of Automatic dependency submission |
dependency_graph_autosubmit_action_options | no |
Feature options for Automatic dependency submission |
dependency_graph_autosubmit_action_options.labeled_runners | no |
Whether to use runners labeled with 'dependency-submission' or standard GitHub runners. |
dependabot_alerts | no |
The enablement status of Dependabot alerts |
dependabot_security_updates | no |
The enablement status of Dependabot security updates |
code_scanning_default_setup | no |
The enablement status of code scanning default setup |
code_scanning_default_setup_options | no |
Feature options for code scanning default setup |
code_scanning_default_setup_options.runner_type | no |
Whether to use labeled runners or standard GitHub runners. |
code_scanning_default_setup_options.runner_label | no |
The label of the runner to use for code scanning default setup when runner_type is 'labeled'. |
secret_scanning | no |
The enablement status of secret scanning |
secret_scanning_push_protection | no |
The enablement status of secret scanning push protection |
secret_scanning_delegated_bypass | no |
The enablement status of secret scanning delegated bypass |
secret_scanning_delegated_bypass_options | no |
Feature options for secret scanning delegated bypass |
secret_scanning_delegated_bypass_options.reviewers | no |
The bypass reviewers for secret scanning delegated bypass |
secret_scanning_delegated_bypass_options.reviewers[].reviewer_id | yes |
The ID of the team or role selected as a bypass reviewer |
secret_scanning_delegated_bypass_options.reviewers[].reviewer_type | yes |
The type of the bypass reviewer |
secret_scanning_validity_checks | no |
The enablement status of secret scanning validity checks |
secret_scanning_non_provider_patterns | no |
The enablement status of secret scanning non-provider patterns |
private_vulnerability_reporting | no |
The enablement status of private vulnerability reporting |
enforcement | no |
The enforcement status for a security configuration |
See also: GitHub Developer Guide documentation.
Update a custom code security configuration for an enterprise
Updates a code security configuration in an enterprise.
The authenticated user must be an administrator of the enterprise in order to use this endpoint.
OAuth app tokens and personal access tokens (classic) need the admin:enterprise
scope to use this endpoint.
octokit.rest.codeSecurity.updateEnterpriseConfiguration({
enterprise,
configuration_id,
});
Parameters
name | required | description |
---|---|---|
enterprise | yes |
The slug version of the enterprise name. You can also substitute this value with the enterprise id. |
configuration_id | yes |
The unique identifier of the code security configuration. |
name | no |
The name of the code security configuration. Must be unique across the enterprise. |
description | no |
A description of the code security configuration |
advanced_security | no |
The enablement status of GitHub Advanced Security. Must be set to enabled if you want to enable any GHAS settings. |
dependency_graph | no |
The enablement status of Dependency Graph |
dependency_graph_autosubmit_action | no |
The enablement status of Automatic dependency submission |
dependency_graph_autosubmit_action_options | no |
Feature options for Automatic dependency submission |
dependency_graph_autosubmit_action_options.labeled_runners | no |
Whether to use runners labeled with 'dependency-submission' or standard GitHub runners. |
dependabot_alerts | no |
The enablement status of Dependabot alerts |
dependabot_security_updates | no |
The enablement status of Dependabot security updates |
code_scanning_default_setup | no |
The enablement status of code scanning default setup |
code_scanning_default_setup_options | no |
Feature options for code scanning default setup |
code_scanning_default_setup_options.runner_type | no |
Whether to use labeled runners or standard GitHub runners. |
code_scanning_default_setup_options.runner_label | no |
The label of the runner to use for code scanning default setup when runner_type is 'labeled'. |
secret_scanning | no |
The enablement status of secret scanning |
secret_scanning_push_protection | no |
The enablement status of secret scanning push protection |
secret_scanning_validity_checks | no |
The enablement status of secret scanning validity checks |
secret_scanning_non_provider_patterns | no |
The enablement status of secret scanning non-provider patterns |
private_vulnerability_reporting | no |
The enablement status of private vulnerability reporting |
enforcement | no |
The enforcement status for a security configuration |
See also: GitHub Developer Guide documentation.
Codes-of-Conduct
Get all codes of conduct
Returns array of all GitHub's codes of conduct.
octokit.rest.codesOfConduct.getAllCodesOfConduct();
Parameters
This endpoint has no parameters
See also: GitHub Developer Guide documentation.
Get a code of conduct
Returns information about the specified GitHub code of conduct.
octokit.rest.codesOfConduct.getConductCode({
key,
});
Parameters
name | required | description |
---|---|---|
key | yes |
See also: GitHub Developer Guide documentation.
Codespaces
Add a selected repository to a user secret
Adds a repository to the selected repositories for a user's development environment secret.
The authenticated user must have Codespaces access to use this endpoint.
OAuth app tokens and personal access tokens (classic) need the codespace
or codespace:secrets
scope to use this endpoint.
octokit.rest.codespaces.addRepositoryForSecretForAuthenticatedUser({
secret_name,
repository_id,
});
Parameters
name | required | description |
---|---|---|
secret_name | yes |
The name of the secret. |
repository_id | yes |
See also: GitHub Developer Guide documentation.
Add selected repository to an organization secret
Adds a repository to an organization development environment secret when the visibility
for repository access is set to selected
. The visibility is set when you Create or update an organization secret.
OAuth app tokens and personal access tokens (classic) need the admin:org
scope to use this endpoint.
octokit.rest.codespaces.addSelectedRepoToOrgSecret({
org,
secret_name,
repository_id,
});
Parameters
name | required | description |
---|---|---|
org | yes |
The organization name. The name is not case sensitive. |
secret_name | yes |
The name of the secret. |
repository_id | yes |
See also: GitHub Developer Guide documentation.
Check if permissions defined by a devcontainer have been accepted by the authenticated user
Checks whether the permissions defined by a given devcontainer configuration have been accepted by the authenticated user.
OAuth app tokens and personal access tokens (classic) need the codespace
scope to use this endpoint.
octokit.rest.codespaces.checkPermissionsForDevcontainer({
owner,
repo,
ref,
devcontainer_path,
});
Parameters
name | required | description |
---|---|---|
owner | yes |
The account owner of the repository. The name is not case sensitive. |
repo | yes |
The name of the repository without the |
ref | yes |
The git reference that points to the location of the devcontainer configuration to use for the permission check. The value of |
devcontainer_path | yes |
Path to the devcontainer.json configuration to use for the permission check. |
See also: GitHub Developer Guide documentation.
List machine types for a codespace
List the machine types a codespace can transition to use.
OAuth app tokens and personal access tokens (classic) need the codespace
scope to use this endpoint.
octokit.rest.codespaces.codespaceMachinesForAuthenticatedUser({
codespace_name,
});
Parameters
name | required | description |
---|---|---|
codespace_name | yes |
The name of the codespace. |
See also: GitHub Developer Guide documentation.
Create a codespace for the authenticated user
Creates a new codespace, owned by the authenticated user.
This endpoint requires either a repository_id
OR a pull_request
but not both.
OAuth app tokens and personal access tokens (classic) need the codespace
scope to use this endpoint.
octokit.rest.codespaces.createForAuthenticatedUser({
repository_id,
pull_request,
pull_request.pull_request_number,
pull_request.repository_id
})
Parameters
name | required | description |
---|---|---|
repository_id | yes |
Repository id for this codespace |
ref | no |
Git ref (typically a branch name) for this codespace |
location | no |
The requested location for a new codespace. Best efforts are made to respect this upon creation. Assigned by IP if not provided. |
geo | no |
The geographic area for this codespace. If not specified, the value is assigned by IP. This property replaces |
client_ip | no |
IP for location auto-detection when proxying a request |
machine | no |
Machine type to use for this codespace |
devcontainer_path | no |
Path to devcontainer.json config to use for this codespace |
multi_repo_permissions_opt_out | no |
Whether to authorize requested permissions from devcontainer.json |
working_directory | no |
Working directory for this codespace |
idle_timeout_minutes | no |
Time in minutes before codespace stops from inactivity |
display_name | no |
Display name for this codespace |
retention_period_minutes | no |
Duration in minutes after codespace has gone idle in which it will be deleted. Must be integer minutes between 0 and 43200 (30 days). |
pull_request | yes |
Pull request number for this codespace |
pull_request.pull_request_number | yes |
Pull request number |
pull_request.repository_id | yes |
Repository id for this codespace |
See also: GitHub Developer Guide documentation.
Create or update an organization secret
Creates or updates an organization development environment secret with an encrypted value. Encrypt your secret using LibSodium. For more information, see "Encrypting secrets for the REST API."
OAuth app tokens and personal access tokens (classic) need the admin:org
scope to use this endpoint.
octokit.rest.codespaces.createOrUpdateOrgSecret({
org,
secret_name,
visibility,
});
Parameters
name | required | description |
---|---|---|
org | yes |
The organization name. The name is not case sensitive. |
secret_name | yes |
The name of the secret. |
encrypted_value | no |
The value for your secret, encrypted with LibSodium using the public key retrieved from the Get an organization public key endpoint. |
key_id | no |
The ID of the key you used to encrypt the secret. |
visibility | yes |
Which type of organization repositories have access to the organization secret. |
selected_repository_ids | no |
An array of repository IDs that can access the organization secret. You can only provide a list of repository IDs when the |
See also: GitHub Developer Guide documentation.
Create or update a repository secret
Creates or updates a repository development environment secret with an encrypted value. Encrypt your secret using LibSodium. For more information, see "Encrypting secrets for the REST API."
OAuth app tokens and personal access tokens (classic) need the repo
scope to use this endpoint.
octokit.rest.codespaces.createOrUpdateRepoSecret({
owner,
repo,
secret_name,
});
Parameters
name | required | description |
---|---|---|
owner | yes |
The account owner of the repository. The name is not case sensitive. |
repo | yes |
The name of the repository without the |
secret_name | yes |
The name of the secret. |
encrypted_value | no |
Value for your secret, encrypted with LibSodium using the public key retrieved from the Get a repository public key endpoint. |
key_id | no |
ID of the key you used to encrypt the secret. |
See also: GitHub Developer Guide documentation.
Create or update a secret for the authenticated user
Creates or updates a development environment secret for a user's codespace with an encrypted value. Encrypt your secret using LibSodium. For more information, see "Encrypting secrets for the REST API."
The authenticated user must have Codespaces access to use this endpoint.
OAuth app tokens and personal access tokens (classic) need the codespace
or codespace:secrets
scope to use this endpoint.
octokit.rest.codespaces.createOrUpdateSecretForAuthenticatedUser({
secret_name,
key_id,
});
Parameters
name | required | description |
---|---|---|
secret_name | yes |
The name of the secret. |
encrypted_value | no |
Value for your secret, encrypted with LibSodium using the public key retrieved from the Get the public key for the authenticated user endpoint. |
key_id | yes |
ID of the key you used to encrypt the secret. |
selected_repository_ids | no |
An array of repository ids that can access the user secret. You can manage the list of selected repositories using the List selected repositories for a user secret, Set selected repositories for a user secret, and Remove a selected repository from a user secret endpoints. |
See also: GitHub Developer Guide documentation.
Create a codespace from a pull request
Creates a codespace owned by the authenticated user for the specified pull request.
OAuth app tokens and personal access tokens (classic) need the codespace
scope to use this endpoint.
octokit.rest.codespaces.createWithPrForAuthenticatedUser({
owner,
repo,
pull_number,
});
Parameters
name | required | description |
---|---|---|
owner | yes |
The account owner of the repository. The name is not case sensitive. |
repo | yes |
The name of the repository without the |
pull_number | yes |
The number that identifies the pull request. |
location | no |
The requested location for a new codespace. Best efforts are made to respect this upon creation. Assigned by IP if not provided. |
geo | no |
The geographic area for this codespace. If not specified, the value is assigned by IP. This property replaces |
client_ip | no |
IP for location auto-detection when proxying a request |
machine | no |
Machine type to use for this codespace |
devcontainer_path | no |
Path to devcontainer.json config to use for this codespace |
multi_repo_permissions_opt_out | no |
Whether to authorize requested permissions from devcontainer.json |
working_directory | no |
Working directory for this codespace |
idle_timeout_minutes | no |
Time in minutes before codespace stops from inactivity |
display_name | no |
Display name for this codespace |
retention_period_minutes | no |
Duration in minutes after codespace has gone idle in which it will be deleted. Must be integer minutes between 0 and 43200 (30 days). |
See also: GitHub Developer Guide documentation.
