Module: GitHub Private

Extended by:

SystemCommand::Mixin, Utils::Output::Mixin

Defined in:

utils/github.rb,
utils/github/api.rb,
utils/github/actions.rb,
utils/github/artifacts.rb

This module is part of a private API. This module may only be used in the Homebrew/brew repository. Third parties should avoid using this module if possible, as it may be removed or changed without warning.

Defined Under Namespace

Modules: API, Actions

Constant Summary

MAX_PER_PAGE =

This constant is part of an internal API. This constant may only be used internally in repositories owned by Homebrew, except in casks or formulae. Third parties should avoid using this constant if possible, as it may be removed or changed without warning.

100

WorkflowArray =

This constant is part of an internal API. This constant may only be used internally in repositories owned by Homebrew, except in casks or formulae. Third parties should avoid using this constant if possible, as it may be removed or changed without warning.

T.type_alias { [T::Array[T::Hash[String, T.untyped]], String, String, String, String, T::Array[String], String] }

MAXIMUM_OPEN_PRS =

This constant is part of an internal API. This constant may only be used internally in repositories owned by Homebrew, except in casks or formulae. Third parties should avoid using this constant if possible, as it may be removed or changed without warning.

15

API_URL =

This constant is part of an internal API. This constant may only be used internally in repositories owned by Homebrew, except in casks or formulae. Third parties should avoid using this constant if possible, as it may be removed or changed without warning.

"https://api.github.com"

CREATE_GIST_SCOPES =

This constant is part of an internal API. This constant may only be used internally in repositories owned by Homebrew, except in casks or formulae. Third parties should avoid using this constant if possible, as it may be removed or changed without warning.

T.let(["gist"].freeze, T::Array[String])

CREATE_ISSUE_FORK_OR_PR_SCOPES =

This constant is part of an internal API. This constant may only be used internally in repositories owned by Homebrew, except in casks or formulae. Third parties should avoid using this constant if possible, as it may be removed or changed without warning.

T.let(["repo"].freeze, T::Array[String])

CREATE_WORKFLOW_SCOPES =

This constant is part of an internal API. This constant may only be used internally in repositories owned by Homebrew, except in casks or formulae. Third parties should avoid using this constant if possible, as it may be removed or changed without warning.

T.let(["workflow"].freeze, T::Array[String])

Class Method Summary

• .check_for_duplicate_pull_requests(name, tap_remote_repo, file:, quiet: false, state: nil, version: nil, official_tap: true, strict: false) ⇒ void internal

  Check for duplicate pull requests that modify the same file.

• .count_repository_commits(repository_name_with_owner, user, max:, verbose:, from: nil, to: nil) ⇒ Integer private
• .create_fork(repo, org: nil) ⇒ Hash{String => T.untyped} private
• .create_gist(files, description, private:) ⇒ String private
• .create_issue(repo, title, body) ⇒ String private
• .create_or_update_release(user, repo, tag, id: nil, name: nil, body: nil, draft: false) ⇒ Hash{String => T.untyped} private
• .create_pull_request(repo, title, head, base, body) ⇒ Hash{String => T.untyped} private
• .download_artifact(url, artifact_id) ⇒ void private

  Download an artifact from GitHub Actions and unpack it into the current working directory.

• .fetch_open_pull_requests(name, tap_remote_repo, version: nil) ⇒ Array<Hash{String => String}> private
• .fetch_pull_requests(name, tap_remote_repo, state: nil, version: nil) ⇒ Array<Hash{String => T.untyped}> private
• .fork_exists?(repo, org: nil) ⇒ Boolean private
• .generate_release_notes(user, repo, tag, previous_tag: nil) ⇒ Hash{String => T.untyped} private
• .get_artifact_urls(workflow_array) ⇒ Array<String> private
• .get_latest_release(user, repo) ⇒ Hash{String => T.untyped} private
• .get_pull_request_changed_files(tap_remote_repo, pull_request) ⇒ Array<T.untyped> private
• .get_release(user, repo, tag) ⇒ Hash{String => T.untyped} private
• .get_repo_license(user, repo, ref: nil) ⇒ String^? private
• .get_workflow_run(user, repo, pull_request, workflow_id: "tests.yml", artifact_pattern: "bottles{,_*}") ⇒ WorkflowArray private
• .issues(repo:, **filters) ⇒ Array<Hash{String => T.untyped}> private
• .issues_for_formula(name, tap: CoreTap.instance, tap_remote_repo: tap&.full_name, state: nil, type: nil) ⇒ Array<Hash{String => T.untyped}> private
• .last_commit(user, repo, ref, version, length: nil) ⇒ String^? private
• .members_by_team(org, team) ⇒ Hash{String => String} private
• .multiple_short_commits_exist?(user, repo, commit) ⇒ Boolean private
• .organisation_repositories(organisation, from, to, verbose) ⇒ Array<String> private
• .pat_blurb(scopes = ALL_SCOPES) ⇒ String private
• .permission(repo, user) ⇒ Hash{String => T.untyped} private
• .print_pull_requests_matching(query, only = nil) ⇒ void private
• .private_repo?(full_name) ⇒ Boolean private

  We default to private if we aren't sure or if the GitHub API is disabled.

• .public_member_usernames(org, per_page: MAX_PER_PAGE) ⇒ Array<String> private
• .pull_request_commits(user, repo, pull_request, per_page: MAX_PER_PAGE) ⇒ Array<String> private
• .pull_request_labels(user, repo, pull_request) ⇒ Array<String> private
• .pull_request_title_regex(name, version = nil) ⇒ Regexp private
• .repo_commits_for_user(repository_name_with_owner, user, filter, from, to, max, verbose) ⇒ Array<String> private
• .repository(user, repo) ⇒ Hash{String => T.untyped} private
• .repository_approved_reviews(user, repo, pull_request, commit: nil) ⇒ Array<Hash{String => T.untyped}> private
• .search(entity, *queries, **qualifiers) ⇒ Hash{String => T.untyped} private
• .search_approved_pull_requests_in_user_or_organisation(user, reviewed_by, from:, to:) ⇒ Array<Hash{String => T.untyped}> private
• .search_issues(query, **qualifiers) ⇒ Array<Hash{String => T.untyped}> private
• .search_merged_pull_requests_in_user_or_organisation(user, author, from:, to:) ⇒ Array<Hash{String => T.untyped}> private
• .search_query_string(*main_params, **qualifiers) ⇒ String private
• .sponsorships(user) ⇒ Array<Hash> private
• .too_many_open_prs?(tap) ⇒ Boolean private
• .upload_release_asset(user, repo, id, local_file:, remote_file: nil) ⇒ void private
• .url_to(*subroutes) ⇒ URI::Generic private
• .user ⇒ Hash{String => T.untyped} private
• .workflow_dispatch_event(user, repo, workflow, ref, **inputs) ⇒ void private

Methods included from SystemCommand::Mixin

system_command, system_command!

