export dist-src/generated/endpoints.js?

[jeffwilcox]

I'd love to be able to use the contents of dist-src/generated/endpoints.js as an import in my ESM project, but unless I am doing something wrong, I haven't found a way and am instead copying that file at runtime and vendoring it in my project, since the project is only exporting the endpoints to methods and not the raw data.

Happy to contribute an export but also may just be doing this wrong so asking the basic question here first...

[github-actions]

👋 Hi! Thank you for this contribution! Just to let you know, our GitHub SDK team does a round of issue and PR reviews twice a week, every Monday and Friday! We have a process in place for prioritizing and responding to your input. Because you are a part of this community please feel free to comment, add to, or pick up any issues/PRs that are labled with Status: Up for grabs. You & others like you are the reason all of this works! So thank you & happy coding! 🚀

[gr2m]

What is your use case? The generated/endpoints.js file is just a compressed way to store all the information we need to generate the octokit.rest.* methods. Maybe an alternative would be to copy the way we generate that file and adjust it to your needs?

[jeffwilcox]

Good point. I am trying to combine knowledge about Octokit rest methods along with the @octokit/app-permissions module to make sure that before I call an installation, I truly know that I have the correct permissions.

We can inspect the rest.js <octokitmethod>.DEFAULTS properties to get the method and URL, cleanse that a bit, and lookup in that dataset. If instead I could get to rest.repos.get.DEFAULTS.permissions or something, I would be happy. Maybe a bit too niche.

[gr2m]

I wouldn't implement that check at runtime, at least not in core octokit, but at build/test time it would be pretty cool!

All the structured data exists in https://github.com/octokit/openapi but it is rather hard to get the data out of it, that's why I created https://github.com/gr2m/github-openapi-graphql-query at some point to create a central place to make the data we need easier to access.

Just so I understand your use case:

1. You have a given GitHub App installation and you know the permission for that installation (probably from when you create the installation access token?)
2. You have code that sends several REST API requests
3. Before even sending the code, you want to check if a given installation has the permissions it needs?

I think what would might be a better approach is to statically analyzing code to extract the REST API endpoints that are being requested, then use @octokit/app-permissions to derive the required app permissions for these REST API endpoints, and then write them into a static file like /src/generated/required-app-permissions.js or similar. That file should updated automatically whenever code changes. Then you don't need to do it at runtime.

I wanted to build something like this for @octoherd so that we can automatically derive required permissions for scripts. Happy to think about this some more and help build some kind of prototype if you like.

If traversing an AST tree is overkill, we might also utilize tests and just gather all REST API endpoints that are used based on all tests to derive the list of unique REST API endpoints.

This whole thing falls apart however when you introduce GraphQL queries