Create a codespace in a repository
Creates a codespace owned by the authenticated user in the specified repository.
OAuth app tokens and personal access tokens (classic) need the codespace
scope to use this endpoint.
octokit.rest.codespaces.createWithRepoForAuthenticatedUser({
owner,
repo,
});
Parameters
name | required | description |
---|---|---|
owner | yes |
The account owner of the repository. The name is not case sensitive. |
repo | yes |
The name of the repository without the |
ref | no |
Git ref (typically a branch name) for this codespace |
location | no |
The requested location for a new codespace. Best efforts are made to respect this upon creation. Assigned by IP if not provided. |
geo | no |
The geographic area for this codespace. If not specified, the value is assigned by IP. This property replaces |
client_ip | no |
IP for location auto-detection when proxying a request |
machine | no |
Machine type to use for this codespace |
devcontainer_path | no |
Path to devcontainer.json config to use for this codespace |
multi_repo_permissions_opt_out | no |
Whether to authorize requested permissions from devcontainer.json |
working_directory | no |
Working directory for this codespace |
idle_timeout_minutes | no |
Time in minutes before codespace stops from inactivity |
display_name | no |
Display name for this codespace |
retention_period_minutes | no |
Duration in minutes after codespace has gone idle in which it will be deleted. Must be integer minutes between 0 and 43200 (30 days). |
See also: GitHub Developer Guide documentation.
Delete a codespace for the authenticated user
Deletes a user's codespace.
OAuth app tokens and personal access tokens (classic) need the codespace
scope to use this endpoint.
octokit.rest.codespaces.deleteForAuthenticatedUser({
codespace_name,
});
Parameters
name | required | description |
---|---|---|
codespace_name | yes |
The name of the codespace. |
See also: GitHub Developer Guide documentation.
Delete a codespace from the organization
Deletes a user's codespace.
OAuth app tokens and personal access tokens (classic) need the admin:org
scope to use this endpoint.
octokit.rest.codespaces.deleteFromOrganization({
org,
username,
codespace_name,
});
Parameters
name | required | description |
---|---|---|
org | yes |
The organization name. The name is not case sensitive. |
username | yes |
The handle for the GitHub user account. |
codespace_name | yes |
The name of the codespace. |
See also: GitHub Developer Guide documentation.
Delete an organization secret
Deletes an organization development environment secret using the secret name.
OAuth app tokens and personal access tokens (classic) need the admin:org
scope to use this endpoint.
octokit.rest.codespaces.deleteOrgSecret({
org,
secret_name,
});
Parameters
name | required | description |
---|---|---|
org | yes |
The organization name. The name is not case sensitive. |
secret_name | yes |
The name of the secret. |
See also: GitHub Developer Guide documentation.
Delete a repository secret
Deletes a development environment secret in a repository using the secret name.
OAuth app tokens and personal access tokens (classic) need the repo
scope to use this endpoint.
octokit.rest.codespaces.deleteRepoSecret({
owner,
repo,
secret_name,
});
Parameters
name | required | description |
---|---|---|
owner | yes |
The account owner of the repository. The name is not case sensitive. |
repo | yes |
The name of the repository without the |
secret_name | yes |
The name of the secret. |
See also: GitHub Developer Guide documentation.
Delete a secret for the authenticated user
Deletes a development environment secret from a user's codespaces using the secret name. Deleting the secret will remove access from all codespaces that were allowed to access the secret.
The authenticated user must have Codespaces access to use this endpoint.
OAuth app tokens and personal access tokens (classic) need the codespace
or codespace:secrets
scope to use this endpoint.
octokit.rest.codespaces.deleteSecretForAuthenticatedUser({
secret_name,
});
Parameters
name | required | description |
---|---|---|
secret_name | yes |
The name of the secret. |
See also: GitHub Developer Guide documentation.
Export a codespace for the authenticated user
Triggers an export of the specified codespace and returns a URL and ID where the status of the export can be monitored.
If changes cannot be pushed to the codespace's repository, they will be pushed to a new or previously-existing fork instead.
OAuth app tokens and personal access tokens (classic) need the codespace
scope to use this endpoint.
octokit.rest.codespaces.exportForAuthenticatedUser({
codespace_name,
});
Parameters
name | required | description |
---|---|---|
codespace_name | yes |
The name of the codespace. |
See also: GitHub Developer Guide documentation.
List codespaces for a user in organization
Lists the codespaces that a member of an organization has for repositories in that organization.
OAuth app tokens and personal access tokens (classic) need the admin:org
scope to use this endpoint.
octokit.rest.codespaces.getCodespacesForUserInOrg({
org,
username,
});
Parameters
name | required | description |
---|---|---|
per_page | no |
The number of results per page (max 100). For more information, see "Using pagination in the REST API." |
page | no |
The page number of the results to fetch. For more information, see "Using pagination in the REST API." |
org | yes |
The organization name. The name is not case sensitive. |
username | yes |
The handle for the GitHub user account. |
See also: GitHub Developer Guide documentation.
Get details about a codespace export
Gets information about an export of a codespace.
OAuth app tokens and personal access tokens (classic) need the codespace
scope to use this endpoint.
octokit.rest.codespaces.getExportDetailsForAuthenticatedUser({
codespace_name,
export_id,
});
Parameters
name | required | description |
---|---|---|
codespace_name | yes |
The name of the codespace. |
export_id | yes |
The ID of the export operation, or |
See also: GitHub Developer Guide documentation.
Get a codespace for the authenticated user
Gets information about a user's codespace.
OAuth app tokens and personal access tokens (classic) need the codespace
scope to use this endpoint.
octokit.rest.codespaces.getForAuthenticatedUser({
codespace_name,
});
Parameters
name | required | description |
---|---|---|
codespace_name | yes |
The name of the codespace. |
See also: GitHub Developer Guide documentation.
Get an organization public key
Gets a public key for an organization, which is required in order to encrypt secrets. You need to encrypt the value of a secret before you can create or update secrets.
OAuth app tokens and personal access tokens (classic) need the admin:org
scope to use this endpoint.
octokit.rest.codespaces.getOrgPublicKey({
org,
});
Parameters
name | required | description |
---|---|---|
org | yes |
The organization name. The name is not case sensitive. |
See also: GitHub Developer Guide documentation.
Get an organization secret
Gets an organization development environment secret without revealing its encrypted value.
OAuth app tokens and personal access tokens (classic) need the admin:org
scope to use this endpoint.
octokit.rest.codespaces.getOrgSecret({
org,
secret_name,
});
Parameters
name | required | description |
---|---|---|
org | yes |
The organization name. The name is not case sensitive. |
secret_name | yes |
The name of the secret. |
See also: GitHub Developer Guide documentation.
Get public key for the authenticated user
Gets your public key, which you need to encrypt secrets. You need to encrypt a secret before you can create or update secrets.
The authenticated user must have Codespaces access to use this endpoint.
OAuth app tokens and personal access tokens (classic) need the codespace
or codespace:secrets
scope to use this endpoint.
octokit.rest.codespaces.getPublicKeyForAuthenticatedUser();
Parameters
This endpoint has no parameters
See also: GitHub Developer Guide documentation.
Get a repository public key
Gets your public key, which you need to encrypt secrets. You need to encrypt a secret before you can create or update secrets.
If the repository is private, OAuth app tokens and personal access tokens (classic) need the repo
scope to use this endpoint.
octokit.rest.codespaces.getRepoPublicKey({
owner,
repo,
});
Parameters
name | required | description |
---|---|---|
owner | yes |
The account owner of the repository. The name is not case sensitive. |
repo | yes |
The name of the repository without the |
See also: GitHub Developer Guide documentation.
Get a repository secret
Gets a single repository development environment secret without revealing its encrypted value.
OAuth app tokens and personal access tokens (classic) need the repo
scope to use this endpoint.
octokit.rest.codespaces.getRepoSecret({
owner,
repo,
secret_name,
});
Parameters
name | required | description |
---|---|---|
owner | yes |
The account owner of the repository. The name is not case sensitive. |
repo | yes |
The name of the repository without the |
secret_name | yes |
The name of the secret. |
See also: GitHub Developer Guide documentation.
Get a secret for the authenticated user
Gets a development environment secret available to a user's codespaces without revealing its encrypted value.
The authenticated user must have Codespaces access to use this endpoint.
OAuth app tokens and personal access tokens (classic) need the codespace
or codespace:secrets
scope to use this endpoint.
octokit.rest.codespaces.getSecretForAuthenticatedUser({
secret_name,
});
Parameters
name | required | description |
---|---|---|
secret_name | yes |
The name of the secret. |
See also: GitHub Developer Guide documentation.
List devcontainer configurations in a repository for the authenticated user
Lists the devcontainer.json files associated with a specified repository and the authenticated user. These files specify launchpoint configurations for codespaces created within the repository.
OAuth app tokens and personal access tokens (classic) need the codespace
scope to use this endpoint.
octokit.rest.codespaces.listDevcontainersInRepositoryForAuthenticatedUser({
owner,
repo,
});
Parameters
name | required | description |
---|---|---|
per_page | no |
The number of results per page (max 100). For more information, see "Using pagination in the REST API." |
page | no |
The page number of the results to fetch. For more information, see "Using pagination in the REST API." |
owner | yes |
The account owner of the repository. The name is not case sensitive. |
repo | yes |
The name of the repository without the |
See also: GitHub Developer Guide documentation.
List codespaces for the authenticated user
Lists the authenticated user's codespaces.
OAuth app tokens and personal access tokens (classic) need the codespace
scope to use this endpoint.
octokit.rest.codespaces.listForAuthenticatedUser();
Parameters
name | required | description |
---|---|---|
per_page | no |
The number of results per page (max 100). For more information, see "Using pagination in the REST API." |
page | no |
The page number of the results to fetch. For more information, see "Using pagination in the REST API." |
repository_id | no |
ID of the Repository to filter on |
See also: GitHub Developer Guide documentation.
List codespaces for the organization
Lists the codespaces associated to a specified organization.
OAuth app tokens and personal access tokens (classic) need the admin:org
scope to use this endpoint.
octokit.rest.codespaces.listInOrganization({
org,
});
Parameters
name | required | description |
---|---|---|
per_page | no |
The number of results per page (max 100). For more information, see "Using pagination in the REST API." |
page | no |
The page number of the results to fetch. For more information, see "Using pagination in the REST API." |
org | yes |
The organization name. The name is not case sensitive. |
org_id | no |
The organization name. The name is not case sensitive. |
See also: GitHub Developer Guide documentation.
List codespaces in a repository for the authenticated user
Lists the codespaces associated to a specified repository and the authenticated user.
OAuth app tokens and personal access tokens (classic) need the codespace
scope to use this endpoint.
octokit.rest.codespaces.listInRepositoryForAuthenticatedUser({
owner,
repo,
});
Parameters
name | required | description |
---|---|---|
per_page | no |
The number of results per page (max 100). For more information, see "Using pagination in the REST API." |
page | no |
The page number of the results to fetch. For more information, see "Using pagination in the REST API." |
owner | yes |
The account owner of the repository. The name is not case sensitive. |
repo | yes |
The name of the repository without the |
See also: GitHub Developer Guide documentation.
List organization secrets
Lists all Codespaces development environment secrets available at the organization-level without revealing their encrypted values.
OAuth app tokens and personal access tokens (classic) need the admin:org
scope to use this endpoint.
octokit.rest.codespaces.listOrgSecrets({
org,
});
Parameters
name | required | description |
---|---|---|
org | yes |
The organization name. The name is not case sensitive. |
per_page | no |
The number of results per page (max 100). For more information, see "Using pagination in the REST API." |
page | no |
The page number of the results to fetch. For more information, see "Using pagination in the REST API." |
See also: GitHub Developer Guide documentation.