Methods included from Utils::Output::Mixin

odebug, odeprecated, odie, odisabled, ofail, oh1, oh1_title, ohai, ohai_title, onoe, opoo, opoo_outside_github_actions, pretty_deprecated, pretty_disabled, pretty_duration, pretty_installed, pretty_outdated, pretty_uninstalled

Class Method Details

.check_for_duplicate_pull_requests(name, tap_remote_repo, file:, quiet: false, state: nil, version: nil, official_tap: true, strict: false) ⇒ void

This method is part of an internal API. This method may only be used internally in repositories owned by Homebrew, except in casks or formulae. Third parties should avoid using this method if possible, as it may be removed or changed without warning.

This method returns an undefined value.

Check for duplicate pull requests that modify the same file.

Exits the process on duplicates if strict or both version and official_tap, otherwise warns.

Parameters:

• name (String)
• tap_remote_repo (String)
• file (String)
• quiet (Boolean) (defaults to: false)
• state (String, nil) (defaults to: nil)
• version (String, nil) (defaults to: nil)
• official_tap (Boolean) (defaults to: true)
• strict (Boolean) (defaults to: false)

# File 'utils/github.rb', line 658

def self.check_for_duplicate_pull_requests(name, tap_remote_repo, file:, quiet: false, state: nil,
                                           version: nil, official_tap: true, strict: false)
  pull_requests = fetch_pull_requests(name, tap_remote_repo, state:, version:)

  pull_requests.select! do |pr|
    get_pull_request_changed_files(
      tap_remote_repo, pr["number"]
    ).any? { |f| f["filename"] == file }
  end
  return if pull_requests.blank?

  confidence = version ? "are" : "might be"
  duplicates_message = <<~EOS
    These #{"#{state} " if state}pull requests #{confidence} duplicates:
    #{pull_requests.map { |pr| "#{pr["title"]} #{pr["html_url"]}" }.join("\n")}
  EOS
  error_message = <<~EOS
    Duplicate PRs must not be opened.
    Manually open these PRs if you are sure that they are not duplicates (and tell us that in the PR).
  EOS

  if strict || (version && official_tap)
    odie <<~EOS
      #{duplicates_message.chomp}
      #{error_message}
    EOS
  elsif !official_tap
    opoo duplicates_message
  elsif quiet
    opoo error_message
  else
    opoo <<~EOS
      #{duplicates_message.chomp}
      #{error_message}
    EOS
  end
end

.count_repository_commits(repository_name_with_owner, user, max:, verbose:, from: nil, to: nil) ⇒ Integer

This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.

Parameters:

• repository_name_with_owner (String)
• user (String)
• max (Integer)
• verbose (Boolean)
• from (String, nil) (defaults to: nil)
• to (String, nil) (defaults to: nil)

Returns:

• (Integer)

# File 'utils/github.rb', line 827

def self.count_repository_commits(repository_name_with_owner, user, max:, verbose:, from: nil, to: nil)
  odie "Cannot count commits as `$HOMEBREW_NO_GITHUB_API` is set!" if Homebrew::EnvConfig.no_github_api?

  author_shas = repo_commits_for_user(repository_name_with_owner, user, "author", from, to, max, verbose)
  committer_shas = repo_commits_for_user(repository_name_with_owner, user, "committer", from, to, max, verbose)
  return 0 if author_shas.blank? && committer_shas.blank?

  author_count = author_shas.count
  # Only count commits where the author and committer are different.
  committer_count = committer_shas.difference(author_shas).count

  author_count + committer_count
end

.create_fork(repo, org: nil) ⇒ Hash{String => T.untyped}

This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.

Parameters:

• repo (String)
• org (String, nil) (defaults to: nil)

Returns:

• (Hash{String => T.untyped})

# File 'utils/github.rb', line 104

def self.create_fork(repo, org: nil)
  url = "#{API_URL}/repos/#{repo}/forks"
  data = {}
  data[:organization] = org if org
  scopes = CREATE_ISSUE_FORK_OR_PR_SCOPES
  API.open_rest(url, data:, scopes:)
end

.create_gist(files, description, private:) ⇒ String

This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.

Parameters:

• files (Hash{String => Hash})
• description (String)
• private (Boolean)

Returns:

• (String)

# File 'utils/github.rb', line 36

def self.create_gist(files, description, private:)
  url = "#{API_URL}/gists"
  data = { "public" => !private, "files" => files, "description" => description }
  API.open_rest(url, data:, scopes: CREATE_GIST_SCOPES)["html_url"]
end

.create_issue(repo, title, body) ⇒ String

This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.

Parameters:

• repo (String)
• title (String)
• body (String)

Returns:

• (String)

# File 'utils/github.rb', line 43

def self.create_issue(repo, title, body)
  url = "#{API_URL}/repos/#{repo}/issues"
  data = { "title" => title, "body" => body }
  API.open_rest(url, data:, scopes: CREATE_ISSUE_FORK_OR_PR_SCOPES)["html_url"]
end

.create_or_update_release(user, repo, tag, id: nil, name: nil, body: nil, draft: false) ⇒ Hash{String => T.untyped}

This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.

