[BB-508] baton-github: use github app to sync #63
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
johnallers
reviewed
May 20, 2025
pkg/config/config.go
Outdated
Comment on lines
41
to
48
| func ValidateConfig(cfg *Github) error { | ||
| apiKey := cfg.GetString(accessTokenField.FieldName) | ||
| appKey := cfg.GetString(appIDField.FieldName) | ||
| if len(apiKey) == 0 && len(appKey) == 0 { | ||
| return fmt.Errorf("api-key or app-privatekey is missing") | ||
| } | ||
| return nil | ||
| } |
Contributor
There was a problem hiding this comment.
I think this can be defined using relationships.
Bencheng21
commented
May 20, 2025
| } | ||
| return gitHubApp{ | ||
| appJWTClient: client, | ||
| appInstallationClient: installationsClient, |
Contributor
Author
There was a problem hiding this comment.
if many organizations are using the same app, they should have different tokens and clients.
laurenleach
reviewed
May 20, 2025
Comment on lines
+24
to
+27
| appPrivateKey = field.StringField( | ||
| "app-privatekey", | ||
| field.WithDescription("The private key used to connect to the GitHub App"), | ||
| ) |
Contributor
There was a problem hiding this comment.
we might want to have it use the file instead of taking it as a string
laurenleach
reviewed
May 20, 2025
Comment on lines
+55
to
+61
| if len(o.appClients) != 0 { | ||
| var ok bool | ||
| client, ok = o.appClients[oID] | ||
| if !ok { | ||
| return "", fmt.Errorf("organization: %d doesn't exist", oID) | ||
| } | ||
| } |
Contributor
There was a problem hiding this comment.
I'm not sure if its okay to cache like this, we generally don't rely on state like this, I think there can be times when we resume a sync
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Customer wants to get rid of the
service accountand usegithub appinstead.This PR adds the option to sync via the GitHub App.
Today, we use the personal access token to access resources that a user is granted to.
In github app, it's not the same story, since.
installation token is pinned to an organization, that means different organizations using the same app should have different installation tokens and one installation tokens from one org cannot access the other repository.
see here
Test.
The results are consistent with what we get when using a personal access token.
How to configure.
Install the GitHub App on your organizations.
Copy the private key and App ID.
Update the configuration with these two values.
Followup.
Intallation token expires in 1 hour, if the syn process takes more than 1 hour, we should refresh the token.