List repository secrets
Lists all development environment secrets available in a repository without revealing their encrypted values.
OAuth app tokens and personal access tokens (classic) need the repo
scope to use this endpoint.
octokit.rest.codespaces.listRepoSecrets({
owner,
repo,
});
Parameters
name | required | description |
---|---|---|
owner | yes |
The account owner of the repository. The name is not case sensitive. |
repo | yes |
The name of the repository without the |
per_page | no |
The number of results per page (max 100). For more information, see "Using pagination in the REST API." |
page | no |
The page number of the results to fetch. For more information, see "Using pagination in the REST API." |
See also: GitHub Developer Guide documentation.
List selected repositories for a user secret
List the repositories that have been granted the ability to use a user's development environment secret.
The authenticated user must have Codespaces access to use this endpoint.
OAuth app tokens and personal access tokens (classic) need the codespace
or codespace:secrets
scope to use this endpoint.
octokit.rest.codespaces.listRepositoriesForSecretForAuthenticatedUser({
secret_name,
});
Parameters
name | required | description |
---|---|---|
secret_name | yes |
The name of the secret. |
See also: GitHub Developer Guide documentation.
List secrets for the authenticated user
Lists all development environment secrets available for a user's codespaces without revealing their encrypted values.
The authenticated user must have Codespaces access to use this endpoint.
OAuth app tokens and personal access tokens (classic) need the codespace
or codespace:secrets
scope to use this endpoint.
octokit.rest.codespaces.listSecretsForAuthenticatedUser();
Parameters
name | required | description |
---|---|---|
per_page | no |
The number of results per page (max 100). For more information, see "Using pagination in the REST API." |
page | no |
The page number of the results to fetch. For more information, see "Using pagination in the REST API." |
See also: GitHub Developer Guide documentation.
List selected repositories for an organization secret
Lists all repositories that have been selected when the visibility
for repository access to a secret is set to selected
.
OAuth app tokens and personal access tokens (classic) need the admin:org
scope to use this endpoint.
octokit.rest.codespaces.listSelectedReposForOrgSecret({
org,
secret_name,
});
Parameters
name | required | description |
---|---|---|
org | yes |
The organization name. The name is not case sensitive. |
secret_name | yes |
The name of the secret. |
page | no |
The page number of the results to fetch. For more information, see "Using pagination in the REST API." |
per_page | no |
The number of results per page (max 100). For more information, see "Using pagination in the REST API." |
See also: GitHub Developer Guide documentation.
Get default attributes for a codespace
Gets the default attributes for codespaces created by the user with the repository.
OAuth app tokens and personal access tokens (classic) need the codespace
scope to use this endpoint.
octokit.rest.codespaces.preFlightWithRepoForAuthenticatedUser({
owner,
repo,
});
Parameters
name | required | description |
---|---|---|
owner | yes |
The account owner of the repository. The name is not case sensitive. |
repo | yes |
The name of the repository without the |
ref | no |
The branch or commit to check for a default devcontainer path. If not specified, the default branch will be checked. |
client_ip | no |
An alternative IP for default location auto-detection, such as when proxying a request. |
See also: GitHub Developer Guide documentation.
Create a repository from an unpublished codespace
Publishes an unpublished codespace, creating a new repository and assigning it to the codespace.
The codespace's token is granted write permissions to the repository, allowing the user to push their changes.
This will fail for a codespace that is already published, meaning it has an associated repository.
OAuth app tokens and personal access tokens (classic) need the codespace
scope to use this endpoint.
octokit.rest.codespaces.publishForAuthenticatedUser({
codespace_name,
});
Parameters
name | required | description |
---|---|---|
codespace_name | yes |
The name of the codespace. |
name | no |
A name for the new repository. |
private | no |
Whether the new repository should be private. |
See also: GitHub Developer Guide documentation.
Remove a selected repository from a user secret
Removes a repository from the selected repositories for a user's development environment secret.
The authenticated user must have Codespaces access to use this endpoint.
OAuth app tokens and personal access tokens (classic) need the codespace
or codespace:secrets
scope to use this endpoint.
octokit.rest.codespaces.removeRepositoryForSecretForAuthenticatedUser({
secret_name,
repository_id,
});
Parameters
name | required | description |
---|---|---|
secret_name | yes |
The name of the secret. |
repository_id | yes |
See also: GitHub Developer Guide documentation.
Remove selected repository from an organization secret
Removes a repository from an organization development environment secret when the visibility
for repository access is set to selected
. The visibility is set when you Create
or update an organization secret.
OAuth app tokens and personal access tokens (classic) need the admin:org
scope to use this endpoint.
octokit.rest.codespaces.removeSelectedRepoFromOrgSecret({
org,
secret_name,
repository_id,
});
Parameters
name | required | description |
---|---|---|
org | yes |
The organization name. The name is not case sensitive. |
secret_name | yes |
The name of the secret. |
repository_id | yes |
See also: GitHub Developer Guide documentation.
List available machine types for a repository
List the machine types available for a given repository based on its configuration.
OAuth app tokens and personal access tokens (classic) need the codespace
scope to use this endpoint.
octokit.rest.codespaces.repoMachinesForAuthenticatedUser({
owner,
repo,
});
Parameters
name | required | description |
---|---|---|
owner | yes |
The account owner of the repository. The name is not case sensitive. |
repo | yes |
The name of the repository without the |
location | no |
The location to check for available machines. Assigned by IP if not provided. |
client_ip | no |
IP for location auto-detection when proxying a request |
ref | no |
The branch or commit to check for prebuild availability and devcontainer restrictions. |
See also: GitHub Developer Guide documentation.
Set selected repositories for a user secret
Select the repositories that will use a user's development environment secret.
The authenticated user must have Codespaces access to use this endpoint.
OAuth app tokens and personal access tokens (classic) need the codespace
or codespace:secrets
scope to use this endpoint.
octokit.rest.codespaces.setRepositoriesForSecretForAuthenticatedUser({
secret_name,
selected_repository_ids,
});
Parameters
name | required | description |
---|---|---|
secret_name | yes |
The name of the secret. |
selected_repository_ids | yes |
An array of repository ids for which a codespace can access the secret. You can manage the list of selected repositories using the List selected repositories for a user secret, Add a selected repository to a user secret, and Remove a selected repository from a user secret endpoints. |
See also: GitHub Developer Guide documentation.
Set selected repositories for an organization secret
Replaces all repositories for an organization development environment secret when the visibility
for repository access is set to selected
. The visibility is set when you Create
or update an organization secret.
OAuth app tokens and personal access tokens (classic) need the admin:org
scope to use this endpoint.
octokit.rest.codespaces.setSelectedReposForOrgSecret({
org,
secret_name,
selected_repository_ids,
});
Parameters
name | required | description |
---|---|---|
org | yes |
The organization name. The name is not case sensitive. |
secret_name | yes |
The name of the secret. |
selected_repository_ids | yes |
An array of repository ids that can access the organization secret. You can only provide a list of repository ids when the |
See also: GitHub Developer Guide documentation.
Start a codespace for the authenticated user
Starts a user's codespace.
OAuth app tokens and personal access tokens (classic) need the codespace
scope to use this endpoint.
octokit.rest.codespaces.startForAuthenticatedUser({
codespace_name,
});
Parameters
name | required | description |
---|---|---|
codespace_name | yes |
The name of the codespace. |
See also: GitHub Developer Guide documentation.
Stop a codespace for the authenticated user
Stops a user's codespace.
OAuth app tokens and personal access tokens (classic) need the codespace
scope to use this endpoint.
octokit.rest.codespaces.stopForAuthenticatedUser({
codespace_name,
});
Parameters
name | required | description |
---|---|---|
codespace_name | yes |
The name of the codespace. |
See also: GitHub Developer Guide documentation.
Stop a codespace for an organization user
Stops a user's codespace.
OAuth app tokens and personal access tokens (classic) need the admin:org
scope to use this endpoint.
octokit.rest.codespaces.stopInOrganization({
org,
username,
codespace_name,
});
Parameters
name | required | description |
---|---|---|
org | yes |
The organization name. The name is not case sensitive. |
username | yes |
The handle for the GitHub user account. |
codespace_name | yes |
The name of the codespace. |
See also: GitHub Developer Guide documentation.
Update a codespace for the authenticated user
Updates a codespace owned by the authenticated user. Currently only the codespace's machine type and recent folders can be modified using this endpoint.
If you specify a new machine type it will be applied the next time your codespace is started.
OAuth app tokens and personal access tokens (classic) need the codespace
scope to use this endpoint.
octokit.rest.codespaces.updateForAuthenticatedUser({
codespace_name,
});
Parameters
name | required | description |
---|---|---|
codespace_name | yes |
The name of the codespace. |
machine | no |
A valid machine to transition this codespace to. |
display_name | no |
Display name for this codespace |
recent_folders | no |
Recently opened folders inside the codespace. It is currently used by the clients to determine the folder path to load the codespace in. |
See also: GitHub Developer Guide documentation.
Copilot
Add teams to the Copilot subscription for an organization
[!NOTE] This endpoint is in public preview and is subject to change.
Purchases a GitHub Copilot seat for all users within each specified team. The organization will be billed for each seat based on the organization's Copilot plan. For more information about Copilot pricing, see "About billing for GitHub Copilot in your organization."
Only organization owners can purchase Copilot seats for their organization members. The organization must have a Copilot Business or Copilot Enterprise subscription and a configured suggestion matching policy. For more information about setting up a Copilot subscription, see "Subscribing to Copilot for your organization." For more information about setting a suggestion matching policy, see "Managing policies for Copilot in your organization."
The response contains the total number of new seats that were created and existing seats that were refreshed.
OAuth app tokens and personal access tokens (classic) need either the manage_billing:copilot
or admin:org
scopes to use this endpoint.
octokit.rest.copilot.addCopilotSeatsForTeams({
org,
selected_teams,
});
Parameters
name | required | description |
---|---|---|
org | yes |
The organization name. The name is not case sensitive. |
selected_teams | yes |
List of team names within the organization to which to grant access to GitHub Copilot. |
See also: GitHub Developer Guide documentation.
Add users to the Copilot subscription for an organization
[!NOTE] This endpoint is in public preview and is subject to change.
Purchases a GitHub Copilot seat for each user specified. The organization will be billed for each seat based on the organization's Copilot plan. For more information about Copilot pricing, see "About billing for GitHub Copilot in your organization."
Only organization owners can purchase Copilot seats for their organization members. The organization must have a Copilot Business or Copilot Enterprise subscription and a configured suggestion matching policy. For more information about setting up a Copilot subscription, see "Subscribing to Copilot for your organization." For more information about setting a suggestion matching policy, see "Managing policies for Copilot in your organization."
The response contains the total number of new seats that were created and existing seats that were refreshed.
OAuth app tokens and personal access tokens (classic) need either the manage_billing:copilot
or admin:org
scopes to use this endpoint.
octokit.rest.copilot.addCopilotSeatsForUsers({
org,
selected_usernames,
});
Parameters
name | required | description |
---|---|---|
org | yes |
The organization name. The name is not case sensitive. |
selected_usernames | yes |
The usernames of the organization members to be granted access to GitHub Copilot. |
See also: GitHub Developer Guide documentation.
Remove teams from the Copilot subscription for an organization
[!NOTE] This endpoint is in public preview and is subject to change.
Sets seats for all members of each team specified to "pending cancellation". This will cause the members of the specified team(s) to lose access to GitHub Copilot at the end of the current billing cycle unless they retain access through another team. For more information about disabling access to Copilot, see "Revoking access to Copilot for members of your organization."
Only organization owners can cancel Copilot seats for their organization members.
The response contains the total number of seats set to "pending cancellation".
OAuth app tokens and personal access tokens (classic) need either the manage_billing:copilot
or admin:org
scopes to use this endpoint.
octokit.rest.copilot.cancelCopilotSeatAssignmentForTeams({
org,
selected_teams,
});
Parameters
name | required | description |
---|---|---|
org | yes |
The organization name. The name is not case sensitive. |
selected_teams | yes |
The names of teams from which to revoke access to GitHub Copilot. |
See also: GitHub Developer Guide documentation.
