Configuring Git Authentication with GitHub Apps
You can configure AtScale to authenticate with GitHub using a GitHub App. This provides an alternative to the standard option of using personal access tokens.
You may want to use a GitHub App if you need more control over which repositories users can access from Design Center: With an app, users can only access repositories that they have access to AND that the app has access to.
The following sections describe how to configure your app and connect it to AtScale.
Create a GitHub App
First, you need to create your GitHub App:
-
Log into GitHub as an organization admin.
-
Open the profile panel and click Settings. Your profile page opens.
-
In the left-side navigation, click Developer settings. The GitHub Apps page opens.
-
Click New GitHub App. The Register new GitHub App page opens.
-
Complete the following fields:
-
GitHub App name: Enter a name for the app.
-
Homepage URL: Enter the URL for your main Design Center instance.
-
Callback URL: Enter the Design Center URL with
/github-app-callbackappended to the end.If you have multiple Design Center environments (for example, development, production, etc.), click Add Callback URL and add the URL for each environment with
/github-app-callbackappended to the end.
-
-
Ensure the Expire user authorization tokens option is selected. Keeping this option enabled is recommended for security.
-
In the Webhook section, deselect the Active option.
-
In the Permissions section, configure the required app permissions:
-
Open the Repository Permissions section and set the Contents permission to Read and write. AtScale requires this to access and update repositories.
Note that this automatically sets the Mandatory permission to Read-only. This cannot be changed.
-
Open the Account Permissions section and set the Email addresses permission to Read-only. AtScale requires this to associate user commits with their email addresses in the commit history.
-
-
In the Where can this GitHub App be installed? field, select Only on this account. This ensures the app is private.
-
Click Create GitHub App. The app is created and its About page opens.
-
Copy the app's Client ID. You will need this later to connect the app to AtScale.
-
In the left-side navigation, click Install App. The Install
App page opens. -
Locate your organization in the list and click Install.
-
Select either All repositories or Only selected repositories, depending on your needs.
AtScale recommends selecting All repositories. Otherwise, if a new repository is added after the app is installed, you will need to update the app to access it.
-
Click Install. The app is installed, and the app's overview page opens.
-
Click App settings at the top of the page. The About page opens.
-
In the Client secrets section, click Generate a new client secret.
-
Copy the secret. You will need this later to connect the app to AtScale.
-
Click Save changes at the bottom of the page.
Next, you must connect the app to AtScale.
Connect the app to AtScale
To connect the app to AtScale:
-
Add or edit the following in your values override file:
atscale-sml:
gitAuth:
clientId: "<client_id>"
clientSecret: "<client_secret>"Where:
<client_id>is the client ID you copied in the procedure above.<client_secret>is the client secret you copied above.
Alternatively, you can create a Kubernetes secret that contains the client ID and secret, and add that to the values override file using the following:
atscale-sml:
gitAuth:
existingSecret: ""
existingSecretClientIdKey: ""
existingSecretClientSecretKey: "" -
If you have not yet installed AtScale, continue on with the installation procedure.
If you have installed AtScale, run the following to apply the updated values file:
helm upgrade atscale oci://docker.io/atscaleinc/atscale --version version_number -n namespace -f values_fileWhere
version_numberis the version of AtScale you're currently on,namespaceis the namespace in which AtScale is installed, andvalues_fileis your updated values override file.