primal/athens
1
0
Fork 0
mirror of https://github.com/gomods/athens synced 2026-02-03 12:10:32 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat: support GitHub App authentication (#1988)

Browse Source 
Adds support for using GitHub Apps as a form of authentication
This commit is contained in:
Nicholas Wiersma
2024-10-21 20:14:34 +02:00
committed by GitHub
parent 2712e2ef17
commit 71119f8fcf
2 changed files with 51 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
cmd/proxy/Dockerfile
+5
View File
@@ -43,6 +43,11 @@ RUN chmod 644 /config/config.toml
# Add tini, see https://github.com/gomods/athens/issues/1155 for details.
RUN apk add --update git git-lfs mercurial openssh-client subversion procps fossil tini
# Add git-credential-github-app for native integration with GitHub Apps
RUN wget -O git-credential-github-app.tar.gz https://github.com/bdellegrazie/git-credential-github-app/releases/download/v0.3.0/git-credential-github-app_v0.2.0_Linux_x86_64.tar.gz \
&& tar xvzf 'git-credential-github-app.tar.gz' git-credential-github-app -C /usr/local/bin \
&& rm git-credential-github-app.tar.gz || true;
ARG USER=athens
RUN adduser -D -h /home/$USER $USER
docs/content/configuration/authentication.md
+46
View File
@@ -308,3 +308,49 @@ $ docker run --rm -d \
-e "SSH_AUTH_SOCK=/.ssh_agent_sock" \
-e ATHENS_DISK_STORAGE_ROOT=/var/lib/athens -e ATHENS_STORAGE_TYPE=disk --name athens-proxy -p 3000:3000 gomods/athens:canary
```
## GitHub Apps
Instead of using a Machine User on GitHub, it is possible to create a GitHub App and authenticate via it.
Create a GitHub App in **Settings > Developer settings > GitHub Apps** and install it. The AppID/ClientID, Installation ID and Private Key are
required from the App.
Install the [GitHub App Git Credential Helper](https://github.com/bdellegrazie/git-credential-github-app) in your `$PATH`. The Athens Docker image comes
with this pre-installed.
Configure your [global Git config](https://git-scm.com/docs/git-config) as follows:
```
[credential "https://github.com/your-org"]
helper = "github-app -username <app-name> -appId <app-id> -privateKeyFile <path-to-private-key> -installationId <installation-id>"
useHttpPath = true
[credential "https://github.com"]
helper = "cache --timeout=3600"
[url "https://github.com"]
insteadOf = ssh://git@github.com
```
This instructs Git to authenticate with the GitHub App and cache the results for 3600s (the authentication token is valid for 1 hour).
Now, builds executed through the Athens proxy should be able to clone the `github.com/your-org/your-repo` dependency over GitHub Apps.
### GitHub Enterprise Self-hosted
To authenticate against a self-hosted GitHub Enterprise, the instructions are the same for GitHub hosted Apps
with the exception for the Git config, which should include your domain, as follows:
```
[credential "https://github.example.com/your-org"]
helper = "github-app -username <app-name> -appId <app-id> -privateKeyFile <path-to-private-key> -installationId <installation-id> -domain github.example.com"
useHttpPath = true
[credential "https://github.example.com"]
helper = "cache --timeout=3600"
[url "https://github.example.com"]
insteadOf = ssh://git@github.com
```