gernot-h
commented
7 months ago @cboehm-it, perhaps it's only me, but I'm a bit confused about your idea. Is this about CI integration of CaPyCli? How would this affect authentication with SW360?
Open cboehm-it opened 7 months ago
gernot-h
commented
7 months ago @cboehm-it, perhaps it's only me, but I'm a bit confused about your idea. Is this about CI integration of CaPyCli? How would this affect authentication with SW360?
cboehm-it
commented
7 months ago Hey @gernot-h , you are right, it's about using CaPyCli inside a CI. I do not understand your question fully. Why should the authentication against Github affect authentication against SW360?
tngraf
commented
7 months ago @cboehm-it Hm, I also do not really get the issue. Why should someone authenticate against GitHub? The only thing that CaPyCLI requires is access to SW360, depending on the use case either read-only or read-write.
cboehm-it
commented
7 months ago Hey @gernot-h and @tngraf, it has nothing to do with SW360. You're mixing something up. CaPyCli has a functionality to get the sources of the BOM file. (bom findsources) Therefore CaPyCli uses the official API of Github to retrieve information about that. To have a bit more requests per hour you can add the parameters with an username and a token of your personal Github user.
My idea is now that I can give CaPyCli the credentials of a Github App not from my personal user.
gernot-h
commented
7 months ago Ah, got it now, sorry. We're speaking about capycli bom findsources -gt. That's a part of CaPyCli I don't know that well, sorry.
I want to use CaPyCLI inside an automated pipeline. Therefore it's not recommended to use personal tokens because they are coupled directly with the personal user account of Github.
Idea
Expected Change
Requests with this authentication look a bit different. src: Authentifizieren bei der REST-API
Here is an example of searching repositiories.