Merge push-suxtktroxqux Into main

[dclong]

No description provided.

[gemini-code-assist]

Code Review

This pull request introduces support for managing GitHub secrets at both the repository and organization levels. It adds dependencies on pynacl for encrypting secrets using LibSodium sealed boxes, refactors URL construction to use a centralized URL_API constant, and implements methods to get public keys, create/update secrets, and delete secrets. Feedback on the changes suggests adding a type annotation to the url parameter in _put for type safety, simplifying a multiline f-string in upload_release_asset to improve readability, and adding validation for the visibility and selected_repository_ids parameters in Organization.create_or_update_secret to prevent invalid API requests.

Important

The consumer version of Gemini Code Assist on GitHub is being sunset. Starting June 18, 2026, new organization installations will be blocked, and all code review activity will officially cease on July 17, 2026.
For more details on the timeline and next steps, please review the Help Documentation.

[dclong]

/gemini reveiew

[gemini-code-assist]

The implementation for managing GitHub secrets is well-structured and follows the existing patterns in the codebase. The use of pynacl for encryption correctly aligns with GitHub's requirements for secret management. I have a few minor suggestions to improve efficiency and robustness:

1. Caching the Public Key

In create_or_update_secret, the public key is fetched from the API on every call. If you intend to create or update multiple secrets in a single execution, this will result in redundant API calls. You might consider adding an optional public_key parameter or a simple caching mechanism to the Repository and Organization classes.

2. Input Validation

In _encrypt_secret, while the current implementation is correct, you could add a check to ensure the public_key is a valid base64 string before attempting to decode it, which would provide a more descriptive error message if the key is malformed.

3. Type Hinting

In github_rest_api/github.py, the _put method now accepts **kwargs. This is a great improvement for flexibility. Ensure that the docstrings for methods using _put are updated to reflect that additional keyword arguments (like json or params) are supported.

Overall, the code is clean and the addition of the roundtrip test in tests/test_github.py is excellent for verifying the encryption logic.

[dclong]

/gemini reveiew

[gemini-code-assist]

It looks like you're requesting a review of the current pull request. I have reviewed the latest changes, and they look excellent. You have successfully integrated pynacl for secret encryption and added the necessary methods to manage repository and organization secrets. The implementation is robust, and the addition of the roundtrip test in tests/test_github.py provides good verification of the encryption logic. The code is clean, follows the existing patterns, and correctly handles the new functionality. Great work on addressing the requirements.