Right now we are using the Github email service so that our team receives notifications whenever changes are made. However, soon Github services will be deprecated. I was wondering if there was any pre existing services that could replicate the behavior that the Github email service produced. This would save us a lot of time and we wouldn't have to run a server just for handling this one webhook.
Thanks
As recently (Nov. 2018) confirmed in "GitHub Services Brownout Updates and Timeline", GitHub services (like email notification) will disappear in January 2019.
The original annoucement suggested to replace them with webhooks.
The intention of GitHub Services was to allow third-party developers to submit code for integrating with their services, but this functionality has been superseded by GitHub Apps and webhooks.
In addition, check out GitHub Actions, still in beta but which have potential.
There are efforts made to look for a webhook-based alternative in the meantime. As in for instance pyinstaller/pyinstaller issue 3579. But no clear answer yet.
Update Feb. 2020: this issue is now closed. And GitHub Actions are no longer in beta.
Related
i am interested in building a github app. reading through github Setting up your development environment to create a GitHub App documentation it explains that a github app is based on a http server which will handle webhooks.
yet, on every github app i installed, the app\installation did not require anything that involves hosting and/or creation of http server in order to deploy the app to my github accout.
for such github apps, which are installed directly through the github marketplace (you can take probot stale and rennovate as examples for such apps)
where do these application run? (e.g.; does github deploys the app on a dedicate (virtual) server?).
what are the resources limitations for such apps (amount of memory, cpu, etc.?)
how can the github app logs be accessed by the github account owner who installed such app?
links for reference and an answer will be great.
GitHub App is just another app that you create. GitHub apps are treated as first-class citizens when it comes to integrating with GitHub. One can use Nodejs , Ruby, etc to build the App. Once the app is ready it can be hosted on a Server just like any other server hosted apps. You register your app on GitHub by providing relevant details.
So, coming to your questions.
The Apps can run on any hosting service of your choice. It can be a Windows Server, Heroku, etc.
I believe it is only limited by the resource of your server or the hosting service provider that you chose. However you might be ineterset in erading more about the Rate Limit More on Rate limits here.
GitHub app logs are something which only the developer will be able to see. To the end user ,i.e. the repo owner who installed the GitHUb app on his repos, all that will be available are the checks , statuses and any other details that the developer of app decided to display.
A very handy guide on Deployment and other details : Probot Documentation. This documentation is great if you are planning to use the probot framework for developing your github apps, but most of the instructions still stand true in case you decide to pick up a different tech stack.
The most important thing to realise about a (so-called?) Github App is that the App itself does not run anywhere - or at least that is what I would argue. Basically Github Apps are two linked mechanisms, both a bit of infrastructure. The first of these mechanisms is access control, essentially replacing use of user PATs - you can give relatively fine grained access to repos that the App is installed in, rather than just giving access to all repos the user can access. The second mechanism is that of webhooks - generating events as requested.
What Github Apps do not directly provide is the bit between this - handling the webhooks and generating API calls using the App for access. Basically you are on your own and need to do it yourself. The plus, #asif-kamran-malick mentioned, is that you have freedom to implement it how you see fit.
One alternative possibility is that the App itself, rather than setting to handle ongoing Webhooks, runs on installation and looks to add Actions into the repo. Never done it, but some of the github examples seem to work this way. Of course, Actions are run within Github environments and are potentially subject to resource limits. Apart from this though, Actions are a completely separate "beast" and should not be confused.
Is it possible to tell if a release which is published on a GitHub repo was made by someone who logged in with 2FA?
The reason for asking is that we have a tool that integrates GitHub releases (from repos made by other people, ie not part of our GitHub organisation) into an application, and is capable of auto-updating to the latest release.
Although it's user friendly to auto-update, if someone were to steal the credentials of that GitHub user (because they do not use 2FA) then the auto-update could end up installing maliciously crafted code. This scenario has happened to npmjs.
It would be useful to be able to identify that the release was made by someone who does not use 2FA and warn that the release might be "unsafe".
Our application is part of Qooxdoo http://www.qooxdoo.org, which is an open source Javascript development framework.
