Merge pull request #140 from osowskit/app-issue-creator

Tom Osowski · web-flow · commit c7ea1086d9c6 · 2017-07-06T11:01:40.000-07:00
Adding GitHub App example server
diff --git a/app/ruby/app-issue-creator/Gemfile b/app/ruby/app-issue-creator/Gemfile
@@ -0,0 +1,6 @@
+source "http://rubygems.org"
+
+gem "json",        "~> 1.8"
+gem 'sinatra',     '~> 1.3.5'
+gem 'octokit'
+gem 'jwt'
diff --git a/app/ruby/app-issue-creator/Gemfile.lock b/app/ruby/app-issue-creator/Gemfile.lock
@@ -0,0 +1,36 @@
+GEM
+  remote: http://rubygems.org/
+  specs:
+    addressable (2.5.1)
+      public_suffix (~> 2.0, >= 2.0.2)
+    faraday (0.12.1)
+      multipart-post (>= 1.2, < 3)
+    json (1.8.6)
+    jwt (1.5.6)
+    multipart-post (2.0.0)
+    octokit (4.7.0)
+      sawyer (~> 0.8.0, >= 0.5.3)
+    public_suffix (2.0.5)
+    rack (1.6.8)
+    rack-protection (1.5.3)
+      rack
+    sawyer (0.8.1)
+      addressable (>= 2.3.5, < 2.6)
+      faraday (~> 0.8, < 1.0)
+    sinatra (1.3.6)
+      rack (~> 1.4)
+      rack-protection (~> 1.3)
+      tilt (~> 1.3, >= 1.3.3)
+    tilt (1.4.1)
+
+PLATFORMS
+  ruby
+
+DEPENDENCIES
+  json (~> 1.8)
+  jwt
+  octokit
+  sinatra (~> 1.3.5)
+
+BUNDLED WITH
+   1.15.1
diff --git a/app/ruby/app-issue-creator/README.md b/app/ruby/app-issue-creator/README.md
@@ -0,0 +1,27 @@
+# app-issue-creator
+
+This is the sample project that walks through creating a GitHub App and configuring a server to listen to [`installation` events](https://developer.github.com/v3/activity/events/types/#installationevent). When an App is added to an account, it will create an issue in each repository with a message, "added new app!".
+
+## Requirements
+
+* Ruby installed
+* [Bundler](http://bundler.io/) installed
+* [ngrok](https://ngrok.com/) or [localtunnel](https://localtunnel.github.io/www/) exposing port `4567` to allow GitHub to access your server
+
+## Set up a GitHub App
+
+* [Set up and register GitHub App](https://developer.github.com/apps/building-integrations/setting-up-and-registering-github-apps/)
+* [Enable `issue` write permissions](https://developer.github.com/v3/apps/permissions/#permission-on-issues)
+* If not running on a public-facing IP, use ngrok to generate a URL as [documented here](https://developer.github.com/v3/guides/building-a-ci-server/#writing-your-server)
+
+## Install and Run project
+
+Install the required Ruby Gems by entering `bundle install` on the command line. 
+
+Set environment variables `GITHUB_APP_ID` and `GITHUB_APP_PRIVATE_KEY`. For example, run the following to store the private key to an environment variable: `export GITHUB_APP_PRIVATE_KEY="$(less private-key.pem)"`
+
+To start the server, type `ruby server.rb` on the command line.
+
+The [sinatra server](http://www.sinatrarb.com/) will be running at `localhost:4567`.
+
+[basics of auth]: http://developer.github.com/guides/basics-of-authentication/
diff --git a/app/ruby/app-issue-creator/server.rb b/app/ruby/app-issue-creator/server.rb
@@ -0,0 +1,108 @@
+require 'sinatra'
+require 'jwt'
+require 'json'
+require 'active_support/all'
+require 'octokit'
+
+begin
+  GITHUB_APP_ID = ENV.fetch("GITHUB_APP_ID")
+  GITHUB_PRIVATE_KEY = ENV.fetch("GITHUB_APP_PRIVATE_KEY")
+rescue KeyError
+  $stderr.puts "To run this script, please set the following environment variables:"
+  $stderr.puts "- GITHUB_APP_ID: GitHub App ID"
+  $stderr.puts "- GITHUB_APP_PRIVATE_KEY: GitHub App Private Key"
+  exit 1
+end
+@client = nil
+
+# Webhook listener
+post '/payload' do
+  github_event = request.env['HTTP_X_GITHUB_EVENT']
+  if github_event == "installation"
+    parse_installation_payload(request.body.read)
+  else
+    puts "New event #{github_event}"
+  end
+end
+
+# To authenticate as a GitHub App, generate a private key. Use this key to sign
+# a JSON Web Token (JWT), and encode using the RS256 algorithm. GitHub checks 
+# that the request is authenticated by verifying the token with the
+# integration's stored public key. https://git.io/vQOLW
+def get_jwt_token
+  private_key = OpenSSL::PKey::RSA.new(GITHUB_PRIVATE_KEY)
+
+  payload = {
+    # issued at time
+    iat: Time.now.to_i,
+    # JWT expiration time (10 minute maximum)
+    exp: 5.minutes.from_now.to_i,
+    # GitHub App's identifier
+    iss: GITHUB_APP_ID
+  }
+
+  JWT.encode(payload, private_key, "RS256")
+end
+
+# A GitHub App is installed by a user on one or more repositories.
+# The installation ID is passed in the webhook event. This returns all 
+# repositories this installation has access to.
+def get_app_repositories
+  json_response = @client.list_installation_repos
+
+  repository_list = []
+  if json_response.count > 0
+    json_response["repositories"].each do |repo|
+      repository_list.push(repo["full_name"])
+    end
+  else
+    puts json_response
+  end
+
+  repository_list
+end
+
+# For each repository that has Issues enabled, create an issue stating that a
+# GitHub App was installed
+def create_issues(repositories, sender_username)
+  repositories.each do |repo|
+    begin
+      @client.create_issue(repo, "#{sender_username} added new app!", "Added GitHub App")
+    rescue
+      puts "Issues is disabled for this repository"
+    end
+  end
+end
+
+#  When an App is added by a user, it will generate a webhook event. Parse an
+# `installation` webhook event, list all repositories this App has access to,
+# and create an issue.
+def parse_installation_payload(json_body)
+  webhook_data = JSON.parse(json_body)
+  if webhook_data["action"] == "created" || webhook_data["action"] == "added"
+    installation_id = webhook_data["installation"]["id"]
+  
+    # Get JWT for App and get access token for an installation
+    jwt_client = Octokit::Client.new(:bearer_token => get_jwt_token)
+    jwt_client.default_media_type = "application/vnd.github.machine-man-preview+json"
+    app_token = jwt_client.create_installation_access_token(installation_id)
+
+    # Create octokit client that has access to installation resources
+    @client = Octokit::Client.new(access_token: app_token[:token] )
+    @client.default_media_type = "application/vnd.github.machine-man-preview+json"
+
+    # List all repositories this installation has access to
+    repository_list = []
+    if webhook_data["installation"].key?("repositories_added")
+      webhook_data["installation"]["repositories_added"].each do |repo|
+        repository_list.push(repo["full_name"])
+      end
+    else
+      # Get repositories by query
+      repository_list = get_app_repositories
+    end
+    
+    # Create an issue in each repository stating an App has been given added
+    create_issues(repository_list, webhook_data["sender"]["login"])
+  end
+end