Remove users from the Copilot subscription for an organization
[!NOTE] This endpoint is in public preview and is subject to change.
Sets seats for all users specified to "pending cancellation". This will cause the specified users to lose access to GitHub Copilot at the end of the current billing cycle unless they retain access through team membership. For more information about disabling access to Copilot, see "Revoking access to Copilot for members of your organization."
Only organization owners can cancel Copilot seats for their organization members.
The response contains the total number of seats set to "pending cancellation".
OAuth app tokens and personal access tokens (classic) need either the manage_billing:copilot
or admin:org
scopes to use this endpoint.
octokit.rest.copilot.cancelCopilotSeatAssignmentForUsers({
org,
selected_usernames,
});
Parameters
name | required | description |
---|---|---|
org | yes |
The organization name. The name is not case sensitive. |
selected_usernames | yes |
The usernames of the organization members for which to revoke access to GitHub Copilot. |
See also: GitHub Developer Guide documentation.
Get Copilot metrics for an organization
Use this endpoint to see a breakdown of aggregated metrics for various GitHub Copilot features. See the response schema tab for detailed metrics definitions.
[!NOTE] This endpoint will only return results for a given day if the organization contained five or more members with active Copilot licenses on that day, as evaluated at the end of that day.
The response contains metrics for up to 28 days prior. Metrics are processed once per day for the previous day, and the response will only include data up until yesterday. In order for an end user to be counted towards these metrics, they must have telemetry enabled in their IDE.
To access this endpoint, the Copilot Metrics API access policy must be enabled for the organization. Only organization owners and owners and billing managers of the parent enterprise can view Copilot metrics.
OAuth app tokens and personal access tokens (classic) need either the manage_billing:copilot
, read:org
, or read:enterprise
scopes to use this endpoint.
octokit.rest.copilot.copilotMetricsForOrganization({
org,
});
Parameters
name | required | description |
---|---|---|
org | yes |
The organization name. The name is not case sensitive. |
since | no |
Show usage metrics since this date. This is a timestamp in ISO 8601 format ( |
until | no |
Show usage metrics until this date. This is a timestamp in ISO 8601 format ( |
page | no |
The page number of the results to fetch. For more information, see "Using pagination in the REST API." |
per_page | no |
The number of days of metrics to display per page (max 28). For more information, see "Using pagination in the REST API." |
See also: GitHub Developer Guide documentation.
Get Copilot metrics for a team
Use this endpoint to see a breakdown of aggregated metrics for various GitHub Copilot features. See the response schema tab for detailed metrics definitions.
[!NOTE] This endpoint will only return results for a given day if the team had five or more members with active Copilot licenses on that day, as evaluated at the end of that day.
The response contains metrics for up to 28 days prior. Metrics are processed once per day for the previous day, and the response will only include data up until yesterday. In order for an end user to be counted towards these metrics, they must have telemetry enabled in their IDE.
To access this endpoint, the Copilot Metrics API access policy must be enabled for the organization containing the team within GitHub settings. Only organization owners for the organization that contains this team and owners and billing managers of the parent enterprise can view Copilot metrics for a team.
OAuth app tokens and personal access tokens (classic) need either the manage_billing:copilot
, read:org
, or read:enterprise
scopes to use this endpoint.
octokit.rest.copilot.copilotMetricsForTeam({
org,
team_slug,
});
Parameters
name | required | description |
---|---|---|
org | yes |
The organization name. The name is not case sensitive. |
team_slug | yes |
The slug of the team name. |
since | no |
Show usage metrics since this date. This is a timestamp in ISO 8601 format ( |
until | no |
Show usage metrics until this date. This is a timestamp in ISO 8601 format ( |
page | no |
The page number of the results to fetch. For more information, see "Using pagination in the REST API." |
per_page | no |
The number of days of metrics to display per page (max 28). For more information, see "Using pagination in the REST API." |
See also: GitHub Developer Guide documentation.
Get Copilot seat information and settings for an organization
[!NOTE] This endpoint is in public preview and is subject to change.
Gets information about an organization's Copilot subscription, including seat breakdown and feature policies. To configure these settings, go to your organization's settings on GitHub.com. For more information, see "Managing policies for Copilot in your organization."
Only organization owners can view details about the organization's Copilot Business or Copilot Enterprise subscription.
OAuth app tokens and personal access tokens (classic) need either the manage_billing:copilot
or read:org
scopes to use this endpoint.
octokit.rest.copilot.getCopilotOrganizationDetails({
org,
});
Parameters
name | required | description |
---|---|---|
org | yes |
The organization name. The name is not case sensitive. |
See also: GitHub Developer Guide documentation.
Get Copilot seat assignment details for a user
[!NOTE] This endpoint is in public preview and is subject to change.
Gets the GitHub Copilot seat details for a member of an organization who currently has access to GitHub Copilot.
The seat object contains information about the user's most recent Copilot activity. Users must have telemetry enabled in their IDE for Copilot in the IDE activity to be reflected in last_activity_at
.
For more information about activity data, see "Reviewing user activity data for Copilot in your organization."
Only organization owners can view Copilot seat assignment details for members of their organization.
OAuth app tokens and personal access tokens (classic) need either the manage_billing:copilot
or read:org
scopes to use this endpoint.
octokit.rest.copilot.getCopilotSeatDetailsForUser({
org,
username,
});
Parameters
name | required | description |
---|---|---|
org | yes |
The organization name. The name is not case sensitive. |
username | yes |
The handle for the GitHub user account. |
See also: GitHub Developer Guide documentation.
List all Copilot seat assignments for an organization
[!NOTE] This endpoint is in public preview and is subject to change.
Lists all Copilot seats for which an organization with a Copilot Business or Copilot Enterprise subscription is currently being billed. Only organization owners can view assigned seats.
Each seat object contains information about the assigned user's most recent Copilot activity. Users must have telemetry enabled in their IDE for Copilot in the IDE activity to be reflected in last_activity_at
.
For more information about activity data, see "Reviewing user activity data for Copilot in your organization."
OAuth app tokens and personal access tokens (classic) need either the manage_billing:copilot
or read:org
scopes to use this endpoint.
octokit.rest.copilot.listCopilotSeats({
org,
});
Parameters
name | required | description |
---|---|---|
org | yes |
The organization name. The name is not case sensitive. |
page | no |
The page number of the results to fetch. For more information, see "Using pagination in the REST API." |
per_page | no |
The number of results per page (max 100). For more information, see "Using pagination in the REST API." |
See also: GitHub Developer Guide documentation.
Get a summary of Copilot usage for organization members
[!NOTE] This endpoint is in public preview and is subject to change.
You can use this endpoint to see a daily breakdown of aggregated usage metrics for Copilot completions and Copilot Chat in the IDE across an organization, with a further breakdown of suggestions, acceptances, and number of active users by editor and language for each day. See the response schema tab for detailed metrics definitions.
The response contains metrics for up to 28 days prior. Usage metrics are processed once per day for the previous day, and the response will only include data up until yesterday. In order for an end user to be counted towards these metrics, they must have telemetry enabled in their IDE.
Organization owners, and owners and billing managers of the parent enterprise, can view Copilot usage metrics.
OAuth app tokens and personal access tokens (classic) need either the manage_billing:copilot
, read:org
, or read:enterprise
scopes to use this endpoint.
octokit.rest.copilot.usageMetricsForOrg({
org,
});
Parameters
name | required | description |
---|---|---|
org | yes |
The organization name. The name is not case sensitive. |
since | no |
Show usage metrics since this date. This is a timestamp in ISO 8601 format ( |
until | no |
Show usage metrics until this date. This is a timestamp in ISO 8601 format ( |
page | no |
The page number of the results to fetch. For more information, see "Using pagination in the REST API." |
per_page | no |
The number of days of metrics to display per page (max 28). For more information, see "Using pagination in the REST API." |
See also: GitHub Developer Guide documentation.
Get a summary of Copilot usage for a team
[!NOTE] This endpoint is in public preview and is subject to change.
You can use this endpoint to see a daily breakdown of aggregated usage metrics for Copilot completions and Copilot Chat in the IDE for users within a team, with a further breakdown of suggestions, acceptances, and number of active users by editor and language for each day. See the response schema tab for detailed metrics definitions.
The response contains metrics for up to 28 days prior. Usage metrics are processed once per day for the previous day, and the response will only include data up until yesterday. In order for an end user to be counted towards these metrics, they must have telemetry enabled in their IDE.
[!NOTE] This endpoint will only return results for a given day if the team had five or more members with active Copilot licenses, as evaluated at the end of that day.
Organization owners for the organization that contains this team, and owners and billing managers of the parent enterprise can view Copilot usage metrics for a team.
OAuth app tokens and personal access tokens (classic) need either the manage_billing:copilot
, read:org
, or read:enterprise
scopes to use this endpoint.
octokit.rest.copilot.usageMetricsForTeam({
org,
team_slug,
});
Parameters
name | required | description |
---|---|---|
org | yes |
The organization name. The name is not case sensitive. |
team_slug | yes |
The slug of the team name. |
since | no |
Show usage metrics since this date. This is a timestamp in ISO 8601 format ( |
until | no |
Show usage metrics until this date. This is a timestamp in ISO 8601 format ( |
page | no |
The page number of the results to fetch. For more information, see "Using pagination in the REST API." |
per_page | no |
The number of days of metrics to display per page (max 28). For more information, see "Using pagination in the REST API." |
See also: GitHub Developer Guide documentation.
Dependabot
Add selected repository to an organization secret
Adds a repository to an organization secret when the visibility
for
repository access is set to selected
. The visibility is set when you Create or
update an organization secret.
OAuth app tokens and personal access tokens (classic) need the admin:org
scope to use this endpoint.
octokit.rest.dependabot.addSelectedRepoToOrgSecret({
org,
secret_name,
repository_id,
});
Parameters
name | required | description |
---|---|---|
org | yes |
The organization name. The name is not case sensitive. |
secret_name | yes |
The name of the secret. |
repository_id | yes |
See also: GitHub Developer Guide documentation.
Create or update an organization secret
Creates or updates an organization secret with an encrypted value. Encrypt your secret using
LibSodium. You must authenticate using an access
token with the admin:org
scope to use this endpoint. GitHub Apps must have the dependabot_secrets
organization
permission to use this endpoint.
Example encrypting a secret using Node.js
Encrypt your secret using the tweetsodium library.
const sodium = require('tweetsodium');
const key = "base64-encoded-public-key";
const value = "plain-text-secret";
// Convert the message and key to Uint8Array's (Buffer implements that interface)
const messageBytes = Buffer.from(value);
const keyBytes = Buffer.from(key, 'base64');
// Encrypt using LibSodium.
const encryptedBytes = sodium.seal(messageBytes, keyBytes);
// Base64 the encrypted secret
const encrypted = Buffer.from(encryptedBytes).toString('base64');
console.log(encrypted);
Example encrypting a secret using Python
Encrypt your secret using pynacl with Python 3.
from base64 import b64encode
from nacl import encoding, public
def encrypt(public_key: str, secret_value: str) -> str:
"""Encrypt a Unicode string using the public key."""
public_key = public.PublicKey(public_key.encode("utf-8"), encoding.Base64Encoder())
sealed_box = public.SealedBox(public_key)
encrypted = sealed_box.encrypt(secret_value.encode("utf-8"))
return b64encode(encrypted).decode("utf-8")
Example encrypting a secret using C#
Encrypt your secret using the Sodium.Core package.
var secretValue = System.Text.Encoding.UTF8.GetBytes("mySecret");
var publicKey = Convert.FromBase64String("2Sg8iYjAxxmI2LvUXpJjkYrMxURPc8r+dB7TJyvvcCU=");
var sealedPublicKeyBox = Sodium.SealedPublicKeyBox.Create(secretValue, publicKey);
Console.WriteLine(Convert.ToBase64String(sealedPublicKeyBox));
Example encrypting a secret using Ruby
Encrypt your secret using the rbnacl gem.
require "rbnacl"
require "base64"
key = Base64.decode64("+ZYvJDZMHUfBkJdyq5Zm9SKqeuBQ4sj+6sfjlH4CgG0=")
public_key = RbNaCl::PublicKey.new(key)
box = RbNaCl::Boxes::Sealed.from_public_key(public_key)
encrypted_secret = box.encrypt("my_secret")
# Print the base64 encoded secret
puts Base64.strict_encode64(encrypted_secret)
octokit.rest.dependabot.createOrUpdateOrgSecret({
org,
secret_name,
visibility,
});
Parameters
name | required | description |
---|---|---|
org | yes |
The organization name. The name is not case sensitive. |
secret_name | yes |
The name of the secret. |
encrypted_value | no |
Value for your secret, encrypted with LibSodium using the public key retrieved from the Get an organization public key endpoint. |
key_id | no |
ID of the key you used to encrypt the secret. |
visibility | yes |
Which type of organization repositories have access to the organization secret. |
selected_repository_ids | no |
An array of repository ids that can access the organization secret. You can only provide a list of repository ids when the |
See also: GitHub Developer Guide documentation.
