Integrations

Transcript

1. Integrations Keavy McMinn // Engineer b keavy

2. “Who opens PRs?”

3. repo GET /repos/:owner/:repo/pulls

4. repo Grants read/write access to code, commit statuses, repository invitations,

   collaborators, and deployment statuses

5. repo Grants read/write access to code, commit statuses, repository invitations,

   collaborators, and deployment statuses for public and private repositories

6. repo Grants read/write access to code, commit statuses, repository invitations,

   collaborators, and deployment statuses for public and private repositories and organizations.
7. None
8. None

9. ┌────┐ ┌─────────────────┐ ┌────────┐ │User│ │ Integrator │ │ GitHub │

   └──┬─┘ └────────┬────────┘ └────┬───┘ │ │ │ │ User visits Integrator site │ │ │ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ▶ │ │ │ │ │ Authorize Integrator with OAuth │ │ │ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ▶ │ │ │ Integrator receives and stores │ │ OAuth access token for user │ │ │ ⾢ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ │ │ │ │ │ │ List accessible orgs for user │ │ │ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ▶ │ │ │ │ List accessible repos for user │ │ │ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ▶ │ │ │ │ Display list of repos to user │ │ │ ⾢ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ │ │ │ │ │ │ User selects repos to build │ │ │ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ▶ │ │ │ │ Set up hooks, create keys for │ selected repos │ │ │ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ▶ │ │ │ │ │ │
10. None
11. None
12. None

13. Uh. Where’s CI?

14. None

15. “We need this level of access because GitHub…”

16. “Type a quote here.”

17. I’ve got 99 problems, and they’re all OAuth

18. Scopes

19. Outside-in flow

20. Install flow efficiency

21. No Connection between an org and a service

22. Multiple accounts

23. Multiple accounts

24. None
25. None

26. “If we were building integrations from scratch, knowing what we

    know now... what would we do differently?” b jasonrudolph
27. None

28. Integrations Early Access

29. None

30. Users

31. None
32. None
33. None
34. None
35. None

36. Integrator

37. None
38. None
39. None
40. None
41. None
42. None
43. None

44. Thorny areas

45. Checking permissions

46. Checking permissions

47. Checking permissions

48. Checking permissions

49. # A user with push access to commit status role

    :status_writer do |context| ... user && repo.pushable_by?(user) end Checking permissions

50. # A user with push access to commit status role

    :status_writer do |context| ... user && (repo.pushable_by?(user) || repo.statuses.writeable_by?(user)) end Checking permissions

51. # A user with push access to commit status role

    :status_writer do |context| ... user && repo.resources.statuses.writeable_by?(user) end Checking permissions

52. Identity flow

53. " # $ Identity flow

54. Identity flow " # $

55. OAuth Possible solutions:

56. Possible solutions: Single Sign-On

57. OAuth-like flow

58. None

59. Led by UX

60. None
61. None
62. None

63. Trust

64. None
65. None

66. Alternatives now

67. repo Grants read/write access to code, commit statuses, repository invitations,

    collaborators, and deployment statuses for public and private repositories and organizations.
68. None
69. None

70. ┌────┐ ┌─────────────────┐ ┌────────┐ │User│ │ Integrator │ │ GitHub │

    └──┬─┘ └────────┬────────┘ └────┬───┘ │ │ │ │ User visits Integrator site │ │ │ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ▶ │ │ │ │ │ Authorize Integrator with OAuth │ │ │ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ▶ │ │ │ Integrator receives and stores │ │ OAuth access token for user │ │ │ ⾢ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ │ │ │ │ │ │ List accessible orgs for user │ │ │ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ▶ │ │ │ │ List accessible repos for user │ │ │ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ▶ │ │ │ │ Display list of repos to user │ │ │ ⾢ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ │ │ │ │ │ │ User selects repos to build │ │ │ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ▶ │ │ │ │ Set up hooks, create keys for │ selected repos │ │ │ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ▶ │ │ │

71. ┌────┐ ┌─────────────────┐ ┌────────┐ │User│ │ Integrator │ │ GitHub │

    └──┬─┘ └────────┬────────┘ └────┬───┘ │ │ │ │ User visits integration page │ │ │ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ┼ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─▶ │ │ User installs integration on selected repos │ │ │ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─▶ │ │ │ Integrator receives webhook event │ │ of new installation │ │ │ ⾢ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ │ │ │ │ │ │ │
72. None

73. Octokit::Client.new( :access_token => installation_access_token )

74. Take action independently of a specific user Allow users to

    install on an organization Allow users to install on a per repository basis Want granular permissions When to use an Integration?

75. Code Scanners Continuous Integration Continuous Deployment Issue Management Anything else

    you can dream up! What might you use an integration for?

76. Take action only as a specific user Full access is

    desired Using GitHub as an identity provider When to use an OAuth application?

77. Installations Early Access

78. Learn more developer.github.com platform.github.community % &

79. b keavy b jch b tarebyte b jmilas b kdaigle

    b pifafu b cmwinters b tclem b jasonrudolph b jdpace b pengwynn b ptoomey3 b janester

80. Thank you