Initial edit and conclusion

alexellis · alexellis · commit a3ff1d02e837 · 2021-01-26T15:09:53.000Z
Signed-off-by: Alex Ellis (OpenFaaS Ltd) &lt;alexellis2@gmail.com&gt;
diff --git a/Gemfile.lock b/Gemfile.lock
@@ -254,11 +254,12 @@ GEM
 
 PLATFORMS
   ruby
+  x86_64-linux-musl
 
 DEPENDENCIES
   github-pages
   html-proofer
   jekyll-archives
 
 BUNDLED WITH
-   2.0.2
+   2.2.2
diff --git a/_posts/2021-01-26-integrate-with-github-apps-and-faasd.md b/_posts/2021-01-26-integrate-with-github-apps-and-faasd.md
@@ -1,43 +1,57 @@
 ---
-title: "How to developing and test your GitHub Apps with faasd"
-description: "In this guide, we are going to demonstrate how to build our GitHub App and run it locally on our faasd instance then expose it to the internet using inlets to be able to Github can send events to it"
-tags: inlets-pro inletsctl go github-application faasd rasperry-pi caddy tls
+title: "You're doing it wrong. Integrate with GitHub the right way GitHub Apps"
+description: "In this guide, we are going to demonstrate how to build your own GitHub App to get a fine-grained integration with GitHub's API and to act on the behalf of its users."
+tags: inlets-pro inletsctl go github-application faasd raspberry-pi
 author_staff_member: developer-guy
 dark_background: true
 image: /images/2021-01-15-github-application-using-go-and-inlets-pro/faasd-issue-bot.png
-date: 2021-01-15
-
+date: 2021-01-26
 
 ---
 
-How to build our GitHub App and run it locally on our faasd instance then expose it to the internet using inlets to be able to Github can send events to it
+In this guide, we are going to demonstrate how to build your own GitHub App to get a fine-grained integration with GitHub's API and to act on the behalf of its users
 
 # Introduction
 
-In this guide, we are going to develop a [GitHub App](https://docs.github.com/en/free-pro-team@latest/developers/apps) using Go, then we deploy it as a serverless function to make use of [faasd](https://github.com/openfaas/faasd) which is a lightweight & portable faas engine.We are also going to do this demo on our local environment, so we should open our function which runs on our local environment to the Internet so Github can send events to our function. In order to do that we use inlets-pro which provides secure TCP/L4 tunnels.
+With [28 million developers on the platform and 85 million repositories](https://www.theverge.com/2018/6/18/17474284/microsoft-github-acquisition-developer-reaction), integrating with GitHub is not just fun, it's essential. Some companies have even built integrations so good, [that GitHub bought them](https://techcrunch.com/2019/09/18/github-acquires-code-analysis-tool-semmle/) and made them part of the core platform. This has happened multiple times.
+
+So why is it that so many of you are doing it wrong? Many of you are still using OAuth apps which are considered legacy and have scopes which are far too broad. Many more of you are taking extreme risks by using Personal Access Tokens (PATs), most of which can do anything to your account and repositories.
+
+> GitHub Apps are first-class actors within GitHub and unlike the legacy OAuth apps, allow or fine-grained actions to be performed on your user's repositories.
+
+In this guide, we are going to develop a [GitHub App](https://docs.github.com/en/free-pro-team@latest/developers/apps) using Go, then we deploy it as a serverless function to make use of [faasd](https://github.com/openfaas/faasd) which is a lightweight & portable faas engine. We are also going to do this demo on our local environment, so we should open our function which runs on our local environment to the Internet so Github can send events to our function. In order to do that we use inlets-pro which provides secure TCP/L4 tunnels.
+
+A GitHub App acts on its own behalf, taking actions via the API directly using its own identity, which means you don't need to maintain a bot or service account as a separate user. GitHub Apps can be installed directly on organizations and user accounts and granted access to specific repositories. They come with built-in webhooks and narrow, specific permissions. When you set up your GitHub App, you can select the repositories you want it to access. For example, in this guide we are going to develop a Github App that respond or close the comments for your repositories that you installed Github App for.
 
