-
Notifications
You must be signed in to change notification settings - Fork 184
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
93 changed files
with
2,851 additions
and
1,688 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,76 @@ | ||
# GitHub Actions - Builds | ||
|
||
GitHub for Jira supports builds via [GitHub Actions workflow syntax](https://docs.github.com/en/actions/learn-github-actions/workflow-syntax-for-github-actions). | ||
To set this up, you will need to create a .github folder at the root of a given repository and then make a child directory | ||
called workflows. Inside of .github/workflows you will need to create a build.yml file. This is where you will specify the workflow for your builds. | ||
|
||
Following is an example of a build.yml file: | ||
|
||
``` | ||
# This is a basic workflow to help you get started with Actions | ||
name: CI | ||
# Controls when the action will run. | ||
on: | ||
# Triggers the workflow on push or pull request events but only for the main branch | ||
push: | ||
branches: | ||
- main | ||
pull_request: | ||
branches: | ||
- main | ||
- feature/** | ||
# Allows you to run this workflow manually from the Actions tab | ||
workflow_dispatch: | ||
# A workflow run is made up of one or more jobs that can run sequentially or in parallel | ||
jobs: | ||
# This workflow contains a single job called "build" | ||
build: | ||
# The type of runner that the job will run on | ||
runs-on: ubuntu-latest | ||
# Steps represent a sequence of tasks that will be executed as part of the job | ||
steps: | ||
# Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it | ||
- uses: actions/checkout@v2 | ||
# Runs a single command using the runners shell | ||
- name: Run a one-line script | ||
run: echo Hello, world! | ||
# Runs a set of commands using the runners shell | ||
- name: Run a multi-line script | ||
run: | | ||
echo Add other actions to build, | ||
echo test, and deploy your project. | ||
sleep 60s | ||
``` | ||
|
||
Once you have a similar file in any of your repositories that are connected to your Jira via the app, you will start to see builds data | ||
in the development panel in Jira. | ||
|
||
![Builds data in Jira](./images/builds-data-jira-dev-panel.png) | ||
|
||
#### Supporting Multiple Commits with Issue Keys | ||
|
||
One important thing to note in the above example is the branches being targeted under `pull_requests` `branches`: | ||
|
||
``` | ||
pull_request: | ||
branches: | ||
- main | ||
- feature/** | ||
``` | ||
|
||
When you open a pull request in a connected repository, the GitHub for Jira app can compare two points in your git history is we have access to a base branch and a head branch. If the app has both of these, it can make a request to GitHub to compare your | ||
commits. On the flipside, if you only listed `main`, for instance, there would be no way for the app to ask GitHub for a comparison. | ||
Instead, the best it can do is use the data GitHub sends in the response when the `workflow_run` event is triggered, | ||
which only includes the most recent commit. This means that if a developer were to make multiple commits, perhaps on multiple branches, and | ||
reference various Jira issue keys in each commit, GitHub would only send the data to Jira about the latest commit. In turn, this | ||
would mean that we could only extract any issue keys from that single message. Although there may be numerous Jira issues | ||
involved, in this scenario, you would only see builds data for any issue keys from the latest commit message. | ||
|
||
When you list branches under `pull_request` you'll need to be very specific about the branches you want the app to target. If any branch is created that isn't listed here, the app won't be able to compare your commits and send the most accurate data to Jira. |
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,65 @@ | ||
# GitHub IP Allow List Configuration | ||
|
||
If your organization is using [GitHub's Organization IP Allow List](https://docs.github. | ||
com/en/organizations/keeping-your-organization-secure/managing-allowed-ip-addresses-for-your-organization), it needs to | ||
be configured properly for this GitHub app to be able to communicate with your organization's GitHub API. | ||
|
||
There are 2 methods to remedy this based on your company's security policy: | ||
|
||
1. a simple method which will enable _all_ GitHub apps with IPs specified in them to have access to your GitHub org's | ||
APIs (_recommended_) | ||
2. a manual way by adding each CIDR ranges possible for this app to communicate from. | ||
|
||
