Skip to content

Shopify/github-authentication

BranchesTags

Repository files navigation

GithubAuthentication

This gem allows you to authenticate with GitHub. Specifically, as a GitHub app.

The app works well with the ActiveSupport::Cache, uses retries to mitigate GitHub flakiness, and is thread safe

Installation

Add this line to your application's Gemfile:

gem 'github-authentication'

And then execute:

$ bundle

Or install it yourself as:

$ gem install github-authentication

Usage

The simplest way to get a GitHub App token is via GithubAuthentication.provider, which reads credentials from environment variables, handles JWT generation, token exchange, and caching:

require 'github-authentication'

provider = GithubAuthentication.provider(org: "myorg")
provider.token # => returns a cached or freshly generated token

This expects the following environment variables to be set (optionally prefixed with the org name):

  • GITHUB_APP_ID (or MYORG_GITHUB_APP_ID)
  • GITHUB_APP_INSTALLATION_ID (or MYORG_GITHUB_APP_INSTALLATION_ID)
  • GITHUB_APP_KEYFILE (or MYORG_GITHUB_APP_KEYFILE)

If GITHUB_APP_CREDENTIAL_STORAGE_PATH is set, tokens are cached to disk via ActiveSupport::Cache::FileStore. Otherwise an in-memory cache is used.

Using with Octokit

provider = GithubAuthentication.provider(org: "myorg")
client = Octokit::Client.new(access_token: provider.token.to_s)

Building a provider manually

If you need more control over the cache or generator, you can wire up the components yourself:

cache = GithubAuthentication::Cache.new(storage: GithubAuthentication::ObjectCache.new)
generator = GithubAuthentication::Generator::App.new(pem: ENV['GITHUB_PEM'],
                                          installation_id: ENV['GITHUB_INSTALLATION_ID'],
                                          app_id: ENV['GITHUB_APP_ID'])
provider = GithubAuthentication::Provider.new(generator: generator, cache: cache)

provider.token
provider.reset_token

Generator::Personal

Mostly for testing purposes you can provide a github token that gets retrieved.

GithubAuthentication::Generator::Personal.new(github_token: ENV['GITHUB_TOKEN'])

Git credential helper

This gem also ships with a git credential helper to authenticate git operations as an App. See this doc for detail on setup and configuration.

Development

After checking out the repo, run bin/setup to install dependencies. Then, run rake test to run the tests. You can also run bin/console for an interactive prompt that will allow you to experiment.

To install this gem onto your local machine, run bundle exec rake install. To release a new version, update the version number in version.rb, and then run bundle exec rake release, which will create a git tag for the version, push git commits and tags, and push the .gem file to rubygems.org.

Contributing

Bug reports and pull requests are welcome on GitHub at https://github.com/Shopify/github-authentication.

License

The gem is available as open source under the terms of the MIT License.

About

Token management for GitHub apps

Resources

Readme

License

MIT license

Code of conduct

Code of conduct

Security policy

Security policy
Activity
Custom properties

Stars

6 stars

Watchers

233 watching

Forks

3 forks
Report repository

Releases

10 tags

Packages

 
 
 

Contributors

Languages