Support for the new GitHub Checks API

[orta]

WIP on support for using GH checks - #592 danger/danger#984

For a normal Danger (only) run, then Danger will need to know the following:

• GitHub App ID
• GitHub Installation ID for the Org
• GitHub App Private Key

Definitely not a blocker, but certainly a bit non-trivial. This is intended to be opt-in for Danger, and probably the default for Peril.

I intend do to it by refactoring the commenting aspect of the GitHub platform to either be the issue comment we have now, or via the checks API exclusively.

[DangerCI]

New dependencies added: jsonwebtoken and @types/jsonwebtoken.

jsonwebtoken

Author: auth0

Description: JSON Web Token implementation (symmetric and asymmetric)

Homepage: https://github.com/auth0/node-jsonwebtoken#readme

Created	almost 5 years ago
Last Updated	about 1 month ago
License	MIT
Maintainers	8
Releases	73
Direct Dependencies	jws, lodash.includes, lodash.isboolean, lodash.isinteger, lodash.isnumber, lodash.isplainobject, lodash.isstring, lodash.once, ms and xtend
Keywords	jwt

This README is too long to show.

@types/jsonwebtoken

Author: Unknown

Description: TypeScript definitions for jsonwebtoken

Homepage: http://npmjs.com/package/@types/jsonwebtoken

Created	almost 2 years ago
Last Updated	11 days ago
License	MIT
Maintainers	1
Releases	23
Direct Dependencies	@types/node

README

Installation

npm install --save @types/jsonwebtoken

Summary

This package contains type definitions for jsonwebtoken (https://github.com/auth0/node-jsonwebtoken).

Details

Files were exported from https://www.github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/jsonwebtoken

Additional Details

• Last updated: Mon, 30 Apr 2018 16:18:31 GMT
• Dependencies: node
• Global values: none

Credits

These definitions were written by Maxime LUCE https://github.com/SomaticIT, Daniel Heim https://github.com/danielheim, Brice BERNARD https://github.com/brikou, Veli-Pekka Kestilä https://github.com/vpk.

Generated by 🚫 dangerJS

[orta]

Sidenote: it's possible that this next commit may break using the API with enterprise apps

[orta]

Somewhat blocked by https://github.com/octokit/rest.js/pull/866 and https://github.com/octokit/rest.js/pull/864 for the mo' - think I have all the data set up, will need to handle the API stuff once they're good

[sunshinejr]

This is great @orta, thanks for working on this so quickly! Really excited about that one, the integration looks awesome

[orta]

Got my first check working 👍

Was trivial work with octokit @gr2m

[natecook1000]

✨✨ a/b testing ✨✨

[orta]

Thanks man, yeah, I was thinking for a while on how I can ensure this is regularly integrated properly - love this hack, I've not yet got it working but I will get it eventually

[fbartho]

This is really exciting. Too bad it's going to require such a tricky integration process :(

[orta]

Given the security model of GitHub Apps I can just give out both an app ID, and a private key with access to checks, people will only need to install it on their org and give danger the install ID. Could be less work in general.

[orta]

I went one better, it's way simpler to set up Danger now:

• Go to https://github.com/apps/danger-js
• Add it to your org
• Get the install ID
• Set that in your env
• Add danger to CI

No faffing with making a new user, or new app.

[gr2m]

Somewhat blocked by octokit/rest.js#866 and octokit/rest.js#864 for the mo'

No mo': https://github.com/octokit/rest.js/releases

[orta]

It works: https://github.com/danger/danger-js/pull/594/checks !

[orta]

Alright, I'm shipping this so I can try it out in Peril.