GitHub login
In order to be able to take manual actions in Estafette you need to protect it with a login.
NOTE: GitHub login and GitHub integration aren't the same thing. They use different types of GitHub apps behind the scenes. You can mix and match GitHub login with other types of integration and vice versa.
Configure Estafette
To log in to Estafette using GitHub login first create a new OAuth application in GitHub at https://github.com/settings/applications/new
for a personal account or at https://github.com/organizations/<organization>/settings/applications/new
for an organizational account. Fill in the form with the following values:
After creating the application you'll be able to see the Client ID; you'll also need a Client Secret. Obtain one by clicking Generate new client secret. Armed with these details you can update the values used by the Helm installation by updating your values.yaml
values file:
api:
...
config:
files:
config.yaml: |
apiServer:
baseURL: 'https://<(private) host for the web gui>'
integrationsHost: 'https://<public host to receive webhooks>'
auth:
github:
clientID: '<github oauth app client id>'
clientSecret: '<github oauth app client secret>'
allowedIdentitiesRegex: '<regex to restrict domain for the email address of the user; for example .+@estafette\.io>'
administrators:
- admin1@estafette.io # Add your login email here to be the administrator
- admin2@estafette.io
or override the default config with environment variables like:
api:
baseHost: '<(private) host for the web gui>'
integrationsHost: '<public host to receive webhooks>'
deployment:
extraEnv:
- name: ESCI_AUTH_GITHUB_CLIENTID
value: '<github oauth app client id>'
- name: ESCI_AUTH_GITHUB_CLIENTSECRET
value: '<github oauth app client secret>'
- name: ESCI_AUTH_GITHUB_ALLOWEDIDENTITIESREGEX
value: '<regex to restrict domain for the email address of the user; for example .+@estafette\.io>'
- name: ESCI_AUTH_ADMINISTRATORS
value: '<comma separate list of admin email addresses, for example admin1@estafette.io,admin2@estafette.io>'
With this in place run
helm upgrade --install estafette-ci estafette/estafette-ci -n estafette-ci --create-namespace --timeout 600s --values values.yaml
Now when navigating to your base host you should be able to see a GitHub login button and use it to log in to your Estafette setup.