feat: apps.createContentAttachmentForRepo(), reactions.createForRelease(), repos.compareCommitsWithBasehead() (#390)

Author: octokitbot

docs/apps/createContentAttachment.md

@@ -8,7 +8,7 @@ type: API method
 
 # Create a content attachment
 
-Creates an attachment under a content reference URL in the body or comment of an issue or pull request. Use the `id` of the content reference from the [`content_reference` event](https://docs.github.com/webhooks/event-payloads/#content_reference) to create an attachment.
+**Deprecated:** use `apps.createContentAttachmentForRepo()` (`POST /repos/{owner}/{repo}/content_references/{content_reference_id}/attachments`) instead. Creates an attachment under a content reference URL in the body or comment of an issue or pull request. Use the `id` of the content reference from the [`content_reference` event](https://docs.github.com/webhooks/event-payloads/#content_reference) to create an attachment.
 
 The app must create a content attachment within six hours of the content reference URL being posted. See "[Using content attachments](https://docs.github.com/apps/using-content-attachments/)" for details about content attachments.
 

docs/apps/createContentAttachmentForRepo.md

@@ -0,0 +1,66 @@
+---
+name: Create a content attachment
+example: octokit.rest.apps.createContentAttachmentForRepo({ owner, repo, content_reference_id, title, body })
+route: POST /repos/{owner}/{repo}/content_references/{content_reference_id}/attachments
+scope: apps
+type: API method
+---
+
+# Create a content attachment
+
+Creates an attachment under a content reference URL in the body or comment of an issue or pull request. Use the `id` and `repository` `full_name` of the content reference from the [`content_reference` event](https://docs.github.com/webhooks/event-payloads/#content_reference) to create an attachment.
+
+The app must create a content attachment within six hours of the content reference URL being posted. See "[Using content attachments](https://docs.github.com/apps/using-content-attachments/)" for details about content attachments.
+
+You must use an [installation access token](https://docs.github.com/apps/building-github-apps/authenticating-with-github-apps/#authenticating-as-an-installation) to access this endpoint.
+
+```js
+octokit.rest.apps.createContentAttachmentForRepo({
+  owner,
+  repo,
+  content_reference_id,
+  title,
+  body,
+});
+```
+
+## Parameters
+
+<table>
+  <thead>
+    <tr>
+      <th>name</th>
+      <th>required</th>
+      <th>description</th>
+    </tr>
+  </thead>
+  <tbody>
+    <tr><td>owner</td><td>yes</td><td>
+
+The owner of the repository. Determined from the `repository` `full_name` of the `content_reference` event.
+
+</td></tr>
+<tr><td>repo</td><td>yes</td><td>
+
+The name of the repository. Determined from the `repository` `full_name` of the `content_reference` event.
+
+</td></tr>
+<tr><td>content_reference_id</td><td>yes</td><td>
+
+The `id` of the `content_reference` event.
+
+</td></tr>
+<tr><td>title</td><td>yes</td><td>
+
+The title of the attachment
+
+</td></tr>
+<tr><td>body</td><td>yes</td><td>
+
+The body of the attachment
+
+</td></tr>
+  </tbody>
+</table>
+
+See also: [GitHub Developer Guide documentation](https://docs.github.com/rest/reference/apps#create-a-content-attachment).

docs/codeScanning/uploadSarif.md

@@ -12,8 +12,8 @@ Uploads SARIF data containing the results of a code scanning analysis to make th
 
 There are two places where you can upload code scanning results.
 
-- If you upload to a pull request, for example `--ref refs/pull/42/merge` or `--ref refs/pull/42/head`, then the results appear as alerts in a pull request check. For more information, see "[Triaging code scanning alerts in pull requests](/github/finding-security-vulnerabilities-and-errors-in-your-code/triaging-code-scanning-alerts-in-pull-requests)."
-- If you upload to a branch, for example `--ref refs/heads/my-branch`, then the results appear in the **Security** tab for your repository. For more information, see "[Managing code scanning alerts for your repository](/github/finding-security-vulnerabilities-and-errors-in-your-code/managing-code-scanning-alerts-for-your-repository#viewing-the-alerts-for-a-repository)."
+- If you upload to a pull request, for example `--ref refs/pull/42/merge` or `--ref refs/pull/42/head`, then the results appear as alerts in a pull request check. For more information, see "[Triaging code scanning alerts in pull requests](/code-security/secure-coding/triaging-code-scanning-alerts-in-pull-requests)."
+- If you upload to a branch, for example `--ref refs/heads/my-branch`, then the results appear in the **Security** tab for your repository. For more information, see "[Managing code scanning alerts for your repository](/code-security/secure-coding/managing-code-scanning-alerts-for-your-repository#viewing-the-alerts-for-a-repository)."
 
 You must compress the SARIF-formatted analysis data that you want to upload, using `gzip`, and then encode it as a Base64 format string. For example:
 
@@ -67,7 +67,7 @@ The full Git reference, formatted as `refs/heads/<branch name>`,
 </td></tr>
 <tr><td>sarif</td><td>yes</td><td>
 
-A Base64 string representing the SARIF file to upload. You must first compress your SARIF file using [`gzip`](http://www.gnu.org/software/gzip/manual/gzip.html) and then translate the contents of the file into a Base64 encoding string. For more information, see "[SARIF support for code scanning](https://docs.github.com/github/finding-security-vulnerabilities-and-errors-in-your-code/sarif-support-for-code-scanning)."
+A Base64 string representing the SARIF file to upload. You must first compress your SARIF file using [`gzip`](http://www.gnu.org/software/gzip/manual/gzip.html) and then translate the contents of the file into a Base64 encoding string. For more information, see "[SARIF support for code scanning](https://docs.github.com/code-security/secure-coding/sarif-support-for-code-scanning)."
 
 </td></tr>
 <tr><td>checkout_uri</td><td>no</td><td>

docs/projects/createCard.md

@@ -8,10 +8,6 @@ type: API method
 
 # Create a project card
 
-**Note**: GitHub's REST API v3 considers every pull request an issue, but not every issue is a pull request. For this reason, "Issues" endpoints may return both issues and pull requests in the response. You can identify pull requests by the `pull_request` key.
-
-Be aware that the `id` of a pull request returned from "Issues" endpoints will be an _issue id_. To find out the pull request id, use the "[List pull requests](https://docs.github.com/rest/reference/pulls#list-pull-requests)" endpoint.
-
 ```js
 octokit.rest.projects.createCard({
   column_id,

docs/reactions/createForRelease.md

@@ -0,0 +1,52 @@
+---
+name: Create reaction for a release
+example: octokit.rest.reactions.createForRelease({ owner, repo, release_id, content })
+route: POST /repos/{owner}/{repo}/releases/{release_id}/reactions
+scope: reactions
+type: API method
+---
+
+# Create reaction for a release
+
+Create a reaction to a [release](https://docs.github.com/rest/reference/repos#releases). A response with a `Status: 200 OK` means that you already added the reaction type to this release.
+
+```js
+octokit.rest.reactions.createForRelease({
+  owner,
+  repo,
+  release_id,
+  content,
+});
+```
+
+## Parameters
+
+<table>
+  <thead>
+    <tr>
+      <th>name</th>
+      <th>required</th>
+      <th>description</th>
+    </tr>
+  </thead>
+  <tbody>
+    <tr><td>owner</td><td>yes</td><td>
+
+</td></tr>
+<tr><td>repo</td><td>yes</td><td>
+
+</td></tr>
+<tr><td>release_id</td><td>yes</td><td>
+
+release_id parameter
+
+</td></tr>
+<tr><td>content</td><td>yes</td><td>
+
+The [reaction type](https://docs.github.com/rest/reference/reactions#reaction-types) to add to the release.
+
+</td></tr>
+  </tbody>
+</table>
+
+See also: [GitHub Developer Guide documentation](https://docs.github.com/rest/reference/reactions/#create-reaction-for-a-release).

docs/repos/compareCommits.md

@@ -8,7 +8,7 @@ type: API method
 
 # Compare two commits
 
-Both `:base` and `:head` must be branch names in `:repo`. To compare branches across other repositories in the same network as `:repo`, use the format `<USERNAME>:branch`.
+**Deprecated**: Use `repos.compareCommitsWithBasehead()` (`GET /repos/{owner}/{repo}/compare/{basehead}`) instead. Both `:base` and `:head` must be branch names in `:repo`. To compare branches across other repositories in the same network as `:repo`, use the format `<USERNAME>:branch`.
 
 The response from the API is equivalent to running the `git log base..head` command; however, commits are returned in chronological order. Pass the appropriate [media type](https://docs.github.com/rest/overview/media-types/#commits-commit-comparison-and-pull-requests) to fetch diff and patch formats.
 

docs/repos/compareCommitsWithBasehead.md

@@ -0,0 +1,95 @@
+---
+name: Compare two commits
+example: octokit.rest.repos.compareCommitsWithBasehead({ owner, repo, basehead })
+route: GET /repos/{owner}/{repo}/compare/{basehead}
+scope: repos
+type: API method
+---
+
+# Compare two commits
+
+The `basehead` param is comprised of two parts: `base` and `head`. Both must be branch names in `repo`. To compare branches across other repositories in the same network as `repo`, use the format `<USERNAME>:branch`.
+
+The response from the API is equivalent to running the `git log base..head` command; however, commits are returned in chronological order. Pass the appropriate [media type](https://docs.github.com/rest/overview/media-types/#commits-commit-comparison-and-pull-requests) to fetch diff and patch formats.
+
+The response also includes details on the files that were changed between the two commits. This includes the status of the change (for example, if a file was added, removed, modified, or renamed), and details of the change itself. For example, files with a `renamed` status have a `previous_filename` field showing the previous filename of the file, and files with a `modified` status have a `patch` field showing the changes made to the file.
+
+**Working with large comparisons**
+
+To process a response with a large number of commits, you can use (`per_page` or `page`) to paginate the results. When using paging, the list of changed files is only returned with page 1, but includes all changed files for the entire comparison. For more information on working with pagination, see "[Traversing with pagination](/rest/guides/traversing-with-pagination)."