Create or update a repository secret
Creates or updates a repository secret with an encrypted value. Encrypt your secret using LibSodium. For more information, see "Encrypting secrets for the REST API."
OAuth app tokens and personal access tokens (classic) need the repo
scope to use this endpoint.
octokit.rest.dependabot.createOrUpdateRepoSecret({
owner,
repo,
secret_name,
});
Parameters
name | required | description |
---|---|---|
owner | yes |
The account owner of the repository. The name is not case sensitive. |
repo | yes |
The name of the repository without the |
secret_name | yes |
The name of the secret. |
encrypted_value | no |
Value for your secret, encrypted with LibSodium using the public key retrieved from the Get a repository public key endpoint. |
key_id | no |
ID of the key you used to encrypt the secret. |
See also: GitHub Developer Guide documentation.
Delete an organization secret
Deletes a secret in an organization using the secret name.
OAuth app tokens and personal access tokens (classic) need the admin:org
scope to use this endpoint.
octokit.rest.dependabot.deleteOrgSecret({
org,
secret_name,
});
Parameters
name | required | description |
---|---|---|
org | yes |
The organization name. The name is not case sensitive. |
secret_name | yes |
The name of the secret. |
See also: GitHub Developer Guide documentation.
Delete a repository secret
Deletes a secret in a repository using the secret name.
OAuth app tokens and personal access tokens (classic) need the repo
scope to use this endpoint.
octokit.rest.dependabot.deleteRepoSecret({
owner,
repo,
secret_name,
});
Parameters
name | required | description |
---|---|---|
owner | yes |
The account owner of the repository. The name is not case sensitive. |
repo | yes |
The name of the repository without the |
secret_name | yes |
The name of the secret. |
See also: GitHub Developer Guide documentation.
Get a Dependabot alert
OAuth app tokens and personal access tokens (classic) need the security_events
scope to use this endpoint. If this endpoint is only used with public repositories, the token can use the public_repo
scope instead.
octokit.rest.dependabot.getAlert({
owner,
repo,
alert_number,
});
Parameters
name | required | description |
---|---|---|
owner | yes |
The account owner of the repository. The name is not case sensitive. |
repo | yes |
The name of the repository without the |
alert_number | yes |
The number that identifies a Dependabot alert in its repository.
You can find this at the end of the URL for a Dependabot alert within GitHub,
or in |
See also: GitHub Developer Guide documentation.
Get an organization public key
Gets your public key, which you need to encrypt secrets. You need to encrypt a secret before you can create or update secrets.
OAuth app tokens and personal access tokens (classic) need the admin:org
scope to use this endpoint.
octokit.rest.dependabot.getOrgPublicKey({
org,
});
Parameters
name | required | description |
---|---|---|
org | yes |
The organization name. The name is not case sensitive. |
See also: GitHub Developer Guide documentation.
Get an organization secret
Gets a single organization secret without revealing its encrypted value.
OAuth app tokens and personal access tokens (classic) need the admin:org
scope to use this endpoint.
octokit.rest.dependabot.getOrgSecret({
org,
secret_name,
});
Parameters
name | required | description |
---|---|---|
org | yes |
The organization name. The name is not case sensitive. |
secret_name | yes |
The name of the secret. |
See also: GitHub Developer Guide documentation.
Get a repository public key
Gets your public key, which you need to encrypt secrets. You need to encrypt a secret before you can create or update secrets. Anyone with read access to the repository can use this endpoint.
OAuth app tokens and personal access tokens (classic) need the repo
scope to use this endpoint if the repository is private.
octokit.rest.dependabot.getRepoPublicKey({
owner,
repo,
});
Parameters
name | required | description |
---|---|---|
owner | yes |
The account owner of the repository. The name is not case sensitive. |
repo | yes |
The name of the repository without the |
See also: GitHub Developer Guide documentation.
Get a repository secret
Gets a single repository secret without revealing its encrypted value.
OAuth app tokens and personal access tokens (classic) need the repo
scope to use this endpoint.
octokit.rest.dependabot.getRepoSecret({
owner,
repo,
secret_name,
});
Parameters
name | required | description |
---|---|---|
owner | yes |
The account owner of the repository. The name is not case sensitive. |
repo | yes |
The name of the repository without the |
secret_name | yes |
The name of the secret. |
See also: GitHub Developer Guide documentation.
List Dependabot alerts for an enterprise
Lists Dependabot alerts for repositories that are owned by the specified enterprise.
The authenticated user must be a member of the enterprise to use this endpoint.
Alerts are only returned for organizations in the enterprise for which you are an organization owner or a security manager. For more information about security managers, see "Managing security managers in your organization."
OAuth app tokens and personal access tokens (classic) need the repo
or security_events
scope to use this endpoint.
octokit.rest.dependabot.listAlertsForEnterprise({
enterprise,
});
Parameters
name | required | description |
---|---|---|
enterprise | yes |
The slug version of the enterprise name. You can also substitute this value with the enterprise id. |
state | no |
A comma-separated list of states. If specified, only alerts with these states will be returned. Can be: |
severity | no |
A comma-separated list of severities. If specified, only alerts with these severities will be returned. Can be: |
ecosystem | no |
A comma-separated list of ecosystems. If specified, only alerts for these ecosystems will be returned. Can be: |
package | no |
A comma-separated list of package names. If specified, only alerts for these packages will be returned. |
scope | no |
The scope of the vulnerable dependency. If specified, only alerts with this scope will be returned. |
sort | no |
The property by which to sort the results.
|
direction | no |
The direction to sort the results by. |
before | no |
A cursor, as given in the Link header. If specified, the query only searches for results before this cursor. For more information, see "Using pagination in the REST API." |
after | no |
A cursor, as given in the Link header. If specified, the query only searches for results after this cursor. For more information, see "Using pagination in the REST API." |
first | no |
Deprecated. The number of results per page (max 100), starting from the first matching result.
This parameter must not be used in combination with |
last | no |
Deprecated. The number of results per page (max 100), starting from the last matching result.
This parameter must not be used in combination with |
per_page | no |
The number of results per page (max 100). For more information, see "Using pagination in the REST API." |
See also: GitHub Developer Guide documentation.
List Dependabot alerts for an organization
Lists Dependabot alerts for an organization.
The authenticated user must be an owner or security manager for the organization to use this endpoint.
OAuth app tokens and personal access tokens (classic) need the security_events
scope to use this endpoint. If this endpoint is only used with public repositories, the token can use the public_repo
scope instead.
octokit.rest.dependabot.listAlertsForOrg({
org,
});
Parameters
name | required | description |
---|---|---|
org | yes |
The organization name. The name is not case sensitive. |
state | no |
A comma-separated list of states. If specified, only alerts with these states will be returned. Can be: |
severity | no |
A comma-separated list of severities. If specified, only alerts with these severities will be returned. Can be: |
ecosystem | no |
A comma-separated list of ecosystems. If specified, only alerts for these ecosystems will be returned. Can be: |
package | no |
A comma-separated list of package names. If specified, only alerts for these packages will be returned. |
scope | no |
The scope of the vulnerable dependency. If specified, only alerts with this scope will be returned. |
sort | no |
The property by which to sort the results.
|
direction | no |
The direction to sort the results by. |
before | no |
A cursor, as given in the Link header. If specified, the query only searches for results before this cursor. For more information, see "Using pagination in the REST API." |
after | no |
A cursor, as given in the Link header. If specified, the query only searches for results after this cursor. For more information, see "Using pagination in the REST API." |
first | no |
Deprecated. The number of results per page (max 100), starting from the first matching result.
This parameter must not be used in combination with |
last | no |
Deprecated. The number of results per page (max 100), starting from the last matching result.
This parameter must not be used in combination with |
per_page | no |
The number of results per page (max 100). For more information, see "Using pagination in the REST API." |
See also: GitHub Developer Guide documentation.
List Dependabot alerts for a repository
OAuth app tokens and personal access tokens (classic) need the security_events
scope to use this endpoint. If this endpoint is only used with public repositories, the token can use the public_repo
scope instead.
octokit.rest.dependabot.listAlertsForRepo({
owner,
repo,
});
Parameters
name | required | description |
---|---|---|
owner | yes |
The account owner of the repository. The name is not case sensitive. |
repo | yes |
The name of the repository without the |
state | no |
A comma-separated list of states. If specified, only alerts with these states will be returned. Can be: |
severity | no |
A comma-separated list of severities. If specified, only alerts with these severities will be returned. Can be: |
ecosystem | no |
A comma-separated list of ecosystems. If specified, only alerts for these ecosystems will be returned. Can be: |
package | no |
A comma-separated list of package names. If specified, only alerts for these packages will be returned. |
manifest | no |
A comma-separated list of full manifest paths. If specified, only alerts for these manifests will be returned. |
scope | no |
The scope of the vulnerable dependency. If specified, only alerts with this scope will be returned. |
sort | no |
The property by which to sort the results.
|
direction | no |
The direction to sort the results by. |
page | no |
Closing down notice. Page number of the results to fetch. Use cursor-based pagination with |
per_page | no |
The number of results per page (max 100). For more information, see "Using pagination in the REST API." |
before | no |
A cursor, as given in the Link header. If specified, the query only searches for results before this cursor. For more information, see "Using pagination in the REST API." |
after | no |
A cursor, as given in the Link header. If specified, the query only searches for results after this cursor. For more information, see "Using pagination in the REST API." |
first | no |
Deprecated. The number of results per page (max 100), starting from the first matching result.
This parameter must not be used in combination with |
last | no |
Deprecated. The number of results per page (max 100), starting from the last matching result.
This parameter must not be used in combination with |
See also: GitHub Developer Guide documentation.
List organization secrets
Lists all secrets available in an organization without revealing their encrypted values.
OAuth app tokens and personal access tokens (classic) need the admin:org
scope to use this endpoint.
octokit.rest.dependabot.listOrgSecrets({
org,
});
Parameters
name | required | description |
---|---|---|
org | yes |
The organization name. The name is not case sensitive. |
per_page | no |
The number of results per page (max 100). For more information, see "Using pagination in the REST API." |
page | no |
The page number of the results to fetch. For more information, see "Using pagination in the REST API." |
See also: GitHub Developer Guide documentation.
List repository secrets
Lists all secrets available in a repository without revealing their encrypted values.
OAuth app tokens and personal access tokens (classic) need the repo
scope to use this endpoint.
octokit.rest.dependabot.listRepoSecrets({
owner,
repo,
});
Parameters
name | required | description |
---|---|---|
owner | yes |
The account owner of the repository. The name is not case sensitive. |
repo | yes |
The name of the repository without the |
per_page | no |
The number of results per page (max 100). For more information, see "Using pagination in the REST API." |
page | no |
The page number of the results to fetch. For more information, see "Using pagination in the REST API." |
See also: GitHub Developer Guide documentation.
List selected repositories for an organization secret
Lists all repositories that have been selected when the visibility
for repository access to a secret is set to selected
.
