diff --git a/docs/spec/v1/gitrepositories.md b/docs/spec/v1/gitrepositories.md index d39ee73d3..673eea63f 100644 --- a/docs/spec/v1/gitrepositories.md +++ b/docs/spec/v1/gitrepositories.md @@ -346,19 +346,14 @@ The `github` provider can be used to authenticate to Git repositories using The GitHub App information is specified in `.spec.secretRef` in the format specified below: -- Get the App ID from the app settings page at - `https://github.com/settings/apps/`. -- Get the App Installation ID from the app installations page at -`https://github.com/settings/installations`. Click the installed app, the URL -will contain the installation ID -`https://github.com/settings/installations/`. For -organizations, the first part of the URL may be different, but it follows the -same pattern. +- Get the App ID from the app settings page at `https://github.com/settings/apps/`. - The private key that was generated in the pre-requisites. - (Optional) GitHub Enterprise Server users can set the base URL to `http(s)://HOSTNAME/api/v3`. -- (Optional) If GitHub Enterprise Server uses a private CA, include its bundle (root and any intermediates) in `ca.crt`. - If the `ca.crt` is specified, then it will be used for TLS verification for all API / Git over `HTTPS` requests to the GitHub Enterprise Server. +- (Optional) If GitHub Enterprise Server uses a private CA, include its + bundle (root and any intermediates) in `ca.crt`. + If the `ca.crt` is specified, then it will be used for TLS verification + for all API / Git over `HTTPS` requests to the GitHub Enterprise Server. **NOTE:** If the secret contains `tls.crt`, `tls.key` then [mutual TLS configuration](#https-mutual-tls-authentication) will be automatically enabled. Omit these keys if the GitHub server does not support mutual TLS. @@ -371,6 +366,7 @@ metadata: type: Opaque stringData: githubAppID: "" + githubAppInstallationOwner: "" githubAppInstallationID: "" githubAppPrivateKey: | -----BEGIN RSA PRIVATE KEY----- @@ -383,14 +379,19 @@ stringData: -----END CERTIFICATE----- ``` +Exactly one of `githubAppInstallationOwner` or `githubAppInstallationID` must be provided. +If neither or both are provided, the reconciliation will fail with a misconfiguration error. +When `githubAppInstallationOwner` is provided, the controller will look for the installation +ID corresponding to the owner using the GitHub API. + Alternatively, the Flux CLI can be used to automatically create the secret with the github app authentication information. ```sh flux create secret githubapp ghapp-secret \ --app-id=1 \ - --app-installation-id=3 \ - --app-private-key=~/private-key.pem + --app-installation-owner=my-org \ + --app-private-key=~/private-key.pem ``` ### Service Account reference diff --git a/go.mod b/go.mod index f961bb637..56d923b22 100644 --- a/go.mod +++ b/go.mod @@ -27,7 +27,7 @@ require ( github.com/fluxcd/pkg/artifact v0.5.0 github.com/fluxcd/pkg/auth v0.33.0 github.com/fluxcd/pkg/cache v0.12.0 - github.com/fluxcd/pkg/git v0.39.0 + github.com/fluxcd/pkg/git v0.40.0 github.com/fluxcd/pkg/gittestserver v0.23.0 github.com/fluxcd/pkg/helmtestserver v0.34.0 github.com/fluxcd/pkg/http/transport v0.7.0 diff --git a/go.sum b/go.sum index 289a84508..f78e66758 100644 --- a/go.sum +++ b/go.sum @@ -378,8 +378,8 @@ github.com/fluxcd/pkg/auth v0.33.0 h1:3ccwqpBr8uWEQgl15b7S0PwJ9EgtcKObg4J1jnaof2 github.com/fluxcd/pkg/auth v0.33.0/go.mod h1:ZAFC8pNZxhe+7RV2cQO1K9X62HM8BbRBnCE118oY/0A= github.com/fluxcd/pkg/cache v0.12.0 h1:mabABT3jIfuo84VbIW+qvfqMZ7PbM5tXQgQvA2uo2rc= github.com/fluxcd/pkg/cache v0.12.0/go.mod h1:HL/9cgBmwCdKIr3JH57rxrGdb7rOgX5Z1eJlHsaV1vE= -github.com/fluxcd/pkg/git v0.39.0 h1:QydLWcsOso1BkO/ctE6ELlCFkhnGwpF2dUVa+R4aLp0= -github.com/fluxcd/pkg/git v0.39.0/go.mod h1:MPhYH/ir7jr7cgQd75kWPHCGuJBu+sg7jzi0JPTSkKA= +github.com/fluxcd/pkg/git v0.40.0 h1:B23gcdNqHQcVpp9P2BU4mrfFXGA8XFYi9mpy+5RDAQA= +github.com/fluxcd/pkg/git v0.40.0/go.mod h1:MPhYH/ir7jr7cgQd75kWPHCGuJBu+sg7jzi0JPTSkKA= github.com/fluxcd/pkg/gittestserver v0.23.0 h1:o4tb4ic2GHf2xWHTf/07w/wVLFSvbybQ9bdhtWgDnS8= github.com/fluxcd/pkg/gittestserver v0.23.0/go.mod h1:b+rbFRu8HTtTFJ7mr437nHIO12pEodYqvQ3QUDHgFIQ= github.com/fluxcd/pkg/helmtestserver v0.34.0 h1:a6toTMPO6WfdohrkYCrs6vwOJK4VXpODLKc5311GawY=