1877285 - Assess use of external app Bitrise in Mozilla's GitHub organization mozilla-releng

Status: RESOLVED WORKSFORME

(mozilla.org :: Github: Administration, task)

Description

[Andrew Halberstadt [:ahal]]

I want to use the Bitrise OAuth app in mozilla-releng for the following reasons:

I'm working on a secure integration between Taskcluster -> Bitrise and need a place to test it outside of the production repo.

Below are my answers to your stock questions:

** Which repositories do you want to have access? (all or list)

• mozilla-releng/staging-firefox-ios

Though this is an OAuth app so I think it works a little differently. I believe it needs to be authorized for the org, then it can be setup for specific repos from the Bitrise side of things.

** Are any of those repositories private?

No

** Provide link to vendor's description of permissions needed and why

https://devcenter.bitrise.io/en/connectivity/connecting-to-services/connecting-your-github-gitlab-bitbucket-account-to-bitrise

** Provide the Install link for a GitHub app

Unfortunately this is an OAuth APP so I don't think there's an install link. I clicked the button to request it being added though.

Comment 1

[Chris Brentano [:ctb]]

Routing to SecOps for review.

Comment 2

[u429623]

:ahal - please see bug 1874927 comment 6 for an alternate method. Heitor hasn't come back to us, so I'm assuming that method worked.

Do let us know if there are issues with that method, please.

Comment 3

[Andrew Halberstadt [:ahal]]

Ok looks like I was maybe able to create the app by specifying the URL manually:
https://app.bitrise.io/app/161fba7c-af12-49fa-bf5f-8406ba2b355b

I did need to supply my own (read-only) personal access token that expires in a year, which isn't ideal, but I think this might be good enough for now. Thanks!