fix: eliminate deprecation warnings during GitHub authentication

[shenxianpeng]

fixes #144

Summary by CodeRabbit

• Bug Fixes

  • Eliminated deprecation warnings during GitHub authentication, improving stability for PR comment updates.
  • Ensured consistent behavior when posting or updating PR comments.

• Chores

  • Updated authentication to the latest GitHub API for better compatibility.
  • Added validation for missing authentication tokens, providing a clear error message if not configured.

[coderabbitai]

Walkthrough

Updates main.py to migrate PyGithub client initialization from token parameter to the new Auth API, adds an environment token presence check, and keeps the existing PR commenting flow intact.

Changes

Cohort / File(s)	Summary
Auth migration main.py	Import Auth from PyGithub; switch client init from Github(token) to Github(auth=Auth.Token(token)); add GITHUB_TOKEN presence guard raising ValueError; retain existing PR comment fetch/create/update/delete logic with new auth path.

Sequence Diagram(s)

sequenceDiagram
    actor GH as GitHub Action Runner
    participant Script as main.py
    participant PyGh as PyGithub
    participant API as GitHub API

    GH->>Script: Run PR commenting task
    Script->>Script: Read GITHUB_TOKEN
    alt Token missing
        Script-->>GH: Raise ValueError
    else Token present
        Script->>PyGh: Github(auth=Auth.Token(token))  [New Auth API]
        Note right of PyGh: Avoids deprecated login_or_token
        Script->>API: Fetch repo and PR
        Script->>API: Compute/read existing PR comments
        Script->>API: Create/Update comment(s)
        Script->>API: Delete older matching comments
        API-->>Script: Responses
        Script-->>GH: Completed
    end

Loading

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Possibly related issues

• commit-check/commit-check#282 — Switches to Github(auth=Auth.Token(...)), addressing the same deprecation warning and matching this PR’s change.

Pre-merge checks (5 passed)

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title Check	✅ Passed	The title "fix: resolve DeprecationWarning" succinctly and accurately describes the primary change—updating authentication usage to avoid the DeprecationWarning—so it is directly related and clear for a teammate scanning history.
Linked Issues Check	✅ Passed	The PR updates main.py to use Github(auth=Auth.Token(token)) and adds a guard for a missing GITHUB_TOKEN, which implements the exact coding change requested in issue #144 to stop using login_or_token and eliminate the DeprecationWarning, so the linked-issue objectives are met.
Out of Scope Changes Check	✅ Passed	Based on the provided summary, only authentication-related imports and client initialization in main.py were changed and there are no modifications to other files or public API signatures, so I find no out-of-scope changes.
Docstring Coverage	✅ Passed	Docstring coverage is 100.00% which is sufficient. The required threshold is 80.00%.

Poem

I nibbled on code like clover at dawn,
Swapped old keys for Auth, the warning is gone.
Hops through PRs, comments aligned,
Tokens in paw, deprecation resigned.
Thump-thump—green checks upon the lawn! 🐇✨

Tip

👮 Agentic pre-merge checks are now available in preview!

Pro plan users can now enable pre-merge checks in their settings to enforce checklists before merging PRs.

• Built-in checks – Quickly apply ready-made checks to enforce title conventions, require pull request descriptions that follow templates, validate linked issues for compliance, and more.
• Custom agentic checks – Define your own rules using CodeRabbit’s advanced agentic capabilities to enforce organization-specific policies and workflows. For example, you can instruct CodeRabbit’s agent to verify that API documentation is updated whenever API schema files are modified in a PR. Note: Upto 5 custom checks are currently allowed during the preview period. Pricing for this feature will be announced in a few weeks.

Please see the documentation for more information.

Example:

reviews:
  pre_merge_checks:
    custom_checks:
      - name: "Undocumented Breaking Changes"
        mode: "warning"
        instructions: |
          Pass/fail criteria: All breaking changes to public APIs, CLI flags, environment variables, configuration keys, database schemas, or HTTP/GraphQL endpoints must be documented in the "Breaking Change" section of the PR description and in CHANGELOG.md. Exclude purely internal or private changes (e.g., code not exported from package entry points or explicitly marked as internal).

Please share your feedback with us on this Discord post.

✨ Finishing touches

• 📝 Generate Docstrings

🧪 Generate unit tests

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch fix/DeprecationWarning

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[github-actions]

Commit-Check ✔️

[Copilot]

Pull Request Overview

This PR fixes a deprecation warning by updating the GitHub API client initialization to use the new Auth API instead of the deprecated direct token parameter method.

• Updates the GitHub client initialization to use Auth.Token() for authentication
• Adds import for the Auth class from the github module
• Includes additional validation to ensure the GitHub token is set

---

_{Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.}

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (3)

main.py (3)

6-6: Drop broad type ignore on PyGithub import.

The Auth import is right for the deprecation fix; the inline # type: ignore is unnecessary here and suppresses real typing issues.

-from github import Github, Auth  # type: ignore
+from github import Github, Auth

---

127-131: Auth.Token migration looks good; avoid catching your own guard and potentially failing the job.

Raising ValueError inside the surrounding try is caught by the broad except, which can fail the workflow even when commit-check itself passed (also flagged by Ruff TRY301/TRY003). If PR comments are best-effort, early-return and reuse the module-level env var.

-        token = os.getenv("GITHUB_TOKEN")
+        token = GITHUB_TOKEN
@@
-        # Use new Auth API to avoid deprecation warning
-        if not token:
-            raise ValueError("GITHUB_TOKEN is not set")
+        # Use new Auth API to avoid deprecation warning
+        if not token:
+            print("GITHUB_TOKEN is not set; skipping PR comments.", file=sys.stderr)
+            return 0
         g = Github(auth=Auth.Token(token))

Would you prefer comment-post failures to be non-blocking (recommended), or should they fail the job?

---

119-125: Harden PR number extraction for non-PR refs.

When PR_COMMENTS="true" but the event is not a PR, GITHUB_REF.split('/')[-2] can become "heads" and int() later throws. Guard for refs/pull/ and skip gracefully.

-        pr_number = os.getenv("GITHUB_REF")
-        if pr_number is not None:
-            pr_number = pr_number.split("/")[-2]
-        else:
-            # Handle the case where GITHUB_REF is not set
-            raise ValueError("GITHUB_REF environment variable is not set")
+        ref = os.getenv("GITHUB_REF")
+        if not ref or "refs/pull/" not in ref:
+            print("Not a pull_request ref; skipping PR comments.", file=sys.stderr)
+            return 0
+        pr_number = ref.split("/")[2]

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between d627c14 and 6206f8e.

📒 Files selected for processing (1)

• main.py (2 hunks)

🧰 Additional context used

🪛 Ruff (0.12.2)

main.py

129-129: Abstract raise to an inner function

(TRY301)

---

129-129: Avoid specifying long messages outside the exception class

(TRY003)