Sync changes from upstream repository

Hubot · Hubot · commit 0fc9236ff5dd · 2016-04-07T13:27:35.000-07:00
diff --git a/content/changes/2016-04-04-git-signing-api-preview.md b/content/changes/2016-04-04-git-signing-api-preview.md
@@ -0,0 +1,29 @@
+---
+title: Preview support for Git signing
+author_name: mastahyeti
+---
+
+GitHub [recently started verifying GPG signed commits and tags](https://github.com/blog/2144-gpg-signature-verification). We are adding API support for signature verification and user GPG key management as well. You can enable these changes during the preview period by providing a custom [media type][media-type] in the `Accept` header:
+
+    application/vnd.github.cryptographer-preview
+
+For example:
+
+``` command-line
+curl "https://api.github.com/user/gpg_keys" \
+  -H 'Authorization: token TOKEN' \
+  -H "Accept: application/vnd.github.cryptographer-preview" \
+```
+
+You can learn more about the new signature verification response objects in the updated [repository commit][repo-commit-doc], [Git commit][git-commit-doc], and [Git tag][git-tag-doc] documentation. There is also new [GPG key management][gpg-keys-doc] documentation.
+
+During the preview period, we may change aspects of these APIs based on developer feedback. We will announce the changes here on the developer blog, but we will not provide advance notice.
+
+If you have any questions or feedback, please [let us know][contact].
+
+[media-type]: /v3/media
+[repo-commit-doc]: /v3/repos/commits
+[git-commit-doc]: /v3/git/commits
+[git-tag-doc]: /v3/git/tags
+[gpg-keys-doc]: /v3/users/gpg_keys
+[contact]: https://github.com/contact?form%5Bsubject%5D=Squash+API+Preview
diff --git a/content/v3/git/commits.md b/content/v3/git/commits.md
@@ -59,3 +59,28 @@ Name | Type | Description
 
 <%= headers 201, :Location => get_resource(:new_commit)['url'] %>
 <%= json :new_commit %>
+
+{% if page.version == 'dotcom' %}
+
+## Commit signature verification
+
+{{#tip}}
+
+Commit response objects including signature verification data are currently available for developers to preview.
+During the preview period, the object formats may change without advance notice.
+Please see the [blog post](/changes/2016-04-04-git-signing-api-preview) for full details.
+
+To receive signature verification data in commit objects you must provide a custom [media type](/v3/media) in the `Accept` header:
+
+    application/vnd.github.cryptographer-preview+sha
+
+{{/tip}}
+
+    GET /repos/:owner/:repo/git/commits/:sha
+
+### Response
+
+<%= headers 200 %>
+<%= json(:signed_git_commit) %>
+
+{% endif %}
diff --git a/content/v3/git/tags.md b/content/v3/git/tags.md
@@ -63,3 +63,29 @@ Name | Type | Description
 
 <%= headers 201, :Location => get_resource(:gittag)['url'] %>
 <%= json :gittag %>
+
+{% if page.version == 'dotcom' %}
+
+## Tag signature verification
+
+{{#tip}}
+
+Tag response objects including signature verification data are currently available for developers to preview.
+During the preview period, the object formats may change without advance notice.
+Please see the [blog post](/changes/2016-04-04-git-signing-api-preview) for full details.
+
+To receive signature verification data in tag objects you must provide a custom [media type](/v3/media) in the `Accept` header:
+
+    application/vnd.github.cryptographer-preview+sha
+
+{{/tip}}
+
+    GET /repos/:owner/:repo/git/tags/:sha
+
+### Response
+
+<%= headers 200 %>
+<%= json(:signed_gittag) %>
+
+
+{% endif %}
diff --git a/content/v3/oauth.md b/content/v3/oauth.md
@@ -198,6 +198,9 @@ Name | Description
 `read:public_key`| List and view details for public keys.
 `write:public_key`| Create, list, and view details for public keys.
 `admin:public_key`| Fully manage public keys.
+{% if page.version == 'dotcom' %}`read:gpg_key`| List and view details for GPG keys.{% endif %}
+{% if page.version == 'dotcom' %}`write:gpg_key`| Create, list, and view details for GPG keys.{% endif %}
+{% if page.version == 'dotcom' %}`admin:gpg_key`| Fully manage GPG keys.{% endif %}
 