+
+When calling this API without any paging parameters (`per_page` or `page`), the returned list is limited to 250 commits and the last commit in the list is the most recent of the entire comparison. When a paging parameter is specified, the first commit in the returned list of each page is the earliest.
+
+**Signature verification object**
+
+The response will include a `verification` object that describes the result of verifying the commit's signature. The following fields are included in the `verification` object:
+
+| Name        | Type      | Description                                                                                      |
+| ----------- | --------- | ------------------------------------------------------------------------------------------------ |
+| `verified`  | `boolean` | Indicates whether GitHub considers the signature in this commit to be verified.                  |
+| `reason`    | `string`  | The reason for verified value. Possible values and their meanings are enumerated in table below. |
+| `signature` | `string`  | The signature that was extracted from the commit.                                                |
+| `payload`   | `string`  | The value that was signed.                                                                       |
+
+These are the possible values for `reason` in the `verification` object:
+
+| Value                    | Description                                                                                                                       |
+| ------------------------ | --------------------------------------------------------------------------------------------------------------------------------- |
+| `expired_key`            | The key that made the signature is expired.                                                                                       |
+| `not_signing_key`        | The "signing" flag is not among the usage flags in the GPG key that made the signature.                                           |
+| `gpgverify_error`        | There was an error communicating with the signature verification service.                                                         |
+| `gpgverify_unavailable`  | The signature verification service is currently unavailable.                                                                      |
+| `unsigned`               | The object does not include a signature.                                                                                          |
+| `unknown_signature_type` | A non-PGP signature was found in the commit.                                                                                      |
+| `no_user`                | No user was associated with the `committer` email address in the commit.                                                          |
+| `unverified_email`       | The `committer` email address in the commit was associated with a user, but the email address is not verified on her/his account. |
+| `bad_email`              | The `committer` email address in the commit is not included in the identities of the PGP key that made the signature.             |
+| `unknown_key`            | The key that made the signature has not been registered with any user's account.                                                  |
+| `malformed_signature`    | There was an error parsing the signature.                                                                                         |
+| `invalid`                | The signature could not be cryptographically verified using the key whose key-id was found in the signature.                      |
+| `valid`                  | None of the above errors applied, so the signature is considered to be verified.                                                  |
+
+```js
+octokit.rest.repos.compareCommitsWithBasehead({
+  owner,
+  repo,
+  basehead,
+});
+```
+
+## Parameters
+
+<table>
+  <thead>
+    <tr>
+      <th>name</th>
+      <th>required</th>
+      <th>description</th>
+    </tr>
+  </thead>
+  <tbody>
+    <tr><td>owner</td><td>yes</td><td>
+
+</td></tr>
+<tr><td>repo</td><td>yes</td><td>
+
+</td></tr>
+<tr><td>page</td><td>no</td><td>
+
+Page number of the results to fetch.
+
+</td></tr>
+<tr><td>per_page</td><td>no</td><td>
+
+Results per page (max 100)
+
+</td></tr>
+<tr><td>basehead</td><td>yes</td><td>
+
+The base branch and head branch to compare. This parameter expects the format `{base}...{head}`.
+
+</td></tr>
+  </tbody>
+</table>
+
+See also: [GitHub Developer Guide documentation](https://docs.github.com/rest/reference/repos#compare-two-commits).

docs/repos/listPublic.md

@@ -10,9 +10,9 @@ type: API method
 
 Lists all public repositories in the order that they were created.
 
-Notes:
+Note:
 
-- For GitHub Enterprise Server and GitHub AE, this endpoint will only list repositories available to all users on the enterprise.
+- For GitHub Enterprise Server, this endpoint will only list repositories available to all users on the enterprise.
 - Pagination is powered exclusively by the `since` parameter. Use the [Link header](https://docs.github.com/rest/overview/resources-in-the-rest-api#link-header) to get the URL for the next page of repositories.
 
 ```js

package-lock.json

@@ -24,7 +24,7 @@
   "author": "Gregor Martynus (https://twitter.com/gr2m)",
   "license": "MIT",
   "dependencies": {
-    "@octokit/types": "^6.15.0",
+    "@octokit/types": "^6.16.0",
     "deprecation": "^2.3.1"
   },
   "devDependencies": {