octokit.net
octokit.net copied to clipboard
octokit
Repository.Comment.GetAllForRepository returning empty array
I am getting an empty array response when I use Octokit to query a repo with 6 commits that have comments. Same when I call GetAllForCommit.
Is this working as expected?
Would you be able to share the code you're using to help us to look into this?
Yes can do. It's pretty simple.
public static async Task<IReadOnlyList<CommitComment>> GetComments(string projectName, string repoName)
{
var gitClient = await GetClient();
var items = await gitClient.Repository.Comment.GetAllForRepository(projectName, repoName);
return items;
}
GetClient uses the suggested way for using GitHub Apps to authenticate. The method is used in a lot of other places and working as expected.
Would you be able to try replicating the request using Postman or curl or something like that to see what the raw API response is? That'll help us figure out if this is an API issue or an Octokit issue.
Ideally there'd be an easy way to do that in Octokit.net itself, but I'm not aware of one (cc @nickfloyd).
Hey @johnmc-tc would you happen to be able to tell us if the repo you are querying is a public one and if the PAT (personal access token) has the proper authorization?
This feels like an authorization issue given it works as expected with other repos and commits. I like @timrogers' idea of attempting the request using an HTTP client and hitting the REST API directly with an Auth header.
If the repo is public and you have the name handy - I'd be glad to have a look.
@timrogers other than building, running, and making requests using octokit .NET locally (or via Code Space) there is not another way to issue requests via harness or script. I do think that would be a great tool to have as a dev tool to be able to quickly validate changes and additions.
Hi @nickfloyd it's a private repo and the token is generated using the Github App we have created. You could be correct about the permissions - I tried enabling a few that might include commit comments but nothing has worked.
I just tried a CURL of this endpoint and it returned an empty array so it aligns with what is being returned by Octokit.
https://docs.github.com/en/rest/commits/comments#list-commit-comments-for-a-repository
That definitely sounds like a bug, in that case! Would you be able to share the request ID returned in the response headers? We can use that to flag it with the relevant team at GitHub.
Sure. The value of the header with name "X-GitHub-Request-Id" is "FD5C:721F:7A8F44C:7D1C6B2:62D6A2F4"
Thanks! And just to confirm - is it definitely a direct comment on a commit rather than a comment on a PR or something like that?
Yes that's correct, we aren't using PRs in this case. I'd share a screenshot of commits and their messages but it contains stuff that could identify my employer etc.
Yes that's correct, we aren't using PRs in this case. I'd share a screenshot of commits and their messages but it contains stuff that could identify my employer etc.
That's okay. I understand the privacy concerns completely. I think we have the information we need to investigate this now - especially if you could confirm when the comment was created so I can identify that in our logs 😊
The most recent was 8 days ago. Commit SHA is 53b08e9fe0d7bbe5a5b637fdccedf9c39dfd5841
Hey @johnmc-tc I've got this in my up next column to have a look at it... Apologies for the delay.
So I ran a series of tests using Octokit and GH CLI and direct calls to the API using both public and private repos. Public repos worked every time. As far as private ones in an org I tested using different tokens with and without repo rights, and it worked as expected. This aligns with our egress access controls on that endpoint for authorization.
One thing to note - when the repo had no commit comments the empty array was returned as you described - as expected.
This tells me that your token has at least the correct repo authorization since you are getting the empty array and not something like a 404.
I was wondering if you might try a couple of things:
- What happens when you try to get a single commit comment using the same token?
- Do you have another private repo in your org that you can try this against?
Given that Octokit's behavior is matching what you are seeing when you hit the API directly we might need to have you reach out to GitHub support directly so that they can connect you with the team that owns those APIs - I don't want to jump there just yet, but this feels like an issue with the API itself (or how the authorization egress is working with what is configured).
Let me know when you get the chance. Thanks for the patience on this while we try to get this sorted.
Hey @johnmc-tc,
I am closing this issue given its over a year old. If you still need some help on this please feel free to reopen the issue. ❤️