From 5cf46bdb5992c900c869ca7b35a01d0f60cfd6f7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= Date: Tue, 25 Jun 2024 16:13:16 +0200 Subject: [PATCH] examples/master: make app authentication the default option --- examples/master.nix | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/examples/master.nix b/examples/master.nix index 450f7ac..ef50dfa 100644 --- a/examples/master.nix +++ b/examples/master.nix @@ -19,14 +19,15 @@ # All other user in the organization will be able to restart builds or evaluations. admins = [ "Mic92" ]; github = { - authType.legacy = { - # Github user token used as a CI identity - tokenFile = pkgs.writeText "github-token" "ghp_000000000000000000000000000000000000"; # FIXME: replace this with a secret not stored in the nix store + # Use this when you have set up a GitHub App + authType.app = { + id = 000000; # FIXME: replace with App ID obtained from GitHub + secretKeyFile = pkgs.writeText "app-secret.key" "00000000000000000000"; # FIXME: replace with App secret key obtained from GitHub }; - # authType.app = { - # id = "00000000000000000"; # FIXME: replace with App ID obtained from GitHub - # secretKeyFile = pkgs.writeText "app-secret.key" "00000000000000000000"; # FIXME: replace with App secret key obtained from GitHub - # }; + #authType.legacy = { + # # Github user token used as a CI identity + # tokenFile = pkgs.writeText "github-token" "ghp_000000000000000000000000000000000000"; # FIXME: replace this with a secret not stored in the nix store + #}; # A random secret used to verify incoming webhooks from GitHub # buildbot-nix will set up a webhook for each project in the organization webhookSecretFile = pkgs.writeText "webhookSecret" "00000000000000000000"; # FIXME: replace this with a secret not stored in the nix store