How to prevent applications, like Visual Studio, from Pushing changes to github. There is a PC at my previous place of employment that is linked with my github account. I no longer have access to this PC. Is there a way from https://github.com/ to block all (connected applications) or (disconnect applications that are connected) to my github repos, so they cannot (Push) changes to my github account??
If you change your Github password, it should prevent anyone from your old work being able to alter your work without having that new password, consider also adding two-factor auth. You also neet to go to your account setting on the Github and scroll down to the integrations header and click on applications. From there activate the Authorized OAuth Apps tab, revoke away.
Related
What is the difference between a GitHub App and the REST API for GitHub? Why would you need a GitHub App if you can just use the REST API, without setting any environment up?
The REST API should just be a collection of endpoints that accept a POST along with access tokens. But the GitHub App requires cloning an entire repo written in Ruby, that has nothing to do with my app.
I am not looking for users to integrate with my repo, I want them to be able to connect their own repo to the application.
But the GitHub App requires cloning an entire repo written in Ruby, that has nothing to do with my app.
I don't believe this is true.
GitHub Apps make the process of integrating 3rd party tools into your GitHub repositories smoother.
GitHub Apps are installed by organizations and granted access to specific repositories via GitHub. For example, CodeClimate is a tool which performs checks on pull requests. Rather than granting them OAuth access to my repositories, I can install the CodeClimate GitHub App on my organization and configure which repositories they have access to. I can see all the apps installed and what their permissions are.
Note that "installing" a GitHub App does not install any code. "Installing" gives the app permissions for the service to access your organization and repos. A GitHub App is a wrapper around an existing service.
If you want users to connect their repos to your application, consider a GitHub App.
This is covered in About apps.
An OAuth App acts as a GitHub user, whereas a GitHub App uses its own identity when installed on an organization or on repositories within an organization.
GitHub Apps are the officially recommended way to integrate with GitHub because they offer much more granular permissions to access data, but GitHub supports both OAuth Apps and GitHub Apps.
GitHub Apps are first-class actors within GitHub. A GitHub App acts on its own behalf, taking actions via the API directly using its own identity, which means you don't need to maintain a bot or service account as a separate user.
GitHub Apps can be installed directly on organizations and user accounts and granted access to specific repositories. They come with built-in webhooks and narrow, specific permissions. When you set up your GitHub App, you can select the repositories you want it to access. For example, you can set up an app called MyGitHub that writes issues in the octocat repository and only the octocat repository. To install a GitHub App, you must be an organization owner or have admin permissions in a repository.
GitHub Apps are applications that need to be hosted somewhere. For step-by-step instructions that cover servers and hosting, see "Building Your First GitHub App."
Differences between GitHub Apps and OAuth Apps has a complete breakdown.
Hello community can you please help me out, not very knowledgeable in this area
I got an email from git saying that personal password is no longer gonna be supported and that team city was using it so I went into GitHub and generated a token and added to the VCS in the, after our next deploy I got an email from GitHub saying, you are still using the password dummy, so I asked our server guy to update TeamCity as we were several versions behind, so he did and we ran a deploy again today. I pay a visit to the VCS again and saw my Authentication method was set to Password/Token. I got no email from GIT this time saying I was dummy and "Developer Settings/Personal access tokens" mention TeamCity has used it but TeamCity keeps saying this ▼▼▼▼ any ideas ?? Thanks.
git) https://github.com//xxxxxxxxxx is using deprecated password authentication with github.com and will soon stop working
Please consider switching to either personal access token or to SSH private key authentication.
Edit VCS root
Solution as mentioned in the error.
It is also mentioned on TeamCity documentation
You may either use SSH priv/pub keys as authentication or "Personal Access Token".
I can tell by git) https://github.com//xxxxxxxxxx that you are currently using HTTPS instead of SSH to source your VCS, so the most similar solution is GitHub Private Access Token (linked: how-to)
Go to Setting > Developer Settings > Personal Access Token and click "Generate New".
If this is a private GitHub repo, you will need to tick the "repo" scope.
On your TeamCity VCS change the password to be the Personal Access Token you generated.
Tip: since you can not view the PAT after generating nor after using on the VCS, it is recommend to set the PAT as a root configuration variable, so you can call it on this VCS, build features, or other future use.
I have a github account: https://github.com/remkohdev
and am a member of several github organizations
I have added all organizations to the Bluemix DevOps Third Party applications authorizations.
But I cannot change the default github organization to a different organization when I enable the Toolchain on Bluemix, so that I can create/edit the source code to the repo in a different than default Github organization?
Error:
The integration could not be set up. Check the settings and try again.
Reason: Unable to update the git integration. An error occurred while cloning the git repository. Error details: Unable to read the repository on: https://github.com/eventquarry/server.git. User is not authorized, or repository does not exist.
When you authorized with GitHub you probably did not explicitly grant access to the eventquarry organization.
To fix this, first you need to revoke your token by logging into Github.com, then click settings > Authorized applications > Revoke "IBM Bluemix Toolchains". Now go back to Bluemix, and when you click on the GitHub tool you will see an “Authorize” button. Upon clicking, you will be taken to GitHub, and here you need to click "Grant Access" next to eventquarry (and all orgs you would like to grant access to) before clicking "Authorize application".
Now you should be able to fork/clone/link with the private repositories in the eventquarry organization.
