-
Notifications
You must be signed in to change notification settings - Fork 2
Creating a GitHub App
Before deploying Shape Docs or contributing to the project, you need to register an app on GitHub. The GitHub App enables two features in Shape Docs:
- Authorizing users with GitHub. Shape Docs uses GitHub to manage access to documentation. Because documentation resides in repositories hosted on GitHub, users only have access to the documentation that resides within the repositories they have access to.
- Commenting on PRs that make changes to OpenAPI specifications. The Shape Docs bot comments on PRs to provide the author and reviewers with links to preview the changes on the web portal.
The following section guides you through creating and configuring the GitHub App. Any settings of the app not mentioned in these settings are irrelevant to Shape Docs. You may also refer to GitHub's official documentation on registering a GitHub App.
Now, let's create and configure a GitHub App.
Give the app any name, description, and homepage URL that you desire.
Specify a callback URL that points to Shape Docs' /api/auth/callback/github endpoint, for example https://example.com/api/auth/callback/github.
Make sure that "Expire user authorization tokens" is enabled.
Specify a webhook URL that points to Shape Docs' /api/hooks/github endpoint, for example https://example.com/api/hooks/github. Make sure that the webhook is activated by checking "Active".
Assign a secret to the webhook. Shape Docs uses this to verify that the webhook is called by GitHub. The secret can be any value. We recommend generating a random string by running openssl rand -hex 32 in your terminal. Store the secret in a secure place, as you'll need to assign it to the GITHUB_WEBHOOK_SECRET environment variable when deploying Shape Docs.
Grant the GitHub App following authorization permissions.
| Category | Permission | Access | Reason |
|---|---|---|---|
| Repository permissions | Contents | Read-only | Used for finding OpenAPI specifications in repositories. |
| Repository permissions | Pull requests | Read and write | Enables the Shape Docs bot to comment on pull requests to provide preview links. |
| Repository permissions | Metadata | Read-only | Required when the "Contents" permission is granted. Enables Shape Docs to search for repositories. |
Subscribe to the following webhook events.
| Event | Reason |
|---|---|
| Pull request | Notifies Shape Docs when a PR is opened and new commits are pushed to the PR, enabling the bot to comment on the PR with preview links. |
Save the GitHub App with the configuration. In summary, your GitHub App should have the following settings.
| Setting | Value |
|---|---|
| Name | Shape Docs |
| Description | Shape Docs is a web portal that collects OpenAPI documentation and facilitates spec-driven development, built with GitHub-based authorization. |
| Homepage URL | https://example.com |
| Callback URL | https://example.com/api/auth/callback/github |
| Expire user authorization tokens | Yes |
| Webhook active | Yes |
| Webhook URL | https://example.com/api/hooks/github |
| Webhook secret | Generated using openssl rand -hex 32
|
| Repository permissions | Contents set to read-only, Pull requests set to read and write, and Metadata set to read only. |
Once you have registered the GitHub App, you should take note of the following details:
- App ID.
- Client ID.
- Client secret.
- Private key.
These details are needed when setting the environment variables. The client secret and private key can be generated from the app settings.
Framna Docs is built with ❤️ by Shape in Denmark. Oh, and we are hiring 🤗