examples/master: make app authentication the default option

2024-06-25 16:13:16 +02:00 · 2024-06-25 16:13:16 +02:00 · 5cf46bdb59
parent 619ed4e436
commit 5cf46bdb59
1 changed files with 8 additions and 7 deletions
--- a/examples/master.nix
+++ b/examples/master.nix
@ -19,14 +19,15 @@
    # All other user in the organization will be able to restart builds or evaluations.
    admins = [ "Mic92" ];
    github = {
-      authType.legacy = {
-        # Github user token used as a CI identity
-        tokenFile = pkgs.writeText "github-token" "ghp_000000000000000000000000000000000000"; # FIXME: replace this with a secret not stored in the nix store
+      # Use this when you have set up a GitHub App
+      authType.app = {
+        id = 000000; # FIXME: replace with App ID obtained from GitHub
+        secretKeyFile = pkgs.writeText "app-secret.key" "00000000000000000000"; # FIXME: replace with App secret key obtained from GitHub
      };
-      # authType.app = {
-      #   id = "00000000000000000"; # FIXME: replace with App ID obtained from GitHub
-      #   secretKeyFile = pkgs.writeText "app-secret.key" "00000000000000000000"; # FIXME: replace with App secret key obtained from GitHub
-      # };
+      #authType.legacy = {
+      #  # Github user token used as a CI identity
+      #  tokenFile = pkgs.writeText "github-token" "ghp_000000000000000000000000000000000000"; # FIXME: replace this with a secret not stored in the nix store
+      #};
      # A random secret used to verify incoming webhooks from GitHub
      # buildbot-nix will set up a webhook for each project in the organization
      webhookSecretFile = pkgs.writeText "webhookSecret" "00000000000000000000"; # FIXME: replace this with a secret not stored in the nix store