To set up Banzai Cloud Pipeline to authenticate users using GitHub, you’ll have to do the following:
-
Create a personal access token on GitHub.
Take note of the generated GitHub access token as it will be needed (we will use it as
${PERSONAL_ACCESS_TOKEN}
). -
Register an OAuth application on GitHub for the Pipeline.
Take note of the generated GitHub OAuth Application’s
Client ID
andClient Secret
values as those will be needed (we will use them as${GITHUB_CLIENT_ID}
and${GITHUB_CLIENT_SECRET}
).Fill in Authorization callback URL with:
https://${PIPELINE_HOST}/dex/callback
-
Extend the
values.yaml
file in the workspace of your Pipeline instance with the following values (please replace the variables with the previously noted values):dex: config: connectors: publicGithub: type: github id: github name: GitHub config: clientID: ${GITHUB_CLIENT_ID} clientSecret: ${GITHUB_CLIENT_SECRET} redirectURI: https://${PIPELINE_HOST}/dex/callback loadAllGroups: false orgs: - name: ${MY_GITHUB_ORGANIZATION} pipeline: configuration: github: token: ${PERSONAL_ACCESS_TOKEN}
-
Run the
banzai pipeline up command to apply the changes.
Troubleshooting π︎
I can’t see my GitHub Organization on the Pipeline UI π︎
This is a common issue, and there are two solutions for this:
-
Press org sync on the UI
-
Enable the application to access your new organization
Please visit
https://github.com/settings/connections/applications/${GITHUB_CLIENT_ID}
and Press Request or Grant (based on your organization rights) to enable the GitHub application to see your newly registered organization.Note: For our online demo this is https://github.com/settings/connections/applications/a4e374bd7d0139fd953e
In the above example you can see that some GitHub orgs are already allowed to be used in the Pipeline (green mark), for some organizations where I’m just a guest with reduced rights, I can request access (Request button), and for some others I can grant access myself (Grant button).
After granting access you can press the Sync button again on the Pipeline UI or Logout/Login again, to let the Pipeline pick up the organizations from the upstream provider.