OAuth app tokens and personal access tokens (classic) need the admin:org
scope to use this endpoint.
octokit.rest.dependabot.listSelectedReposForOrgSecret({
org,
secret_name,
});
Parameters
name | required | description |
---|---|---|
org | yes |
The organization name. The name is not case sensitive. |
secret_name | yes |
The name of the secret. |
page | no |
The page number of the results to fetch. For more information, see "Using pagination in the REST API." |
per_page | no |
The number of results per page (max 100). For more information, see "Using pagination in the REST API." |
See also: GitHub Developer Guide documentation.
Remove selected repository from an organization secret
Removes a repository from an organization secret when the visibility
for repository access is set to selected
. The visibility is set when you Create
or update an organization secret.
OAuth app tokens and personal access tokens (classic) need the admin:org
scope to use this endpoint.
octokit.rest.dependabot.removeSelectedRepoFromOrgSecret({
org,
secret_name,
repository_id,
});
Parameters
name | required | description |
---|---|---|
org | yes |
The organization name. The name is not case sensitive. |
secret_name | yes |
The name of the secret. |
repository_id | yes |
See also: GitHub Developer Guide documentation.
Set selected repositories for an organization secret
Replaces all repositories for an organization secret when the visibility
for repository access is set to selected
. The visibility is set when you Create
or update an organization secret.
OAuth app tokens and personal access tokens (classic) need the admin:org
scope to use this endpoint.
octokit.rest.dependabot.setSelectedReposForOrgSecret({
org,
secret_name,
selected_repository_ids,
});
Parameters
name | required | description |
---|---|---|
org | yes |
The organization name. The name is not case sensitive. |
secret_name | yes |
The name of the secret. |
selected_repository_ids | yes |
An array of repository ids that can access the organization secret. You can only provide a list of repository ids when the |
See also: GitHub Developer Guide documentation.
Update a Dependabot alert
The authenticated user must have access to security alerts for the repository to use this endpoint. For more information, see "Granting access to security alerts."
OAuth app tokens and personal access tokens (classic) need the security_events
scope to use this endpoint. If this endpoint is only used with public repositories, the token can use the public_repo
scope instead.
octokit.rest.dependabot.updateAlert({
owner,
repo,
alert_number,
state,
});
Parameters
name | required | description |
---|---|---|
owner | yes |
The account owner of the repository. The name is not case sensitive. |
repo | yes |
The name of the repository without the |
alert_number | yes |
The number that identifies a Dependabot alert in its repository.
You can find this at the end of the URL for a Dependabot alert within GitHub,
or in |
state | yes |
The state of the Dependabot alert.
A |
dismissed_reason | no |
Required when |
dismissed_comment | no |
An optional comment associated with dismissing the alert. |
See also: GitHub Developer Guide documentation.
Dependency-Graph
Create a snapshot of dependencies for a repository
Create a new snapshot of a repository's dependencies.
The authenticated user must have access to the repository.
OAuth app tokens and personal access tokens (classic) need the repo
scope to use this endpoint.
octokit.rest.dependencyGraph.createRepositorySnapshot({
owner,
repo,
version,
job,
job.id,
job.correlator,
sha,
ref,
detector,
detector.name,
detector.version,
detector.url,
manifests.*.name,
scanned
})
Parameters
name | required | description |
---|---|---|
owner | yes |
The account owner of the repository. The name is not case sensitive. |
repo | yes |
The name of the repository without the |
version | yes |
The version of the repository snapshot submission. |
job | yes | |
job.id | yes |
The external ID of the job. |
job.correlator | yes |
Correlator provides a key that is used to group snapshots submitted over time. Only the "latest" submitted snapshot for a given combination of |
job.html_url | no |
The url for the job. |
sha | yes |
The commit SHA associated with this dependency snapshot. Maximum length: 40 characters. |
ref | yes |
The repository branch that triggered this snapshot. |
detector | yes |
A description of the detector used. |
detector.name | yes |
The name of the detector used. |
detector.version | yes |
The version of the detector used. |
detector.url | yes |
The url of the detector used. |
metadata | no |
User-defined metadata to store domain-specific information limited to 8 keys with scalar values. |
metadata.* | no | |
manifests | no |
A collection of package manifests, which are a collection of related dependencies declared in a file or representing a logical group of dependencies. |
manifests.* | no | |
manifests.*.name | yes |
The name of the manifest. |
manifests.*.file | no | |
manifests.*.file.source_location | no |
The path of the manifest file relative to the root of the Git repository. |
manifests.*.metadata | no |
User-defined metadata to store domain-specific information limited to 8 keys with scalar values. |
manifests.*.metadata.* | no | |
manifests.*.resolved | no |
A collection of resolved package dependencies. |
manifests.*.resolved.* | no | |
manifests.*.resolved.*.package_url | no |
Package-url (PURL) of dependency. See https://github.com/package-url/purl-spec for more details. |
manifests.*.resolved.*.metadata | no |
User-defined metadata to store domain-specific information limited to 8 keys with scalar values. |
manifests.*.resolved.*.metadata.* | no | |
manifests.*.resolved.*.relationship | no |
A notation of whether a dependency is requested directly by this manifest or is a dependency of another dependency. |
manifests.*.resolved.*.scope | no |
A notation of whether the dependency is required for the primary build artifact (runtime) or is only used for development. Future versions of this specification may allow for more granular scopes. |
manifests.*.resolved.*.dependencies | no |
Array of package-url (PURLs) of direct child dependencies. |
scanned | yes |
The time at which the snapshot was scanned. |
See also: GitHub Developer Guide documentation.
Get a diff of the dependencies between commits
Gets the diff of the dependency changes between two commits of a repository, based on the changes to the dependency manifests made in those commits.
octokit.rest.dependencyGraph.diffRange({
owner,
repo,
basehead,
});
Parameters
name | required | description |
---|---|---|
owner | yes |
The account owner of the repository. The name is not case sensitive. |
repo | yes |
The name of the repository without the |
basehead | yes |
The base and head Git revisions to compare. The Git revisions will be resolved to commit SHAs. Named revisions will be resolved to their corresponding HEAD commits, and an appropriate merge base will be determined. This parameter expects the format |
name | no |
The full path, relative to the repository root, of the dependency manifest file. |
See also: GitHub Developer Guide documentation.
Export a software bill of materials (SBOM) for a repository.
Exports the software bill of materials (SBOM) for a repository in SPDX JSON format.
octokit.rest.dependencyGraph.exportSbom({
owner,
repo,
});
Parameters
name | required | description |
---|---|---|
owner | yes |
The account owner of the repository. The name is not case sensitive. |
repo | yes |
The name of the repository without the |
See also: GitHub Developer Guide documentation.
Emojis
Get emojis
Lists all the emojis available to use on GitHub.
octokit.rest.emojis.get();
Parameters
This endpoint has no parameters
See also: GitHub Developer Guide documentation.
Gists
Check if a gist is starred
octokit.rest.gists.checkIsStarred({
gist_id,
});
Parameters
name | required | description |
---|---|---|
gist_id | yes |
The unique identifier of the gist. |
See also: GitHub Developer Guide documentation.
Create a gist
Allows you to add a new gist with one or more files.
[!NOTE] Don't name your files "gistfile" with a numerical suffix. This is the format of the automatic naming scheme that Gist uses internally.
octokit.rest.gists.create({
files,
files.*.content
})
Parameters
name | required | description |
---|---|---|
description | no |
Description of the gist |
files | yes |
Names and content for the files that make up the gist |
files.* | no | |
files.*.content | yes |
Content of the file |
public | no |
See also: GitHub Developer Guide documentation.
Create a gist comment
Creates a comment on a gist.
This endpoint supports the following custom media types. For more information, see "Media types."
application/vnd.github.raw+json
: Returns the raw markdown. This is the default if you do not pass any specific media type.application/vnd.github.base64+json
: Returns the base64-encoded contents. This can be useful if your gist contains any invalid UTF-8 sequences.
octokit.rest.gists.createComment({
gist_id,
body,
});
Parameters
name | required | description |
---|---|---|
gist_id | yes |
The unique identifier of the gist. |
body | yes |
The comment text. |
See also: GitHub Developer Guide documentation.
Delete a gist
octokit.rest.gists.delete({
gist_id,
});
Parameters
name | required | description |
---|---|---|
gist_id | yes |
The unique identifier of the gist. |
See also: GitHub Developer Guide documentation.
Delete a gist comment
octokit.rest.gists.deleteComment({
gist_id,
comment_id,
});
Parameters
name | required | description |
---|---|---|
gist_id | yes |
The unique identifier of the gist. |
comment_id | yes |
The unique identifier of the comment. |
See also: GitHub Developer Guide documentation.
Fork a gist
octokit.rest.gists.fork({
gist_id,
});
Parameters
name | required | description |
---|---|---|
gist_id | yes |
The unique identifier of the gist. |
See also: GitHub Developer Guide documentation.
Get a gist
Gets a specified gist.
This endpoint supports the following custom media types. For more information, see "Media types."
application/vnd.github.raw+json
: Returns the raw markdown. This is the default if you do not pass any specific media type.application/vnd.github.base64+json
: Returns the base64-encoded contents. This can be useful if your gist contains any invalid UTF-8 sequences.
octokit.rest.gists.get({
gist_id,
});
Parameters
name | required | description |
---|---|---|
gist_id | yes |
The unique identifier of the gist. |
See also: GitHub Developer Guide documentation.
Get a gist comment
Gets a comment on a gist.
This endpoint supports the following custom media types. For more information, see "Media types."
application/vnd.github.raw+json
: Returns the raw markdown. This is the default if you do not pass any specific media type.application/vnd.github.base64+json
: Returns the base64-encoded contents. This can be useful if your gist contains any invalid UTF-8 sequences.
octokit.rest.gists.getComment({
gist_id,
comment_id,
});
Parameters
name | required | description |
---|---|---|
gist_id | yes |
The unique identifier of the gist. |
comment_id | yes |
The unique identifier of the comment. |
See also: GitHub Developer Guide documentation.
Get a gist revision
Gets a specified gist revision.
This endpoint supports the following custom media types. For more information, see "Media types."
application/vnd.github.raw+json
: Returns the raw markdown. This is the default if you do not pass any specific media type.application/vnd.github.base64+json
: Returns the base64-encoded contents. This can be useful if your gist contains any invalid UTF-8 sequences.
octokit.rest.gists.getRevision({
gist_id,
sha,
});
Parameters
name | required | description |
---|---|---|
gist_id | yes |
The unique identifier of the gist. |
sha | yes |
See also: GitHub Developer Guide documentation.
List gists for the authenticated user
Lists the authenticated user's gists or if called anonymously, this endpoint returns all public gists:
octokit.rest.gists.list();
Parameters
name | required | description |
---|---|---|
since | no |
Only show results that were last updated after the given time. This is a timestamp in ISO 8601 format: |
per_page | no |
The number of results per page (max 100). For more information, see "Using pagination in the REST API." |
page | no |
The page number of the results to fetch. For more information, see "Using pagination in the REST API." |
See also: GitHub Developer Guide documentation.
List gist comments
Lists the comments on a gist.
This endpoint supports the following custom media types. For more information, see "Media types."
application/vnd.github.raw+json
: Returns the raw markdown. This is the default if you do not pass any specific media type.application/vnd.github.base64+json
: Returns the base64-encoded contents. This can be useful if your gist contains any invalid UTF-8 sequences.
octokit.rest.gists.listComments({
gist_id,
});
Parameters
name | required | description |
---|---|---|
gist_id | yes |
The unique identifier of the gist. |
per_page | no |
The number of results per page (max 100). For more information, see "Using pagination in the REST API." |
page | no |
The page number of the results to fetch. For more information, see "Using pagination in the REST API." |
See also: GitHub Developer Guide documentation.
List gist commits
octokit.rest.gists.listCommits({
gist_id,
});
Parameters
name | required | description |
---|---|---|
gist_id | yes |
The unique identifier of the gist. |
per_page | no |
The number of results per page (max 100). For more information, see "Using pagination in the REST API." |
page | no |
The page number of the results to fetch. For more information, see "Using pagination in the REST API." |
See also: GitHub Developer Guide documentation.
