Support GitHub app auth #14
Conversation
There was a problem hiding this comment.
Thanks for the contribution!
Here are my overall remarks.
-
Rationale: we'll need to to explain a bit clearer the problem that arises in the first place, and how you solve it with the code you're contributing.
-
Clean code: could you please rebase your work on top of main branch, and clean it up with
git rebase -iso that you remove unnecessary back-and-forth commits, and remove test-related commits? -
Failing build: in our Concourse pipeline, the
make allbuild step fails with this error:
> [builder 5/5] RUN go version && make all:
...
#14 37.87 vet: ./models_test.go:42:5: unknown field GithubOrganziation in struct literal of type resource.Source
#14 37.97 make: *** [Makefile:11: test] Error 1
- Increased code complexity, yet not covered by unit tests: there are many
if g.UseGithubApporif !g.UseGithubAppwhich increases a lot the number of code branches and thus tests cases that should be covered. Un fortunately we don't have sufficient test coverage to support such complexity.
CODEOWNERS
Outdated
| @@ -1,3 +0,0 @@ | |||
| # Default. Unless we have a more specific match. | |||
There was a problem hiding this comment.
Please don't remove files unless you have a good reason to do so
Dockerfile
Outdated
|
|
||
| FROM ${golang} AS builder | ||
|
|
||
| FROM public.ecr.aws/docker/library/golang:1.22 as builder |
There was a problem hiding this comment.
Please don't change this Dockerfile that is required by the build system in our Concourse pipeline, unless you have good reason to do so.
Instead, you should use a separate Dockerfile to run your tests locally.
There was a problem hiding this comment.
Sorry will take a look. I can see that this has been heavily customized for concourse, but as I hope you can understand that makes it seemingly impossible to build locally
Dockerfile
Outdated
| ENV DEBIAN_FRONTEND=noninteractive | ||
| RUN apt-get -y -qq update \ | ||
| && apt-get -y -qq install "make" | ||
|
|
||
| ADD . /go/src/github.com/telia-oss/github-pr-resource | ||
| WORKDIR /go/src/github.com/telia-oss/github-pr-resource | ||
|
|
||
| RUN go version \ | ||
| && make all | ||
| RUN go version && make all |
| openssh \ | ||
| git-crypt | ||
| COPY scripts/askpass.sh /usr/local/bin/askpass.sh | ||
| ENV GITHUB_APP_CRED_HELPER_VERSION="v0.3.2" | ||
| ENV BIN_PATH_TARGET=/usr/local/bin | ||
| RUN curl -L https://github.com/bdellegrazie/git-credential-github-app/releases/download/${GITHUB_APP_CRED_HELPER_VERSION}/git-credential-github-app_${GITHUB_APP_CRED_HELPER_VERSION}_Linux_x86_64.tar.gz | tar zxv -C ${BIN_PATH_TARGET} |
There was a problem hiding this comment.
Adding such external component should be justified in the PR description.
Plus, why not use the latest v0.3.3 version?
Which raises the question of how we shall bump this new dependency?
There was a problem hiding this comment.
I updated it to the latest version 9f4ae0f
I am open to suggestions for how to keep it up to date. with say, the git resource, we have to build our own version of the git resource to add support for github app auth, since the regular git resource is agnostic to providers. but supporting github apps in this resource seems highly desirable
README.md
Outdated
| | `github_organization` | No | `Vault-tec` | Which Github organization your github app is in. | ||
| | `private_key` | No | `-----BEGIN RSA...` | Private key for your github app. | ||
| | `installation_id` | No | `12356` | Installation id for your github app. | ||
| | `application_id` | No | `12356` | Application id for your github app. |
There was a problem hiding this comment.
Table rows should be formatted the same as previous row are.
(We typically use the "format selection" action on the table, using the yzhang.markdown-all-in-one VScode plugin.)
| } else { | ||
| if err := g.command("git", "config", "url.https://[email protected]/.insteadOf", "[email protected]:").Run(); err != nil { | ||
| return fmt.Errorf("failed to configure github url: %s", err) | ||
| } |
There was a problem hiding this comment.
Smaller branch of if-then-else should come first: please invert the condition.
github.go
Outdated
| // Client using oauth2 wrapper | ||
| client = oauth2.NewClient(ctx, oauth2.StaticTokenSource( | ||
| &oauth2.Token{AccessToken: s.AccessToken}, | ||
| )) |
There was a problem hiding this comment.
Smaller branch of if-then-else should come first: please invert the condition.
scottillogical
force-pushed
the
support_github_app_auth
branch
from
094d02e to
6806207
Compare
This commit adds support for authentication as a GitHub App. This is beneficial in several ways, including: * Increased rate limits * Better separation of access * Finer grained control over access * Removes the need for a bot or service account As part of these changes, have added the `github.com/bradleyfalzon/ghinstallation/v2` module and it's associated dependencies. Added several new configuration fields: * `UseGitHubApp` - Boolean flag signalling if user wants to auth as a GitHub App * `PrivateKeyFile` - Filename for RSA Private Key generated for GitHub App * `AppID` - GitHub App application numerical identifier * `InstallationID` - GitHub App installation numerical identifier Upgrade to golang `1.16` Add some tests for the `Source` model. Add support for both `private_key` and `private_key_file` intputs. This enables either reading the private key from a file, or providing the contents of the private key. Expanded testing to cover additional scenarios. Also rename `AppID` to `ApplicationID`. add manifest yaml bump remove unused travis use real image tags in dockefile, update go.mod update go sum comment xoauth basic comment xoauth basic comment xoauth basic comment xoauth basic add git credentail helper fix dockerfile add credential helper sds sds
remove run e remove run e fix gofmt fix gofmt fix gofmt
remove logger
restore oauth basic remove private key file reference typo punctuation Update Golang from 1.22.10 to 1.23.7 and its dependencies
scottillogical
force-pushed
the
support_github_app_auth
branch
from
6806207 to
17a664d
Compare
remove unneeded manifest.yaml
scottillogical
force-pushed
the
support_github_app_auth
branch
from
4d4d7f5 to
f05bdfd
Compare
|
The PR enables using GitHub app authentication
The has the following benefits
Relevant github issue: telia-oss#212
Changes