To set up Banzai Cloud Pipeline to authenticate users using GitHub, you’ll have to do the following:

  1. Create a personal access token on GitHub.

    Take note of the generated GitHub access token as it will be needed (we will use it as ${PERSONAL_ACCESS_TOKEN}).

  2. Register an OAuth application on GitHub for the Pipeline.

    Take note of the generated GitHub OAuth Application’s Client ID and Client Secret values as those will be needed (we will use them as ${GITHUB_CLIENT_ID} and ${GITHUB_CLIENT_SECRET}).

    GitHub Client ID

    Fill in Authorization callback URL with: https://${PIPELINE_HOST}/dex/callback

    GitHub Callback URL

  3. Extend the values.yaml file in the workspace of your Pipeline instance with the following values (please replace the variables with the previously noted values):

    dex:
  config:
    connectors:
      publicGithub:
        type: github
        id: github
        name: GitHub
        config:
          clientID: ${GITHUB_CLIENT_ID}
          clientSecret: ${GITHUB_CLIENT_SECRET}
          redirectURI: https://${PIPELINE_HOST}/dex/callback
          loadAllGroups: false
          orgs:
            - name: ${MY_GITHUB_ORGANIZATION}
pipeline:
  configuration:
    github:
      token: ${PERSONAL_ACCESS_TOKEN}

  4. Run the banzai pipeline up command to apply the changes.

Troubleshooting πŸ”—︎

I can’t see my GitHub Organization on the Pipeline UI πŸ”—︎

This is a common issue, and there are two solutions for this:

  • Press org sync on the UI

    UI Org Sync

  • Enable the application to access your new organization

    Please visit https://github.com/settings/connections/applications/${GITHUB_CLIENT_ID} and Press Request or Grant (based on your organization rights) to enable the GitHub application to see your newly registered organization.

    Note: For our online demo this is https://github.com/settings/connections/applications/a4e374bd7d0139fd953e Allow GitHub Application

    In the above example you can see that some GitHub orgs are already allowed to be used in the Pipeline (green mark), for some organizations where I’m just a guest with reduced rights, I can request access (Request button), and for some others I can grant access myself (Grant button).

    After granting access you can press the Sync button again on the Pipeline UI or Logout/Login again, to let the Pipeline pick up the organizations from the upstream provider.