 NOTE: Your application can request the scopes in the initial redirection. You
 can specify multiple scopes by separating them with a comma:
diff --git a/content/v3/repos/commits.md b/content/v3/repos/commits.md
@@ -95,3 +95,28 @@ Pass the appropriate [media type](/v3/media/#commits-commit-comparison-and-pull-
 The response will include a comparison of up to 250 commits. If you are working with a larger commit range, you can use the [Commit List API](/v3/repos/commits/#list-commits-on-a-repository) to enumerate all commits in the range.
 
 For comparisons with extremely large diffs, you may receive an error response indicating that the diff took too long to generate. You can typically resolve this error by using a smaller commit range.
+
+{% if page.version == 'dotcom' %}
+
+## Commit signature verification
+
+{{#tip}}
+
+Commit response objects including signature verification data are currently available for developers to preview.
+During the preview period, the object formats may change without advance notice.
+Please see the [blog post](/changes/2016-04-04-git-signing-api-preview) for full details.
+
+To receive signature verification data in commit objects you must provide a custom [media type](/v3/media) in the `Accept` header:
+
+    application/vnd.github.cryptographer-preview+sha
+
+{{/tip}}
+
+    GET /repos/:owner/:repo/commits/:sha
+
+### Response
+
+<%= headers 200 %>
+<%= json(:signed_commit) %>
+
+{% endif %}
diff --git a/content/v3/users/gpg_keys.md b/content/v3/users/gpg_keys.md
@@ -0,0 +1,78 @@
+---
+title: User GPG Keys
+---
+
+{% if page.version == 'dotcom' %}
+
+# GPG Keys
+
+{{#tip}}
+
+  <a name="preview-period"></a>
+
+  APIs for managing user GPG keys are currently available for developers to preview.
+  During the preview period, the APIs may change without advance notice.
+  Please see the [blog post](/changes/2016-04-04-git-signing-api-preview) for full details.
+
+  To access the API you must provide a custom [media type](/v3/media) in the `Accept` header:
+
+      application/vnd.github.cryptographer-preview+sha
+
+{{/tip}}
+
+{:toc}
+
+## List your GPG keys
+
+    GET /user/gpg_keys
+
+Lists the current user's GPG keys. Requires that you are authenticated via
+Basic Auth or via OAuth with at least `read:gpg_key`
+[scope](/v3/oauth/#scopes).
+
+### Response
+
+<%= headers 200, :pagination => default_pagination_rels %>
+<%= json(:gpg_key) { |h| [h] } %>
+
+## Get a single GPG key
+
+View extended details for a single GPG key. Requires that you are
+authenticated via Basic Auth or via OAuth with at least `read:gpg_key`
+[scope](/v3/oauth/#scopes).
+
+    GET /user/gpg_keys/:id
+
+### Response
+
+<%= headers 200 %>
+<%= json :gpg_key %>
+
+## Create a GPG key
+
+Creates a GPG key. Requires that you are authenticated via Basic Auth,
+or OAuth with at least `write:gpg_key` [scope](/v3/oauth/#scopes).
+
+    POST /user/gpg_keys
+
+### Input
+
+<%= json :armored_public_key => "-----BEGIN PGP PUBLIC KEY BLOCK-----\n...\n-----END PGP PUBLIC KEY BLOCK-----" %>
+
+### Response
+
+<%= headers 201, :Location => get_resource(:gpg_key)['url'] %>
+<%= json :gpg_key %>
+
+## Delete a GPG key
+
+Removes a GPG key. Requires that you are authenticated via Basic Auth
+or via OAuth with at least `admin:gpg_key` [scope](/v3/oauth/#scopes).
+
+    DELETE /user/gpg_keys/:id
+
+### Response
+
+<%= headers 204 %>
+
+{% endif %}
diff --git a/layouts/sidebar.html b/layouts/sidebar.html
@@ -117,7 +117,10 @@ <h3><a href="#" class="js-expand-btn collapsed arrow-btn" data-proofer-ignore></
         <ul class="js-guides">
           <li><a href="/v3/users/emails/">Emails</a></li>
           <li><a href="/v3/users/followers/">Followers</a></li>
-          <li><a href="/v3/users/keys/">Public Keys</a></li>
+          <li><a href="/v3/users/keys/">Git SSH Keys</a></li>
+          <% if !@item[:version].nil? && @item[:version] == 'dotcom' %>
+          <li><a href="/v3/users/gpg_keys/">GPG Keys</a></li>
+          <% end %>
           <li><a href="/v3/users/administration/">Administration (Enterprise)</a></li>
         </ul>
       </li>
diff --git a/lib/responses/git.rb b/lib/responses/git.rb
@@ -206,6 +206,14 @@ module Responses
         }]
       })
 
