Utilize an AppInstallation token to get the correct permissions

README.md

@@ -65,6 +65,18 @@ bin/tabia github --help
 bin/tabia github repositories --help
 ```
 
+#### Authentication
+
+Please note when using Github Authentication there are 2 options to authenticate.
+
+1. Authenticate as a Github App (your app will have to be installed in the organization)
+   - integration-id
+   - private-key
+2. Authenticate using a Personal Access Token
+   - token
+
+> :warning: When authenticating as a *GitHub App* please be informed you can only fetch information from **one** organization at a time as the client will be bound to that organizations App installation. To support multiple organizations we require a refactor using a Github client per organization.
+
 ### Output - Grimoirelab
 
 To expose the repositories in [Grimoirelab projects.json](https://github.com/chaoss/grimoirelab-sirmordred#projectsjson-) format, you can optionally provide a json file to map repositories to projects. By default the project will be mapped to the owner of the repository. Anything not matching the rules will fall back to this default.

cmd/cmd_github.go

@@ -160,7 +160,9 @@ func newGithubClient(c *cli.Context) (*github.Client, error) {
 		if err != nil {
 			return nil, err
 		}
-		client, err := github.NewClientWithAppAuth(integrationID, string(privateKeyBytes), ghWriter)
+		org := append(c.StringSlice("owner"), c.StringSlice("organization")...)
+
+		client, err := github.NewClientWithAppAuth(integrationID, string(privateKeyBytes), org[0], ghWriter)
 		return client, nil
 	}
 

lib/github/app.go

@@ -1,6 +1,8 @@
 package github
 
 import (
+	"context"
+	"fmt"
 	"io"
 	"net/http"
 	"time"
@@ -13,7 +15,7 @@ import (
 
 // NewClientWithAppAuth creates a new client that authenticates using an app integration ID
 // and a app private key
-func NewClientWithAppAuth(integrationID int64, privateKey string, writer io.Writer) (*Client, error) {
+func NewClientWithAppAuth(integrationID int64, privateKey, organization string, writer io.Writer) (*Client, error) {
 	config := new(githubapp.Config)
 	config.App.IntegrationID = integrationID
 	config.App.PrivateKey = privateKey
@@ -23,20 +25,29 @@ func NewClientWithAppAuth(integrationID int64, privateKey string, writer io.Writ
 	cc, err := githubapp.NewDefaultCachingClientCreator(
 		*config,
 		githubapp.WithClientUserAgent("tabia"),
-		githubapp.WithClientTimeout(3*time.Second),
+		githubapp.WithClientTimeout(10*time.Second),
 		githubapp.WithClientCaching(false, func() httpcache.Cache { return httpcache.NewMemoryCache() }),
 		githubapp.WithClientMiddleware(ClientLogging(writer)),
 	)
 
-	client, err := cc.NewAppV4Client()
+	appClient, err := cc.NewAppClient()
 	if err != nil {
 		return nil, err
 	}
-	restClient, err := cc.NewAppClient()
+	installation, _, err := appClient.Apps.FindOrganizationInstallation(context.Background(), organization)
 	if err != nil {
 		return nil, err
 	}
+	fmt.Println(installation)
 
+	client, err := cc.NewInstallationV4Client(*installation.ID)
+	if err != nil {
+		return nil, err
+	}
+	restClient, err := cc.NewInstallationClient(*installation.ID)
+	if err != nil {
+		return nil, err
+	}
 	return &Client{nil, restClient, client}, nil
 }
 

lib/github/app_test.go

@@ -14,7 +14,7 @@ func TestAppClient(t *testing.T) {
 
 	var buf strings.Builder
 	integrationID := int64(12345)
-	client, err := github.NewClientWithAppAuth(integrationID, "/path/to/rsa-private-key.pem", &buf)
+	client, err := github.NewClientWithAppAuth(integrationID, "/path/to/rsa-private-key.pem", "philips-labs", &buf)
 	assert.Error(err)
 	assert.Nil(client)
 }