I wrote the tool which use the one github repo as a cloud storage.
I need to give the write (push) access for this tool to one github repo, but I do not want to use the github user credentials (user name and password), because anyone can use it to logon to github and change the credentials or delete the repo.
You can generate an OAuth authorization for your specific app.
See an example here: it supposed you have registered you app in your account.
Related
I recently imported a project from Github to Gitlab (Uni Owned) and I had to put my Github PAT in when importing. Now every-time I select New Project -> Import Project From Github I'm immediately taken to the list of projects on the Github account corresponding to the PAT I put in earlier.
Is there a way I can remove the Github PAT I initially put in so I'm taken to the "Provide your Github PAT" screen instead?
Thanks!
According to the documentation,
To use a newer personal access token in imports [...], sign out of your GitLab account and sign in again, or revoke the older personal access token in GitHub.
A user installed my github app for his personal account (not organization). My github app has read & write administration permissions.
When I perform the request (I use go-github sdk) I get the following error:
POST https://api.github.com/user/repos: 403 Resource not accessible by integration []
There are two different endpoints for creating repositories in organization and for user. Endpoint for creating user repos is the POST method /user/repos. When I look github official documentation on github app permissions it doesn't actually list POST method for user/repos. So it's not clear how to create user repos via github app, if possible at all.
I got a response from github support. This behaviour is expected. To create new repos under a user you have to use user-to-server token (oauth2 token). It can be acquired during installation if you enable option "Request user authorization (OAuth) during installation" in your github app. This way user not only install your github app but also will authorize your github app.
I'm building a Google Spreadsheet app where Google app script will commit the generated files into a git repository. Access is using an OAuth app, client id and secret.
Committing files to repo that I own works fine, but when I try to commit and push files to a repository I created under an organisation, it seems like the repo isn't there.
Error: {"message":"Not Found","documentation_url":"https://docs.github.com/rest/reference/git#create-a-blob"}
Looking at both, the only difference between them is the URL used to access the API.
The one that works: https://api.github.com/repos/[my username]/[repo name]/git/blobs
Not working: https://api.github.com/repos/[org name]/[repo name]/git/blobs
Is there a separate API for dealing with organisation repo? I even created a public repo to test and it wouldnt work.
Found the solution.
The OAuth app access was denied as it was created with my account. Create the OAuth app with the organisation account instead.
On GitHub sadly, a private repo is for premium users, and i uploaded a repo, but it has lot of login third party, and i want to make those login information private, and i have a MongoHQ connection, and want to make the database private, to deploy it on CloudControl.
How CloudControl and Heroku work, is that by taking the file AFTER the clone on disk or the clone is only 'temporary' file, and they take the one hosted on Github?
There is no need to have any credentials in the repository. It's actually highly discouraged to do so. The recommended way is to have your code read the credentials from the environment.
Refer to the Add-on credential section in the documentation for more details: https://www.cloudcontrol.com/dev-center/Platform%20Documentation#add-on-credentials
I have an organization on GitHub with private repositories. I also have Jenkins set up running on port 8080 on a server, with the GitHub plugin installed. I've created an account on GitHub for my jenkins user, which resides in the owners group.
I'm trying to trigger a job on jenkins when a change is pushed to my development branch (or master branch, neither seem to be working).
When I look at the GitHub Hook Logs in Jenkins, it says that Polling has not run yet. When I go to "Manage Jenkins", the GitHub plugin says my account is Verified when I test it.
Any insight on how to configure this? I have multiple repositories I'd like to work with, so deploy keys don't seem like the solution to me.
Update:
As Craig Ringer mentions in his answer, you can select Grant READ permissions for /github-webhook in "Configure Jenkins" under the GitHub plugin settings, allowing the webhook to be called without authentication.
Another update: Webhooks are now (Dec. 2014) available for organization: see WebHooks API for orgs.
Note: the issue 4 of the hudson-github-plugin was about:
Last GitHub Push
Polling has not run yet.
And the conclusion was:
Nevermind, the only missing piece was a permission checkbox for the github user which ain't documented anywhere on the internet.
So is this a permission issue regarding your Jenkins users?
The article "Set up Jenkins-CI on Ubuntu for painless Rails3 app CI testing" includes the following process:
To restrict the CI system and give access to your Team members to use or see the build logs, first you’ve to create an account.
Go to Manage Jenkins > Configure System,
Check the Enable Security checkbox
Under Security Realm, choose Jenkins's own user database
Check the Allow users to sign up checkbox
Under Authorization, choose Project-based Matrix Authorization Strategy
Add first user with the name admin and another with GitHub (Note: the username for Admin access has to be admin) For GitHub named user, just choose the Overall Read only permission. We’ll use this user later with the GitHub hook.
Note: The admin and GitHub user that we’ve added in the above step does not create the User. Then you’ve to create a real user with that same name. Ya, I know, its a bit weird with Jenkins UI.
Go to Manage Jenkins > Manage Users > Create User. Create both admin and GitHub users.
Hooking with the Github web-hooks
Now to run the build automagically when new commit or branch gets pushed onto Github, we have to setup the repository.
Got to the hooks page for your repository. e.g.
github.com/<username>/<project_name>/admin/hooks
Under AVAILABLE SERVICE HOOKS > Post-Receive URLs, add github:github#your-ci-server.com/github-webhook/.
The github:github is the user that we’d created earlier.
Then we have to verify Jenkins with Github. Go to Manage Jenkins > Configure System and under GitHub Web Hook, add your Github username and password and click the Test Credential button to authorize once with Github.
It looks like the accepted answer is no longer necessary with the current version of the GitHub plugin. You can instead check Grant READ permissions for /github-webhook in "Configure Jenkins" under the GitHub plugin settings, allowing the webhook to be called without authentication.
As explained in the help on this option that's quite safe, and frankly no worse than having a user named "github" with password "github" anyway.
There are two ways to achieve automatic builds on Jenkins. What you choose depends on whether GitHub can call the Jenkins server URL you provide. This may not be the case if you are running Jenkins behind a firewall.
If GitHub can reach that URL you can set up the service hook on your repo there.
If not you can set up Jenkins to poll periodically.
You may set up both, but one solution is enough to get it working. I would always go for the first if feasible as it saves resources CPU and traffic wise.
Either way you need the GitHub plugin for Jenkins.
Hope that helps a bit.