chingor13
commented
1 year ago We switched to graphql queries to reduce the sheer number of API calls necessary to grab all the data that we need.
For example, we need to grab commits to branch x with associated pull requests with the files touched by that pull request. We do that in a single paginated graphql request where the REST equivalent is a paginated listCommits call, n getPullRequest calls, n getPullRequestFiles calls. Quota-wise this is similar, but actual API calls turns out to be a lot.
We are considering an SCM abstraction to support other methods of acquiring this data (perhaps Gitlab, or even a version that uses a local git clone), but this is significant work that needs to be prioritized.
An alternative is to use GitHub app credentials (OAuth public/private key). We run our own app instance that uses probot and app credentials to manage releases. Note that this is not an official Google product, but it's something we run for ourselves.
RobertCraigie
Hey! First off thanks for this incredible project!
Is your feature request related to a problem? Please describe.
For security purposes it would be very helpful to be able to use GitHub's new fine grained access tokens but this does not work as the GraphQL API does not support them yet.
Describe the solution you'd like
How deeply integrated is usage of the GraphQL API? Would it be possible / feasible to use the REST API instead?
I'd be happy to work on a PR for this myself if it's deemed viable.
Describe alternatives you've considered
Waiting for GitHub to add support in the GraphQL API itself.
Additional context
It does seem like fine grained token support is planned for Q1 2023 so hopefully this will be a non-issue soon but it would be great to have this work in the meantime.