TL; DR I am trying to use a Github app to run Lighthouse since my org does not allow a bot user. However, to the best of my determination, Lighthouse does not support Github apps natively. Is this correct? Lighthouse does not support Github apps natively?
The difficulty I am encountering is that the Github App must use an installation token, since we want the app to run on its own, and not on behalf of a user, and these tokens must be renewed every hour.
I see an option to enable Github App in the Helm chart. Thinking this meant native support, so I would not need to setup a token renewal system, I attempted to enable and set the username. However, there is no means in the chart to supply the Github App private key, which is necessary to generate the installation token.
Looking through the source code, I see the FindToken method scans the GITHUB_APP_SECRET_PATH directory for a file to use as the Authorization token. However, this will not work with the app secret key, and so won't generate the necessary installation token.
I also see that even before attempting to use the GITHUB_APP_SECRET_PATH the webhooks code tries to authenticate the SCMClient, and passes an empty string as the owner. This forces the function to use the oauth token instead of the contents of GITHUB_APP_SECRET_PATH, which means webhooks expects a user or installation token along with the Github app.
So, long story short, from my experiments and looking through the source code, it does not appear that Lighthouse natively supports the Github app, i.e. taking care of installation token generation and refresh automatically. Am I correct in my conclusion?
TL; DR I am trying to use a Github app to run Lighthouse since my org does not allow a bot user. However, to the best of my determination, Lighthouse does not support Github apps natively. Is this correct? Lighthouse does not support Github apps natively?
The difficulty I am encountering is that the Github App must use an installation token, since we want the app to run on its own, and not on behalf of a user, and these tokens must be renewed every hour.
I see an option to enable Github App in the Helm chart. Thinking this meant native support, so I would not need to setup a token renewal system, I attempted to enable and set the username. However, there is no means in the chart to supply the Github App private key, which is necessary to generate the installation token.
Looking through the source code, I see the
FindToken
method scans theGITHUB_APP_SECRET_PATH
directory for a file to use as the Authorization token. However, this will not work with the app secret key, and so won't generate the necessary installation token.I also see that even before attempting to use the
GITHUB_APP_SECRET_PATH
thewebhooks
code tries to authenticate the SCMClient, and passes an empty string as the owner. This forces the function to use the oauth token instead of the contents ofGITHUB_APP_SECRET_PATH
, which meanswebhooks
expects a user or installation token along with the Github app.So, long story short, from my experiments and looking through the source code, it does not appear that Lighthouse natively supports the Github app, i.e. taking care of installation token generation and refresh automatically. Am I correct in my conclusion?