The devops git folks responded with this:
Right now, we don't support the ability to create new organization repositories through the toolchain UI. Any new repos are created under the personal account of the user. It is possible to link to existing organization repos by typing in the repo URL in the field. (Org repos won't show up in the dropdown, but the URL can be entered manually.) Note that the user needs admin privileges on the repo they're linking to in order to have a fully functioning integration though. It's possible to link to a repo without admin privileges, but we can't create a webhook on the repo, so there's no way for us to be notified of commit events. Pipelines will only run manually if the user doesn't have admin privileges on the repo.
Let me know if this is helpful...
If I try to click the “flip switch” next to a new repository in my Travis account, the flip switches but the hooks are never configured and I cannot trigger a build in Travis.
If I look at the console, I can read the following error:
XMLHttpRequest cannot load https://api.travis-ci.org/hooks/123456. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'https://travis-ci.org' is therefore not allowed access. The response had HTTP status code 500.
This may be linked to my GitHub organisation having activated third-party applications restrictions. Yet, all my previous repositories still build fine, and it's been weeks!
How can I start building a new repository in my Travis organisation account?
This is indeed linked to your organisation having third-party application restrictions, or “third-party whitelisting”.
You may not detect the problem at first since your current public repositories still receive web hooks, so it may be weeks before you get issues with Travis, and the connection with activation may be long lost in your mind.
So, now you've figured out these weird CORS/500 are linked to third-party application restrictions, you need to grant access to Travis again. But how? Travis has already been allowed access and won't ask you again for it upon login!
You have to go to your own user-approved application list in your GitHub profile, and click “View” next to the Travis-CI listing.
If you scroll down, you will get an “Organization access” listing. Your restricted organisation should be listed here, with a cross next to its name. Click “Grant access” to allow Travis into your org.
Everything should be in order now, and you should be able to activate Travis for your repo! You will just need to trigger a build by pushing a new commit after having “flipped the switch”.
I have an organization on GitHub with private repositories. I also have Jenkins set up running on port 8080 on a server, with the GitHub plugin installed. I've created an account on GitHub for my jenkins user, which resides in the owners group.
I'm trying to trigger a job on jenkins when a change is pushed to my development branch (or master branch, neither seem to be working).
When I look at the GitHub Hook Logs in Jenkins, it says that Polling has not run yet. When I go to "Manage Jenkins", the GitHub plugin says my account is Verified when I test it.
Any insight on how to configure this? I have multiple repositories I'd like to work with, so deploy keys don't seem like the solution to me.
Update:
As Craig Ringer mentions in his answer, you can select Grant READ permissions for /github-webhook in "Configure Jenkins" under the GitHub plugin settings, allowing the webhook to be called without authentication.
Another update: Webhooks are now (Dec. 2014) available for organization: see WebHooks API for orgs.
Note: the issue 4 of the hudson-github-plugin was about:
Last GitHub Push
Polling has not run yet.
And the conclusion was:
Nevermind, the only missing piece was a permission checkbox for the github user which ain't documented anywhere on the internet.
So is this a permission issue regarding your Jenkins users?
The article "Set up Jenkins-CI on Ubuntu for painless Rails3 app CI testing" includes the following process:
To restrict the CI system and give access to your Team members to use or see the build logs, first you’ve to create an account.
Go to Manage Jenkins > Configure System,
Check the Enable Security checkbox
Under Security Realm, choose Jenkins's own user database
Check the Allow users to sign up checkbox
Under Authorization, choose Project-based Matrix Authorization Strategy
Add first user with the name admin and another with GitHub (Note: the username for Admin access has to be admin) For GitHub named user, just choose the Overall Read only permission. We’ll use this user later with the GitHub hook.
Note: The admin and GitHub user that we’ve added in the above step does not create the User. Then you’ve to create a real user with that same name. Ya, I know, its a bit weird with Jenkins UI.
Go to Manage Jenkins > Manage Users > Create User. Create both admin and GitHub users.
Hooking with the Github web-hooks
Now to run the build automagically when new commit or branch gets pushed onto Github, we have to setup the repository.
Got to the hooks page for your repository. e.g.
github.com/<username>/<project_name>/admin/hooks
Under AVAILABLE SERVICE HOOKS > Post-Receive URLs, add github:github#your-ci-server.com/github-webhook/.
The github:github is the user that we’d created earlier.
Then we have to verify Jenkins with Github. Go to Manage Jenkins > Configure System and under GitHub Web Hook, add your Github username and password and click the Test Credential button to authorize once with Github.
It looks like the accepted answer is no longer necessary with the current version of the GitHub plugin. You can instead check Grant READ permissions for /github-webhook in "Configure Jenkins" under the GitHub plugin settings, allowing the webhook to be called without authentication.
As explained in the help on this option that's quite safe, and frankly no worse than having a user named "github" with password "github" anyway.
There are two ways to achieve automatic builds on Jenkins. What you choose depends on whether GitHub can call the Jenkins server URL you provide. This may not be the case if you are running Jenkins behind a firewall.
If GitHub can reach that URL you can set up the service hook on your repo there.
If not you can set up Jenkins to poll periodically.
You may set up both, but one solution is enough to get it working. I would always go for the first if feasible as it saves resources CPU and traffic wise.
Either way you need the GitHub plugin for Jenkins.
Hope that helps a bit.