-
Notifications
You must be signed in to change notification settings - Fork 409
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support GitHub App authentication #769
Comments
I need less "why" and more "what" and "how". I have no context or ability to test. |
@thockin Implementations exist in the jenkins and argocd repos. I'll try to dig out more details. |
@thockin in short, the token returned by https://docs.github.com/en/apps/creating-github-apps/authenticating-with-a-github-app/generating-an-installation-access-token-for-a-github-app#generating-an-installation-access-token can be used as the password with a username of git. @joebowbeer that said you should be able to easily generate this response on your own and then pass it along to git-sync. That's my plan. Use a CronJob to keep a secret updated and my git-sync usage is already in a Job resource so its just a matter of consuming the secret the Cron is keeping updated for you. |
The Kubernetes project currently lacks enough contributors to adequately respond to all issues. This bot triages un-triaged issues according to the following rules:
You can:
Please send feedback to sig-contributor-experience at kubernetes/community. /lifecycle stale |
The Kubernetes project currently lacks enough active contributors to adequately respond to all issues. This bot triages un-triaged issues according to the following rules:
You can:
Please send feedback to sig-contributor-experience at kubernetes/community. /lifecycle rotten |
The Kubernetes project currently lacks enough active contributors to adequately respond to all issues and PRs. This bot triages issues according to the following rules:
You can:
Please send feedback to sig-contributor-experience at kubernetes/community. /close not-planned |
@k8s-triage-robot: Closing this issue, marking it as "Not Planned". In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
I also had this use case so I wrote an operator to do this as well as capability to rollout/upgrade deployments referring to the secret, feel free to use it https://github.com/samirtahir91/github-app-operator |
Thanks! That code does a good job illustrating how to retrieve a short-lived token, given a long-lived private key. I would still consider adding this to git-sync, but I personally do not have the time to do the work right now. If someone is interested in implementing, I am happy to talk thru a design that I would think fits. Or people can use this operator - it seems like a reasonable approach, albeit more flexible than git-sync itself needs. |
Instead of using username, password/token or ssh deploy keys.
It would be nice to support GitHub apps.
Revives #450
Inspired by
https://argo-cd.readthedocs.io/en/stable/operator-manual/declarative-setup/#github-app-repositories
https://github.com/jenkinsci/github-branch-source-plugin/blob/master/docs/github-app.adoc
argoproj/argo-cd#3086
argoproj/argo-cd#4348
The text was updated successfully, but these errors were encountered: