GitHub
A plugin that integrates with GitHub's APIs.
Features
The GitHub plugin is used to:
- Auto-discover GitHub repos containing
/kronicle.yamlmetadata files - Clone those repos to analyze their contents
The plugin can find Git repos in three different ways:
- Load all repos that a GitHub access token has been granted access to
- Load all repos under a specific GitHub organization
- Load all repos under a specific GitHub user account (personal repos)
The three approaches can be mix and matched and the plugin allows multiple access tokens, organizations and users to be configured.
Plugin configuration
The following environment variable are passed to the kronicle-serice container to configure the plugin
Example configuration
PLUGINS_GITHUB_ENABLED=true
# Find all repos that an access token has access to
PLUGINS_GITHUB_ACCESS_TOKENS_0_USERNAME=some-github-user
PLUGINS_GITHUB_ACCESS_TOKENS_0_VALUE=ghp_1234567890
# Find all repos under a GitHub organisation
PLUGINS_GITHUB_ORGANIZATIONS_0_ACCOUNT_NAME=some-github-org-name
PLUGINS_GITHUB_ORGANIZATIONS_0_ACCESS_TOKEN_USERNAME=some-github-user
PLUGINS_GITHUB_ORGANIZATIONS_0_ACCESS_TOKEN_VALUE=ghp_1234567890
# Find all repos under a GitHub user
PLUGINS_GITHUB_USERS_0_ACCOUNT_NAME=some-github-user
PLUGINS_GITHUB_USERS_0_ACCESS_TOKEN_USERNAME=some-github-user
PLUGINS_GITHUB_USERS_0_ACCESS_TOKEN_VALUE=ghp_1234567890
Mandatory environment variables
PLUGINS_GITHUB_ENABLED=true
Set to “true” to enable the plugin
Optional environment variables
PLUGINS_GITHUB_ACCESS_TOKENS_{index}_USERNAME=some-github-user
This is used to configure Kronicle to automatically scan all the Git repos that the specified user account has been granted access to.
PLUGINS_GITHUB_ACCESS_TOKENS_{index}_VALUE=ghp_1234567890
This setting must be used when the PLUGINS_GITHUB_ACCESS_TOKENS_{index}_USERNAME setting is used. Care should be taken with what permissions are granted on GitHub for the access token. If the access token is granted access to any private repos, regardless of what organization or user owns those private repos, then Kronicle Service will have access to those private repos too.
PLUGINS_GITHUB_ORGANIZATIONS_{index}_ACCOUNT_NAME=some-github-org-name
This is used to configure Kronicle to automatically scan all the Git repos owned by a particular organization on GitHub, looking for kronicle.yaml files.
PLUGINS_GITHUB_ORGANIZATIONS_{index}_ACCESS_TOKEN_USERNAME=some-github-user
This is used with the PLUGINS_GITHUB_ORGANIZATIONS_{index}_ACCOUNT_NAME setting but it optional. Without it, Kronicle Service will call the GitHub API anonymously. The setting contains the username of a GitHub user. Specifying this setting can be helpful as it enables Kronicle Service to authenticate with the GitHub API, which reduces the rate limiting that the API performs.
PLUGINS_GITHUB_ORGANIZATIONS_{index}_ACCESS_TOKEN_VALUE=ghp_1234567890
This setting must be used when the PLUGINS_GITHUB_ORGANIZATIONS_{index}ACCESS_TOKEN_USERNAME setting is used. In contains the GitHub access token (PAT) for the GitHub used specified in the PLUGINS_GITHUB_ORGANIZATIONS{index}_ACCESS_TOKEN_USERNAME setting. Care should be taken with what permissions are granted on GitHub for the access token. If the access token is granted access to any of the GitHub organization’s private repos, then Kronicle Service will have access to those private repos too.
PLUGINS_GITHUB_USERS_{index}_ACCOUNT_NAME=some-github-user
Similar to the PLUGINS_GITHUB_ORGANIZATIONS_{index}_ACCOUNT_NAME setting but configures Kronicle Service to retrieve repos for a GutHub user rather han a GitHub organization
PLUGINS_GITHUB_USERS_{index}_ACCESS_TOKEN_USERNAME=some-github-user
Similar to the PLUGINS_GITHUB_ORGANIZATIONS_{index}_ACCESS_TOKEN_USERNAME setting.
PLUGINS_GITHUB_USERS_{index}_ACCESS_TOKEN_VALUE=ghp_1234567890
Similar to the PLUGINS_GITHUB_ORGANIZATIONS_{index}_ACCESS_TOKEN_VALUE setting. Care should be taken with what permissions are granted on GitHub for the access token. If the access token is granted access to any of the GitHub user’s private repos, then Kronicle Service will have access to those private repos too.
REPO_FINDERS_IGNORED_REPOS_{index}_URL=https://github.com/kronicle-tech/kronicle-metadata-repo-template.git
Configures Git repos that Kronicle Service should ignore. Multiple entries can be configured. {index} should start from zero and be incremented by 1 for each Git repo URL.
Granting access to two GitHub organizations
Here is an example of the environment variables needed to configure Kronicle to load all the Git repos for two independent GitHub organizations:
PLUGINS_GITHUB_ORGANIZATIONS_0_ACCOUNT_NAME=some-github-organization
PLUGINS_GITHUB_ORGANIZATIONS_0_ACCESS_TOKEN_USERNAME=some-github-user
PLUGINS_GITHUB_ORGANIZATIONS_0_ACCESS_TOKEN_VALUE=gpp_example123
PLUGINS_GITHUB_ORGANIZATIONS_1_ACCOUNT_NAME=another-github-organization
PLUGINS_GITHUB_ORGANIZATIONS_1_ACCESS_TOKEN_USERNAME=another-github-user
PLUGINS_GITHUB_ORGANIZATIONS_1_ACCESS_TOKEN_VALUE=gpp_example456
Granting access to a GitHub organization’s repos via a GitHub user account
Here is an example of configuring Kronicle to load all Git repos via a machine GitHub account. This approach will
grant Kronicle access to all the repos that the user account has been explicitly granted access to. That includes
access granted directly to the user account and access granted via a GitHub team.
PLUGINS_GITHUB_ACCESS_TOKENS_0_USERNAME=some-github-user
PLUGINS_GITHUB_ACCESS_TOKENS_0_VALUE=gpp_example123
Excluding certain Git repos
This environment variable can be used to prevent Kronicle for loading certain Git repos, regardless of which Kronicle plugin has found these Git repos:
PLUGINS_GITHUB_ACCESS_TOKENS_0_USERNAME=some-github-user
PLUGINS_GITHUB_ACCESS_TOKENS_0_VALUE=gpp_example123
REPO_FINDERS_IGNORED_REPOS_0_URL=https://github.com/some-github-user/example-repo-1
REPO_FINDERS_IGNORED_REPOS_1_URL=https://github.com/some-github-user/example-repo-2