feat(github): support github app auth #303
Closed
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
- Add JWT generation and signing functionality for GitHub App authentication - Support RS256 signing algorithm as required by GitHub Apps - Implement private key management with multiple loading methods (file, env, bytes) - Add comprehensive JWT claims construction and validation - Include full test coverage for all components - Support both PKCS#1 and PKCS#8 private key formats Components added: - internal/github/app/jwt.go: Core JWT generation logic - internal/github/app/private_key.go: Private key management - internal/github/app/claims.go: JWT claims construction - internal/github/app/jwt_test.go: JWT module tests - internal/github/app/private_key_test.go: Private key tests 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>
…uto-refresh - Add Installation Access Token management for GitHub Apps - Implement in-memory token cache with TTL and expiration handling - Support automatic token refresh with configurable intervals and thresholds - Add concurrent token refresh with semaphore-based rate limiting - Include comprehensive error handling and retry mechanisms - Support token invalidation and cache cleanup operations - Add permission-specific token creation for fine-grained access control Components added: - internal/github/app/installation.go: Installation token manager - internal/github/app/cache.go: Token caching implementation - internal/github/app/refresh.go: Automatic refresh logic - internal/github/app/installation_test.go: Comprehensive test coverage Features: - Token expiration safety margin (5 minutes before actual expiration) - Configurable refresh intervals and concurrency limits - GitHub API integration with proper authentication headers - Thread-safe operations with mutex protection - Metrics and statistics tracking for monitoring 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>
…pport - Extend GitHubConfig to support GitHub App authentication alongside PAT - Add GitHubAppConfig struct with App ID and private key configuration options - Support multiple private key loading methods (file path, env var, direct content) - Implement auth mode selection: "token", "app", or "auto" detection - Add comprehensive configuration validation and default value handling - Maintain full backward compatibility with existing PAT configurations - Add environment variable mapping for all GitHub App settings New configuration fields: - github.app.app_id: GitHub App ID - github.app.private_key_path: Path to private key file - github.app.private_key_env: Environment variable containing private key - github.app.private_key: Direct private key content (not recommended) - github.auth_mode: Authentication mode selection Environment variables: - GITHUB_APP_ID: GitHub App ID - GITHUB_APP_PRIVATE_KEY_PATH: Private key file path - GITHUB_APP_PRIVATE_KEY_ENV: Private key environment variable name - GITHUB_APP_PRIVATE_KEY: Direct private key content - GITHUB_AUTH_MODE: Force specific authentication mode Features: - Automatic auth mode detection based on available configuration - Comprehensive validation with helpful error messages - Helper methods for checking configuration state - Full test coverage including backward compatibility verification 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>
…terfaces - Create unified Authenticator interface supporting both PAT and GitHub App authentication - Implement PATAuthenticator for Personal Access Token authentication - Implement GitHubAppAuthenticator for GitHub App authentication with installation support - Add DefaultClientFactory for streamlined GitHub client creation - Build AuthenticatorBuilder for configuration-driven authenticator creation - Support HybridAuthenticator with primary/fallback authentication strategies - Provide comprehensive error handling and validation across all authenticators Core interfaces: - Authenticator: Unified authentication interface with client creation methods - ClientFactory: Simplified client creation with authentication abstraction - AuthInfo: Detailed authentication metadata and permissions Authentication implementations: - PATAuthenticator: OAuth2-based PAT authentication with user validation - GitHubAppAuthenticator: JWT + Installation token authentication with app validation - HybridAuthenticator: Multi-method authentication with graceful fallback Key features: - Automatic authentication method detection from configuration - Installation-specific client creation for GitHub Apps - Comprehensive validation and access testing - Thread-safe operations with proper error propagation - Full backward compatibility with existing PAT workflows - Support for custom HTTP clients and base URLs for testing Components added: - internal/github/auth/interfaces.go: Core authentication interfaces - internal/github/auth/pat_authenticator.go: PAT authentication implementation - internal/github/auth/app_authenticator.go: GitHub App authentication implementation - internal/github/auth/factory.go: Client factory and builder implementations - internal/github/auth/auth_test.go: Comprehensive test coverage 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>
Implement automatic authentication detection and switching between PAT and GitHub App based on configuration. ## Key Features - GitHubClientManager with automatic auth mode detection - Context-based installation ID handling for GitHub App webhook events - Backward compatibility with existing PAT authentication - New Agent methods for accessing auto-switching GitHub clients - Comprehensive unit tests for the new functionality ## Implementation Details - Created GitHubClientManager in internal/github/manager.go - Enhanced Agent with GetGitHubClient() and GetGitHubInstallationClient() methods - Updated webhook handlers to extract installation ID from GitHub events - Added installation ID context utilities for GitHub App support - Maintained full backward compatibility with existing codebase ## Configuration Support - Automatically detects GitHub App vs PAT configuration - Falls back gracefully when GitHub App auth fails - Logs authentication method being used for debugging 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>
CarlJi
reviewed
Aug 13, 2025
CarlJi
reviewed
Aug 13, 2025
CarlJi
reviewed
Aug 13, 2025
Codecov Report❌ Patch coverage is Additional details and impacted files@@ Coverage Diff @@
## main #303 +/- ##
=======================================
Coverage ? 16.71%
=======================================
Files ? 43
Lines ? 9033
Branches ? 0
=======================================
Hits ? 1510
Misses ? 7431
Partials ? 92
Flags with carried forward coverage won't be shown. Click here to find out more. ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
CarlJi
reviewed
Aug 15, 2025
| @@ -171,6 +197,11 @@ func loadFromEnv() *Config { | |||
| CodeProvider: getEnvOrDefault("CODE_PROVIDER", "claude"), | |||
| UseDocker: getEnvBoolOrDefault("USE_DOCKER", true), | |||
| } | |||
|
|
|||
| // Load additional environment variables including GitHub App config | |||
| config.loadFromEnv() | |||
CarlJi
reviewed
Aug 15, 2025
| ) | ||
|
|
||
| type Client struct { | ||
| client *github.Client | ||
| config *config.Config | ||
| manager *GitHubClientManager |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.