Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Investigate support for GitHub Enterprise #4

Open
mattsb42-aws opened this issue Jan 16, 2020 · 7 comments
Open

Investigate support for GitHub Enterprise #4

mattsb42-aws opened this issue Jan 16, 2020 · 7 comments
Labels
enhancement New feature or request

Comments

@mattsb42-aws
Copy link
Member

The URL that we pass to CodeBuild to check out the code is currently hard-coded to use https://github.com. Because GitHub Actions is available in GitHub Enterprise, it would be nice if this action worked there too.
@mattsb42-aws mattsb42-aws added the enhancement New feature or request label Jan 16, 2020
@mattsb42-aws mattsb42-aws mentioned this issue Jan 16, 2020
Merged
@ctd
Copy link

ctd commented Mar 20, 2020

The current implementation is also incompatible with private repositories on GitHub.

I have an idea to solve this by having the option to push a source archive (zip/tarball) from GitHub Actions to an S3 bucket, and using this as the source for CodeBuild — rather than having CodeBuild clone from GitHub itself.

This wouldn't require any additional authentication/authorisation pieces on the GitHub Actions side, and would require a user to give IAM permissions to an S3 bucket in addition to the CodeBuild/Cloudwatch Logs permissions already required.

Is this something you'd consider for this issue, or would you like me to separate this into a new separate issue?

@seebees
Copy link
Collaborator

seebees commented Mar 24, 2020

I think that this should go into a separate issue.
CodeBuild has a lot of options for source delivery,
and I want to try and balance completeness with ease of use.

If you could throw into that issue, how you see this working,
and what underling CodeBuild APIs you are wanting to call
that would be great!

@matt-tyler
Copy link

I’m wondering - as an alternative, could one set the codebuild project to NO_SOURCE, and pass in the GITHUB_TOKEN and GITHUB_ACTOR is a environment variables? This would require the project to manually clone the repo, though.

You would also need to fork this action and change the overrides... but it would probably work.

@matt-tyler
Copy link

I gave it a go and can confirm that passing GITHUB_ACTOR and the secret variable GITHUB_TOKEN, you can configure a codebuild job with source configured as NO_SOURCE to pull from github. The only issue is that you have to write the step to pull the code within the codebuild buildspec and you miss out on the built-in source caching capabilities of codebuild.

I also hacked it a bit and provided the token as a PLAIN_TEXT environment variable because it was the least amount of work - the current implementation is propogating all environment variables prepend with 'GITHUB_' the environment variable overrides. Tokens are valid for roughly 60 minutes according to github documentation, but ideally, they would be configured as secrets in the codebuild startBuild overrides.

@robin-aws
Copy link
Contributor

Glad there seems to be a workaround, but leaving this open as a valid feature request for the future.

@sciurus
Copy link

sciurus commented Dec 3, 2021

For one approach see #57 (comment)

@afinzel afinzel mentioned this issue Mar 14, 2022
Closed
1 task
@aura-herrera-sonarsource
Copy link

Is this something that will still be done as a feature?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
7 participants
@ctd @seebees @sciurus @matt-tyler @mattsb42-aws @robin-aws @aura-herrera-sonarsource