Skip to content

feat(git): add “Share to GitHub” flow #13677

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 55 commits into from
Aug 18, 2025
Merged

feat(git): add “Share to GitHub” flow #13677

merged 55 commits into from
Aug 18, 2025

Conversation

@wanling0000
Copy link
Collaborator

@wanling0000 wanling0000 commented Aug 10, 2025
edited by subhramit
Loading

Closes #12350

This PR is part of GSoC 2025 — Git Support for JabRef.
It implements the Share to GitHub flow

  • New dialog to enter Repository URL (HTTPS), GitHub username, and Personal Access Token (PAT).
  • Optional “Remember Git settings”.
  • Initializes a Git repo for the current .bib file if needed, sets origin, creates an initial commit, and pushes (creates upstream if remote is empty).
  • Warns if the remote is not empty / behind to avoid overwriting.
  • Adds inline help: link to GitHub PAT docs and “Create new repository” page.

Steps to test

Tip

Keep one .bib per folder when testing. Git init will commit everything in the folder except what’s ignored by .gitignore.

  1. Prepare on GitHub
  • Create an empty repository (no README/License) or pick an existing repo you want to use.
  • Ensure you have a PAT with repo scope.
  1. In JabRef
  • Open (and save) a library so it has a file path.
  • Go to File → Git → Share this library to GitHub.
  1. In the dialog, fill in:
  • Repository URL (HTTPS)
  • GitHub username
  • PAT
  • Optionally tick Remember Git settings
  • Click Share.
  1. Expected results
  • If the remote is empty: an initial commit is created and pushed; upstream is set.
  • If the remote is not empty: a warning is shown to pull first; no destructive action is performed.
  1. Verify on GitHub
  • The repo should contain the committed .bib and .gitignore (and any other files in that folder not ignored).
  • Upstream tracking exists for the current branch.

Screenshots

Screenshot 2025-08-10 at 02 40 08 Screenshot 2025-08-10 at 02 40 58 Screenshot 2025-08-10 at 02 41 08

Mandatory checks

  • I own the copyright of the code submitted and I license it under the MIT license
  • [/] Change in CHANGELOG.md described in a way that is understandable for the average user (if change is visible to the user)
  • Tests created for changes (if applicable)
  • Manually tested changed features in running JabRef (always required)
  • Screenshots added in PR description (if change is visible to the user)
  • [/] Checked developer's documentation: Is the information available and up to date? If not, I outlined it in this pull request.
  • [/] Checked documentation: Is the information available and up to date? If not, I created an issue at https://github.com/JabRef/user-documentation/issues or, even better, I submitted a pull request to the documentation repository.

@wanling0000 wanling0000 force-pushed the feat/gsoc-git-share-to-github branch from 1683f1c to 8e7f7b8 Compare August 10, 2025 11:51
trag-bot[bot]
trag-bot bot reviewed Aug 10, 2025
View reviewed changes
trag-bot[bot]
trag-bot bot reviewed Aug 10, 2025
View reviewed changes
@wanling0000 wanling0000 force-pushed the feat/gsoc-git-share-to-github branch 2 times, most recently from 7233c6e to b2e3767 Compare August 10, 2025 16:06
@wanling0000 wanling0000 marked this pull request as ready for review August 10, 2025 16:39
@wanling0000 wanling0000 force-pushed the feat/gsoc-git-share-to-github branch 3 times, most recently from 7bfc8d1 to b5cf6d2 Compare August 11, 2025 23:30
@wanling0000
Copy link
Collaborator Author

I tried using Stacked Branches in GitButler, but every time I needed to update the PR at the bottom of the stack, I had to force push the entire stack...
57bfb525-3fa4-4324-b6cc-b28532572d88

So finally gave up using Stacked Branches...

@wanling0000 wanling0000 force-pushed the feat/gsoc-git-share-to-github branch from b5cf6d2 to 5e0a7ee Compare August 11, 2025 23:45
koppor
koppor reviewed Aug 13, 2025
View reviewed changes
@koppor
Copy link
Member

koppor commented Aug 13, 2025

Review "instructions" (if someone wants to try AI)

  • How are credentials stored? Is this using JabRefs credential system
  • Are the language keys grouped together correctly?
  • Why is "http" allowed in GitHub URLs? Shouldn't it be https only? Shouldn't that be a helpe rmethod?
  • Does it work if there is already an existing GitHub connection?
  • Does it work if ther eis a "giti init" made but no remote?

@wanling0000
Copy link
Collaborator Author

Review "instructions" (if someone wants to try AI)

  • How are credentials stored? Is this using JabRefs credential system

Thanks for pointing this out, I did find a security issue here.

If the user chooses not to remember their GitHub credentials, we still store the username and PAT in memory (via credentialsProvider).

When the user choose to remember them, we save them in GitPreferences and use the Password class from the shared database module to encrypt and decrypt the PAT based on the username.

