GitHub Enterprise


#1

Hello,

I have a large customer that is migrating to GHE soon and I’m figuring out how to allow them to continue using my GitHub App https://pullreminders.com. To my knowledge, they do not plan on hosting the GitHub Enterprise instance behind a firewall.

Here’s what I think I need to do:

  1. Have the customer create a “Pull Reminders” GitHub App in their GHE instance and save the following info from their GHE instance in my database: hostname, client id, client secret, GitHub App id, GitHub private key.
  2. Create a special login flow for them on my website (ie. pullreminders.com/enterprise-login) where they first enter their GHE hostname so I can send them through the OAuth flow pointed at their GHE instance
  3. My apps API requests for this customer will use the GitHub App id and private key generated in their GHE instance for generating JWTs, an the the hostname, client id/secret from their GHE instance for making requests.

I’d appreciate guidance on this. I am looking to do this in the near-term and am happy to do a detailed write-up and share back on how I get this all to work.


#2

Hey @abinoda,

It looks like you’ve identified the right steps from my knowledge. Maybe other integrators who have done this can weigh in on any specifics. We realize there’s opportunity to optimize this experience on our end to make things smoother for both integrators and users. I’ll keep an :eye: on any learnings here to incorporate into our internal discussions on this topic.

am happy to do a detailed write-up and share back on how I get this all to work.

Thanks for this :thought_balloon:. I’d love to see this, and I think it’d be valuable for others who will likely encounter this situation sooner than later as GitHub App adoption rises.


#3

@jmilas Thanks.

I also forgot to mention webhooks. That’d be an additional thing to figure out. Due to the amount of logic required to have my main app be able to interact with both GitHub.com as well as various GHE instances, I am now thinking that it’d make more sense to deploy a separate instance of my app similar to an on-premises installation except one that I manage.


#4

@abinoda We’re in the process of doing the same work for Dependabot. We’ve mostly found that our prospective GitHub Enterprise clients want an on-prem install, as they don’t want their data to touch our servers. As a result we’re planning to have a separate instance for each customer, managed on-prem. Happy to share our experience if there’s anything we can help with.


#5

@greysteil Appreciate it!

Some things I’m still grappling with:

  1. The steps I’ve outlined so far–creating a separate instance of my app connected to a GHE instance and then setting up a GitHub App there… are there any gotchas in there I should be aware of? Or will it work just like it does for GitHub.com?
  2. Since my app uses GitHub OAuth, I don’t need to worry about LDAP/SSO stuff since GHE already deals with that, right?
  3. What tools are using to package and distribute your app? Seems like containerizing my app is a good starting point, but I’m looking into other things like creating pre-made images on AWS, etc.
  4. How are you handling letting customers download your code? ie. are you obfuscating it? or do you just use a good contract to protect your IP? I don’t know what best practices are.
  5. Whats your process for managing plans or licenses?

If you’d prefer please email me at a at abinoda.com and/or we can setup a time to chat!


#6

Moved to email :slight_smile:


#7

@jmilas Just wanted to post an update to this thread. I’m working through a couple of implementations now and you can see the full written instructions I am providing customers here:

I’ve tried to keep everything as simple as possible… I have the entire app running as a single Docker container.