List gists for a user
Lists public gists for the specified user:
octokit.rest.gists.listForUser({
username,
});
Parameters
name | required | description |
---|---|---|
username | yes |
The handle for the GitHub user account. |
since | no |
Only show results that were last updated after the given time. This is a timestamp in ISO 8601 format: |
per_page | no |
The number of results per page (max 100). For more information, see "Using pagination in the REST API." |
page | no |
The page number of the results to fetch. For more information, see "Using pagination in the REST API." |
See also: GitHub Developer Guide documentation.
List gist forks
octokit.rest.gists.listForks({
gist_id,
});
Parameters
name | required | description |
---|---|---|
gist_id | yes |
The unique identifier of the gist. |
per_page | no |
The number of results per page (max 100). For more information, see "Using pagination in the REST API." |
page | no |
The page number of the results to fetch. For more information, see "Using pagination in the REST API." |
See also: GitHub Developer Guide documentation.
List public gists
List public gists sorted by most recently updated to least recently updated.
Note: With pagination, you can fetch up to 3000 gists. For example, you can fetch 100 pages with 30 gists per page or 30 pages with 100 gists per page.
octokit.rest.gists.listPublic();
Parameters
name | required | description |
---|---|---|
since | no |
Only show results that were last updated after the given time. This is a timestamp in ISO 8601 format: |
per_page | no |
The number of results per page (max 100). For more information, see "Using pagination in the REST API." |
page | no |
The page number of the results to fetch. For more information, see "Using pagination in the REST API." |
See also: GitHub Developer Guide documentation.
List starred gists
List the authenticated user's starred gists:
octokit.rest.gists.listStarred();
Parameters
name | required | description |
---|---|---|
since | no |
Only show results that were last updated after the given time. This is a timestamp in ISO 8601 format: |
per_page | no |
The number of results per page (max 100). For more information, see "Using pagination in the REST API." |
page | no |
The page number of the results to fetch. For more information, see "Using pagination in the REST API." |
See also: GitHub Developer Guide documentation.
Star a gist
Note that you'll need to set Content-Length
to zero when calling out to this endpoint. For more information, see "HTTP method."
octokit.rest.gists.star({
gist_id,
});
Parameters
name | required | description |
---|---|---|
gist_id | yes |
The unique identifier of the gist. |
See also: GitHub Developer Guide documentation.
Unstar a gist
octokit.rest.gists.unstar({
gist_id,
});
Parameters
name | required | description |
---|---|---|
gist_id | yes |
The unique identifier of the gist. |
See also: GitHub Developer Guide documentation.
Update a gist
Allows you to update a gist's description and to update, delete, or rename gist files. Files from the previous version of the gist that aren't explicitly changed during an edit are unchanged.
octokit.rest.gists.update({
gist_id,
});
Parameters
name | required | description |
---|---|---|
gist_id | yes |
The unique identifier of the gist. |
description | no |
The description of the gist. |
files | no |
The gist files to be updated, renamed, or deleted. Each To delete a file, set the whole file to null. For example: |
files.* | no | |
files.*.content | no |
The new content of the file. |
files.*.filename | no |
The new filename for the file. |
See also: GitHub Developer Guide documentation.
Update a gist comment
Updates a comment on a gist.
This endpoint supports the following custom media types. For more information, see "Media types."
application/vnd.github.raw+json
: Returns the raw markdown. This is the default if you do not pass any specific media type.application/vnd.github.base64+json
: Returns the base64-encoded contents. This can be useful if your gist contains any invalid UTF-8 sequences.
octokit.rest.gists.updateComment({
gist_id,
comment_id,
body,
});
Parameters
name | required | description |
---|---|---|
gist_id | yes |
The unique identifier of the gist. |
comment_id | yes |
The unique identifier of the comment. |
body | yes |
The comment text. |
See also: GitHub Developer Guide documentation.
Git
Create a blob
octokit.rest.git.createBlob({
owner,
repo,
content,
});
Parameters
name | required | description |
---|---|---|
owner | yes |
The account owner of the repository. The name is not case sensitive. |
repo | yes |
The name of the repository without the |
content | yes |
The new blob's content. |
encoding | no |
The encoding used for |
See also: GitHub Developer Guide documentation.
Create a commit
Creates a new Git commit object.
Signature verification object
The response will include a verification
object that describes the result of verifying the commit's signature. The following fields are included in the verification
object:
Name | Type | Description |
---|---|---|
verified | boolean | Indicates whether GitHub considers the signature in this commit to be verified. |
reason | string | The reason for verified value. Possible values and their meanings are enumerated in the table below. |
signature | string | The signature that was extracted from the commit. |
payload | string | The value that was signed. |
verified_at | string | The date the signature was verified by GitHub. |
These are the possible values for reason
in the verification
object:
Value | Description |
---|---|
expired_key | The key that made the signature is expired. |
not_signing_key | The "signing" flag is not among the usage flags in the GPG key that made the signature. |
gpgverify_error | There was an error communicating with the signature verification service. |
gpgverify_unavailable | The signature verification service is currently unavailable. |
unsigned | The object does not include a signature. |
unknown_signature_type | A non-PGP signature was found in the commit. |
no_user | No user was associated with the committer email address in the commit. |
unverified_email | The committer email address in the commit was associated with a user, but the email address is not verified on their account. |
bad_email | The committer email address in the commit is not included in the identities of the PGP key that made the signature. |
unknown_key | The key that made the signature has not been registered with any user's account. |
malformed_signature | There was an error parsing the signature. |
invalid | The signature could not be cryptographically verified using the key whose key-id was found in the signature. |
valid | None of the above errors applied, so the signature is considered to be verified. |
octokit.rest.git.createCommit({
owner,
repo,
message,
tree,
author.name,
author.email
})
Parameters
name | required | description |
---|---|---|
owner | yes |
The account owner of the repository. The name is not case sensitive. |
repo | yes |
The name of the repository without the |
message | yes |
The commit message |
tree | yes |
The SHA of the tree object this commit points to |
parents | no |
The full SHAs of the commits that were the parents of this commit. If omitted or empty, the commit will be written as a root commit. For a single parent, an array of one SHA should be provided; for a merge commit, an array of more than one should be provided. |
author | no |
Information about the author of the commit. By default, the |
author.name | yes |
The name of the author (or committer) of the commit |
author.email | yes |
The email of the author (or committer) of the commit |
author.date | no |
Indicates when this commit was authored (or committed). This is a timestamp in ISO 8601 format: |
committer | no |
Information about the person who is making the commit. By default, |
committer.name | no |
The name of the author (or committer) of the commit |
committer.email | no |
The email of the author (or committer) of the commit |
committer.date | no |
Indicates when this commit was authored (or committed). This is a timestamp in ISO 8601 format: |
signature | no |
The PGP signature of the commit. GitHub adds the signature to the |
See also: GitHub Developer Guide documentation.
Create a reference
Creates a reference for your repository. You are unable to create new references for empty repositories, even if the commit SHA-1 hash used exists. Empty repositories are repositories without branches.
octokit.rest.git.createRef({
owner,
repo,
ref,
sha,
});
Parameters
name | required | description |
---|---|---|
owner | yes |
The account owner of the repository. The name is not case sensitive. |
repo | yes |
The name of the repository without the |
ref | yes |
The name of the fully qualified reference (ie: |
sha | yes |
The SHA1 value for this reference. |
See also: GitHub Developer Guide documentation.
Create a tag object
Note that creating a tag object does not create the reference that makes a tag in Git. If you want to create an annotated tag in Git, you have to do this call to create the tag object, and then create the refs/tags/[tag]
reference. If you want to create a lightweight tag, you only have to create the tag reference - this call would be unnecessary.
Signature verification object
The response will include a verification
object that describes the result of verifying the commit's signature. The following fields are included in the verification
object:
Name | Type | Description |
---|---|---|
verified | boolean | Indicates whether GitHub considers the signature in this commit to be verified. |
reason | string | The reason for verified value. Possible values and their meanings are enumerated in table below. |
signature | string | The signature that was extracted from the commit. |
payload | string | The value that was signed. |
verified_at | string | The date the signature was verified by GitHub. |
These are the possible values for reason
in the verification
object:
Value | Description |
---|---|
expired_key | The key that made the signature is expired. |
not_signing_key | The "signing" flag is not among the usage flags in the GPG key that made the signature. |
gpgverify_error | There was an error communicating with the signature verification service. |
gpgverify_unavailable | The signature verification service is currently unavailable. |
unsigned | The object does not include a signature. |
unknown_signature_type | A non-PGP signature was found in the commit. |
no_user | No user was associated with the committer email address in the commit. |
unverified_email | The committer email address in the commit was associated with a user, but the email address is not verified on their account. |
bad_email | The committer email address in the commit is not included in the identities of the PGP key that made the signature. |
unknown_key | The key that made the signature has not been registered with any user's account. |
malformed_signature | There was an error parsing the signature. |
invalid | The signature could not be cryptographically verified using the key whose key-id was found in the signature. |
valid | None of the above errors applied, so the signature is considered to be verified. |
octokit.rest.git.createTag({
owner,
repo,
tag,
message,
object,
type,
tagger.name,
tagger.email
})
Parameters
name | required | description |
---|---|---|
owner | yes |
The account owner of the repository. The name is not case sensitive. |
repo | yes |
The name of the repository without the |
tag | yes |
The tag's name. This is typically a version (e.g., "v0.0.1"). |
message | yes |
The tag message. |
object | yes |
The SHA of the git object this is tagging. |
type | yes |
The type of the object we're tagging. Normally this is a |
tagger | no |
An object with information about the individual creating the tag. |
tagger.name | yes |
The name of the author of the tag |
tagger.email | yes |
The email of the author of the tag |
tagger.date | no |
When this object was tagged. This is a timestamp in ISO 8601 format: |
See also: GitHub Developer Guide documentation.
Create a tree
The tree creation API accepts nested entries. If you specify both a tree and a nested path modifying that tree, this endpoint will overwrite the contents of the tree with the new path contents, and create a new tree structure.
If you use this endpoint to add, delete, or modify the file contents in a tree, you will need to commit the tree and then update a branch to point to the commit. For more information see "Create a commit" and "Update a reference."
Returns an error if you try to delete a file that does not exist.
octokit.rest.git.createTree({
owner,
repo,
tree,
});
Parameters
name | required | description |
---|---|---|
owner | yes |
The account owner of the repository. The name is not case sensitive. |
repo | yes |
The name of the repository without the |
tree | yes |
Objects (of |
tree[].path | no |
The file referenced in the tree. |
tree[].mode | no |
The file mode; one of |
tree[].type | no |
Either |
tree[].sha | no |
The SHA1 checksum ID of the object in the tree. Also called Note: Use either |
tree[].content | no |
The content you want this file to have. GitHub will write this blob out and use that SHA for this entry. Use either this, or Note: Use either |
base_tree | no |
The SHA1 of an existing Git tree object which will be used as the base for the new tree. If provided, a new Git tree object will be created from entries in the Git tree object pointed to by |
See also: GitHub Developer Guide documentation.
Delete a reference
Deletes the provided reference.
octokit.rest.git.deleteRef({
owner,
repo,
ref,
});
Parameters
name | required | description |
---|---|---|
owner | yes |
The account owner of the repository. The name is not case sensitive. |
repo | yes |
The name of the repository without the |
ref | yes |
The Git reference. For more information, see "Git References" in the Git documentation. |
See also: GitHub Developer Guide documentation.
Get a blob
The content
in the response will always be Base64 encoded.
This endpoint supports the following custom media types. For more information, see "Media types."
application/vnd.github.raw+json
: Returns the raw blob data.application/vnd.github+json
: Returns a JSON representation of the blob withcontent
as a base64 encoded string. This is the default if no media type is specified.
Note This endpoint supports blobs up to 100 megabytes in size.
octokit.rest.git.getBlob({
owner,
repo,
file_sha,
});
Parameters
name | required | description |
---|---|---|
owner | yes |
The account owner of the repository. The name is not case sensitive. |
repo | yes |
The name of the repository without the |
file_sha | yes |
See also: GitHub Developer Guide documentation.
