kiwitcms-github-app 1.6.0

GitHub App integration for Kiwi TCMS

Introduction

This package provides the GitHub App integration for Kiwi TCMS Enterprise and is designed to work only for multi-tenant environments! You don’t need this add-on in order to run Kiwi TCMS without extended GitHub integration!

Communication from GitHub to this plugin is via webhooks.

Plugin behavior:

• Auto-configure which tenant to use for database operations, either ‘public’ or a single private tenant to which user has access.

• If unable to auto-configure display warning and redirect to configuration page once the GitHub account who installed this integration onto their GitHub repository logs into Kiwi TCMS

• Existing & newly created repositories are added as products in Kiwi TCMS

• BugSystem records are automatically configured for repositories

• Fork repositories are skipped

• Newly created git tags are added as product versions in Kiwi TCMS

See Issues for other ideas!

Installation

pip install kiwitcms-github-app

inside Kiwi TCMS’s docker image and make sure the following settings are configured:

AUTHENTICATION_BACKENDS = [
    'social_core.backends.github.GithubAppAuth',
    ...
]
SOCIAL_AUTH_GITHUB_APP_KEY = 'xxxxxx'
SOCIAL_AUTH_GITHUB_APP_SECRET = 'yyy'
KIWI_GITHUB_APP_SECRET = b'your-webhook-secret'
KIWI_GITHUB_APP_ID = 123456
KIWI_GITHUB_APP_PRIVATE_KEY = """-----BEGIN RSA PRIVATE KEY-----
+++++++++base64-encoded-private-key+++++++
-----END RSA PRIVATE KEY-----"""

everything else will be taken care for by Kiwi TCMS plugin loading code!

GitHub App configuration

This plugin needs an existing GitHub App application with the following configuration:

• User authorization callback URL: https://tcms.example.com/complete/github-app/

• Request user authorization (OAuth) during installation - True

• Webhook Active - True

• Webhook URL - https://tcms.example.com/kiwitcms_github_app/webhook/

• Webhook Secret - <the value of KIWI_GITHUB_APP_SECRET>

• SSL verification - Enabled

Then configure how the application interacts with GitHub:

• Repository permissions:

  • Contents: Read-only

  • Issues: Read & write (required for 1-click bug report on private repos)

  • Metadata: Read-only

• User permissions:

  • Email addresses: Read-only

• Subscribe to events:

  • Meta

  • Create

  • Repository

Changelog

v1.6.0 (15 Jan 2024)

• 1-click bug report will now use execution.build.version.product instead of execution.run.plan.product following changes in Kiwi TCMS, see: <https://github.com/kiwitcms/Kiwi/commit/48a33a71e664c8c3ed2ceb298b5f1e19d0bddb52>_ and PR #3439 for more details

• Require minimum version of several transitive dependencies, certifi>=2023.7.22, cryptography>=41.0.4, pyjwt>=2.4.0, requests>=2.31.0 in order to minimize exposure to known security vulnerabilities

• Build & test with Python 3.11

• Start testing with psycopg3

• Small updates around test jobs & CI

v1.5.1 (28 Mar 2023)

• Unpin PyGithub dependency

• Add more tests

v1.5.0 (24 Feb 2023)

• Refactor code so it works with PyGithub==1.58.0

• Remove PatchedGithubIntegration class

• Add sanity tests for upstream/downstream interfaces for PyGithub

v1.4.1 (13 Feb 2023)

• Adjust arguments for latest github.Github implementation

• Raise RuntimeError instead of Exception

v1.4.0 (05 Sep 2022)

• Don’t ask user to configure GitHub App if they are not tenant owner. Breaks an endless loop cycle in case tenant creation goes wrong

• Specify 30 sec timeout for internal HTTP requests

• Improvements to CI

v1.3.3 (31 Jan 2022)

• Fix for GitHub exceptions. Fixes KIWI-TCMS-HH

v1.3.2 (05 Jan 2022)

• Don’t crash on 404 from GitHub. Fixes KIWI-TCMS-EA

• Workaround upstream <https://github.com/PyGithub/PyGithub/pull/2079>. Fixes KIWI-TCMS-HD

v1.3.1 (04 Oct 2021)

• Adjust 2 parameters for changes introduced in PyGithub 1.55

v1.3.0 (14 Feb 2021)

• Migrate to Python 3.8

• Always test with the latest Kiwi TCMS version

• Adjustments to the internal test suite now that Kiwi TCMS is available via source

• Prevent crash if uid field is not a number to make it work with Keycloak

v1.2.4 (14 Feb 2021)

• Don’t cause ISE in case of race conditions between webhooks

• Fix ISE for existing Version

v1.2.3 (25 Jan 2021)

• Allow POST request (web hooks) without CSRF token

v1.2.2 (08 Dec 2020)

• Update for newer PyGithub

v1.2.1 (17 Sep 2020)

• Require login for views.Resync()

v1.2 (13 Sep 2020)

• Adjusted to work with Django 3.1 and Kiwi TCMS > 8.6

• Replace deprecated url() with re_path()

• Migrate the payload field to newer models.JSONField type

• Setting PUBLIC_VIEWS is removed in Kiwi TCMS so remove the automatic adjustment

• Make error messages for missing AppInst more clear

• Remove redundant if condition in Resync()

• Update translation strings

• Update documentation around GitHub permission requirements for 1-click bug report

v1.1 (05 Aug 2020)

• Add GitHub issue-tracker integration which authenticates as the installed app. Fixes Issue #25

• Configure BugSystem for new repos. Fixes Issue #15

• Create Product & BugSystem records when installation_repositores change. Fixes Issue #21

• Trigger resync from GitHub via menu. Fixes Issue #19

• Trigger resync from GitHub after AppInstallation is configured. Fixes Issue #20

• Database: Add AppInstallation.settings_url field

• Link to the correct URL for GitHub settings. Fixes Issue #33

• Require user to be logged in for ApplicationEdit. Fixes Issue #36

• Update translation strings

• Add more tests

v1.0 (13 Apr 2020)

• Install settings overrides under tcms_settings_dir/ (compatible with Kiwi TCMS v8.2 or later):

  • does not need MIDDLEWARE and PUBLIC_VIEWS override anymore

• Remove GithubAppAuth backend, shipped with social-auth-core v3.3.0

• Fix a redirect to use the correct name of our social_core backend

v0.0.5 (19 Feb 2020)

• Address GitHub API deprecation not yet fixed in social-auth-core

v0.0.4 (25 Dec 2019)

• Do not fail if product already exists

• Do not fail if repository doesn’t have description

• Search UserSocialAuth by uid and provider

v0.0.1 (24 Dec 2019)

• initial release