Parameters:

• user (String)
• repo (String)
• tag (String)
• id (String, nil) (defaults to: nil)
• name (String, nil) (defaults to: nil)
• body (String, nil) (defaults to: nil)
• draft (Boolean) (defaults to: false)

Returns:

• (Hash{String => T.untyped})

# File 'utils/github.rb', line 250

def self.create_or_update_release(user, repo, tag, id: nil, name: nil, body: nil, draft: false)
  url = "#{API_URL}/repos/#{user}/#{repo}/releases"
  method = if id
    url += "/#{id}"
    :PATCH
  else
    :POST
  end
  data = {
    tag_name: tag,
    name:     name || tag,
    draft:,
  }
  data[:body] = body if body.present?
  API.open_rest(url, data:, request_method: method, scopes: CREATE_ISSUE_FORK_OR_PR_SCOPES)
end

.create_pull_request(repo, title, head, base, body) ⇒ Hash{String => T.untyped}

This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.

Parameters:

• repo (String)
• title (String)
• head (String)
• base (String)
• body (String)

Returns:

• (Hash{String => T.untyped})

# File 'utils/github.rb', line 125

def self.create_pull_request(repo, title, head, base, body)
  url = "#{API_URL}/repos/#{repo}/pulls"
  data = { title:, head:, base:, body:, maintainer_can_modify: true }
  scopes = CREATE_ISSUE_FORK_OR_PR_SCOPES
  API.open_rest(url, data:, scopes:)
end

.download_artifact(url, artifact_id) ⇒ void

This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.

This method returns an undefined value.

Download an artifact from GitHub Actions and unpack it into the current working directory.

Parameters:

• url (String) —

  URL to download from

• artifact_id (String) —

  a value that uniquely identifies the downloaded artifact

Raises:

• (API::MissingAuthenticationError)

# File 'utils/github/artifacts.rb', line 13

def self.download_artifact(url, artifact_id)
  token = API.credentials
  raise API::MissingAuthenticationError if token.blank?

  # We use a download strategy here to leverage the Homebrew cache
  # to avoid repeated downloads of (possibly large) bottles.
  downloader = GitHubArtifactDownloadStrategy.new(url, artifact_id, token:)
  downloader.fetch
  downloader.stage
end

.fetch_open_pull_requests(name, tap_remote_repo, version: nil) ⇒ Array<Hash{String => String}>

This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.

Parameters:

• name (String)
• tap_remote_repo (String)
• version (String, nil) (defaults to: nil)

Returns:

• (Array<Hash{String => String}>)

# File 'utils/github.rb', line 593

def self.fetch_open_pull_requests(name, tap_remote_repo, version: nil)
  return [] if tap_remote_repo.blank?

  # Bust the cache every three minutes.
  cache_expiry = 3 * 60
  cache_epoch = Time.now - (Time.now.to_i % cache_expiry)
  cache_key = "#{tap_remote_repo}_#{cache_epoch.to_i}"

  @open_pull_requests ||= T.let({}, T.nilable(T::Hash[String, T.untyped]))
  @open_pull_requests[cache_key] ||= begin
    query = <<~EOS
      query($owner: String!, $repo: String!, $states: [PullRequestState!], $after: String) {
        repository(owner: $owner, name: $repo) {
          pullRequests(states: $states, first: 100, after: $after) {
            nodes {
              number
              title
              url
            }
            pageInfo {
              hasNextPage
              endCursor
            }
          }
        }
      }
    EOS
    owner, repo = tap_remote_repo.split("/")
    variables = { owner:, repo:, states: ["OPEN"] }

    pull_requests = []
    API.paginate_graphql(query, variables:) do |result|
      data = result.dig("repository", "pullRequests")
      pull_requests.concat(data["nodes"])
      data["pageInfo"]
    end
    pull_requests
  end

  regex = pull_request_title_regex(name, version)
  @open_pull_requests[cache_key].select { |pr| regex.match?(pr["title"]) }
                                .map { |pr| pr.merge("html_url" => pr.delete("url")) }
rescue API::RateLimitExceededError => e
  opoo e.message
  pull_requests || []
end

.fetch_pull_requests(name, tap_remote_repo, state: nil, version: nil) ⇒ Array<Hash{String => T.untyped}>

This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.

Parameters:

• name (String)
• tap_remote_repo (String)
• state (String, nil) (defaults to: nil)
• version (String, nil) (defaults to: nil)

Returns:

• (Array<Hash{String => T.untyped}>)

# File 'utils/github.rb', line 530

def self.fetch_pull_requests(name, tap_remote_repo, state: nil, version: nil)
  return [] if Homebrew::EnvConfig.no_github_api?

  regex = pull_request_title_regex(name, version)
  query = "is:pr #{name} #{version}".strip

  # Unauthenticated users cannot use GraphQL so use search REST API instead.
  # Limit for this is 30/minute so is usually OK unless you're spamming bump PRs (e.g. CI).
  if API.credentials_type == :none
    return issues_for_formula(query, tap_remote_repo:, state:).select do |pr|
      pr["html_url"].include?("/pull/") && regex.match?(pr["title"])
    end
  elsif state == "open" && ENV["GITHUB_REPOSITORY_OWNER"] == "Homebrew"
    # Try use PR API, which might be cheaper on rate limits in some cases.
    # The rate limit of the search API under GraphQL is unclear as it
    # costs the same as any other query according to /rate_limit.
    # The PR API is also not very scalable so limit to Homebrew CI.
    return fetch_open_pull_requests(name, tap_remote_repo, version:)
  end

  query += " repo:#{tap_remote_repo} in:title"
  query += " state:#{state}" if state.present?
  graphql_query = <<~EOS
    query($query: String!, $after: String) {
      search(query: $query, type: ISSUE, first: 100, after: $after) {
        nodes {
          ... on PullRequest {
            number
            title
            url
            state
          }
        }
        pageInfo {
          hasNextPage
          endCursor
        }
      }
    }
  EOS
  variables = { query: }

  pull_requests = []
  API.paginate_graphql(graphql_query, variables:) do |result|
    data = result["search"]
    pull_requests.concat(data["nodes"].select { |pr| regex.match?(pr["title"]) })
    data["pageInfo"]
  end
  pull_requests.map! do |pr|
    pr.merge({
      "html_url" => pr.delete("url"),
      "state"    => pr.fetch("state").downcase,
    })
  end
rescue API::RateLimitExceededError => e
  opoo e.message
  pull_requests || []
end

.fork_exists?(repo, org: nil) ⇒ Boolean

This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.

