2. Create a GitHub App
This section deals with setting up a GitHub App which is required for sfops to function. sfops require additional permissions which allow to write into other repository such as 'sfops-dashboard' and also permission to trigger workflows etc. These permissions are beyond what is being provided by the built in GITHUB_TOKEN. A Github App is recommended over using a Service Account and its Personal Access Token, as the service account takes an additional license and has limitations on the api requests.
This guide is crafted to facilitate the user to create a sfops-bot GitHub App to automate the worflows provided out of the box with sfops. It provides a step-by-step approach for creating the app, elaborating on the necessary permissions, installation, and secure storage of sensitive information.
You can refer to this link to understand how this work behind the scenes
Step-by-Step Creation and Configuration
Step 1: Registration of sfops-bot GitHub App
Navigate to your GitHub organization's settings.
Click on "Developer settings" and select "GitHub Apps".
Hit "New GitHub App" and input
sfops-botas the name.Add an icon and background color in the 'Display Information' to make the app identifiable in your workflows
Step 2: Permissions Configuration
Assign the app permissions based on the requirements for sfops:
Repository Permissions
Contents: Set to read and write for the app to manage code, branches, commits, and merges. This access allows the app to automate code integration processes.
Issues: Read and write permissions enable the app to automate issue tracking, commenting, and labeling.
Deployments: Read and write access empowers the app to manage deployments, essential for continuous delivery workflows.
Environments: Read and write access to create environments, which will be consumed by workflows
Pull Requests: Read and write permissions are necessary for the app to automate the handling of pull requests, including merging and labeling.
Actions: Read and write access is crucial for the app to manage GitHub Actions, which are integral to automation workflows.
Projects: Read and write permissions allow the app to connect issues to projects for better project management.
Secrets: Read-only access lets the app manage secrets without compromising their security, essential for secure workflows.
Variables: Read and write permissions that permit the app to read the variables in the repo, This is vital for dynamic configuration of the environment and branch related configurations
Workflows: Read and write permissions permit the app to update workflow files, which is vital for maintaining automated processes.
Organisation Permissions
Projects: Read and write permissions allow the app to connect issues to projects for better project management. \
The new GitHub projects are created at organisation level, and requires organisation permissions
Step 3: Generate and Secure a Private Key
In the 'General' section of your app's settings, locate the 'Private keys' subsection.
Click on "Generate a private key" and download the
.pemfile immediately to your secure location.
Step 4: Installation of the App
Navigate to the 'Install App' tab within your app settings.
Click "Install" to initiate the installation process.
Select your organization and choose to install the app on all repositories or specific ones such as Salesforce repositories and
sfops-dashboard.
Step 5: Storing the Private Key and App ID as Secrets
Access your organization or repository settings and go to the 'Secrets' area.
Choose "New repository secret" or "New organization secret" for both the private key and App ID.
Label the private key secret as
SFOPSBOT_APP_PRIVATE_KEYand the App ID secret asSFOPSBOT_APP_ID.Paste the contents of the private key file and the numerical App ID into their respective secrets.
The workflows provided by sfops utilizes the above variables to authenticated to do repository operations as provided in the below example\
Last updated