• Fix consistency
• Add GitHub Actions page
• Demos via termtosvg and/or asciinema

Src: https://github.com/sanitizers/github-bot-tutorial

I'm thinking of:

• (bool) RUNTIME_CONTEXT.IS_GITHUB_APP
• (bool) RUNTIME_CONTEXT.IS_GITHUB_ACTION
• (enum: APP|ACTION) RUNTIME_CONTEXT.RUNTIME_ENV (type?)

@ekohl what do you think?

Upvote & Fund

• We're using Polar.sh so you can upvote and help fund this issue.
• We receive the funding once the issue is completed & confirmed by you.
• Thank you in advance for helping prioritize & fund our backlog.

Example: 'app_slug': 'chronographer-staging'.
It creates the same problem as #21 before.

We need to migrate away from using dataclasses for API structs in favor of something more flexible or find a way to loosely map JSON to dataclasses.

Sentry Issue: PATCHBACK-N

CancelledError: 
  File "octomachinery/utils/asynctools.py", line 43, in _aio_gather_iter_pairs
    yield await task_res_q.get()
  File "anyio/_backends/_asyncio.py", line 724, in get
    return await super().get()
  File "asyncio/queues.py", line 163, in get
    await getter

GitHubBroken: Server Error
(21 additional frame(s) were not displayed)
...
  File "octomachinery/github/api/utils.py", line 45, in async_function_wrapper
    return await coroutine_instance
  File "gidgethub/abc.py", line 166, in post
    data, _ = await self._make_request(
  File "octomachinery/github/api/raw_client.py", line 66, in _make_request
    return await super()._make_request(
  File "gidgethub/abc.py", line 106, in _make_request
    data, self.rate_limit, more = sansio.decipher_response(*response)
  File "gidgethub/sansio.py", line 366, in decipher_response
    raise exc_type(*args)

There's some commonly needed events that are combos of a few conditions. One example is PR "merged", GitHub does not emit such an event, it does not exist. But we could make it easier for the end-users to subscribe to it.

The idea is to synthetize fake events that would essentially implement pre-processing of any incoming events and so that the user-defined event handlers are only invoked under certain conditions. Checking the merged PR means checking two flags: closed and merged (because some closed PRs are unmerged).

Users can have a boilerplate for such event but it'd be cleaner to subscribe to a synthetic pull_request.merged event.

I think implementing this feature may also help us implement #36 using the same technique as it would be a synthetic event matching anything too.

The currently deployed bots have been experiencing this problem for PATCH and GET requests:

• sanitizers/patchback-github-app#41:
  • https://ansible-open-source.sentry.io/issues/4593756606/ / https://ansible-open-source.sentry.io/share/issue/649e905fc9514df48b4d1c16d66ec269/
  • https://ansible-open-source.sentry.io/issues/4590376245/?referrer=github_integration) / https://ansible-open-source.sentry.io/share/issue/02e0b83c1ea642abbd2953511d7c348e/
  • https://ansible-open-source.sentry.io/issues/4620805945/ / https://ansible-open-source.sentry.io/share/issue/e87d38cc9ea448b99182dd48bb92b68f/
• sanitizers/chronographer-github-app#37
  • https://ansible-open-source.sentry.io/issues/4630423171/ / https://ansible-open-source.sentry.io/share/issue/65b0266d7524498da89b93be68372c63/

It's been happening since Oct 31 with various levels of intensity. Chronographer only experienced this 3 times all within a 32-second interval, on Nov 16. Patchback has 1-2 errors like this per day.
The bots moved from OpenShift 3 to a new OpenShift 4-based environment on Oct 16, so there is a chance that the CPython runtime environment got updated as well. The python-level deps are pinned via pip-tools. Both have aiohttp==3.6.2, multidict==4.7.6, and yarl==1.5.1. But it's hard to know if the CPython version has changed since I don't have logs and the old OpenShift instance is no longer available. Sentry reports suggest that both bots are running under CPython 3.9.13. The pre-OpenShift configs that used to be used in Heroku have CPython 3.8.6 in them, so maybe old OpenShift was running that.

Also, there are no Sentry reports that would suggest the same problem happening within the old OpenShift (the history goes 90 days back). This probably means that the Fedora container was different and maybe, the CPython version was too.

Upvote & Fund

• We're using Polar.sh so you can upvote and help fund this issue.
• We receive the funding once the issue is completed & confirmed by you.
• Thank you in advance for helping prioritize & fund our backlog.