Parameters:

• repo (String)
• org (String, nil) (defaults to: nil)

Returns:

• (Boolean)

# File 'utils/github.rb', line 113

def self.fork_exists?(repo, org: nil)
  reponame = repo.split("/").fetch(1)

  username = org || API.open_rest(url_to("user")) { |json| json["login"] }
  json = API.open_rest(url_to("repos", username, reponame))

  return false if json["message"] == "Not Found"

  true
end

.generate_release_notes(user, repo, tag, previous_tag: nil) ⇒ Hash{String => T.untyped}

This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.

Parameters:

• user (String)
• repo (String)
• tag (String)
• previous_tag (String, nil) (defaults to: nil)

Returns:

• (Hash{String => T.untyped})

# File 'utils/github.rb', line 239

def self.generate_release_notes(user, repo, tag, previous_tag: nil)
  url = "#{API_URL}/repos/#{user}/#{repo}/releases/generate-notes"
  data = { tag_name: tag }
  data[:previous_tag_name] = previous_tag if previous_tag.present?
  API.open_rest(url, data:, request_method: :POST, scopes: CREATE_ISSUE_FORK_OR_PR_SCOPES)
end

.get_artifact_urls(workflow_array) ⇒ Array<String>

This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.

Parameters:

• workflow_array (WorkflowArray)

Returns:

• (Array<String>)

# File 'utils/github.rb', line 339

def self.get_artifact_urls(workflow_array)
  check_suite, user, repo, pr, workflow_id, scopes, artifact_pattern = *workflow_array
  if check_suite.empty?
    raise API::Error, <<~EOS
      No matching check suite found for these criteria!
        Pull request: #{pr}
        Workflow:     #{workflow_id}
    EOS
  end

  last_check = check_suite.fetch(-1)
  status = last_check["status"].sub("_", " ").downcase
  if status != "completed"
    raise API::Error, <<~EOS
      The newest workflow run for ##{pr} is still #{status}!
        #{Formatter.url last_check["workflowRun"]["url"]}
    EOS
  end

  run_id = last_check["workflowRun"]["databaseId"]
  artifacts = []
  per_page = 50
  API.paginate_rest("#{API_URL}/repos/#{user}/#{repo}/actions/runs/#{run_id}/artifacts",
                    per_page:, scopes:) do |result|
    result = result["artifacts"]
    artifacts.concat(result)
    break if result.length < per_page
  end

  matching_artifacts =
    artifacts
    .group_by { |art| art["name"] }
    .select { |name| File.fnmatch?(artifact_pattern, name, File::FNM_EXTGLOB) }
    .map { |_, arts| arts.max_by { |art| art["created_at"] } }

  if matching_artifacts.empty?
    raise API::Error, <<~EOS
      No artifacts with the pattern `#{artifact_pattern}` were found!
        #{Formatter.url last_check["workflowRun"]["url"]}
    EOS
  end

  matching_artifacts.map { |art| art["archive_download_url"] }
end

.get_latest_release(user, repo) ⇒ Hash{String => T.untyped}

This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.

Parameters:

• user (String)
• repo (String)

Returns:

• (Hash{String => T.untyped})

# File 'utils/github.rb', line 233

def self.get_latest_release(user, repo)
  url = "#{API_URL}/repos/#{user}/#{repo}/releases/latest"
  API.open_rest(url, request_method: :GET)
end

.get_pull_request_changed_files(tap_remote_repo, pull_request) ⇒ Array<T.untyped>

This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.

Parameters:

• tap_remote_repo (String)
• pull_request (String, Integer)

Returns:

• (Array<T.untyped>)

# File 'utils/github.rb', line 697

def self.get_pull_request_changed_files(tap_remote_repo, pull_request)
  files = []
  API.paginate_rest(url_to("repos", tap_remote_repo, "pulls", pull_request, "files")) do |result|
    files.concat(result)
  end
  files
end

.get_release(user, repo, tag) ⇒ Hash{String => T.untyped}

This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.

Parameters:

• user (String)
• repo (String)
• tag (String)

Returns:

• (Hash{String => T.untyped})

# File 'utils/github.rb', line 227

def self.get_release(user, repo, tag)
  url = "#{API_URL}/repos/#{user}/#{repo}/releases/tags/#{tag}"
  API.open_rest(url, request_method: :GET)
end

.get_repo_license(user, repo, ref: nil) ⇒ String^?

This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.

Parameters:

• user (String)
• repo (String)
• ref (String, nil) (defaults to: nil)

Returns:

• (String, nil)

# File 'utils/github.rb', line 506

def self.get_repo_license(user, repo, ref: nil)
  url = "#{API_URL}/repos/#{user}/#{repo}/license"
  url += "?ref=#{ref}" if ref.present?
  response = API.open_rest(url)
  return unless response.key?("license")

  response["license"]["spdx_id"]
rescue API::HTTPNotFoundError
  nil
rescue API::AuthenticationFailedError => e
  raise unless e.message.match?(API::GITHUB_IP_ALLOWLIST_ERROR)
end

.get_workflow_run(user, repo, pull_request, workflow_id: "tests.yml", artifact_pattern: "bottles{,_*}") ⇒ WorkflowArray

This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.

