Skip to content

Commit

Permalink
chore: README update for github app
Browse files Browse the repository at this point in the history
  • Loading branch information
vrivellino committed Jan 29, 2024
1 parent d995b30 commit 788e232
Showing 1 changed file with 28 additions and 5 deletions.
33 changes: 28 additions & 5 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -50,11 +50,34 @@ Below are screenshots of Github Pull Request comments generated by argo-diff.

## Deploying

- Generate a fine-grained Github Personal Access Token. It should have the following Repository permissions:
- **Administration**: `Read-only`
- **Commit statuses**: `Read and write`
- **Metadata**: `Read-only`
- **Pull requests**: `Read and write`
- Access to the Github API will need to be granted either via a Personal Access Token (good for small
environments or a proof of concept) or a Github App.
- If you using a Personal Access Token, it is recommended to create a separate Github account in your
organization specifically for argo-diff. Argo diff will look for the PAT in the env var
`GITHUB_PERSONAL_ACCESS_TOKEN`.
- Permissions for the PAT should match the permissions specified below for Github Apps.
- If you using a Github App, you'll need to create a new application in your organization under **Developer
Settings**:
- Name can be `argo-diff`.
- Homepage URL can be the base URL of your argocd instance or the base URL of what will be your webhook
URL.
- Callback URL should be empty, as should Setup URL.
- Webhooks should *not* be active.
- The webhook URL can be the URL you will configure Github webhooks below.
- **Permissions**:
- **Administration**: `Read-only`
- **Commit statuses**: `Read and write`
- **Metadata**: `Read-only`
- **Pull requests**: `Read and write`
- _Where can this GitHub App be installed?_ -> `Only on this account`
- Upon creating the Github App, take note of the `App ID` and then generate a new Private Key, which
will download a `.pem` file locally.
- Install App to your organization. Settings for the installion will have the URL formatted like:
`/organizations/<ORG_NAME>/settings/installations/<INSTALLATION_ID>`. Take note of the installation id
on the URL.
- Argo Diff will look for the API client configuration in the following environment variables:
`GITHUB_APP_ID`, `GITHUB_INSTALLATION_ID`, and `GITHUB_PRIVATE_KEY_FILE` (the latter of which should
be the path to the `.pem` file generator above)
- Create a user in your ArgoCD instance. This user should have read-only access to all applications:
- For example, in _policy.csv_: `g, argo-diff, role:ci` and `p, role:ci, applications, get, *, allow`
- This user shouldn't need a password but does need an API token to be generated.
Expand Down

0 comments on commit 788e232

Please sign in to comment.