This is similar to #32.

Upvote & Fund

• We're using Polar.sh so you can upvote and help fund this issue.
• We receive the funding once the issue is completed & confirmed by you.
• Thank you in advance for helping prioritize & fund our backlog.

Depends on: libgit2/pygit2#869

It looks like not all events have an installation attribute:

Traceback (most recent call last):
  File "/opt/app-root/lib/python3.7/site-packages/aiohttp/web_protocol.py", line 418, in start
    resp = await task
  File "/opt/app-root/lib/python3.7/site-packages/octomachinery/app/routing/webhooks_dispatcher.py", line 75, in wrapper
    return await wrapped_function(request)
  File "/opt/app-root/lib/python3.7/site-packages/octomachinery/app/routing/webhooks_dispatcher.py", line 96, in route_github_webhook_event
    github_installation = await github_app.get_installation(event)
  File "/opt/app-root/lib/python3.7/site-packages/octomachinery/github/api/app_client.py", line 145, in get_installation
    install_id = event.data['installation']['id']
KeyError: 'installation'

webhook causing this:

{
  "action": "updated",
  "security_advisory": {
    "ghsa_id": "GHSA-mx7p-6679-8g3q",
    "summary": "Moderate severity vulnerability that affects com.fasterxml.jackson.core:jackson-databind",
    "description": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the commons-dbcp (1.4) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of org.apache.commons.dbcp.datasources.SharedPoolDataSource and org.apache.commons.dbcp.datasources.PerUserPoolDataSource mishandling.",
    "severity": "moderate",
    "identifiers": [
      {
        "value": "GHSA-mx7p-6679-8g3q",
        "type": "GHSA"
      },
      {
        "value": "CVE-2019-16942",
        "type": "CVE"
      }
    ],
    "references": [
      {
        "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-16942"
      }
    ],
    "published_at": "2019-10-28T20:51:15Z",
    "updated_at": "2019-11-01T17:09:59Z",
    "withdrawn_at": null,
    "vulnerabilities": [
      {
        "package": {
          "ecosystem": "maven",
          "name": "com.fasterxml.jackson.core:jackson-databind"
        },
        "severity": "moderate",
        "vulnerable_version_range": "< 2.9.10.1",
        "first_patched_version": {
          "identifier": "2.9.10.1"
        }
      }
    ]
  }
}

Add delivery id at the beginning of log lines to improve tracing.

I found your repository because of your comment on how travis-ci.com doesn't deploy without setup.py

I learn by examples so I've been studying your repo and noticed that you have listed your python requirements:

But your currently generate a universal wheel.

Is there any specific reason?

Sorry for my newb status and thanks for the open source learning opportunity!

Upvote & Fund

• We're using Polar.sh so you can upvote and help fund this issue.
• We receive the funding once the issue is completed & confirmed by you.
• Thank you in advance for helping prioritize & fund our backlog.

Some kind of a leaky bucket seems to be appropriate here. It should take into account the overall rate limit, remaining rate limit and retry-after reported by GitHub API.

Prior art:

• https://github.com/litl/backoff / https://pypi.org/project/backoff/ (this is more about retries rather rate-limiting but is still a related topic)
• https://github.com/hallazzang/asyncio-throttle/blob/master/asyncio_throttle.py
• https://quentin.pradet.me/blog/how-do-you-rate-limit-calls-with-aiohttp.html
• https://gist.github.com/pquentin/5d8f5408cdad73e589d85ba509091741
• https://github.com/ccxt/ccxt/blob/master/python/ccxt/async_support/base/throttle.py
• https://github.com/ccxt/ccxt/pull/373/files
• https://stackoverflow.com/questions/45440900/throttling-async-functions-in-python-asyncio
• https://en.wikipedia.org/wiki/Leaky_bucket
• https://en.wikipedia.org/wiki/Token_bucket

The Octomachinery utilizes the gidgethub package module.
The githubapi call make_request function uses the gidgethub make_request call, the function call was updated with an additional argument https://github.com/brettcannon/gidgethub/blob/27c104de7a3e1b3052fb252f11b61a8ee01691f1/gidgethub/abc.py#L64
which is not handled in the octomachinery side

• Quickstart
• Howtos (user stories)
  • demos vis termtosvg/asciinema?
• Tutorials (#15)
• API reference
  • Runtime context
  • Raw GitHub API wrapper
  • Env vars
  • Installation config
• GitHub Actions differences
• Development environment
• Testing
• Deployment options
• Contributing
  • CoC
  • Dev env
• Anything else?

