Support GitHub Apps
evaluating
R
Raffia Finch
Currently we have no way to integrate with GitHub Apps to allow for checking out of GitHub repositories. This means we need to use a full fledged GitHub account with a personal-access-token which can be a security risk as the account would only be used for Seqera Tower. This also makes us burn an organization wide account seat because of this limitation. We do not want to tie this access to a single user as we then have to update the GitHub access token after the person leaves.
Please add support for GitHub Apps to checkout repositories instead of a full GitHub account + personal-access-token.
Rob Newman
evaluating
Starting to evaluate building a Github App for Seqera Platform.
Rob Newman
Merged in a post:
Allow using SSH private keys for GIT authentication
F
Friendly Duck
The only current method to authenticate Seqera with GitHub is using a PAT. This requires a full GitHub account, for us it means paying for an additional organization license.
GitHub supports the option of using "deploy keys" that can be added at the repository level for exactly the use-case of continuous deployments. It would be great if Seqera which already supports storing SSH private keys as credentials, it could use this method to authenticate GIT pulls.
C
Charcoal Mandrill
this sounds like a great idea, another reason to use this feature was recently encountered; git submodules
our users all must do their interactive
git clone
via ssh credentials so if we add a git submodule to a repo, it must use the SSH remote URL in order for anyone to be able to git clone it
this breaks Seqera Platform since it appears that when the pipeline launches, Platform attempts to do a
git clone --recursive
(??) and the Run fails before the pipeline can even launch due to errors cloning the repoas soon as you change the git submodule remote to https, this issue goes away ; but using https git submodule breaks all users' ability to
git clone --recursive
the repo themselvesso unless there's another solution for this situation, it would appear that using SSH key based Git auth within Seqera Platform would be required if you want to include git submodules with ssh remotes in your repo
Rob Newman
C
Charcoal Mandrill
a solution to my own problem here as described by Paolo is to use "relative path" git remote URL as described here https://www.damirscorner.com/blog/posts/20210423-ChangingUrlsOfGitSubmodules.html
Rob Newman
Charcoal grey Sailfish - We have merged your request with an existing feature request. Thanks for your feedback.
Rob Newman
Merged in a post:
Launch Pipeline Run using private Gitlab repository via SSH
C
Charcoal grey Sailfish
I need to run a pipeline stored on our private Gitlab repo. The repo only allows cloning of repos by SSH. I can't find any documentation regarding this. Do you have a way for me to do this? When trying to run a pipeline I just get this error:
F
Friendly Duck
Rob Newman yes, GitHub App would be an improvement. Thanks!
Rob Newman
Friendly Duck: We are currently evaluating using a Github app. Would that fulfill your request?
C
Continuous Squid
Same for gitlab, I don't like to use a personal access token to provide access to the full organisation.
F
Friendly Duck
An alternative with a similar purpose is to support "deploy keys". I upvoted this ticket and added one for deploy keys. Either one would be extremely useful to us for the same reasons listed here.
Rob Newman
acknowledged
Load More
→