Parameters:

• user (String)
• repo (String)
• pull_request (String)
• workflow_id (String) (defaults to: "tests.yml")
• artifact_pattern (String) (defaults to: "bottles{,_*}")

Returns:

• (WorkflowArray)

# File 'utils/github.rb', line 285

def self.get_workflow_run(user, repo, pull_request, workflow_id: "tests.yml", artifact_pattern: "bottles{,_*}")
  scopes = CREATE_ISSUE_FORK_OR_PR_SCOPES

  # GraphQL unfortunately has no way to get the workflow yml name, so we need an extra REST call.
  workflow_api_url = "#{API_URL}/repos/#{user}/#{repo}/actions/workflows/#{workflow_id}"
  workflow_payload = API.open_rest(workflow_api_url, scopes:)
  workflow_id_num = workflow_payload["id"]

  query = <<~EOS
    query ($user: String!, $repo: String!, $pr: Int!) {
      repository(owner: $user, name: $repo) {
        pullRequest(number: $pr) {
          commits(last: 1) {
            nodes {
              commit {
                checkSuites(first: 100) {
                  nodes {
                    status,
                    workflowRun {
                      databaseId,
                      url,
                      workflow {
                        databaseId
                      }
                    }
                  }
                }
              }
            }
          }
        }
      }
    }
  EOS
  variables = {
    user:,
    repo:,
    pr:   pull_request.to_i,
  }
  result = API.open_graphql(query, variables:, scopes:)

  commit_node = result["repository"]["pullRequest"]["commits"]["nodes"].first
  check_suite = if commit_node.present?
    commit_node["commit"]["checkSuites"]["nodes"].select do |suite|
      suite.dig("workflowRun", "workflow", "databaseId") == workflow_id_num
    end
  else
    []
  end

  [check_suite, user, repo, pull_request, workflow_id, scopes, artifact_pattern]
end

.issues(repo:, **filters) ⇒ Array<Hash{String => T.untyped}>

This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.

Parameters:

• repo (String)
• filters (T.untyped)

Returns:

• (Array<Hash{String => T.untyped}>)

# File 'utils/github.rb', line 23

def self.issues(repo:, **filters)
  uri = url_to("repos", repo, "issues")
  uri.query = URI.encode_www_form(filters)
  API.open_rest(uri)
end

.issues_for_formula(name, tap: CoreTap.instance, tap_remote_repo: tap&.full_name, state: nil, type: nil) ⇒ Array<Hash{String => T.untyped}>

This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.

Parameters:

• name (String)
• tap (Tap, nil) (defaults to: CoreTap.instance)
• tap_remote_repo (String, nil) (defaults to: tap&.full_name)
• state (String, nil) (defaults to: nil)
• type (String, nil) (defaults to: nil)

Returns:

• (Array<Hash{String => T.untyped}>)

# File 'utils/github.rb', line 63

def self.issues_for_formula(name, tap: CoreTap.instance, tap_remote_repo: tap&.full_name, state: nil, type: nil)
  return [] unless tap_remote_repo

  search_issues(name, repo: tap_remote_repo, state:, type:, in: "title")
end

.last_commit(user, repo, ref, version, length: nil) ⇒ String^?

This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.

Parameters:

• user (String)
• repo (String)
• ref (String)
• version (Version)
• length (Integer, nil) (defaults to: nil)

Returns:

• (String, nil)

# File 'utils/github.rb', line 742

def self.last_commit(user, repo, ref, version, length: nil)
  return if Homebrew::EnvConfig.no_github_api?

  require "utils/curl"
  result = Utils::Curl.curl_output(
    "--silent", "--head", "--location",
    "--header", "Accept: application/vnd.github.sha",
    url_to("repos", user, repo, "commits", ref).to_s
  )

  return unless result.status.success?

  commit = result.stdout[/^ETag: "(\h+)"/i, 1]
  return if commit.blank?

  if length
    return if commit.length < length

    commit = commit[0, length]
    odie "commit does not exist" unless commit

    # We return nil if the following fails as we currently don't have a way to
    # determine the reason for the failure. This means we can't distinguish a
    # GitHub API rate limit from a non-unique short commit where the latter
    # needs (n+1) or more characters to match `git rev-parse --short=n`.
    return if multiple_short_commits_exist?(user, repo, commit)
  end

  version.update_commit(commit)
  commit
end

.members_by_team(org, team) ⇒ Hash{String => String}

This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.

Parameters:

• org (String)
• team (String)

Returns:

• (Hash{String => String})

Raises:

• (API::Error)

# File 'utils/github.rb', line 400

def self.members_by_team(org, team)
  query = <<~EOS
      { organization(login: "#{org}") {
        teams(first: 100) {
          nodes {
            ... on Team { name }
          }
        }
        team(slug: "#{team}") {
          members(first: 100) {
            nodes {
              ... on User { login name }
            }
          }
        }
      }
    }
  EOS
  result = API.open_graphql(query, scopes: ["read:org", "user"])

  if result["organization"]["teams"]["nodes"].blank?
    raise API::Error,
          "Your token needs the 'read:org' scope to access this API"
  end
  raise API::Error, "The team #{org}/#{team} does not exist" if result["organization"]["team"].blank?

  result["organization"]["team"]["members"]["nodes"].to_h { |member| [member["login"], member["name"]] }
end

.multiple_short_commits_exist?(user, repo, commit) ⇒ Boolean

This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.

Parameters:

• user (String)
• repo (String)
• commit (String)

Returns:

• (Boolean)

# File 'utils/github.rb', line 775

def self.multiple_short_commits_exist?(user, repo, commit)
  return false if Homebrew::EnvConfig.no_github_api?

  require "utils/curl"
  result = Utils::Curl.curl_output(
    "--silent", "--head", "--location",
    "--header", "Accept: application/vnd.github.sha",
    "--output", File::NULL,
    # This is a Curl format token, not a Ruby one.
    # rubocop:disable Style/FormatStringToken
    "--write-out", "%{http_code}",
    # rubocop:enable Style/FormatStringToken
    url_to("repos", user, repo, "commits", commit).to_s
  )

  return true unless result.status.success?
  return true if (output = result.stdout).blank?

  output != "200"
end

.organisation_repositories(organisation, from, to, verbose) ⇒ Array<String>

This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.

