Add support for Dependabot secrets

[liath]

I added handling for Dependabot specific secrets per #2246. This part of the API seems undocumented, but I don't see why it would change as it's almost identical to managing regular secrets. This file is pretty repetitive, and I doubled the number of repo and org methods, so I did some refactoring. Hopefully nothing too heinous.

[gmlewis]

Thank you, @liath !
Please add unit tests for the new methods.

[gmlewis]

Maybe a more specific description for this endpoint would be good?

[codecov]

Codecov Report

Merging #2248 (3dc35e6) into master (6e66a89) will increase coverage by 0.01%.
The diff coverage is 100.00%.

@@            Coverage Diff             @@
##           master    #2248      +/-   ##
==========================================
+ Coverage   97.80%   97.81%   +0.01%     
==========================================
  Files         113      114       +1     
  Lines       10207    10265      +58     
==========================================
+ Hits         9983    10041      +58     
  Misses        156      156              
  Partials       68       68              

Impacted Files	Coverage Δ
github/actions_secrets.go	100.00% <100.00%> (ø)
github/dependabot_secrets.go	100.00% <100.00%> (ø)
github/github.go	97.62% <100.00%> (+<0.01%)	⬆️
github/users_packages.go	100.00% <0.00%> (ø)

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 6e66a89...3dc35e6. Read the comment docs.

[jurre]

Slightly bike-sheddy, but I would suggest pulling this out of github/actions_secrets.go into github/dependabot_secrets.go. While the API shares a lot of similarities, it is it's own top-level resource that is geared towards Dependabot specifically, not Actions.

[gmlewis]

This is looking great, @liath - thank you!
Just a couple minor tweaks and then I think we will be ready for a second LGTM/Approval before merging.

Note that any other contributor to this repo can review and give the second LGTM/Approval. Thank you!

[gmlewis]

Oh, one more thing... since the new methods are part of the ActionsService, can you please rename the new files to actions_dependabot_secrets.go and actions_dependabot_secrets_test.go? Thank you!

[liath]

Done! That feels much nicer, good suggestion :D

[liath]

Could we go a step further and make them actions_secrets_dependabot* so that all the secrets-management files are next to each other alphabetically?

[gmlewis]

Could we go a step further and make them actions_secrets_dependabot* so that all the secrets-management files are next to each other alphabetically?

Genius! Sorry I didn't think of that the first time, @liath !

[jurre]

Not super familiar with this project, but I do work on Dependabot (and implemented the API in question) and so I'm curious why this is part of the ActionsService, it seems more appropriate to add a new DependabotService struct, as I'd expect these APIs might diverge over time which could result in a breaking change to the library. Given that they are separate resources in the API, would it make sense for the client to follow that?

No strong opinion either way, confident y'all do what makes most sense for this project 👍

[gmlewis]

Not super familiar with this project, but I do work on Dependabot (and implemented the API in question) and so I'm curious why this is part of the ActionsService, it seems more appropriate to add a new DependabotService struct, as I'd expect these APIs might diverge over time which could result in a breaking change to the library. Given that they are separate resources in the API, would it make sense for the client to follow that?

No strong opinion either way, confident y'all do what makes most sense for this project +1

Hi @jurre and thank you for the comments and questions (and for the API! 😄 )!

So in this repo, we try to tightly couple the layout and services to the GitHub v3 API documentation organization structure.

We initially placed these API endpoints under the ActionsService endpoints primarily because they appear to have a very high correlation with those endpoints, and because no Dependabot documentation was available at that time (if I'm not mistaken).

However, now that the API documentation exists and is indeed under a completely different section, I think you are right that we should create a new DependabotService.

@liath - would you like to tackle that, or should we address that in a follow-up PR (either by you or by another contributor)?

[jurre]

very high correlation with those endpoints

You're right, that's definitely the case 👍 they share a lot of the same semantics, but might evolve separately

no Dependabot documentation was available at that time

Yeah it took a few days to get those published so that's totally fair.

[liath]

Should I add Dependabot specific types like DependabotSecrets to fully separate them or would that create weirdness for callers?

[gmlewis]

I think we can keep the shared data structs for now (even though we are separating out the service)... with the understanding that if they diverge in the future, we can split it further.

[gmlewis]

And just to be clear, I think we can keep all that nice work you did to consolidate the shared code... again with the understanding that it may change some day, but I think it is super-clean for now, which is very nice.

[gmlewis]

Hey, this looks fantastic, @liath ! Thank you!
LGTM.
Awaiting second LGTM.

Maybe @Parker77 has time to review?

[Parker77]

LGTM

[gmlewis]

Thank you, @Parker77 !
Merging.