Update code with a JavaScript function? Easier than you think π
CodeWithSwiz is a twice-a-week live show. Like a podcast with video and fun hacking. Focused on experiments. Join live Wednesdays and Sundays
Episode 7 continues where we left off β got the server /api routes, need to write to GitHub.
You can't do this in the browser, you'd leak API tokens. Easy mistake to ignore, but GitHub tokens are serious.
GitHub tokens are keys to your kingdom. An attacker could take this and overwrite any and all code you own.
Leaking important tokens is serious enough that AWS blocked my whole account when I shared a token.
Why write to GitHub
We're exploring NextJS by building a headless CMS. Modern static site generators use markdown files to represent each article.
Add a dash of Netlify or Vercel and you get a wonderful workflow: Write markdown, commit to git, push to GitHub, trigger deploy.
And that's what our /api
method needs to do.
// pages/api/publishArticle.jsexport default async (req, res) => {const status = await commitArticle(req.body);res.status(status).json({ success: true });};
Think of the API method as your controller. Gets a request, does work, returns the result. In this case the status code we get from GitHub.
How to use JavaScript to commit to GitHub
GitHub maintains an open source @octokit/rest
library. Works great, but I find the documentation difficult to untangle.
Here's what you do:
- auth with your GitHub token
- prep data to commit
- check for an existing file SHA hash
- commit your code
1. auth with your GitHub token
We're using Github's personal access token stored in a .env.local
file for now. We'll add an authentication flow later.
// pages/api/publishArticle.jsimport { Octokit } from "@octokit/rest";const octokit = new Octokit({auth: process.env.GITHUB_TOKEN,});
This gives you an authenticated octokit library to use. Hardcoded to your user.
2. prep data to commit
GitHub requires that you send files encoded as Base64.
We use the js-base64 library for that. Dealing with native Node buffers and encoding/decoding felt like too much.
// pages/api/publishArticle.jscontent: Base64.encode(`${frontmatter(article)}\n\n${article.markdown}`),
Calls the frontmatter
method on our article, smashes it together with the markdown
content, and encodes them both into Base64.
You get a string that's safe to send over the internets without losing character encodings or binary info.
PS: we share the frontmatter
method between server and browser via a utils
library. Both ends are JavaScript and that makes code sharing super convenient βοΈ
3. check for an existing file SHA hash
GitHub freaks out when you commit over a file that exists. You need to say you're doing this on purpose.
For that, you'll need the current SHA blob of the file you're overwriting. Thanks to AleΕ‘ for finding the right method to use on chat during the stream.
// pages/api/publishArticle.jsasync function getSHA(path) {const result = await octokit.repos.getContent({owner: "Swizec",repo: "test-repo",path,});const sha = result?.data?.sha;return sha;}
Call that method with the path to your file and it returns the correct SHA string to use. Among other info like the contents of the file, the commit it belongs to, etc.
4. commit your code
The final "publish an article as a single Markdown file" method looks like this:
// pages/api/publishArticle.jsasync function commitArticle(article) {const path = `${slug(article.title)}.mdx`;const sha = await getSHA(path);const result = await octokit.repos.createOrUpdateFileContents({owner: "Swizec",repo: "test-repo",path,message: `Add article "${article.title}"`,content: Base64.encode(`${frontmatter(article)}\n\n${article.markdown}`),sha,});return result?.status || 500;}
Create our filename from the title, check for any existing SHA, create or update the file.
You get a test repository with 2 files and a couple commits
Cheers, ~Swizec
Learned something new?
Want to become a high value JavaScript expert?
Here's how it works π
Leave your email and I'll send you an Interactive Modern JavaScript Cheatsheet πright away. After that you'll get thoughtfully written emails every week about React, JavaScript, and your career. Lessons learned over my 20 years in the industry working with companies ranging from tiny startups to Fortune5 behemoths.
Start with an interactive cheatsheet π
Then get thoughtful letters π on mindsets, tactics, and technical skills for your career.
"Man, love your simple writing! Yours is the only email I open from marketers and only blog that I give a fuck to read & scroll till the end. And wow always take away lessons with me. Inspiring! And very relatable. π"
Have a burning question that you think I can answer?Β I don't have all of the answers, but I have some! Hit me up on twitter or book a 30min ama for in-depth help.
Ready to Stop copy pasting D3 examples and create data visualizations of your own? Β Learn how to build scalable dataviz components your whole team can understand with React for Data Visualization
Curious about Serverless and the modern backend? Check out Serverless Handbook, modern backend for the frontend engineer.
Ready to learn how it all fits together and build a modern webapp from scratch? Learn how to launch a webapp and make your first π° on the side with ServerlessReact.Dev
Want to brush up on your modern JavaScript syntax?Β Check out my interactive cheatsheet: es6cheatsheet.com
By the way, just in case no one has told you it yet today: I love and appreciate you for who you areΒ β€οΈ