-GitHub Apps are first-class actors within GitHub. A GitHub App acts on its own behalf, taking actions via the API directly using its own identity, which means you don't need to maintain a bot or service account as a separate user. GitHub Apps can be installed directly on organizations and user accounts and granted access to specific repositories. They come with built-in webhooks and narrow, specific permissions. When you set up your GitHub App, you can select the repositories you want it to access. For example, in this guide we are going to develop a Github App that respond or close the comments for your repositories that you installed Github App for. Also there is a two good examples available on that topic: [Derek](https://github.com/alexellis/derek) and [OpenFaaS Cloud](https://github.com/openfaas/openfaas-cloud).
+Two examples that make thorough use of GitHub Apps are below:
 
-Derek is a Github App that reduces fatigue for maintainers by automating governance and delegating permissions to your team and community. It provides the following automations:
-- Generate changelogs for releases with PRs merged and commits added
-- Let designated non-admin users manage Issues and PRs by commenting Derek <command> or /command
-- Enforce Developer Certificate of Origin (DCO) checking (optional)
+* [Derek](https://github.com/alexellis/derek)
+* [OpenFaaS Cloud](https://github.com/openfaas/openfaas-cloud)
+
+Derek is a GitHub bot that reduces fatigue for maintainers by automating governance and delegating permissions to your team and community. It provides the following automation:
+
+- Generate changelogs for releases with PRs merged and commits added, crediting everyone invokved
+- Let designated non-admin users manage Issues and PRs by commenting `Derek <command>` or `/command`
+- Enforce [Developer Certificate of Origin (DCO)](https://developercertificate.org/) checking (optional)
 - Automatically label/flag PRs without a Description
 
-OpenFaaS Cloud is designed as Multi-user OpenFaaS Platform. With OpenFaaS Cloud functions are managed through typing git push which reduces the tooling and learning curve required to operate functions for your team. As soon as OpenFaaS Cloud receives a push event from git it will run through a build-workflow which clones your repo, builds a Docker image, pushes it to a registry and then deploys your functions to your cluster. Each user can access and monitor their functions through their personal dashboard.
+OpenFaaS Cloud is designed as Multi-user version of OpenFaaS with CI/CD built in and a new dashboard. It is aimed at platform engineers who want to give functions to their team, whilst shielding them from Kubernetes at the same time.
+
+With OpenFaaS Cloud functions are managed through typing `git push` which reduces the tooling and learning curve required to operate functions for your team. As soon as OpenFaaS Cloud receives a push event from git it will run through a build-workflow which clones your repo, builds a Docker image, pushes it to a registry and then deploys your functions to your cluster. Each user can access and monitor their functions through their personal dashboard.
 
 ## Pre-requisites
 
 * DigitalOcean Account - We are going to use DigitalOcean as a provider to host our exit-node.
-* arkade - arkade provides a portable marketplace for downloading your favourite devops CLIs and installing helm charts, with a single command.
+* [arkade](https://get-arkade.dev) - arkade provides a portable marketplace for downloading your favourite devops CLIs and installing helm charts, with a single command.
 * inletsctl - inletsctl automates the task of creating an exit-node on cloud infrastructure. 
 * inlets-pro - You can use inlets-pro to tunnel out any TCP traffic from an internal network to another network. 
 * multipass - Multipass provides a command line interface to launch, manage and generally fiddle about with instances of Linux.
 * faas-cli - This is a CLI for use with OpenFaaS - a serverless functions framework for Docker & Kubernetes.
 
 Now we are ready to go 🚀
 
-## Setup exit-node server on DigitalOcean
+## Setup your exit-node server on DigitalOcean
+
 For this tutorial you will need to have an account and API key with one of the [supported providers](https://github.com/inlets/inletsctl#featuresbacklog), or you can create an exit-server manually and install inlets PRO there yourself.
 