+      SIGNED_COMMIT ||= COMMIT.dup
+      SIGNED_COMMIT["commit"]["verification"] ||= {
+        "verified" => true,
+        "reason" => "valid",
+        "signature" => "-----BEGIN PGP MESSAGE-----\n...\n-----END PGP MESSAGE-----",
+        "payload" => "tree 6dcb09b5b57875f334f61aebed695e2e4193db5e\n..."
+      }
+
       COMMIT_COMMENT ||= {
         "html_url"   => "https://github.com/octocat/Hello-World/commit/6dcb09b5b57875f334f61aebed695e2e4193db5e#commitcomment-1",
         "url"        => "https://api.github.com/repos/octocat/Hello-World/comments/1",
@@ -340,6 +348,13 @@ module Responses
         ]
       }
 
+      SIGNED_GIT_COMMIT ||= GIT_COMMIT.merge("verification" => {
+        "verified" => true,
+        "reason" => "valid",
+        "signature" => "-----BEGIN PGP MESSAGE-----\n...\n-----END PGP MESSAGE-----",
+        "payload" => "tree 691272480426f78a0138979dd3ce63b77f706feb\n..."
+      })
+
       NEW_COMMIT ||= {
         "sha" => "7638417db6d59f3c431d3e1f261cc637155684cd",
         "url" => "https://api.github.com/repos/octocat/Hello-World/git/commits/7638417db6d59f3c431d3e1f261cc637155684cd",
@@ -383,6 +398,13 @@ module Responses
         }
       }
 
+      SIGNED_GITTAG ||= GITTAG.merge("verification" => {
+        "verified" => true,
+        "reason" => "valid",
+        "signature" => "-----BEGIN PGP MESSAGE-----\n...\n-----END PGP MESSAGE-----",
+        "payload" => "object c3d0be41ecbe669545ee3e94d31ed9a4bc91ee3c\n..."
+      })
+
       REF ||= {
         "ref" => "refs/heads/featureA",
         "url" => "https://api.github.com/repos/octocat/Hello-World/git/refs/heads/featureA",
diff --git a/lib/responses/gpg_keys.rb b/lib/responses/gpg_keys.rb
@@ -0,0 +1,39 @@
+module GitHub
+  module Resources
+    module Responses
+      GPG_KEY ||= {
+        "id" => 3,
+        "primary_key_id" => nil,
+        "key_id" => "3262EFF25BA0D270",
+        "public_key" => "xsBNBFayYZ...",
+        "emails" => [
+          {
+            "email" => "mastahyeti@users.noreply.github.com",
+            "verified" => true
+          }
+        ],
+        "subkeys" => [
+          {
+            "id" => 4,
+            "primary_key_id" => 3,
+            "key_id" => "4A595D4C72EE49C7",
+            "public_key" => "zsBNBFayYZ...",
+            "emails" => [],
+            "subkeys" => [],
+            "can_sign" => false,
+            "can_encrypt_comms" => true,
+            "can_encrypt_storage" => true,
+            "can_certify" => false,
+            "created_at" => "2016-03-24T11:31:04-06:00",
+            "expires_at" => nil
+          }
+        ],
+        "can_sign" => true,
+        "can_encrypt_comms" => false,
+        "can_encrypt_storage" => false,
+        "can_certify" => true,
+        "created_at" => "2016-03-24T11:31:04-06:00",
+        "expires_at" => nil}
+    end
+  end
+end