Parameters:

• organisation (String)
• from (String)
• to (String)
• verbose (Boolean)

Returns:

• (Array<String>)

# File 'utils/github.rb', line 909

def self.organisation_repositories(organisation, from, to, verbose)
  from_date = Date.parse(from)
  to_date = Date.parse(to)

  rest_api_url = "#{GitHub::API_URL}/orgs/#{organisation}/repos"
  params = "type=sources"
  repositories = []
  GitHub::API.paginate_rest(rest_api_url, per_page: MAX_PER_PAGE, additional_query_params: params) do |result|
    repositories.concat(result)
  end
  repositories.filter_map do |repository|
    pushed_at = Date.parse(repository.fetch("pushed_at"))
    created_at = Date.parse(repository.fetch("created_at"))
    archived_at = Date.parse(repository.fetch("archived_at", from))
    full_name = repository.fetch("full_name")

    not_pushed = pushed_at < from_date
    not_created = created_at > to_date
    archived = archived_at < from_date

    if not_pushed || not_created || archived
      if verbose
        reasons = []
        reasons << "not pushed" if not_pushed
        reasons << "not created" if not_created
        reasons << "archived" if archived
        opoo "Repository #{full_name} #{reasons.join(", ")} from #{from_date} to #{to_date}. Skipping."
      end

      next
    end

    full_name
  end
end

.pat_blurb(scopes = ALL_SCOPES) ⇒ String

This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.

Parameters:

• scopes (Array<String>) (defaults to: ALL_SCOPES)

Returns:

• (String)

# File 'utils/github/api.rb', line 9

def self.pat_blurb(scopes = ALL_SCOPES)
  require "utils/formatter"
  require "utils/shell"
  <<~EOS
    Create a GitHub personal access token:
      #{Formatter.url(
        "https://github.com/settings/tokens/new?scopes=#{scopes.join(",")}&description=Homebrew",
      )}
    #{Utils::Shell.set_variable_in_profile("HOMEBREW_GITHUB_API_TOKEN", "your_token_here")}
  EOS
end

.permission(repo, user) ⇒ Hash{String => T.untyped}

This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.

Parameters:

• repo (String)
• user (String)

Returns:

• (Hash{String => T.untyped})

# File 'utils/github.rb', line 75

def self.permission(repo, user)
  API.open_rest("#{API_URL}/repos/#{repo}/collaborators/#{user}/permission")
end

.print_pull_requests_matching(query, only = nil) ⇒ void

This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.

This method returns an undefined value.

Parameters:

• query (String)
• only (Symbol, String, nil) (defaults to: nil)

# File 'utils/github.rb', line 80

def self.print_pull_requests_matching(query, only = nil)
  open_or_closed_prs = search_issues(query, is: only, type: "pr", user: "Homebrew")

  open_prs, closed_prs = open_or_closed_prs.partition { |pr| pr["state"] == "open" }
                                           .map { |prs| prs.map { |pr| "#{pr["title"]} (#{pr["html_url"]})" } }

  if open_prs.present?
    ohai "Open pull requests"
    open_prs.each { |pr| puts pr }
  end

  if closed_prs.present?
    puts if open_prs.present?

    ohai "Closed pull requests"
    closed_prs.take(20).each { |pr| puts pr }

    puts "..." if closed_prs.count > 20
  end

  puts "No pull requests found for #{query.inspect}" if open_prs.blank? && closed_prs.blank?
end

.private_repo?(full_name) ⇒ Boolean

This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.

We default to private if we aren't sure or if the GitHub API is disabled.

Parameters:

• full_name (String)

Returns:

• (Boolean)

# File 'utils/github.rb', line 134

def self.private_repo?(full_name)
  uri = url_to "repos", full_name
  API.open_rest(uri) { |json| json.fetch("private", true) }
end

.public_member_usernames(org, per_page: MAX_PER_PAGE) ⇒ Array<String>

This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.

Parameters:

• org (String)
• per_page (Integer) (defaults to: MAX_PER_PAGE)

Returns:

• (Array<String>)

# File 'utils/github.rb', line 385

def self.public_member_usernames(org, per_page: MAX_PER_PAGE)
  url = "#{API_URL}/orgs/#{org}/public_members"
  members = []

  API.paginate_rest(url, per_page:) do |result|
    result = result.map { |member| member["login"] }
    members.concat(result)

    return members if result.length < per_page
  end

  members
end

.pull_request_commits(user, repo, pull_request, per_page: MAX_PER_PAGE) ⇒ Array<String>

This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.

Parameters:

• user (String)
• repo (String)
• pull_request (String, Integer)
• per_page (Integer) (defaults to: MAX_PER_PAGE)

Returns:

• (Array<String>)

# File 'utils/github.rb', line 709

def self.pull_request_commits(user, repo, pull_request, per_page: MAX_PER_PAGE)
  pr_data = API.open_rest(url_to("repos", user, repo, "pulls", pull_request))
  commits_api = pr_data["commits_url"]
  commit_count = pr_data["commits"]
  commits = []

  if commit_count > API_MAX_ITEMS
    raise API::Error, "Getting #{commit_count} commits would exceed limit of #{API_MAX_ITEMS} API items!"
  end

  API.paginate_rest(commits_api, per_page:) do |result, page|
    commits.concat(result.map { |c| c["sha"] })

    return commits if commits.length == commit_count

    if result.empty? || page * per_page >= commit_count
      raise API::Error, "Expected #{commit_count} commits but actually got #{commits.length}!"
    end
  end

  commits
end

.pull_request_labels(user, repo, pull_request) ⇒ Array<String>

This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.

Parameters:

• user (String)
• repo (String)
• pull_request (String, Integer)

Returns:

• (Array<String>)

# File 'utils/github.rb', line 733

def self.pull_request_labels(user, repo, pull_request)
  pr_data = API.open_rest(url_to("repos", user, repo, "pulls", pull_request))
  pr_data["labels"].map { |label| label["name"] }
end

.pull_request_title_regex(name, version = nil) ⇒ Regexp

This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.

Parameters:

• name (String)
• version (String, nil) (defaults to: nil)

Returns:

• (Regexp)

# File 'utils/github.rb', line 520

def self.pull_request_title_regex(name, version = nil)
  return /(^|\s)#{Regexp.quote(name)}(:|,|\s|$)/i if version.blank?

  /(^|\s)#{Regexp.quote(name)}(:|,|\s)(.*\s)?#{Regexp.quote(version)}(:|,|\s|$)/i
end

.repo_commits_for_user(repository_name_with_owner, user, filter, from, to, max, verbose) ⇒ Array<String>

This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.