Do you think this is an appropriate way to handle encrypted credentials in this case? Or would you recommend a better or more standard approach within JabRef?

@koppor
Copy link
Member

koppor commented Aug 13, 2025

  • How are credentials stored? Is this using JabRefs credential system
    Thanks for pointing this out, I did find a security issue here.

If the user chooses not to remember their GitHub credentials, we still store the username and PAT in memory

This is OK.

When the user choose to remember them, we save them in GitPreferences and use the Password class from the shared database module to encrypt and decrypt the PAT based on the username.

This is not good 😅

Option 1:

  • In JabRef's preferences, have a store for github username and github password - similar to proxy settings (org.jabref.logic.net.ProxyPreferences)

Option 2: provider-based store

  • In JabRef's preferences, have store for provider/username/password - similar to org.jabref.gui.preferences.websearch.WebSearchTabViewModel

One can store "provider" using "domain".

Use case:

Users might have

and much much more.

For this phase, option 1 is enough and as follow-up we can support multiple Git hosting solutions.

@koppor koppor mentioned this pull request Aug 13, 2025
Open
@Siedlerchr
Copy link
Member

When entering some rubbish, JabRef freezes and becomes unresponsive. You are probably blocking the main javafx thread.

grafik

Siedlerchr
Siedlerchr previously requested changes Aug 13, 2025
View reviewed changes
Copy link
Member

@Siedlerchr Siedlerchr left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Check the javafx threading

trag-bot[bot]
trag-bot bot reviewed Aug 15, 2025
View reviewed changes
koppor
koppor previously approved these changes Aug 18, 2025
View reviewed changes
subhramit
subhramit previously approved these changes Aug 18, 2025
View reviewed changes
@koppor koppor disabled auto-merge August 18, 2025 20:52
@koppor koppor dismissed stale reviews from subhramit and themself via 1f89a5a August 18, 2025 20:54
@trag-bot
Copy link

trag-bot bot commented Aug 18, 2025

@trag-bot didn't find any issues in the code! ✅✨

1 similar comment
@trag-bot
Copy link

trag-bot bot commented Aug 18, 2025

@trag-bot didn't find any issues in the code! ✅✨

@koppor koppor enabled auto-merge August 18, 2025 21:23
@subhramit subhramit dismissed stale reviews from InAnYan and Siedlerchr August 18, 2025 21:23

addressed

@koppor koppor added this pull request to the merge queue Aug 18, 2025
Merged via the queue into JabRef:main with commit e17e2fc Aug 18, 2025
1 check passed
@github-actions github-actions bot mentioned this pull request Aug 18, 2025
Closed
Siedlerchr added a commit that referenced this pull request Aug 21, 2025
@Siedlerchr
Merge remote-tracking branch 'upstream/main'
9bee24f 
* upstream/main:
  New translations jabref_en.properties (Italian) (#13725)
  Minor code style updates (#13722)
  Fix: Make FileUtil.relativize symlink-aware (#13553)
  New Crowdin updates (#13720)
  Bump org.glassfish.jersey.core:jersey-server in /versions (#13714)
  Enable UseObjectNotifyAll (#13718)
  Bump com.dlsc.gemsfx:gemsfx from 3.3.5 to 3.4.2 in /versions (#13717)
  Update on-issue-comment.yml
  Bump org.openrewrite.recipe:rewrite-recipe-bom from 3.12.1 to 3.13.0 (#13716)
  Bump org.openrewrite.rewrite from 7.12.1 to 7.14.0 (#13715)
  Bump org.glassfish.jersey.inject:jersey-hk2 in /versions (#13713)
  feat(git): add “Share to GitHub” flow (#13677)
  Bump jablib/src/main/resources/csl-styles from `292aec3` to `1194364` (#13712)
  Bump jablib/src/main/abbrv.jabref.org from `cfe719f` to `a97f9c6` (#13711)
  Bump jablib/src/main/resources/csl-locales from `e2de1e3` to `fa56de1` (#13710)
  Add noop Git Config System Reader to prevent usage of real world stuff into jgit (#13703)
  Added static (stream & preferences) constructors to BibDatabaseContext (#13694)
  New Crowdin updates (#13698)
  fix git modules requires and uses (#13696)
  Focus "Specify Bib(La)TeX" when Bib(La)TeX is in clipboard (#13633)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Siedlerchr Siedlerchr Siedlerchr left review comments

@calixtus calixtus calixtus left review comments

@trag-bot trag-bot[bot] trag-bot[bot] left review comments

@koppor koppor koppor approved these changes

@InAnYan InAnYan InAnYan approved these changes

@subhramit subhramit subhramit approved these changes

Assignees

No one assigned

Labels

component: git project: gsoc

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Add (simple) git support

6 participants

@wanling0000 @koppor @Siedlerchr @InAnYan @calixtus @subhramit