I am looking to deploy Drone to the organization I look at, and I am wondering if there’s a way to support different client ID and secret per repo. The way our GitHub Enterprise is setup I can’t create a single OAuth client ID and secret that every user/org can use, and I am hoping there’s a way that everyone would be able to customize their own like how the secrets are managed.
Drone does not have a concept of per-repository login. Do you have any examples of third party tools in the GitHub marketplace that support such a concept (i.e. Coveralls, Hound, Code Climate, etc)?
In my experience, any user should be able to login, but access to organization data may be restricted and may require the organization administrators to add Drone to the application whitelist [1][2].
[1] https://help.github.com/en/articles/enabling-oauth-app-access-restrictions-for-your-organization
[2] https://help.github.com/en/articles/approving-oauth-apps-for-your-organization
I think I am not explaining it right, or not using the right terms.
At my company, we have OAuth applications enabled for both users and organizations, so I am able to create an OAuth Application for either one, and I am able to get drone to work that way, by creating an OAuth Application for my Github organization, and then setting DRONE_GITHUB_CLIENT_ID and DRONE_GITHUB_CLIENT_SECRET.
The problem I am encountering is that I would like other Github organizations at my company to be able to use this Drone instance as well, but it’s not possible for me to spin up drone with more than 1 OAuth Application client ID and secret, so in order to support other organizations, I have to spin up multiple instances of Drone, each with their own client ID and secret.
Is there a way to be able to spin up one instance, but with support for multiple OAuth Application client ID and secrets? Or, better yet, what is the best way for me to set this up, if I am not able to create a machine account on Github and use that account’s OAuth ID and secret?
The problem I am encountering is that I would like other Github organizations at my company to be able to use this Drone instance as well
I think I’m confused or am not understanding because an oauth2 application is by default accessible to all users and all organizations. An organization my restrict applications [1] and may require manual approval for their use [2]. But multiple installations or client_ids should not be required. If there is some setting that prevents sharing applications across multiple organizations I would appreciate if you could provide me a link (to the ghe documentation) because we’ve never encountered such a setting before.
[1] https://help.github.com/en/articles/enabling-oauth-app-access-restrictions-for-your-organization
[2] https://help.github.com/en/articles/approving-oauth-apps-for-your-organization
hmm, this does indeed sound strange. We use Drone with GitHub Enterprise and it works with all organizations using a single client_id and secret. No special configuration required. One organization did restrict application use, and they had to manually approve use of Drone (similar to the link brad posted).
I appreciate all the help. I was so sure it was an issue with the client ID and secret that I neglected to check other places. Turns out other repositories didn’t work was because we weren’t testing with a real SSL cert, and we forgot to tell GHE to disable certificate checks so it could send the request. After we set it everything works as intended! Sorry for the confusion.