Parameters:

• repository_name_with_owner (String)
• user (String)
• filter (String)
• from (String, nil)
• to (String, nil)
• max (Integer)
• verbose (Boolean)

Returns:

• (Array<String>)

# File 'utils/github.rb', line 800

def self.repo_commits_for_user(repository_name_with_owner, user, filter, from, to, max, verbose)
  return [] if Homebrew::EnvConfig.no_github_api?

  params = ["#{filter}=#{user}"]
  params << "since=#{DateTime.parse(from).iso8601}" if from.present?
  params << "until=#{DateTime.parse(to).iso8601}" if to.present?

  commits = []
  API.paginate_rest("#{API_URL}/repos/#{repository_name_with_owner}/commits",
                    additional_query_params: params.join("&")) do |result|
    commits.concat(result.map { |c| c["sha"] })
    if commits.length >= max
      if verbose
        opoo "#{user} exceeded #{max} #{repository_name_with_owner} commits as #{filter}, stopped counting!"
      end
      break
    end
  end
  commits
rescue GitHub::API::GitRepositoryIsEmptyError
  []
end

.repository(user, repo) ⇒ Hash{String => T.untyped}

This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.

Parameters:

• user (String)
• repo (String)

Returns:

• (Hash{String => T.untyped})

# File 'utils/github.rb', line 50

def self.repository(user, repo)
  API.open_rest(url_to("repos", user, repo))
end

.repository_approved_reviews(user, repo, pull_request, commit: nil) ⇒ Array<Hash{String => T.untyped}>

This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.

Parameters:

• user (String)
• repo (String)
• pull_request (String, Integer)
• commit (String, nil) (defaults to: nil)

Returns:

• (Array<Hash{String => T.untyped}>)

# File 'utils/github.rb', line 177

def self.repository_approved_reviews(user, repo, pull_request, commit: nil)
  query = <<~EOS
    { repository(name: "#{repo}", owner: "#{user}") {
        pullRequest(number: #{pull_request}) {
          reviews(states: APPROVED, first: 100) {
            nodes {
              author {
                ... on User { email login name databaseId }
                ... on Organization { email login name databaseId }
              }
              authorAssociation
              commit { oid }
            }
          }
        }
      }
    }
  EOS

  result = API.open_graphql(query, scopes: ["user:email"])
  reviews = result["repository"]["pullRequest"]["reviews"]["nodes"]

  valid_associations = %w[MEMBER OWNER]
  reviews.filter_map do |r|
    next if commit.present? && commit != r["commit"]["oid"]
    next unless valid_associations.include? r["authorAssociation"]

    email = r["author"]["email"].presence ||
            "#{r["author"]["databaseId"]}+#{r["author"]["login"]}@users.noreply.github.com"

    name = r["author"]["name"].presence ||
           r["author"]["login"]

    {
      "email" => email,
      "name"  => name,
      "login" => r["author"]["login"],
    }
  end
end

.search(entity, *queries, **qualifiers) ⇒ Hash{String => T.untyped}

This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.

Parameters:

• entity (String)
• queries (String)
• qualifiers (T.untyped)

Returns:

• (Hash{String => T.untyped})

# File 'utils/github.rb', line 167

def self.search(entity, *queries, **qualifiers)
  uri = url_to "search", entity
  uri.query = search_query_string(*queries, **qualifiers)
  API.open_rest(uri)
end

.search_approved_pull_requests_in_user_or_organisation(user, reviewed_by, from:, to:) ⇒ Array<Hash{String => T.untyped}>

This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.

Parameters:

• user (String)
• reviewed_by (String)
• from (String, nil)
• to (String, nil)

Returns:

• (Array<Hash{String => T.untyped}>)

# File 'utils/github.rb', line 960

def self.search_approved_pull_requests_in_user_or_organisation(user, reviewed_by, from:, to:)
  search_issues("", is: "pr", review: "approved", user:, reviewed_by:, from:, to:)
rescue GitHub::API::ValidationFailedError
  opoo "Couldn't search GitHub for PRs reviewed by #{reviewed_by}. Their profile might be private. Defaulting to 0."
  []
end

.search_issues(query, **qualifiers) ⇒ Array<Hash{String => T.untyped}>

This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.

Parameters:

• query (String)
• qualifiers (T.untyped)

Returns:

• (Array<Hash{String => T.untyped}>)

# File 'utils/github.rb', line 30

def self.search_issues(query, **qualifiers)
  json = search("issues", query, **qualifiers)
  json.fetch("items", [])
end

.search_merged_pull_requests_in_user_or_organisation(user, author, from:, to:) ⇒ Array<Hash{String => T.untyped}>

This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.

Parameters:

• user (String)
• author (String)
• from (String, nil)
• to (String, nil)

Returns:

• (Array<Hash{String => T.untyped}>)

# File 'utils/github.rb', line 949

def self.search_merged_pull_requests_in_user_or_organisation(user, author, from:, to:)
  search_issues("", is: "merged", user:, author:, from:, to:)
rescue GitHub::API::ValidationFailedError
  opoo "Couldn't search GitHub for PRs authored by #{author}. Their profile might be private. Defaulting to 0."
  []
end

.search_query_string(*main_params, **qualifiers) ⇒ String

This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.

Parameters:

• main_params (String)
• qualifiers (T.untyped)

Returns:

• (String)

# File 'utils/github.rb', line 140

def self.search_query_string(*main_params, **qualifiers)
  params = T.let(main_params.to_a, T::Array[T.nilable(String)])

  from = qualifiers.fetch(:from, nil)
  to = qualifiers.fetch(:to, nil)

  params << if from && to
    "created:#{from}..#{to}"
  elsif from
    "created:>=#{from}"
  elsif to
    "created:<=#{to}"
  end

  params += qualifiers.except(:args, :from, :to).flat_map do |key, value|
    Array(value).map { |v| "#{key.to_s.tr("_", "-")}:#{v}" }
  end

  "q=#{URI.encode_www_form_component(params.compact.join(" "))}&per_page=#{MAX_PER_PAGE}"
end

.sponsorships(user) ⇒ Array<Hash>

This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.

