Open okainov opened 3 years ago
For self hosting you can create your own GitHub app that you control if that's what you mean
https://kodiakhq.com/docs/self-hosting
As part of the setup process the GitHub app subscribes to events:
And then GitHub sends these events to Kodiak via a web hook
Kodiak uses these events, along with other calls to the GitHub api to determine mergability and to update / merge branches
Curious what you mean by:
I don't need any Github-app related things...
Curious what you mean by:
I mean exactly this. In our company Github org is controlled by IT department and it doesn't allow any Github Apps to be installed. As simple as that. The only way available is using PAT token, so that's what I was asking - is there a way to run Kodiak with the token and not as GH App?
Looking into the Personal Access Tokens it seems they can be granted access to various scopes, but there isn't a way to setup web hook events for PR changes.
I don't see any specific access scopes for push
, pull requests
, and check runs
, which are necessary for determining ability to merge and merging a given PR, but those might be under the repo
scope.
Since we can't setup web hooks with Personal Access Tokens, one sort of hack would be to create fake web hook events by polling the API using the personal access token
Available Personal Access Token scopes:
but there isn't a way to setup web hook events for PR changes.
I'm not sure what do you mean. Webhooks are completely Independent, they can we set up to whatever endpoint for any event and it doesn't matter what is in the backend of accepting service. Webhooks have nothing to do with API tokens. And they can be set up, no problems there.
@okainov Oh yup you're right, my mistake
So currently Kodiak doesn't support using a personal access token, but I don't see why we couldn't update it to
Currently we configure the API URLs for GitHub's GraphQL and REST APIs in app_config.py
:
And then we have a function to get the auth header, which we could update to use a personal access token configured through an environment variable:
compared with github personal token, github app is a better choice in most circumstance, github apps has more accurate permission control and more secured authenticate method, really recommand you try github app.
for personal token, there're very few permission control and github app have many permission level to control.
Also, github app can be set as private
, meaning only the owner of the app can install this app to a repository.
And, github app does not need you to manage webhook your self, you would need to add a webhook setting in you org or every single repo.
read more at github docs: https://docs.github.com/en/developers/apps/getting-started-with-apps/differences-between-github-apps-and-oauth-apps
I was looking at Kodiak and it seems to be super useful and I'd like to try it out in our team. However I'm a bit hesitant about requirement to have a Github app, we use private orgs in Github.com and there can be also some restrictions there.
Is it possible to run Kodiak as "regular" service/executable using Github API token or so? I don't need any Github-app related things...