 For this tutorial, the DigitalOcean provider will be used. You can get [free credits on DigitalOcean with this link](https://m.do.co/c/8d4e75e9886f).
@@ -68,13 +82,17 @@ $ inletsctl create \
   --pro
 ```
 
+You can also change the region flag to a DigitalOcean region close to your network
+
+> See [the docs for inletsctl](https://docs.inlets.dev/#/tools/inletsctl?id=inletsctl-reference-documentation) for examples of how to use other providers like AWS EC2, Azure and GCP.
+
 If everything goes well, you should see your newly created "exit-node" on the homepage of your the DigitalOcean account like the following:
 
 ![inlets-droplet](/images/2021-01-15-github-application-using-go-and-inlets-pro/inlets-droplet.png)
 
 > If you curious about what the "exit-node or exit-server" is, you can follow a link in the inlets documentation [here](https://docs.inlets.dev/#/?id=exit-servers).
 
-## Setting up a new GitHub App
+## Create the new GitHub App on GitHub
 
 To register a new app, visit the app settings page in your GitHub profile, and click New GitHub App.
 
@@ -106,7 +124,8 @@ In order to get up and running with your own faasd installation on your Mac you
 Let's start our Ubuntu VM with multipass.First, we need a cloud-config.txt to set up faasd while bootstrapping VM.
 
 ```bash
-$ curl -sSLO https://raw.githubusercontent.com/openfaas/faasd/master/cloud-config.txt
+$ curl -sSLO \
+  https://raw.githubusercontent.com/openfaas/faasd/master/cloud-config.txt
 ```
 
 Then, we need to update the SSH key to match your own, edit cloud-config.txt:
@@ -120,19 +139,42 @@ Replace the _ssh_authorized_keys::ssh-rsa_ value with the contents of `~/.ssh/id
 Finally, boot the VM
 
 ```bash
-$ multipass launch --cloud-init cloud-config.txt  --name faasd
+$ multipass launch \
+  --cloud-init cloud-config.txt \
+  --name faasd
 ```
 
-Check the VM if it is working properly
+> Note: `multipass launch` can be configured with more CPUs, RAM and additional disk capacity, just run `--help` to see how.
+
+Check the VM if it is working properly:
 
 ```bash
-$ multipas list
+$ multipass list
 Name                    State             IPv4             Image
 faasd                   Running           192.168.64.25    Ubuntu 20.04 LTS
 ```
 
-## Build and Deploy function
-For this demo, we are going to use golang to develop our GitHub App, in order to do that, first, we need to pull the corresponding function template for the golang.
+You can connect to the VM through SSH or via `multipass exec faasd`.
+
+To get the IP address simply run `multipass info faasd`:
+
+```bash
+$ multipass info faasd
+Name:           faasd
+State:          Running
+IPv4:           192.168.64.25
+Release:        Ubuntu 20.04.1 LTS
+Image hash:     d68d50a4067d (Ubuntu 20.04 LTS)
+Load:           0.68 1.09 0.54
+Disk usage:     1.9G out of 4.7G
+Memory usage:   259.8M out of 981.4M
+```
+
+## Build and deploy a webhook receiver function
+
+For this demo, we are going to use Golang to develop a function that responds to any webhooks sent to us from the GitHub App.
+
+In order to do that, first, we need to pull the corresponding function template for the Golang.
 
 We need to install "faas-cli" tool for that but we need to install arkade first because arkade is the marketplace for our favourite devops CLIs.
 
@@ -146,7 +188,7 @@ Then, let's install our faas-cli tool.
 $ arkade get faas-cli
 ```
 
-Finally,we can continue to create our function.
+We can now find the Golang template we want and continue to create our function.
 
 ```bash
 # let's look at the available Go function templates within the OpenFaaS store
@@ -160,10 +202,11 @@ $ faas-cli template store pull golang-middleware
 $ faas-cli new issues-bot --lang golang-middleware --prefix <DOCKER_HUB_ID>
 ```
 
-You can find all the code details in the [GitHub repository](https://github.com/developer-guy/faasd-github-bot).
+You can find all the code details in my GitHub repository: [developer-guy/faasd-github-bot](https://github.com/developer-guy/faasd-github-bot).
+
+After you've created the function, you need to define a build-arg to use Go modules, an environment variable for the GitHub App ID (found in the GitHub UI) and a secret for the the webhook secret (for verifying genuine payloads) and the private key (for acting on the behalf of a user).
 
