search

tadhglewis / issue-status

A flexible, modern and blazingly fast ☄️ status page
https://tadhglewis.github.io/issue-status
267 stars 118 forks source link

Would it support for private repo? #103

Open xihajun opened 3 months ago

xihajun commented 3 months ago

Thanks for the lovely tool, I wonder would it support for those private repos?

tadhglewis commented 3 months ago

@xihajun The code you deploy can be private and you could have a separate repo for the REACT_APP_REPOSITORY configuration however this repo must be public.

Can you explain your use case? It shouldn't matter the repo is public as any github issues are publicly being displayed on the status page anyway

xihajun commented 3 months ago

@tadhglewis Thanks for your reply! What is the different between the REACT_APP_REPOSITORY and this one?

If it is for internal status usage, it would be good to have it support for private repo and other people won't know the link for this status anyway. I found we can bypass it given the GitHub token, but should there be a better way?

tadhglewis commented 3 months ago

@xihajun interesting. definitely will consider this as I'm currently overhauling and adding support for so called "custom Providers" which allow you to swap out the underlying data source the frontend uses.

To go into a bit more detail;

REACT_APP_REPOSITORY is essentially the database/source used by the frontend to fetch the components (systems) and incident history. This is done by calling the unauthenticated GitHub API to fetch GitHub issues.

If you have sensitive data in a repo and want it private, it's recommended to create a fresh repo for the database (REACT_APP_REPOSITORY) which only contains the GitHub Issues.

Technically speaking, there can be two repos: one with the source code (e.g. https://github.com/tadhglewis/issue-status) and a separate one for the db/GitHub Issues.

If it is for internal status usage

Is the link publicly accessible? If so I'd say just make a public repo... To be honest, this project isn't currently well designed for private(internal) use cases as everything is unauthenticated.

I found we can bypass it given the GitHub token

Be wary: in the current state, this project is entirely frontend so any tokens you include will be leaked to the frontend

xihajun commented 3 months ago

@tadhglewis Thanks for the details!

Is the link publicly accessible? If so I'd say just make a public repo... To be honest, this project isn't currently well designed for private(internal) use cases as everything is unauthenticated.

Thanks for pointing out! I am not too familiar with front end, but I will try to avoid that when using in production with internal access or add a passwd and restrict by ip address, etc.

Currently I am testing the functionality and it works nicely. Thanks for open source the lovely project!