This completely rewrites the PR lookup mechanism so that the caller
must specify the GraphQL fields to query for each PR. Additionally, this
fixes some export problems with `pr view --json`.
Features:
- Each pr command now gets assigned a concept of a Finder. This makes it
easier to stub the PR in tests without having to stub the underlying
HTTP calls or git invocations.
- `pr view --web` is much faster since it only fetches the "url" field.
- `pr diff 123` now skips a whole API call where a whole PR was
unnecessarily preloaded just to access its diff in a subsequent call.
- PullRequestGraphQL query builder is now used to construct queries.
- A bunch of individual commands are now freed of having to know about
concepts such as BaseRepo, Branch, Config, or Remotes.
GitHub REST resources typically return full URLs to fetch related
resources at. We used to parse those URLs to find just the path portion
and pass that in to the `REST()` function, which only accepted paths. By
doing so, we are essential de-constructing a URL just to re-assemble it
again. While re-assembling it for Enterprise, though, we would
accidentally inject an extra `api/v3/` prefix where one was not needed.
The solution is just to use raw URLs as reported by the REST API with
no modifications. This extends the `REST()` function to accept full URLs
in addition to just paths to resources.
To prevent zipslip, we verify that each extracted file would fall
strictly under the prefix of the path to extract to. However, this
yielded a false positive when extracting to `.`, which is the default
for downloading a single archive.
- With no arguments in TTY mode, prompt which artifacts to download
- Change `--pattern` argument to be just `--name` and only do exact
matching
- For multi-archive downloads, prefix the destination path with the name
of the artifact
- Add tests exercising HTTP functionality
- Avoid "zipslip" path injection when extracting ZIP files
- Add tests for ZIP extraction
