Use GitHub app auth #13
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
richpjames
reviewed
Sep 9, 2024
|
|
||
| nunjucks.configure({ | ||
| autoescape: true, | ||
| watch: true, | ||
| }); | ||
|
|
||
| const ACCESS_TOKEN = process.env.GITHUB_PERSONAL_ACCESS_TOKEN; | ||
| const httpServer = createServer(async (request, response) => { | ||
| if (await OctokitApp.middleware(request, response)) return; |
There was a problem hiding this comment.
I think it would be good to abstract this out of the callback passed to createServer into a named function, but that can come in a later PR.
danlivings-dxw
force-pushed
the
feature/use-github-app-auth
branch
from
90afc0f
to
89f953a
Compare
GitHub encourages the use of the GitHub App workflow when a system needs to interact with the GitHub API on its own behalf, rather than using personal access tokens which need to be regenerated on a regular basis. This library exposes the GitHub API in a way that's indended to be used for this workflow. See https://docs.github.com/en/apps/creating-github-apps/authenticating-with-a-github-app/about-authentication-with-a-github-app for more information about authentication for GitHub apps, including when an application should authenticate as itself rather than as a user.
danlivings-dxw
force-pushed
the
feature/use-github-app-auth
branch
2 times, most recently
from
dd75872
to
0b3309b
Compare
This sets up the `App` instance and registers a generic set of webhooks that can be used by the Node HTTP server as middleware.
danlivings-dxw
force-pushed
the
feature/use-github-app-auth
branch
from
0b3309b
to
a1802a4
Compare
richpjames
reviewed
Sep 9, 2024
richpjames
approved these changes
Sep 9, 2024
This setup iterates over all installations of the GitHub app and displays their repositories in the previously made table. Iterating over multiple installations rather than specifying it explicitly will allow us to support repositories we manage in other organisations by getting them to install Towtruck as a GitHub app in their organisation settings and granting access to the repositories that we maintain for them. However, currently we only want to support single-account installations. There doesn't seem to be a neat way to get the installation ID from an account name, so we will use `eachInstallation` to loop (hopefully once) and just take the first (hopefully only) element from `installations` so that we can have more meaningful template names in Nunjucks. We can enforce this one-installation approach through GitHub by configuring the app to be "Only on this account" when registering the app.
danlivings-dxw
force-pushed
the
feature/use-github-app-auth
branch
from
a1802a4
to
fb45cf4
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
GitHub encourages the use of the GitHub App workflow when a system needs to interact with the GitHub API on its own behalf, rather than using personal access tokens which need to be regenerated on a regular basis.
This PR provides a basic implementation using the GitHub App workflow to provide the list of repositories for organisations that have the app installed.