Parameters:

• user (String)

Returns:

• (Array<Hash>)

Raises:

• (API::Error)

# File 'utils/github.rb', line 440

def self.sponsorships(user)
  query = <<~EOS
      query($user: String!, $after: String) { organization(login: $user) {
        sponsorshipsAsMaintainer(first: 100, after: $after) {
          pageInfo {
            hasNextPage
            endCursor
          }
          nodes {
            tier {
              monthlyPriceInDollars
              closestLesserValueTier {
                monthlyPriceInDollars
              }
            }
            sponsorEntity {
              ... on Organization { login name }
              ... on User { login name }
            }
          }
        }
      }
    }
  EOS

  sponsorships = T.let([], T::Array[T::Hash[String, T.untyped]])
  errors = T.let([], T::Array[T::Hash[String, T.untyped]])

  API.paginate_graphql(query, variables: { user: }, scopes: ["user"], raise_errors: false) do |result|
    # Some organisations do not permit themselves to be queried through the
    # API like this and raise an error so handle these errors later.
    # This has been reported to GitHub.
    errors += result["errors"] if result["errors"].present?

    current_sponsorships = result.dig("data", "organization", "sponsorshipsAsMaintainer")
    # if `current_sponsorships` is blank, then there should be errors to report.
    next { "hasNextPage" => false } if current_sponsorships.blank?

    # The organisations mentioned above will show up as nil nodes.
    if (nodes = current_sponsorships["nodes"].compact.presence)
      sponsorships += nodes
    end

    current_sponsorships.fetch("pageInfo")
  end

  # Only raise errors if we didn't get any sponsorships.
  raise API::Error, errors.map { |e| e["message"] }.join("\n") if sponsorships.blank? && errors.present?

  sponsorships.map do |sponsorship|
    sponsor = sponsorship["sponsorEntity"]
    tier = sponsorship["tier"].presence || {}
    monthly_amount = tier["monthlyPriceInDollars"].presence || 0
    closest_tier = tier["closestLesserValueTier"].presence || {}
    closest_tier_monthly_amount = closest_tier["monthlyPriceInDollars"].presence || 0

    {
      name:                        sponsor["name"].presence || sponsor["login"],
      login:                       sponsor["login"],
      monthly_amount:,
      closest_tier_monthly_amount:,
    }
  end
end

.too_many_open_prs?(tap) ⇒ Boolean

This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.

Parameters:

• tap (Tap, nil)

Returns:

• (Boolean)

# File 'utils/github.rb', line 844

def self.too_many_open_prs?(tap)
  # We don't enforce unofficial taps.
  return false if tap.nil? || !tap.official?

  # BrewTestBot can open as many PRs as it wants.
  return false if ENV["HOMEBREW_TEST_BOT_AUTOBUMP"].present?

  odie "Cannot count PRs as `$HOMEBREW_NO_GITHUB_API` is set!" if Homebrew::EnvConfig.no_github_api?

  query = <<~EOS
    query($after: String) {
      viewer {
        login
        pullRequests(first: 100, states: OPEN, after: $after) {
          totalCount
          nodes {
            baseRepository {
              owner {
                login
              }
            }
          }
          pageInfo {
            hasNextPage
            endCursor
          }
        }
      }
    }
  EOS
  puts

  homebrew_prs_count = 0

  begin
    API.paginate_graphql(query) do |result|
      data = result.fetch("viewer")
      github_user = data.fetch("login")

      # BrewTestBot can open as many PRs as it wants.
      return false if github_user.casecmp?("brewtestbot")

      pull_requests = data.fetch("pullRequests")
      return false if pull_requests.fetch("totalCount") < MAXIMUM_OPEN_PRS

      homebrew_prs_count += pull_requests.fetch("nodes").count do |node|
        node.dig("baseRepository", "owner", "login").casecmp?("homebrew")
      end
      return true if homebrew_prs_count >= MAXIMUM_OPEN_PRS

      pull_requests.fetch("pageInfo")
    end
  rescue => e
    # Ignore SAML access errors (https://github.com/Homebrew/brew/issues/18610) and related
    # IP allow list errors (https://github.com/orgs/Homebrew/discussions/6263)
    return false if e.message.include?("Resource protected by organization SAML enforcement") ||
                    e.message.include?("your IP address is not permitted to access this resource")

    raise
  end

  false
end

.upload_release_asset(user, repo, id, local_file:, remote_file: nil) ⇒ void

This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.

This method returns an undefined value.

Parameters:

• user (String)
• repo (String)
• id (Integer)
• local_file (String)
• remote_file (String, nil) (defaults to: nil)

# File 'utils/github.rb', line 270

def self.upload_release_asset(user, repo, id, local_file:, remote_file: nil)
  url = "https://uploads.github.com/repos/#{user}/#{repo}/releases/#{id}/assets"
  url += "?name=#{remote_file}" if remote_file
  API.open_rest(url, data_binary_path: local_file, request_method: :POST, scopes: CREATE_ISSUE_FORK_OR_PR_SCOPES)
end

.url_to(*subroutes) ⇒ URI::Generic

This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.

Parameters:

• subroutes (String, Integer)

Returns:

• (URI::Generic)

# File 'utils/github.rb', line 162

def self.url_to(*subroutes)
  URI.parse([API_URL, *subroutes].join("/"))
end

.user ⇒ Hash{String => T.untyped}

This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.

Returns:

• (Hash{String => T.untyped})

# File 'utils/github.rb', line 70

def self.user
  @user ||= T.let(API.open_rest("#{API_URL}/user"), T.nilable(T::Hash[String, T.untyped]))
end

.workflow_dispatch_event(user, repo, workflow, ref, **inputs) ⇒ void

This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.

This method returns an undefined value.

Parameters:

• user (String)
• repo (String)
• workflow (String)
• ref (String)
• inputs (T.untyped)

# File 'utils/github.rb', line 219

def self.workflow_dispatch_event(user, repo, workflow, ref, **inputs)
  url = "#{API_URL}/repos/#{user}/#{repo}/actions/workflows/#{workflow}/dispatches"
  API.open_rest(url, data:           { ref:, inputs: },
                     request_method: :POST,
                     scopes:         CREATE_ISSUE_FORK_OR_PR_SCOPES)
end