Refs:

• 3cb7830
• https://anyio.readthedocs.io/en/stable/versionhistory.html
• agronholm/anyio@5e8b5c5
• agronholm/anyio#124
• agronholm/anyio#100 (comment)

It is now possible to create an API token at https://pypi.org/manage/account/token/. CI autoreleases should switch to that.

Use @token for a username and the token itself for a password when using Twine: pypi/warehouse#994 (comment)

Ref: https://discuss.python.org/t/pypi-security-work-multifactor-auth-progress-help-needed/1042/31

envparse seems to be unmaintained for several years. There's another lib environs that is inspired by it, has proper CI set up and commits from yesterday in master. The API looks similar but it needs to be tried out.

Currently, signatures are copied from corresponding Gidgethub methods but real signatures should also have preview_api_version argument.

Upvote & Fund

• We're using Polar.sh so you can upvote and help fund this issue.
• We receive the funding once the issue is completed & confirmed by you.
• Thank you in advance for helping prioritize & fund our backlog.

Sentry Issue: PATCHBACK-11

BadRequest: Not Found
(3 additional frame(s) were not displayed)
...
  File "octomachinery/github/api/utils.py", line 45, in async_function_wrapper
    return await coroutine_instance
  File "gidgethub/abc.py", line 125, in getitem
    data, _ = await self._make_request(
  File "octomachinery/github/api/raw_client.py", line 66, in _make_request
    return await super()._make_request(
  File "gidgethub/abc.py", line 106, in _make_request
    data, self.rate_limit, more = sansio.decipher_response(*response)
  File "gidgethub/sansio.py", line 366, in decipher_response
    raise exc_type(*args)

Task exception was never retrieved
future: <Task finished name='Task-17' coro=<route_github_event() done, defined at /app/.heroku/python/lib/python3.8/site-packages/octomachinery/routing/webhooks_dispatcher.py:29> exception=BadRequest('Not Found')>

Upvote & Fund

• We're using Polar.sh so you can upvote and help fund this issue.
• We receive the funding once the issue is completed & confirmed by you.
• Thank you in advance for helping prioritize & fund our backlog.

We need to select, use and promote the use of one of these:

• https://github.com/mahmoud/glom
• https://github.com/cdgriffith/Box
• https://github.com/mewwts/addict

* Need to do some comparison/analysis and choose what's best.

• https://developer.github.com/v3/activity/events/
• https://api.github.com/repos/ansible/ansible/events
• https://api.github.com/orgs/ansible/events
• https://api.github.com/repos/webknjaz/ansible-gentoo-laptop/events

FR:

• https://github.community/t5/GitHub-API-Development-and/Programmatic-way-to-query-notification-failure-and-redeliver/m-p/12935/highlight/true#M80
• https://github.community/t5/GitHub-API-Development-and/FR-No-way-to-match-delivered-events-with-ones-queried-via-API/m-p/17492#M645

Reliability recommendations:

• https://developer.github.com/v3/guides/best-practices-for-integrators/#favor-asynchronous-work-over-synchronous

• Figure out whether it's possible with the currently available info in docs

Ref: https://github.community/t5/GitHub-API-Development-and/FR-Preview-API-missing-a-consolidated-accept-media-table/m-p/20157#M1085

Refs:

• https://probot.github.io/docs/development/#configuring-a-github-app
• https://docs.github.com/en/developers/apps/creating-a-github-app-from-a-manifest#using-probot-to-implement-the-github-app-manifest-flow
• https://github.com/probot/create-probot-app/blob/master/templates/git-data-js/app.yml

I am trying to pass the private key of the Github app to the octomachinery code via a Heroku config var. I am getting this error:

2023-05-22T14:27:52.400901+00:00 app[web.1]:   File "/app/.heroku/python/lib/python3.11/site-packages/cryptography/hazmat/backends/openssl/backend.py", line 957, in load_pem_private_key
2023-05-22T14:27:52.401025+00:00 app[web.1]:     return self._load_key(
2023-05-22T14:27:52.401063+00:00 app[web.1]:            ^^^^^^^^^^^^^^^
2023-05-22T14:27:52.401072+00:00 app[web.1]:   File "/app/.heroku/python/lib/python3.11/site-packages/cryptography/hazmat/backends/openssl/backend.py", line 1152, in _load_key
2023-05-22T14:27:52.401207+00:00 app[web.1]:     self._handle_key_loading_error()
2023-05-22T14:27:52.401221+00:00 app[web.1]:   File "/app/.heroku/python/lib/python3.11/site-packages/cryptography/hazmat/backends/openssl/backend.py", line 1207, in _handle_key_loading_error
2023-05-22T14:27:52.401361+00:00 app[web.1]:     raise ValueError(
2023-05-22T14:27:52.401408+00:00 app[web.1]: ValueError: ('Could not deserialize key data. The data may be in an incorrect format, it may be encrypted with an unsupported algorithm, or it may be an unsupported key type (e.g. EC curves with explicit parameters).', [<OpenSSLError(code=503841036, lib=60, reason=524556, reason_text=unsupported)>])
2023-05-22T14:27:52.593072+00:00 heroku[web.1]: Process exited with status 1
2023-05-22T14:27:52.620548+00:00 heroku[web.1]: State changed from starting to crashed

• For manual testing, there should be a CLI command accepting JSON payload (string or file), event type and more. (Initial sketch — #14)

• For automated testing, we need fixtures with a similar interface.

• Bonus: it's nice to have a CLI interface for running one-off ad-hoc tasks which may be useful for bulk processing/migrations.

In the GitHub UI, it only shows a SHA-1 hash of each key. It's hard to identify which is the one the App deployment is dealing with now.

1. This value can be retrieved via OpenSSL CLI (https://developer.github.com/apps/building-github-apps/authenticating-with-github-apps/#verifying-private-keys).
2. Alternatively, one could use pycrypto:

import hashlib
from pathlib import Path

from Crypto.PublicKey import RSA


def emit_chunks(i, s): 
    c = 0 
    l = len(i) 
    while c < l: 
        e = c + s 
        yield i[c: e] 
        c = e


key_contents = Path('~/Downloads/your-app.2019-09-18.private-key.pem').expanduser().read_text()
rsa_key = RSA.importKey(key_contents)
pub_rsa_key = rsa_key.publickey()
sha1_hash = hashlib.sha1(pub_rsa_key.exportKey('DER')).hexdigest()
col_separated_sha1_hash = ':'.join(emit_chunks(sha1_hash, 2))

3. pycrypto seems to not provide wheels, can we use some other lib to avoid requiring build deps?

I think, that on the key load stage we need to store this hash value and display it in repr, optionally allowing users to provide this hash value via env var for stricter validation.

Nathaniel Smith has designed quite a beautiful API for representing GH App/Installation entities back in August. I'd like octomachinery to reuse them partially and maybe offload some parts to a third-party lib based on that.

The idea is to have a separate lib that would be octomachinery's dependency so that:

• we'd have a shared code maintenance
• the API's UX/DX would be great
• it'd partially help avoid asyncio lock-in allowing it do be used in a broader variety of envs

For this, octomachinery needs some refactoring that I've started already. Also, we need to figure out what would belong to that library and what would have to stay inside of octomachinery.

Ref: https://github.com/python-trio/snekomatic/blob/13e233c/snekomatic/gh.py

Sentry Issue: CHRONOGRAPHER-3
Ref: https://ansible-open-source.sentry.io/share/issue/82c586fcaa3a4194b7b26f8c461def39/

This should probably be addressed with retries...

ServerDisconnectedError: 
(7 additional frame(s) were not displayed)
...
  File "gidgethub/aiohttp.py", line 19, in _request
    async with self._session.request(
  File "aiohttp/client.py", line 1012, in __aenter__
    self._resp = await self._coro
  File "aiohttp/client.py", line 504, in _request
    await resp.start(conn)
  File "aiohttp/client_reqrep.py", line 847, in start
    message, payload = await self._protocol.read()  # type: ignore  # noqa
  File "aiohttp/streams.py", line 591, in read
    await self._waiter

Task exception was never retrieved
future: <Task finished name='Task-157105' coro=<route_github_event() done, defined at /opt/app-root/lib64/python3.9/site-packages/octomachinery/routing/webhooks_dispatcher.py:29> exception=ServerDisconnectedError()>

Upvote & Fund

• We're using Polar.sh so you can upvote and help fund this issue.
• We receive the funding once the issue is completed & confirmed by you.
• Thank you in advance for helping prioritize & fund our backlog.

