GitHub App integration for Kiwi TCMS

Introduction

This package provides the GitHub App integration for Kiwi TCMS Enterprise and is designed to work only for multi-tenant environments! You don't need this add-on in order to run Kiwi TCMS without extended GitHub integration!

Communication from GitHub to this plugin is via webhooks.

Plugin behavior:

• Auto-configure which tenant to use for database operations, either 'public' or a single private tenant to which user has access.
• If unable to auto-configure display warning and redirect to configuration page once the GitHub account who installed this integration onto their GitHub repository logs into Kiwi TCMS
• Existing & newly created repositories are added as products in Kiwi TCMS
• BugSystem records are automatically configured for repositories
• Fork repositories are skipped
• Newly created git tags are added as product versions in Kiwi TCMS

See Issues for other ideas!

Installation

pip install kiwitcms-github-app

inside Kiwi TCMS's docker image and make sure the following settings are configured:

AUTHENTICATION_BACKENDS = [
    'social_core.backends.github.GithubAppAuth',
    ...
]
SOCIAL_AUTH_GITHUB_APP_KEY = 'xxxxxx'
SOCIAL_AUTH_GITHUB_APP_SECRET = 'yyy'
KIWI_GITHUB_APP_SECRET = b'your-webhook-secret'
KIWI_GITHUB_APP_ID = 123456
KIWI_GITHUB_APP_PRIVATE_KEY = """-----BEGIN RSA PRIVATE KEY-----
+++++++++base64-encoded-private-key+++++++
-----END RSA PRIVATE KEY-----"""

everything else will be taken care for by Kiwi TCMS plugin loading code!

GitHub App configuration

This plugin needs an existing GitHub App application with the following configuration:

• User authorization callback URL: https://tcms.example.com/complete/github-app/
• Request user authorization (OAuth) during installation - True
• Webhook Active - True
• Webhook URL - https://tcms.example.com/kiwitcms_github_app/webhook/
• Webhook Secret - <the value of KIWI_GITHUB_APP_SECRET>
• SSL verification - Enabled

Then configure how the application interacts with GitHub:

• Repository permissions:
  • Contents: Read-only
  • Issues: Read & write (required for 1-click bug report on private repos)
  • Metadata: Read-only
• User permissions:
  • Email addresses: Read-only
• Subscribe to events:
  • Meta
  • Create
  • Repository

Changelog

v1.6.0 (15 Jan 2024)

• 1-click bug report will now use execution.build.version.product instead of execution.run.plan.product following changes in Kiwi TCMS, see: <https://github.com/kiwitcms/Kiwi/commit/48a33a71e664c8c3ed2ceb298b5f1e19d0bddb52>_ and PR #3439 for more details
• Require minimum version of several transitive dependencies, certifi>=2023.7.22, cryptography>=41.0.4, pyjwt>=2.4.0, requests>=2.31.0 in order to minimize exposure to known security vulnerabilities
• Build & test with Python 3.11
• Start testing with psycopg3
• Small updates around test jobs & CI

v1.5.1 (28 Mar 2023)

• Unpin PyGithub dependency
• Add more tests

v1.5.0 (24 Feb 2023)

• Refactor code so it works with PyGithub==1.58.0
• Remove PatchedGithubIntegration class
• Add sanity tests for upstream/downstream interfaces for PyGithub

v1.4.1 (13 Feb 2023)

• Adjust arguments for latest github.Github implementation
• Raise RuntimeError instead of Exception

v1.4.0 (05 Sep 2022)

• Don't ask user to configure GitHub App if they are not tenant owner. Breaks an endless loop cycle in case tenant creation goes wrong
• Specify 30 sec timeout for internal HTTP requests
• Improvements to CI

v1.3.3 (31 Jan 2022)

• Fix for GitHub exceptions. Fixes KIWI-TCMS-HH

v1.3.2 (05 Jan 2022)

• Don't crash on 404 from GitHub. Fixes KIWI-TCMS-EA
• Workaround upstream <PyGithub/PyGithub#2079>. Fixes KIWI-TCMS-HD

v1.3.1 (04 Oct 2021)

• Adjust 2 parameters for changes introduced in PyGithub 1.55

v1.3.0 (14 Feb 2021)

• Migrate to Python 3.8
• Always test with the latest Kiwi TCMS version
• Adjustments to the internal test suite now that Kiwi TCMS is available via source
• Prevent crash if uid field is not a number to make it work with Keycloak

v1.2.4 (14 Feb 2021)

• Don't cause ISE in case of race conditions between webhooks
• Fix ISE for existing Version

v1.2.3 (25 Jan 2021)

• Allow POST request (web hooks) without CSRF token

v1.2.2 (08 Dec 2020)

• Update for newer PyGithub

v1.2.1 (17 Sep 2020)

• Require login for views.Resync()

v1.2 (13 Sep 2020)

• Adjusted to work with Django 3.1 and Kiwi TCMS > 8.6
• Replace deprecated url() with re_path()
• Migrate the payload field to newer models.JSONField type
• Setting PUBLIC_VIEWS is removed in Kiwi TCMS so remove the automatic adjustment
• Make error messages for missing AppInst more clear
• Remove redundant if condition in Resync()
• Update translation strings
• Update documentation around GitHub permission requirements for 1-click bug report

v1.1 (05 Aug 2020)

• Add GitHub issue-tracker integration which authenticates as the installed app. Fixes Issue #25
• Configure BugSystem for new repos. Fixes Issue #15
• Create Product & BugSystem records when installation_repositores change. Fixes Issue #21
• Trigger resync from GitHub via menu. Fixes Issue #19
• Trigger resync from GitHub after AppInstallation is configured. Fixes Issue #20
• Database: Add AppInstallation.settings_url field
• Link to the correct URL for GitHub settings. Fixes Issue #33
• Require user to be logged in for ApplicationEdit. Fixes Issue #36
• Update translation strings
• Add more tests

v1.0 (13 Apr 2020)

• Install settings overrides under tcms_settings_dir/ (compatible with Kiwi TCMS v8.2 or later):
  • does not need MIDDLEWARE and PUBLIC_VIEWS override anymore
• Remove GithubAppAuth backend, shipped with social-auth-core v3.3.0
• Fix a redirect to use the correct name of our social_core backend

v0.0.5 (19 Feb 2020)

• Address GitHub API deprecation not yet fixed in social-auth-core

v0.0.4 (25 Dec 2019)

• Do not fail if product already exists
• Do not fail if repository doesn't have description
• Search UserSocialAuth by uid and provider

v0.0.1 (24 Dec 2019)

• initial release