test: add regression test for nil invitation on 204 response

bofus10 · bofus10 · commit aab9175e211f · 2026-04-24T18:06:52.000+02:00
Covers the v6.12.0 panic scenario by standing up an httptest server that returns 204 No Content from PUT /repos/{owner}/{repo}/collaborators/{username} and driving updateUserCollaboratorsAndInvites against it. Asserts the function completes without panicking and records no invitation. Follow-up to @deiga's review on #3371.
diff --git a/github/resource_github_repository_collaborators_unit_test.go b/github/resource_github_repository_collaborators_unit_test.go
@@ -0,0 +1,98 @@
+package github
+
+import (
+	"context"
+	"net/http"
+	"net/http/httptest"
+	"net/url"
+	"testing"
+
+	"github.com/google/go-github/v85/github"
+)
+
+// TestUnitUpdateUserCollaboratorsAndInvites_NilInvitationFor204 is the
+// regression guard for the v6.12.0 panic: when GitHub's
+// PUT /repos/{owner}/{repo}/collaborators/{username} returns 204 No Content
+// (the invitee is an organization member gaining direct access without an
+// invitation), the go-github client surfaces that as (*Invitation == nil,
+// err == nil). Prior to the fix, updateUserCollaboratorsAndInvites
+// unconditionally dereferenced inv.ID and panicked with SIGSEGV. This test
+// stands up a fake API returning exactly that response shape and asserts
+// the function completes without panicking and records no invitation.
+func TestUnitUpdateUserCollaboratorsAndInvites_NilInvitationFor204(t *testing.T) {
+	const (
+		owner = "testowner"
+		repo  = "testrepo"
+		login = "orgmember"
+	)
+
+	collaboratorsPath := "/repos/" + owner + "/" + repo + "/collaborators"
+	invitationsPath := "/repos/" + owner + "/" + repo + "/invitations"
+	putCollaboratorPath := collaboratorsPath + "/" + login
+
+	var (
+		listCollaboratorsCalls int
+		listInvitationsCalls   int
+		putCollaboratorCalls   int
+	)
+
+	ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		w.Header().Set("Content-Type", "application/json")
+
+		switch {
+		case r.Method == http.MethodGet && r.URL.Path == collaboratorsPath:
+			listCollaboratorsCalls++
+			_, _ = w.Write([]byte(`[]`))
+
+		case r.Method == http.MethodGet && r.URL.Path == invitationsPath:
+			listInvitationsCalls++
+			_, _ = w.Write([]byte(`[]`))
+
+		case r.Method == http.MethodPut && r.URL.Path == putCollaboratorPath:
+			putCollaboratorCalls++
+			// Mirror GitHub's behavior for an existing org member: 204 with
+			// no body. go-github decodes this into (nil, resp, nil).
+			w.WriteHeader(http.StatusNoContent)
+
+		default:
+			t.Errorf("unexpected request: %s %s", r.Method, r.URL.Path)
+			w.WriteHeader(http.StatusTeapot)
+		}
+	}))
+	defer ts.Close()
+
+	client := github.NewClient(nil)
+	base, err := url.Parse(ts.URL + "/")
+	if err != nil {
+		t.Fatalf("parse test server URL: %v", err)
+	}
+	client.BaseURL = base
+
+	inUsers := userCollaborators{{
+		userIdentity: userIdentity{login: login},
+		permission:   "admin",
+	}}
+
+	ghInvites, err := updateUserCollaboratorsAndInvites(context.Background(), client, owner, repo, inUsers)
+	if err != nil {
+		t.Fatalf("updateUserCollaboratorsAndInvites returned error: %v", err)
+	}
+
+	// 204 means no invitation was issued, so nothing should be tracked.
+	if len(ghInvites) != 0 {
+		t.Errorf("expected 0 tracked invitations on 204 response, got %d: %+v",
+			len(ghInvites), ghInvites)
+	}
+
+	// Sanity check the full flow executed end-to-end.
+	if listCollaboratorsCalls != 2 { // direct + outside affiliations
+		t.Errorf("expected 2 GET collaborators calls (direct + outside), got %d",
+			listCollaboratorsCalls)
+	}
+	if listInvitationsCalls != 1 {
+		t.Errorf("expected 1 GET invitations call, got %d", listInvitationsCalls)
+	}
+	if putCollaboratorCalls != 1 {
+		t.Errorf("expected 1 PUT collaborator call, got %d", putCollaboratorCalls)
+	}
+}
