Changes

Jump to: navigation, search

GitHub

1,013 bytes added, 21:37, 31 July 2019
Clarifications of GitHub App approval steps
* File a request using this [https://bugzilla.mozilla.org/enter_bug.cgi?cc=gene%40mozilla.com&comment=I%20want%20to%20use%20the%20NAME_HERE%20addon%20in%20ORG_NAME_HERE%20for%20the%20following%20reasons%3A%0D%0A%0D%0ABelow%20are%20my%20answers%20to%20your%20stock%20questions%3A%0D%0A%0D%0A%2A%2A%20Which%20repositories%20do%20you%20want%20to%20have%20access%3F%20%28all%20or%20list%29%0D%0A%0D%0A%2A%2A%20Are%20any%20of%20those%20repositories%20private%3F%0D%0A%0D%0A%2A%2A%20Provide%20link%20to%20vendor%27s%20description%20of%20permissions%20needed%20and%20why%0D%0A%0D%0A%2A%2A%20Provide%20the%20Install%20link%20for%20a%20GitHub%20app%0D%0A&component=Github%3A%20Administration&product=mozilla.org&short_desc=Assess%20use%20of%20external%20addon%20NAME_HERE%20in%20Mozilla%27s%20GitHub%20organization%20ORG_NAME_HERE bug template]
* Include answers to these the questionsprompted for in the above template. Additional notes:** ''Which repositories do you want to have access? (all or list)'' -- "All" will rarely be granted - every repository should have control over anything that can access their repository.** Do ''Are any of those repositories contain "sensitive" dataprivate? (e.g. '' -- In general, OAuth apps will not be granted access to private repos or ones where unauthorized code changes could have significant impact repositories, as that grants access to Mozilla)''all'' private repositories.** ''Provide link to vendor's description of permissions needed and why'' -- Hopefully that have this documented, or at least provide a screenshot of the authorization screen which lists the permissions. If not, we may ask you (the requestor) to engage with the apps support team to obtain the answers.** ''Provide installation instructions:*** Please include the Install link for a GitHub Appapp'' -- mandatory, as we can's "t install" linkthe app without it. * If you are not an "admin" for the repository, an "admin" will have to approve the request. Please set a "Need Info" on the appropriate repository admin.
===== Initial Installation =====
If this is the first time this GitHub App is being installed in the organization, a few extra checks and coordination are needed. An organization owner will need to perform these steps:
* Determine if the GitHub App previously had an OAUTH versionin use in the same org. (The simplest way is to see if the app is listed under the "Third-party Application" section of the organization settings page. ''Any mention'' -- including "declined" -- counts as "in use" for this purpose.)** If so, it is likely that installing the integration will disable all repositories OAuth app was in use, check the organization using the OAUTH version of the applicationapp installation documentation to see if there are any caveats. (We've only seen one app transition where there was an impact, but better safe than sorry.)** Find If there are caveats that apply, ask the requestor to contact all current repositories using the classic OAUTH application (this to coordinate, cc'ing [[#contact|GitHub owners]]. This task is non-trivial, scripts exist you usually need to access the OAuth app's dashboard, and have knowledge of how the app works. ('''Do NOT''' authenticate to helpany OAuth app with your owner account.)** Install the Integration GitHub app for all current "specific repositories", and enable the new one (organization owner permissions neededones in the request.)
'''Please do not install GitHub apps with organization wide scope without first discussing with [[#contact|GitHub owners]].'''
Confirm
1,351
edits

Navigation menu