-After created the function, we need to define some arguments, environments and secrets for the function.
-Let's add them:
+Let's add them to the YAML file created by `faas-cli new`:
 
 ```yaml
   build_args:
@@ -172,44 +215,38 @@ Let's add them:
       - webhook-secret # your secret goes here
       - private-key-secret # your private key goes here
     environment:
-      APP_ID: "" #your app id goes here
+      APP_ID: "" # your app id goes here
 ```
 
-Finally, we need to create those secrets above with make use of faas-cli.
+Next we need to create the above two secrets.
 
-Let's create our secrets.
+Download the private key for the GitHub app to your host using the GitHub UI.
 
 ```bash
 $ export WEBHOOK_SECRET="sup3rs3cr3t"
 $ faas-cli secret create webhook-secret --from-literal $WEBHOOK_SECRET
-# Download the private key to your host
 $ faas-cli secret create private-key-secret --from-file <path_to_your_pem_file>.pem
 ```
 
-We should create a secret in faasd, in order to do that we need to access the Gateway of faasd.
+Now it's time to authenticate `faas-cli` so that we can do a deployment to our faasd instance from our laptop. This would work the same if you were deploying faasd to a cloud instance.
+
 ```bash
+# Get the IP into a variable
 $ export IP=$(multipass info faasd --format json| jq '.info.faasd.ipv4[0]' | tr -d '\"')
+
 # Let's capture the authentication password into a file for use with faas-cli
 $ ssh ubuntu@$IP "sudo cat /var/lib/faasd/secrets/basic-auth-password" > basic-auth-password
+
 # Login from your laptop (the host)
-$ export OPENFAAS_URL=http://$IP:8080 && \
+$ export OPENFAAS_URL=http://$IP:8080
+
 cat basic-auth-password | faas-cli login -s
 ```
 
-Also, it is worth to mention that you can run multipass info faasd at any time to get details of the faasd instance.
-```bash
-$ multipass info faasd
-Name:           faasd
-State:          Running
-IPv4:           192.168.64.25
-Release:        Ubuntu 20.04.1 LTS
-Image hash:     d68d50a4067d (Ubuntu 20.04 LTS)
-Load:           0.68 1.09 0.54
-Disk usage:     1.9G out of 4.7G
-Memory usage:   259.8M out of 981.4M
-```
+You can add the `OPENFAAS_URL` entry to your shell's profile if you like, so you get the variable set every time you open a new terminal.
+
+## Connect your Exit Node from the faasd instance
 
-## Connect your Exit Node
 We need to establish connection between our client, and the inlets-pro server in order to get events from there.
 
 ```bash
@@ -225,32 +262,61 @@ $ inlets-pro client --url "wss://XX.XXX.XXX.XX:8123/connect" \
         --ports $PORTS
 ```
 
-## Test
+## Let's test your GitHub App
+
 In order to test it we need to install this app to selected repositories. Create a repository called "test-issues-bot", then install this app for it.
 ![repository-access](/images/2021-01-15-github-application-using-go-and-inlets-pro/repository-access.png)
 
-Then, create an issue for the repository. You will see the message.
+If you create an issue on the `test-issues-bot` repository, then you will see a message like this:
+
 > "Hello, issue opened by: developer-guy"
 
 ![test-issue-bot](/images/2021-01-15-github-application-using-go-and-inlets-pro/test-issue-bot.png)
 
-Finally , let's close the issue by typing command */close*.
+Finally, let's close the issue by typing in a command, just like how Derek works:
+
+```
+/close
+```
+
 ![close-issue](/images/2021-01-15-github-application-using-go-and-inlets-pro/close-issue.png)
 