Ref: sanitizers/chronographer-github-app#15
Ref: #21

It's partially solved by dae63ff but I want to explore this problem deeper and see if I'm not missing anything, especially, UX-wise: can we help end-users to handle this more smoothly?

Refs:

• https://www.roguelynn.com/words/asyncio-graceful-shutdowns/
• https://github.com/cjrh/aiorun#%EF%B8%8F-smart-shield-for-shutdown
• https://gist.github.com/nvgoldin/30cea3c04ee0796ebd0489aa62bcf00a

Upvote & Fund

• We're using Polar.sh so you can upvote and help fund this issue.
• We receive the funding once the issue is completed & confirmed by you.
• Thank you in advance for helping prioritize & fund our backlog.

Current router interface:

1. Requires awaiting until all the event handlers finished before returning HTTP response to GitHub which will time out if it takes more than 30s. It should respond immediately and the handlers should not block this.
2. If there's more than one handler found for the given event, they are executed sequentially, one by one. We should switch to doing something like await asyncio.gather(*many_handlers_here) or just schedule-and-forget all handlers.

The router code is currently a part of GidgetHub. We need to implement own router inside octomachinery and use it instead now.

Upvote & Fund

• We're using Polar.sh so you can upvote and help fund this issue.
• We receive the funding once the issue is completed & confirmed by you.
• Thank you in advance for helping prioritize & fund our backlog.

I am trying out octomachinery with a simple bot implemented as a class:

import re
from octomachinery.app.server.runner import run as run_app
from octomachinery.routing import process_event_actions
from octomachinery.routing.decorators import process_webhook_payload
from octomachinery.runtime.context import RUNTIME_CONTEXT

class EyeingBot:
    """
    A class representing a GitHub bot that reacts to comments on issues.

    This bot, when mentioned in a comment on an issue, responds by 
    reacting to the comment with "eyes" and posting a response stating 
    it has read the issue.
    """
    name = "eyeingbot"

    @process_event_actions("issue_comment", {"created"})
    @process_webhook_payload
    async def on_comment(
        self,
        *,
        action,
        issue,
        comment,
        repository=None,
        sender=None,
        installation=None,
        assignee=None,
        changes=None,
        organization=None,
    ):
        """  
        Asynchronously responds to comments on issues where the bot is mentioned.

        This method is triggered when a comment is created on an issue. If the bot is 
        mentioned in the comment, it reacts to the comment with "eyes" and posts a 
        response stating it has read the issue.
        """
        github_api = RUNTIME_CONTEXT.app_installation_client
        if re.search(r"\@{}\b".format(self.name), comment["body"]):
            comment_reactions_api_url = f"{comment['url']}/reactions"
            await github_api.post(
                comment_reactions_api_url,
                preview_api_version="squirrel-girl",
                data={"content": "eyes"},
            )

            issue_comments_api_url = f"{issue['url']}/comments"
            await github_api.post(
                issue_comments_api_url,
                data={"body": "I have read the issue."},
            )


bot = EyeingBot()

run_app(
    name=bot.name,
    version="0.0.1",
    url="https://github.com/apps/eyeingbot",
)

