GitHub: Difference between revisions

Jump to navigation Jump to search

GitHub (view source)

Revision as of 21:37, 31 July 2019

1,013 bytes added ,  31 July 2019
Clarifications of GitHub App approval steps
(Start making FAQ more generic - point folks to support per organization)
(Clarifications of GitHub App approval steps)
Line 28: Line 28:


* File a request using this [https://bugzilla.mozilla.org/enter_bug.cgi?cc=gene%40mozilla.com&comment=I%20want%20to%20use%20the%20NAME_HERE%20addon%20in%20ORG_NAME_HERE%20for%20the%20following%20reasons%3A%0D%0A%0D%0ABelow%20are%20my%20answers%20to%20your%20stock%20questions%3A%0D%0A%0D%0A%2A%2A%20Which%20repositories%20do%20you%20want%20to%20have%20access%3F%20%28all%20or%20list%29%0D%0A%0D%0A%2A%2A%20Are%20any%20of%20those%20repositories%20private%3F%0D%0A%0D%0A%2A%2A%20Provide%20link%20to%20vendor%27s%20description%20of%20permissions%20needed%20and%20why%0D%0A%0D%0A%2A%2A%20Provide%20the%20Install%20link%20for%20a%20GitHub%20app%0D%0A&component=Github%3A%20Administration&product=mozilla.org&short_desc=Assess%20use%20of%20external%20addon%20NAME_HERE%20in%20Mozilla%27s%20GitHub%20organization%20ORG_NAME_HERE bug template]
* File a request using this [https://bugzilla.mozilla.org/enter_bug.cgi?cc=gene%40mozilla.com&comment=I%20want%20to%20use%20the%20NAME_HERE%20addon%20in%20ORG_NAME_HERE%20for%20the%20following%20reasons%3A%0D%0A%0D%0ABelow%20are%20my%20answers%20to%20your%20stock%20questions%3A%0D%0A%0D%0A%2A%2A%20Which%20repositories%20do%20you%20want%20to%20have%20access%3F%20%28all%20or%20list%29%0D%0A%0D%0A%2A%2A%20Are%20any%20of%20those%20repositories%20private%3F%0D%0A%0D%0A%2A%2A%20Provide%20link%20to%20vendor%27s%20description%20of%20permissions%20needed%20and%20why%0D%0A%0D%0A%2A%2A%20Provide%20the%20Install%20link%20for%20a%20GitHub%20app%0D%0A&component=Github%3A%20Administration&product=mozilla.org&short_desc=Assess%20use%20of%20external%20addon%20NAME_HERE%20in%20Mozilla%27s%20GitHub%20organization%20ORG_NAME_HERE bug template]
* Include answers to these questions:
* Include answers to the questions prompted for in the above template. Additional notes:
** Which repositories do you want to have access? (all or list)
** ''Which repositories do you want to have access? (all or list)'' -- "All" will rarely be granted - every repository should have control over anything that can access their repository.
** Do any of those repositories contain "sensitive" data? (e.g. private repos or ones where unauthorized code changes could have significant impact to Mozilla)
** ''Are any of those repositories private?'' -- In general, OAuth apps will not be granted access to private repositories, as that grants access to ''all'' private repositories.
** Provide link to vendor's description of permissions needed and why
** ''Provide link to vendor's description of permissions needed and why'' -- Hopefully that have this documented, or at least provide a screenshot of the authorization screen which lists the permissions. If not, we may ask you (the requestor) to engage with the apps support team to obtain the answers.
** Provide installation instructions:
** ''Provide the Install link for a GitHub app'' -- mandatory, as we can't install the app without it.
*** Please include the GitHub App's "install" link
 
* If you are not an "admin" for the repository, an "admin" will have to approve the request.
* If you are not an "admin" for the repository, an "admin" will have to approve the request. Please set a "Need Info" on the appropriate repository admin.


===== Initial Installation =====
===== Initial Installation =====
If this is the first time this GitHub App is being installed in the organization, a few extra checks and coordination are needed. An organization owner will need to perform these steps:
If this is the first time this GitHub App is being installed in the organization, a few extra checks and coordination are needed. An organization owner will need to perform these steps:
* Determine if the GitHub App previously had an OAUTH version.
* Determine if the GitHub App previously had an OAUTH version in use in the same org. (The simplest way is to see if the app is listed under the "Third-party Application" section of the organization settings page. ''Any mention'' -- including "declined" -- counts as "in use" for this purpose.)
** If so, it is likely that installing the integration will disable all repositories in the organization using the OAUTH version of the application.
** If the OAuth app was in use, check the app installation documentation to see if there are any caveats. (We've only seen one app transition where there was an impact, but better safe than sorry.)
** Find all current repositories using the classic OAUTH application (this is non-trivial, scripts exist to help)
** If there are caveats that apply, ask the requestor to contact all current repositories using the classic OAUTH application to coordinate, cc'ing [[#contact|GitHub owners]]. This task is non-trivial, you usually need to access the OAuth app's dashboard, and have knowledge of how the app works. ('''Do NOT''' authenticate to any OAuth app with your owner account.)
** Install the Integration for all current repositories, and the new one (organization owner permissions needed.)
* Install the GitHub app for "specific repositories", and enable the ones in the request.


'''Please do not install GitHub apps with organization wide scope without first discussing with [[#contact|GitHub owners]].'''
'''Please do not install GitHub apps with organization wide scope without first discussing with [[#contact|GitHub owners]].'''
Hwine
Confirmed users
1,351

edits

Retrieved from "https://wiki.allizom.org/Special:MobileDiff/1215760"

Navigation menu