From b7237a3fb2aec0b4a6ffaf70f63f9d1b2b4064cf Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= Date: Tue, 25 Jun 2024 16:29:14 +0200 Subject: [PATCH] improve github app installation --- README.md | 24 ++++++++++++++++-------- 1 file changed, 16 insertions(+), 8 deletions(-) diff --git a/README.md b/README.md index 65e1adb..984f867 100644 --- a/README.md +++ b/README.md @@ -53,7 +53,7 @@ At the moment all projects are visible without authentication. For some actions a login is required. This login can either be based on GitHub or on Gitea (more logins may follow). The backend is set by the -`services.buildbot-nix.master.authBackend` NixOS option. +`services.buildbot-nix.master.authBackend` NixOS option ("gitea"/"github", "github" by default). We have the following two roles: @@ -68,18 +68,25 @@ We have the following two roles: #### GitHub App -This is the preferred option to setup buildbot-nix. +This is the preferred option to setup buildbot-nix for GitHub. To integrate with GitHub using app authentication: -1. **GitHub App**: Set up a GitHub app for Buildbot to enable GitHub user - authentication on the Buildbot dashboard. Enable the following permissions: - - Contents: Read-only - - Metadata: Read-only - - Commit statuses: Read and write - - Webhooks: Read and write +1. **GitHub App**: + 1. Create a new GitHub app by navigating to `https://github.com/settings/apps/new` for single-user installations or `https://github.com/organizations//settings/apps/new` for organisations where `` is the name of your GitHub organizaction. + 2. GitHub App Name: "buildbox-nix " + 3. Homepage URL: `https://buildbot.` + 4. Callback URL: `https://buildbot./auth/login`. + 5. Disable the Webhook + 6. Repository Permissions: + - Contents: Read-only + - Commit statuses: Read and write + - Metadata: Read-only + - Webhooks: Read and write 2. **GitHub App private key**: Get the app private key and app ID from GitHub, configure using the buildbot-nix NixOS module. + - Set `services.buildbot-nix.master.github.authType.app.id = ;` + - Set `services.buildbot-nix.master.github.authType.app.secretKeyFile = "/path/to.pem";` 3. **Install App**: Install the app for an organization or specific user. 4. **Refresh GitHub Projects**: Currently buildbot-nix doesn't respond to changes (new repositories or installations) automatically, it is therefore @@ -184,3 +191,4 @@ The following instances integrated with Gitea: We have a matrix channel at [buildbot-nix](https://matrix.to/#/#buildbot-nix:thalheim.io). +