Pro Yearly is on sale from $80 to $50! »

Integrations

B47b288784fda77a94aeb234ca743c24?s=47 Keavy McMinn
September 15, 2016
190

 Integrations

B47b288784fda77a94aeb234ca743c24?s=128

Keavy McMinn

September 15, 2016
Tweet

Transcript

  1. Integrations Keavy McMinn // Engineer b keavy

  2. “Who opens PRs?”

  3. repo GET /repos/:owner/:repo/pulls

  4. repo Grants read/write access to code, commit statuses, repository invitations,

    collaborators, and deployment statuses
  5. repo Grants read/write access to code, commit statuses, repository invitations,

    collaborators, and deployment statuses for public and private repositories
  6. repo Grants read/write access to code, commit statuses, repository invitations,

    collaborators, and deployment statuses for public and private repositories and organizations.
  7. None
  8. None
  9. ┌────┐ ┌─────────────────┐ ┌────────┐ │User│ │ Integrator │ │ GitHub │

    └──┬─┘ └────────┬────────┘ └────┬───┘ │ │ │ │ User visits Integrator site │ │ │ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ▶ │ │ │ │ │ Authorize Integrator with OAuth │ │ │ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ▶ │ │ │ Integrator receives and stores │ │ OAuth access token for user │ │ │ ⾢ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ │ │ │ │ │ │ List accessible orgs for user │ │ │ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ▶ │ │ │ │ List accessible repos for user │ │ │ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ▶ │ │ │ │ Display list of repos to user │ │ │ ⾢ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ │ │ │ │ │ │ User selects repos to build │ │ │ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ▶ │ │ │ │ Set up hooks, create keys for │ selected repos │ │ │ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ▶ │ │ │ │ │ │
  10. None
  11. None
  12. None
  13. Uh. Where’s CI?

  14. None
  15. “We need this level of access because GitHub…”

  16. “Type a quote here.”

  17. I’ve got 99 problems, and they’re all OAuth

  18. Scopes

  19. Outside-in flow

  20. Install flow efficiency

  21. No Connection between an org and a service

  22. Multiple accounts

  23. Multiple accounts

  24. None
  25. None
  26. “If we were building integrations from scratch, knowing what we

    know now... what would we do differently?” b jasonrudolph
  27. None
  28. Integrations Early Access

  29. None
  30. Users

  31. None
  32. None
  33. None
  34. None
  35. None
  36. Integrator

  37. None
  38. None
  39. None
  40. None
  41. None
  42. None
  43. None
  44. Thorny areas

  45. Checking permissions

  46. Checking permissions

  47. Checking permissions

  48. Checking permissions

  49. # A user with push access to commit status role

    :status_writer do |context| ... user && repo.pushable_by?(user) end Checking permissions
  50. # A user with push access to commit status role

    :status_writer do |context| ... user && (repo.pushable_by?(user) || repo.statuses.writeable_by?(user)) end Checking permissions
  51. # A user with push access to commit status role

    :status_writer do |context| ... user && repo.resources.statuses.writeable_by?(user) end Checking permissions
  52. Identity flow

  53. " # $ Identity flow

  54. Identity flow " # $

  55. OAuth Possible solutions:

  56. Possible solutions: Single Sign-On

  57. OAuth-like flow

  58. None
  59. Led by UX

  60. None
  61. None
  62. None
  63. Trust

  64. None
  65. None
  66. Alternatives now

  67. repo Grants read/write access to code, commit statuses, repository invitations,

    collaborators, and deployment statuses for public and private repositories and organizations.
  68. None
  69. None
  70. ┌────┐ ┌─────────────────┐ ┌────────┐ │User│ │ Integrator │ │ GitHub │

    └──┬─┘ └────────┬────────┘ └────┬───┘ │ │ │ │ User visits Integrator site │ │ │ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ▶ │ │ │ │ │ Authorize Integrator with OAuth │ │ │ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ▶ │ │ │ Integrator receives and stores │ │ OAuth access token for user │ │ │ ⾢ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ │ │ │ │ │ │ List accessible orgs for user │ │ │ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ▶ │ │ │ │ List accessible repos for user │ │ │ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ▶ │ │ │ │ Display list of repos to user │ │ │ ⾢ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ │ │ │ │ │ │ User selects repos to build │ │ │ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ▶ │ │ │ │ Set up hooks, create keys for │ selected repos │ │ │ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ▶ │ │ │
  71. ┌────┐ ┌─────────────────┐ ┌────────┐ │User│ │ Integrator │ │ GitHub │

    └──┬─┘ └────────┬────────┘ └────┬───┘ │ │ │ │ User visits integration page │ │ │ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ┼ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─▶ │ │ User installs integration on selected repos │ │ │ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─▶ │ │ │ Integrator receives webhook event │ │ of new installation │ │ │ ⾢ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ │ │ │ │ │ │ │
  72. None
  73. Octokit::Client.new( :access_token => installation_access_token )

  74. Take action independently of a specific user Allow users to

    install on an organization Allow users to install on a per repository basis Want granular permissions When to use an Integration?
  75. Code Scanners Continuous Integration Continuous Deployment Issue Management Anything else

    you can dream up! What might you use an integration for?
  76. Take action only as a specific user Full access is

    desired Using GitHub as an identity provider When to use an OAuth application?
  77. Installations Early Access

  78. Learn more developer.github.com platform.github.community % &

  79. b keavy b jch b tarebyte b jmilas b kdaigle

    b pifafu b cmwinters b tclem b jasonrudolph b jdpace b pengwynn b ptoomey3 b janester
  80. Thank you