-
Notifications
You must be signed in to change notification settings - Fork 499
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
feat: support GitHub App authentication (#1988)
Adds support for using GitHub Apps as a form of authentication
- Loading branch information
Showing
2 changed files
with
51 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -308,3 +308,49 @@ $ docker run --rm -d \ | |
| -e "SSH_AUTH_SOCK=/.ssh_agent_sock" \ | ||
| -e ATHENS_DISK_STORAGE_ROOT=/var/lib/athens -e ATHENS_STORAGE_TYPE=disk --name athens-proxy -p 3000:3000 gomods/athens:canary | ||
| ``` | ||
| ## GitHub Apps | ||
| Instead of using a Machine User on GitHub, it is possible to create a GitHub App and authenticate via it. | ||
| Create a GitHub App in **Settings > Developer settings > GitHub Apps** and install it. The AppID/ClientID, Installation ID and Private Key are | ||
| required from the App. | ||
| Install the [GitHub App Git Credential Helper](https://github.com/bdellegrazie/git-credential-github-app) in your `$PATH`. The Athens Docker image comes | ||
| with this pre-installed. | ||
| Configure your [global Git config](https://git-scm.com/docs/git-config) as follows: | ||
| ``` | ||
| [credential "https://github.com/your-org"] | ||
| helper = "github-app -username <app-name> -appId <app-id> -privateKeyFile <path-to-private-key> -installationId <installation-id>" | ||
| useHttpPath = true | ||
| [credential "https://github.com"] | ||
| helper = "cache --timeout=3600" | ||
| [url "https://github.com"] | ||
| insteadOf = ssh://[email protected] | ||
| ``` | ||
| This instructs Git to authenticate with the GitHub App and cache the results for 3600s (the authentication token is valid for 1 hour). | ||
| Now, builds executed through the Athens proxy should be able to clone the `github.com/your-org/your-repo` dependency over GitHub Apps. | ||
| ### GitHub Enterprise Self-hosted | ||
| To authenticate against a self-hosted GitHub Enterprise, the instructions are the same for GitHub hosted Apps | ||
| with the exception for the Git config, which should include your domain, as follows: | ||
| ``` | ||
| [credential "https://github.example.com/your-org"] | ||
| helper = "github-app -username <app-name> -appId <app-id> -privateKeyFile <path-to-private-key> -installationId <installation-id> -domain github.example.com" | ||
| useHttpPath = true | ||
| [credential "https://github.example.com"] | ||
| helper = "cache --timeout=3600" | ||
| [url "https://github.example.com"] | ||
| insteadOf = ssh://[email protected] | ||
| ``` | ||