Using JavaScript to commit to Github – CodeWithSwiz 7

Update code with a JavaScript function? Easier than you think 😍

CodeWithSwiz is a twice-a-week live show. Like a podcast with video and fun hacking. Focused on experiments. Join live Wednesdays and Sundays

Episode 7 continues where we left off – got the server /api routes, need to write to GitHub.

You can't do this in the browser, you'd leak API tokens. Easy mistake to ignore, but GitHub tokens are serious.

GitHub tokens are keys to your kingdom. An attacker could take this and overwrite any and all code you own.

Leaking important tokens is serious enough that AWS blocked my whole account when I shared a token.

Why write to GitHub

We're exploring NextJS by building a headless CMS. Modern static site generators use markdown files to represent each article.

Add a dash of Netlify or Vercel and you get a wonderful workflow: Write markdown, commit to git, push to GitHub, trigger deploy.

And that's what our /api method needs to do.

// pages/api/publishArticle.js
export default async (req, res) => {
  const status = await commitArticle(req.body);
  res.status(status).json({ success: true });
};

Think of the API method as your controller. Gets a request, does work, returns the result. In this case the status code we get from GitHub.

How to use JavaScript to commit to GitHub

GitHub maintains an open source @octokit/rest library. Works great, but I find the documentation difficult to untangle.

Here's what you do:

auth with your GitHub token
prep data to commit
check for an existing file SHA hash
commit your code

1. auth with your GitHub token

We're using Github's personal access token stored in a .env.local file for now. We'll add an authentication flow later.

// pages/api/publishArticle.js
import { Octokit } from "@octokit/rest";
const octokit = new Octokit({
  auth: process.env.GITHUB_TOKEN,
});

This gives you an authenticated octokit library to use. Hardcoded to your user.

2. prep data to commit

GitHub requires that you send files encoded as Base64.

We use the js-base64 library for that. Dealing with native Node buffers and encoding/decoding felt like too much.

// pages/api/publishArticle.js
    content: Base64.encode(
        `${frontmatter(article)}\n\n${article.markdown}`
    ),

Calls the frontmatter method on our article, smashes it together with the markdown content, and encodes them both into Base64.

You get a string that's safe to send over the internets without losing character encodings or binary info.

PS: we share the frontmatter method between server and browser via a utils library. Both ends are JavaScript and that makes code sharing super convenient ✌️

3. check for an existing file SHA hash

GitHub freaks out when you commit over a file that exists. You need to say you're doing this on purpose.

For that, you'll need the current SHA blob of the file you're overwriting. Thanks to Aleš for finding the right method to use on chat during the stream.

// pages/api/publishArticle.js
async function getSHA(path) {
  const result = await octokit.repos.getContent({
    owner: "Swizec",
    repo: "test-repo",
    path,
  });
  const sha = result?.data?.sha;
  return sha;
}

Call that method with the path to your file and it returns the correct SHA string to use. Among other info like the contents of the file, the commit it belongs to, etc.

4. commit your code

The final "publish an article as a single Markdown file" method looks like this:

// pages/api/publishArticle.js
async function commitArticle(article) {
  const path = `${slug(article.title)}.mdx`;
  const sha = await getSHA(path);
  const result = await octokit.repos.createOrUpdateFileContents({
    owner: "Swizec",
    repo: "test-repo",
    path,
    message: `Add article "${article.title}"`,
    content: Base64.encode(`${frontmatter(article)}\n\n${article.markdown}`),
    sha,
  });
  return result?.status || 500;
}

Create our filename from the title, check for any existing SHA, create or update the file.

You get a test repository with 2 files and a couple commits

Cheers, ~Swizec

Did you enjoy this article?

👎👍

Published on September 17th, 2020 in CodeWithSwiz, Technical, NextJS, Livecoding

Learned something new?
Want to become a high value JavaScript expert?

Here's how it works 👇

Leave your email and I'll send you an Interactive Modern JavaScript Cheatsheet 📖right away. After that you'll get thoughtfully written emails every week about React, JavaScript, and your career. Lessons learned over my 20 years in the industry working with companies ranging from tiny startups to Fortune5 behemoths.

Start with an interactive cheatsheet 📖

Then get thoughtful letters 💌 on mindsets, tactics, and technical skills for your career.

"Man, love your simple writing! Yours is the only email I open from marketers and only blog that I give a fuck to read & scroll till the end. And wow always take away lessons with me. Inspiring! And very relatable. 👌"

~ Ashish Kumar

Have a burning question that you think I can answer? I don't have all of the answers, but I have some! Hit me up on twitter or book a 30min ama for in-depth help.

Ready to Stop copy pasting D3 examples and create data visualizations of your own? Learn how to build scalable dataviz components your whole team can understand with React for Data Visualization

Curious about Serverless and the modern backend? Check out Serverless Handbook, modern backend for the frontend engineer.

Ready to learn how it all fits together and build a modern webapp from scratch? Learn how to launch a webapp and make your first 💰 on the side with ServerlessReact.Dev

Want to brush up on your modern JavaScript syntax? Check out my interactive cheatsheet: es6cheatsheet.com

By the way, just in case no one has told you it yet today: I love and appreciate you for who you are ❤️