Is there an API or a programmatic way to release an action to Github Marketplace? Most actions/APIs are for creating a release in the Repo itself but releasing to marketplace seems like a UI only feature. Does anyone if there's an API or cli method for doing so?
It is true, as mentioned in GitHub Marketplace, that:
Anyone can publish an action in GitHub Marketplace as long as they meet the terms of service. Unlike apps, GitHub Actions listed in GitHub Marketplace are not verified by GitHub.
In that regard, the process could benefit from an API.
But while there is a GitHub Marketplace API, it does not include the publication process itself, which remains a manual process for now.
So I've been reading GitHub developer docs and about webhooks they have the following statement:
Webhooks allow you to build or set up GitHub Apps which subscribe to certain events on GitHub.com. When one of those events is triggered, we'll send a HTTP POST payload to the webhook's configured URL. Webhooks can be used to update an external issue tracker, trigger CI builds, update a backup mirror, or even deploy to your production server. You're only limited by your imagination.
However, about Apps they've also got this statement:
Apps on GitHub extend and improve existing workflows. People can
purchase apps from GitHub Marketplace or browse useful tools and
services that integrate with GitHub in Works with GitHub.
If you're building or adding integrations, this documentation will
help get you up and running.
For support requests, bug reports, and discussions related to GitHub
Apps (not OAuth Apps), use the GitHub Platform Forum. The forum allows
you to collaborate with other integrators as well as engineers and
product managers from GitHub.
If your request is about OAuth Apps, or if you need to discuss a
private concern, please contact support directly.
This seems that Webhooks can only be used with GitHub Apps? The difference between GitHub Apps and GitHub OAuth Apps isn't very clear and I fail to see why an OAuth app would not be able to use Webhooks?
Edit
Can Webhooks be used with a GitHub OAuth App?
Yes.
Webhooks allow you to build or set up GitHub Apps which subscribe to certain events on GitHub.com.
This is an incorrect statement. This should be 'an integration with GitHub' rather than 'GitHub Apps'.
This seems that Webhooks can only be used with GitHub Apps?
No. GitHub Apps include implicit support for Webhooks. OAuth Applications request tokens with a scope for write:repo_hook or admin:org_hook to register a Webhook on the Repository or Organization.
There is a guide for creating webhooks that suggests to use the repo hooks or org hooks API endpoints.
The difference between GitHub Apps and GitHub OAuth Apps isn't very clear and I fail to see why an OAuth app would not be able to use Webhooks?
There is documentation that describes some differences between GitHub Apps and OAuth Apps.
TLDR advantages of GitHub Apps:
Granular Permissions
Option to use short-lived Tokens
GitHub Apps do not need to add a Webhook to a Repository or Organization
Avoids having Machine/Service Account users
Original
Webhooks allow your server/application to get notified whenever a specific event happens - regardless of whether you are using OAuth or GitHub App. Your application will then need to process an event and act accordingly.
Separately, your application will need to interact with GitHub's API to create, read, edit, or delete information. GitHub will usually require credentials to access or update specific information. Authentication to GitHub's API can use multiple methods:
None
Basic Authentication (username/password)
OAuth2 Token
Personal Access Token (PAT)
Installation Access Token
There are additional differences between legacy GitHub integrations and GitHub Apps.
Older integrations were based on Oauth2 and use a Token associated with a user's account. Integrations would interact with GitHub's API on behalf of a user - which is why some organizations would set up a machine user. Webhooks also need to be added explicitly.
GitHub Apps will interact with GitHub's API on it's own behalf. You must explicitly grant a GitHub App access to an Organization or Repository which enables both Webhook and API access.
I'm trying to integrate my Visual Studio Team Services with Slack, and the first thing I tried to do was notify my Slack channel whenever a Pull request is created.
So I searched through the options, and the best fit so far was the Service Hooks available on Team Services, which integrate seamlessly with Slack, or does it?
The problem I encountered was: I use a tool that creates pull requests through the REST API, and the service hook doesn't seem to be working when I create pull requests through this method, only when using Team Services UI.
This is the Service Hook configuration.
Has anyone faced the same problem, or know any other way of notifying a pull request creation to slack?
Apparently the issue has been fixed by Microsoft, the last update of Team Services triggers the event without a problem now.