GitHub Concepts: Difference between revisions
Line 24: | Line 24: | ||
The pull requests have to be reviewed, approved and explicitly applied by the owner of the parent repository. | The pull requests have to be reviewed, approved and explicitly applied by the owner of the parent repository. | ||
A '''reviewer''' is a person you want to review your code. It is not necessarily the person responsible for the specific area the PR applies to, or responsible for merging the commit. It is a good idea to co-opt as reviewer a person who worked with that code before. | |||
An '''assignee''' is usually the PR opener, who normally is also the person who merges the PR after consent from reviewer(s). | |||
Also see [[Git_Concepts#Clone|Git cloning]]. | Also see [[Git_Concepts#Clone|Git cloning]]. | ||
Also see: {{Internal|GitHub_Procedures#Pull_Request_Procedures|Pull Request Procedures}} | Also see: {{Internal|GitHub_Procedures#Pull_Request_Procedures|Pull Request Procedures}} | ||
==Required Reviews for Pull Requests== | ==Required Reviews for Pull Requests== |
Revision as of 19:06, 7 August 2019
Internal
Webhooks
A webhook is a mechanism that triggers a HTTP POST invocation into the webhook's external URL, every time a specific event occurs.
A webhook can be installed on an organization or on a specific repository. Once installed, it will be triggered each time one or more subscribed events happen in that organization/repository.
Can be set via UI: Repository -> Settings -> Options: Webhooks.
Webhook Secret
Used by OpenShift for its S2I build strategy.
Pull-Request
Usually, a pull request is initiated from a feature branch and indicates the intent to merge with the develop branch. It is possible to initiate pull requests from a previously cloned repository as well.
The pull requests have to be reviewed, approved and explicitly applied by the owner of the parent repository.
A reviewer is a person you want to review your code. It is not necessarily the person responsible for the specific area the PR applies to, or responsible for merging the commit. It is a good idea to co-opt as reviewer a person who worked with that code before.
An assignee is usually the PR opener, who normally is also the person who merges the PR after consent from reviewer(s).
Also see Git cloning.
Also see:
Required Reviews for Pull Requests
Code Owners
Protected Branch
Security
Personal Access Token
A personal access token is a piece of information that more here... . GitHub grants access to whoever makes a HTTPS invocation and presents this token: it function like an ordinary OAuth access token. It also can be used instead of a password for Git over HTTPS, or can be used to authenticate to the API over Basic Authentication. Git API access is allowed in presence of the tocken. A personal access token is similar to a password, in that they should be protected carefully. They are usually though placed in scripts, when building automated CI/CD pipelines. The advantage of using a token instead of a password is that the tokens can be revoked, can be proactively rotated, and then a lot of them can be created.
The list of already generated tokens can be obtained at https://github.com/settings/tokens (account -> Settings -> Developer settings -> Personal access tokens.
Operations:
GitHub App
OAuth Support
GitHub's OAuth implementation supports the standard authorization code grant type (https://tools.ietf.org/html/rfc6749#section-4.1).