Get a commit object
Gets a Git commit object.
To get the contents of a commit, see "Get a commit."
Signature verification object
The response will include a verification
object that describes the result of verifying the commit's signature. The following fields are included in the verification
object:
Name | Type | Description |
---|---|---|
verified | boolean | Indicates whether GitHub considers the signature in this commit to be verified. |
reason | string | The reason for verified value. Possible values and their meanings are enumerated in the table below. |
signature | string | The signature that was extracted from the commit. |
payload | string | The value that was signed. |
verified_at | string | The date the signature was verified by GitHub. |
These are the possible values for reason
in the verification
object:
Value | Description |
---|---|
expired_key | The key that made the signature is expired. |
not_signing_key | The "signing" flag is not among the usage flags in the GPG key that made the signature. |
gpgverify_error | There was an error communicating with the signature verification service. |
gpgverify_unavailable | The signature verification service is currently unavailable. |
unsigned | The object does not include a signature. |
unknown_signature_type | A non-PGP signature was found in the commit. |
no_user | No user was associated with the committer email address in the commit. |
unverified_email | The committer email address in the commit was associated with a user, but the email address is not verified on their account. |
bad_email | The committer email address in the commit is not included in the identities of the PGP key that made the signature. |
unknown_key | The key that made the signature has not been registered with any user's account. |
malformed_signature | There was an error parsing the signature. |
invalid | The signature could not be cryptographically verified using the key whose key-id was found in the signature. |
valid | None of the above errors applied, so the signature is considered to be verified. |
octokit.rest.git.getCommit({
owner,
repo,
commit_sha,
});
Parameters
name | required | description |
---|---|---|
owner | yes |
The account owner of the repository. The name is not case sensitive. |
repo | yes |
The name of the repository without the |
commit_sha | yes |
The SHA of the commit. |
See also: GitHub Developer Guide documentation.
Get a reference
Returns a single reference from your Git database. The :ref
in the URL must be formatted as heads/<branch name>
for branches and tags/<tag name>
for tags. If the :ref
doesn't match an existing ref, a 404
is returned.
[!NOTE] You need to explicitly request a pull request to trigger a test merge commit, which checks the mergeability of pull requests. For more information, see "Checking mergeability of pull requests".
octokit.rest.git.getRef({
owner,
repo,
ref,
});
Parameters
name | required | description |
---|---|---|
owner | yes |
The account owner of the repository. The name is not case sensitive. |
repo | yes |
The name of the repository without the |
ref | yes |
The Git reference. For more information, see "Git References" in the Git documentation. |
See also: GitHub Developer Guide documentation.
Get a tag
Signature verification object
The response will include a verification
object that describes the result of verifying the commit's signature. The following fields are included in the verification
object:
Name | Type | Description |
---|---|---|
verified | boolean | Indicates whether GitHub considers the signature in this commit to be verified. |
reason | string | The reason for verified value. Possible values and their meanings are enumerated in table below. |
signature | string | The signature that was extracted from the commit. |
payload | string | The value that was signed. |
verified_at | string | The date the signature was verified by GitHub. |
These are the possible values for reason
in the verification
object:
Value | Description |
---|---|
expired_key | The key that made the signature is expired. |
not_signing_key | The "signing" flag is not among the usage flags in the GPG key that made the signature. |
gpgverify_error | There was an error communicating with the signature verification service. |
gpgverify_unavailable | The signature verification service is currently unavailable. |
unsigned | The object does not include a signature. |
unknown_signature_type | A non-PGP signature was found in the commit. |
no_user | No user was associated with the committer email address in the commit. |
unverified_email | The committer email address in the commit was associated with a user, but the email address is not verified on their account. |
bad_email | The committer email address in the commit is not included in the identities of the PGP key that made the signature. |
unknown_key | The key that made the signature has not been registered with any user's account. |
malformed_signature | There was an error parsing the signature. |
invalid | The signature could not be cryptographically verified using the key whose key-id was found in the signature. |
valid | None of the above errors applied, so the signature is considered to be verified. |
octokit.rest.git.getTag({
owner,
repo,
tag_sha,
});
Parameters
name | required | description |
---|---|---|
owner | yes |
The account owner of the repository. The name is not case sensitive. |
repo | yes |
The name of the repository without the |
tag_sha | yes |
See also: GitHub Developer Guide documentation.
Get a tree
Returns a single tree using the SHA1 value or ref name for that tree.
If truncated
is true
in the response then the number of items in the tree
array exceeded our maximum limit. If you need to fetch more items, use the non-recursive method of fetching trees, and fetch one sub-tree at a time.
[!NOTE] The limit for the
tree
array is 100,000 entries with a maximum size of 7 MB when using therecursive
parameter.
octokit.rest.git.getTree({
owner,
repo,
tree_sha,
});
Parameters
name | required | description |
---|---|---|
owner | yes |
The account owner of the repository. The name is not case sensitive. |
repo | yes |
The name of the repository without the |
tree_sha | yes |
The SHA1 value or ref (branch or tag) name of the tree. |
recursive | no |
Setting this parameter to any value returns the objects or subtrees referenced by the tree specified in |
See also: GitHub Developer Guide documentation.
List matching references
Returns an array of references from your Git database that match the supplied name. The :ref
in the URL must be formatted as heads/<branch name>
for branches and tags/<tag name>
for tags. If the :ref
doesn't exist in the repository, but existing refs start with :ref
, they will be returned as an array.
When you use this endpoint without providing a :ref
, it will return an array of all the references from your Git database, including notes and stashes if they exist on the server. Anything in the namespace is returned, not just heads
and tags
.
[!NOTE] You need to explicitly request a pull request to trigger a test merge commit, which checks the mergeability of pull requests. For more information, see "Checking mergeability of pull requests".
If you request matching references for a branch named feature
but the branch feature
doesn't exist, the response can still include other matching head refs that start with the word feature
, such as featureA
and featureB
.
octokit.rest.git.listMatchingRefs({
owner,
repo,
ref,
});
Parameters
name | required | description |
---|---|---|
owner | yes |
The account owner of the repository. The name is not case sensitive. |
repo | yes |
The name of the repository without the |
ref | yes |
The Git reference. For more information, see "Git References" in the Git documentation. |
See also: GitHub Developer Guide documentation.
Update a reference
Updates the provided reference to point to a new SHA. For more information, see "Git References" in the Git documentation.
octokit.rest.git.updateRef({
owner,
repo,
ref,
sha,
});
Parameters
name | required | description |
---|---|---|
owner | yes |
The account owner of the repository. The name is not case sensitive. |
repo | yes |
The name of the repository without the |
ref | yes |
The Git reference. For more information, see "Git References" in the Git documentation. |
sha | yes |
The SHA1 value to set this reference to |
force | no |
Indicates whether to force the update or to make sure the update is a fast-forward update. Leaving this out or setting it to |
See also: GitHub Developer Guide documentation.
Gitignore
Get all gitignore templates
List all templates available to pass as an option when creating a repository.
octokit.rest.gitignore.getAllTemplates();
Parameters
This endpoint has no parameters
See also: GitHub Developer Guide documentation.
Get a gitignore template
Get the content of a gitignore template.
This endpoint supports the following custom media types. For more information, see "Media types."
application/vnd.github.raw+json
: Returns the raw .gitignore contents.
octokit.rest.gitignore.getTemplate({
name,
});
Parameters
name | required | description |
---|---|---|
name | yes |
See also: GitHub Developer Guide documentation.
Interactions
Get interaction restrictions for your public repositories
Shows which type of GitHub user can interact with your public repositories and when the restriction expires.
octokit.rest.interactions.getRestrictionsForAuthenticatedUser();
Parameters
This endpoint has no parameters
See also: GitHub Developer Guide documentation.
Get interaction restrictions for an organization
Shows which type of GitHub user can interact with this organization and when the restriction expires. If there is no restrictions, you will see an empty response.
octokit.rest.interactions.getRestrictionsForOrg({
org,
});
Parameters
name | required | description |
---|---|---|
org | yes |
The organization name. The name is not case sensitive. |
See also: GitHub Developer Guide documentation.
Get interaction restrictions for a repository
Shows which type of GitHub user can interact with this repository and when the restriction expires. If there are no restrictions, you will see an empty response.
octokit.rest.interactions.getRestrictionsForRepo({
owner,
repo,
});
Parameters
name | required | description |
---|---|---|
owner | yes |
The account owner of the repository. The name is not case sensitive. |
repo | yes |
The name of the repository without the |
See also: GitHub Developer Guide documentation.
Get interaction restrictions for your public repositories
Deprecated: This method has been renamed to interactions.getRestrictionsForAuthenticatedUser
Shows which type of GitHub user can interact with your public repositories and when the restriction expires.
octokit.rest.interactions.getRestrictionsForYourPublicRepos();
Parameters
This endpoint has no parameters
See also: GitHub Developer Guide documentation.
Remove interaction restrictions from your public repositories
Removes any interaction restrictions from your public repositories.
octokit.rest.interactions.removeRestrictionsForAuthenticatedUser();
Parameters
This endpoint has no parameters
See also: GitHub Developer Guide documentation.
Remove interaction restrictions for an organization
Removes all interaction restrictions from public repositories in the given organization. You must be an organization owner to remove restrictions.
octokit.rest.interactions.removeRestrictionsForOrg({
org,
});
Parameters
name | required | description |
---|---|---|
org | yes |
The organization name. The name is not case sensitive. |
See also: GitHub Developer Guide documentation.
Remove interaction restrictions for a repository
Removes all interaction restrictions from the given repository. You must have owner or admin access to remove restrictions. If the interaction limit is set for the user or organization that owns this repository, you will receive a 409 Conflict
response and will not be able to use this endpoint to change the interaction limit for a single repository.
octokit.rest.interactions.removeRestrictionsForRepo({
owner,
repo,
});
Parameters
name | required | description |
---|---|---|
owner | yes |
The account owner of the repository. The name is not case sensitive. |
repo | yes |
The name of the repository without the |
See also: GitHub Developer Guide documentation.
Remove interaction restrictions from your public repositories
Deprecated: This method has been renamed to interactions.removeRestrictionsForAuthenticatedUser
Removes any interaction restrictions from your public repositories.
octokit.rest.interactions.removeRestrictionsForYourPublicRepos();
Parameters
This endpoint has no parameters
See also: GitHub Developer Guide documentation.
Set interaction restrictions for your public repositories
Temporarily restricts which type of GitHub user can interact with your public repositories. Setting the interaction limit at the user level will overwrite any interaction limits that are set for individual repositories owned by the user.
octokit.rest.interactions.setRestrictionsForAuthenticatedUser({
limit,
});
Parameters
name | required | description |
---|---|---|
limit | yes |
The type of GitHub user that can comment, open issues, or create pull requests while the interaction limit is in effect. |
expiry | no |
The duration of the interaction restriction. Default: |
See also: GitHub Developer Guide documentation.
Set interaction restrictions for an organization
Temporarily restricts interactions to a certain type of GitHub user in any public repository in the given organization. You must be an organization owner to set these restrictions. Setting the interaction limit at the organization level will overwrite any interaction limits that are set for individual repositories owned by the organization.
octokit.rest.interactions.setRestrictionsForOrg({
org,
limit,
});
Parameters
name | required | description |
---|---|---|
org | yes |
The organization name. The name is not case sensitive. |
limit | yes |
The type of GitHub user that can comment, open issues, or create pull requests while the interaction limit is in effect. |
expiry | no |
The duration of the interaction restriction. Default: |
See also: GitHub Developer Guide documentation.
Set interaction restrictions for a repository
Temporarily restricts interactions to a certain type of GitHub user within the given repository. You must have owner or admin access to set these restrictions. If an interaction limit is set for the user or organization that owns this repository, you will receive a 409 Conflict
response and will not be able to use this endpoint to change the interaction limit for a single repository.
octokit.rest.interactions.setRestrictionsForRepo({
owner,
repo,
limit,
}