-## Cleanup
+### Tear down up the resources (optional)
 
 ```bash
 $ multipass delete --purge faasd
 $ inletsctl delete --provider digitalocean --id "YOUR_INSTANCE_ID"
 ```
 
-# Acknowledgements
+## So what next?
+
+Now that you can develop first-class integrations with GitHub, with fine-grained permissions and do things the right way. OAuth works are very broadly defined and personal access tokens (PATs) are just the wrong tool for the job and very risky if someone were to find it.
+
+Each user that installs your app is called an installation and has their own API limit of 1000 calls per hour.
+
+So what will you build?
+
+You could develop a bot, an integration, a linter as a service, integrate a machine-learning model from the OpenFaaS function store, and a whole host of other things. It's up to you to decide.
+
+Do you already have a preferred way to deploy and run HTTP servers which isn't faasd? We're OK with that and want you to know that what you learned here about inlets and GitHub Apps can apply whether you run with a Docker container or just deploy a binary directly to a server. 
+
+### Want to learn more about use-cases and faasd?
 
-* Special Thanks to [Alex Ellis](https://twitter.com/alexellisuk) for all guidance and for merging changes into OpenFaaS to better support this workflow.
-* Special Thanks to [Furkan Türkal](https://twitter.com/furkanturkaI) for all the support.
-* Special Thanks to [Kumar Utsav Anand](https://twitter.com/Utsav2Anand) for all the support.
+There is a new eBook and video workshop from Alex, the founder of OpenFaaS and faasd.
+
+<blockquote class="twitter-tweet"><p lang="en" dir="ltr">I&#39;ve just published: &quot;Serverless for Everyone Else&quot; on <a href="https://twitter.com/gumroad?ref_src=twsrc%5Etfw">@gumroad</a> <br><br>Automate your workflow with the official guide to faasd - a minimalist&#39;s approach to severless functions.<a href="https://twitter.com/hashtag/serverless?src=hash&amp;ref_src=twsrc%5Etfw">#serverless</a> <a href="https://twitter.com/hashtag/faas?src=hash&amp;ref_src=twsrc%5Etfw">#faas</a> <a href="https://twitter.com/hashtag/ebook?src=hash&amp;ref_src=twsrc%5Etfw">#ebook</a> <a href="https://twitter.com/hashtag/learn?src=hash&amp;ref_src=twsrc%5Etfw">#learn</a> <a href="https://twitter.com/hashtag/nodejs?src=hash&amp;ref_src=twsrc%5Etfw">#nodejs</a> <a href="https://t.co/hGCbV8OTEj">https://t.co/hGCbV8OTEj</a></p>&mdash; Alex Ellis (@alexellisuk) <a href="https://twitter.com/alexellisuk/status/1350079792612339715?ref_src=twsrc%5Etfw">January 15, 2021</a></blockquote> <script async src="https://platform.twitter.com/widgets.js" charset="utf-8"></script>
+
+If you get a copy before the end of January on the DevOps PRO tier, you'll get the eBook, a Grafana dashboard and a free upgrade to the 50 minute video workshop.
 
 # References
+
+Other GitHub Apps:
+
+* [Derek](https://github.com/alexellis/derek)
+* [OpenFaaS Cloud](https://github.com/openfaas/openfaas-cloud)
+
+Blog posts I found useful:
+
 * [https://blog.alexellis.io/deploy-serverless-faasd-with-cloud-init/](https://blog.alexellis.io/deploy-serverless-faasd-with-cloud-init/)
-* [https://www.x-cellent.com/blog/automating-github-with-golang-building-your-own-github-bot/](https://www.x-cellent.com/blog/automating-github-with-golang-building-your-own-github-bot/)
 * [https://blog.alexellis.io/share-work-using-inlets/](https://blog.alexellis.io/share-work-using-inlets/)
+* [https://www.x-cellent.com/blog/automating-github-with-golang-building-your-own-github-bot/](https://www.x-cellent.com/blog/automating-github-with-golang-building-your-own-github-bot/)