Traceback

2023-06-16T13:17:45.229604+00:00 heroku[web.1]: Starting process with command `python triage/eyeingbot.py`
2023-06-16T13:17:47.340600+00:00 app[web.1]: /app/.heroku/python/lib/python3.10/site-packages/envparse.py:195: UserWarning: Could not any envfile.
2023-06-16T13:17:47.340625+00:00 app[web.1]:   warnings.warn('Could not any envfile.')
2023-06-16T13:17:47.441986+00:00 app[web.1]: INFO:octomachinery.app.server.machinery:Webhook secret is [NOT SET]: SIGNED WEBHOOKS WILL BE REJECTED
2023-06-16T13:17:47.842291+00:00 app[web.1]: INFO:octomachinery.app.server.machinery:Starting the following GitHub App:
2023-06-16T13:17:47.842746+00:00 app[web.1]: INFO:octomachinery.app.server.machinery:* app id: 337171
2023-06-16T13:17:47.842800+00:00 app[web.1]: INFO:octomachinery.app.server.machinery:* private key SHA-1 fingerprint: cc:d2:28:01:9f:62:7a:39:85:ee:36:cc:15:0c:be:37:18:0e:67:4b
2023-06-16T13:17:47.842840+00:00 app[web.1]: INFO:octomachinery.app.server.machinery:* user agent: eyeingbot/0.0.1 (+https://github.com/apps/eyeingbot)
2023-06-16T13:17:47.845414+00:00 app[web.1]: Traceback (most recent call last):
2023-06-16T13:17:47.845415+00:00 app[web.1]:   File "/app/triage/eyeingbot.py", line 58, in <module>
2023-06-16T13:17:47.845475+00:00 app[web.1]:     run_app(
2023-06-16T13:17:47.845476+00:00 app[web.1]:   File "/app/.heroku/python/lib/python3.10/site-packages/octomachinery/app/server/runner.py", line 70, in run
2023-06-16T13:17:47.845512+00:00 app[web.1]:     run_until_complete(run_server_forever, config, event_routers)
2023-06-16T13:17:47.845512+00:00 app[web.1]:   File "/app/.heroku/python/lib/python3.10/site-packages/anyio/__init__.py", line 72, in run
2023-06-16T13:17:47.845555+00:00 app[web.1]:     return asynclib.run(func, *args, **backend_options)  # type: ignore
2023-06-16T13:17:47.845555+00:00 app[web.1]:   File "/app/.heroku/python/lib/python3.10/site-packages/anyio/_backends/_asyncio.py", line 114, in run
2023-06-16T13:17:47.845592+00:00 app[web.1]:     raise exception
2023-06-16T13:17:47.845592+00:00 app[web.1]:   File "/app/.heroku/python/lib/python3.10/site-packages/anyio/_backends/_asyncio.py", line 76, in wrapper
2023-06-16T13:17:47.845622+00:00 app[web.1]:     retval = await func(*args)
2023-06-16T13:17:47.845623+00:00 app[web.1]:   File "/app/.heroku/python/lib/python3.10/site-packages/octomachinery/utils/asynctools.py", line 14, in async_func_wrapper
2023-06-16T13:17:47.845648+00:00 app[web.1]:     return await async_func(*args, **kwargs)
2023-06-16T13:17:47.845648+00:00 app[web.1]:   File "/app/.heroku/python/lib/python3.10/site-packages/octomachinery/app/server/machinery.py", line 134, in run_forever
2023-06-16T13:17:47.845684+00:00 app[web.1]:     await _prepare_github_app(github_app)
2023-06-16T13:17:47.845684+00:00 app[web.1]:   File "/app/.heroku/python/lib/python3.10/site-packages/octomachinery/app/server/machinery.py", line 64, in _prepare_github_app
2023-06-16T13:17:47.845713+00:00 app[web.1]:     await github_app.log_installs_list()
2023-06-16T13:17:47.845713+00:00 app[web.1]:   File "/app/.heroku/python/lib/python3.10/site-packages/octomachinery/github/api/app_client.py", line 71, in log_installs_list
2023-06-16T13:17:47.845744+00:00 app[web.1]:     installations = await self.get_installations()
2023-06-16T13:17:47.845744+00:00 app[web.1]:   File "/app/.heroku/python/lib/python3.10/site-packages/octomachinery/github/api/app_client.py", line 131, in get_installations
2023-06-16T13:17:47.845778+00:00 app[web.1]:     async for install in amap(
2023-06-16T13:17:47.845779+00:00 app[web.1]:   File "/app/.heroku/python/lib/python3.10/site-packages/octomachinery/utils/asynctools.py", line 81, in amap
2023-06-16T13:17:47.845808+00:00 app[web.1]:     async for async_value in async_iterable:
2023-06-16T13:17:47.845808+00:00 app[web.1]:   File "/app/.heroku/python/lib/python3.10/site-packages/octomachinery/github/api/utils.py", line 49, in async_generator_wrapper
2023-06-16T13:17:47.845836+00:00 app[web.1]:     async for result_item in coroutine_instance:
2023-06-16T13:17:47.845836+00:00 app[web.1]:   File "/app/.heroku/python/lib/python3.10/site-packages/gidgethub/abc.py", line 185, in getiter
2023-06-16T13:17:47.845876+00:00 app[web.1]:     data, more, _ = await self._make_request(
2023-06-16T13:17:47.845884+00:00 app[web.1]: TypeError: RawGitHubAPI._make_request() got an unexpected keyword argument 'extra_headers'

The function make_jwt_for return, uses pyjwt encode function which itself returns str output after version >v2.0 .
Which causes AttributeError while use octomachinery.

Related-to: thoth-station/qeb-hwt#152