**We recommend using the first method** as you only have to set it once and never have to think about it again. If there | ||
are any IP changes on our end in the future, we can just change the list on our end and it will automatically propagate | ||
to your organization. But for this to happen, you must trust every GitHub app installed or else risk a potential | ||
security breach by an app adding an attacker's IP to your allow list. | ||
|
||
If you'd like to have complete control over your IP Allow List, then you can enter the CIDR ranges manually in your | ||
GitHub organization. But it does come with the drawback that if the CIDR ranges ever change or a new one needs to be | ||
added, you will have to manually update those as well. Furthermore, we don't have a way to easily send a message to all | ||
GitHub org admins about a change like this and it could be possible that the integration might break because of the | ||
change. | ||
|
||
### Simple Method | ||
|
||
As an admin go to your GitHub org page `https://github.com/<your org>`, press on the `Settings` tab, then in the sidebar | ||
select the `Organization security` option. Scroll down to the `IP allow list` section. Both | ||
checkboxes `Enable IP allow list` and `Enable IP allow list configuration for installed GitHub Apps` should be selected | ||
and saved independently. | ||
|
||
![](images/github-ip-allowlist.png) | ||
|
||
That's it! | ||
|
||
### Manual Method | ||
|
||
As an admin your GitHub org page `https://github.com/<your org>`, press on the `Settings` tab, then in the sidebar | ||
select the `Organization security` option. Scroll down to the `IP allow list` section until you can see the list of IP | ||
addresses with a `+ Add` button. From here, you need | ||
to [add the whole list of CIDR ranges specified in this Atlassian document](https://support.atlassian.com/organization-administration/docs/ip-addresses-and-domains-for-atlassian-cloud | ||
-products/#AtlassiancloudIPrangesanddomains-OutgoingConnections). | ||
|
||
For simplicity, here's the list of CIDR ranges, but it might not be up to date: | ||
|
||
``` | ||
13.52.5.96/28 | ||
13.236.8.224/28 | ||
18.136.214.96/28 | ||
18.184.99.224/28 | ||
18.234.32.224/28 | ||
18.246.31.224/28 | ||
52.215.192.224/28 | ||
104.192.137.240/28 | ||
104.192.138.240/28 | ||
104.192.140.240/28 | ||
104.192.142.240/28 | ||
104.192.143.240/28 | ||
185.166.143.240/28 | ||
185.166.142.240/28 | ||
``` | ||
|
||
## If problems persist | ||
|
||
Feel free to [contact Atlassian support](https://support.atlassian.com/contact/#/? | ||
inquiry_category=technical_issues&is_cloud=true&product_key=third-party-product) for guidance and extra help. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,50 @@ | ||
import Queue from "bull"; | ||
import {SqsQueue} from "./sqs"; | ||
import {BackfillMessagePayload} from "./sqs/backfill"; | ||
import {BackfillQueue} from "./sync/installation"; | ||
import {LoggerWithTarget} from "probot/lib/wrap-logger"; | ||
import {getLogger} from "./config/logger"; | ||
import {booleanFlag, BooleanFlags} from "./config/feature-flags"; | ||
|
||
const fallbackLogger = getLogger("queue-supplier-default"); | ||
|
||
/** | ||
* A temp class to support switching between Redis and SQS. Will be gone with the feature flag and the | ||
* Redis queue. | ||
*/ | ||
class BackfillQueueSupplier { | ||
private redisQueue: Queue.Queue; | ||
private sqsQueue: SqsQueue<BackfillMessagePayload>; | ||
|
||
setRedisQueue(redisQueue: Queue.Queue) { | ||
this.redisQueue = redisQueue; | ||
} | ||
|
||
setSQSQueue(sqsQueue: SqsQueue<BackfillMessagePayload>) { | ||
this.sqsQueue = sqsQueue; | ||
} | ||
|
||
async supply(): Promise<BackfillQueue> { | ||
if (!this.redisQueue) { | ||
return Promise.reject(new Error("Redis queue wasn't provided")); | ||
} | ||
if (!this.sqsQueue) { | ||
return Promise.reject(new Error("SQS queue wasn't provided")); | ||
} | ||
return { | ||
schedule: async (payload, delayMsec?: number, log?: LoggerWithTarget) => { | ||
if (await booleanFlag(BooleanFlags.USE_SQS_FOR_BACKFILL, false, payload.jiraHost)) { | ||
await this.sqsQueue.sendMessage(payload, (delayMsec || 0) / 1000, (log || fallbackLogger)); | ||
} else { | ||
if (delayMsec) { | ||
await this.redisQueue.add(payload, {delay: delayMsec}); | ||
} else { | ||
await this.redisQueue.add(payload); | ||
} | ||
} | ||
} | ||
}; | ||
} | ||
} | ||
|
||
export default new BackfillQueueSupplier(); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,5 +1,6 @@ | ||
export enum Errors { | ||
MISSING_JIRA_HOST = "Jira Host url is missing", | ||
MISSING_GITHUB_TOKEN = "Github Auth token is missing", | ||
IP_ALLOWLIST_MISCONFIGURED = "IP Allowlist Misconfigured", | ||
} | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.