Analyzing a GitHub Enterprise Pull Request

SeaLights Pull Request Integration exposes Quality Risks to the developer as part of the Pull Request process, to be displayed and handled before the code is merged into the main branch.

Note that this feature is supported from GitHub Enterprise version v2.14 and newer.

SeaLights GitHub App Setup

In order to benefit of the Pull Request Analysis, you will need to create a new App on your Github Enterprise instance.

  • This app will be used by the Sealights Task Runner to push the information to your GitHub Entreprise instance.

The application will not require any access to your source code. It only requires:

  • Read access to metadata

  • Read and write access to checks

  • Website & Website hook must be filled in

The creation of the application is a pretty simple and straightforward procedure in GitHub Entreprise settings:

  1. Open your GitHub Settings > Developer Settings > Github Apps > New GitHub App page

  2. Specify the app ID based on the following, after the application has been created:

3. The following Private Key is to be downloaded and placed in the same folder as the TaskRunner agent:

 

4. Then, navigate to Install App, and choose an account to install the SeaLights app on:

5. Select “All Repositories” in the following screen

SeaLights Task Runner App Configuration

To report the Pull Request data to SeaLights, the Task Runner must be installed locally on the GitHub server, or on a server with access to the GitHub Enterprise instance:

  1. Download the Task Runner from the following link: https://agents.sealights.co/sl_task_runner/sl_task_runner-4.0.2397.zip

  2. Prepare a configuration file to be used by the Task Runner in JSON format:

    • The GitHub Enterprise server properties in this configuration file should be defined within json property "github" as follows:

sl-taskrunner-cfg.json example:

{ "tokenFile": "config/sltoken.txt", "github": { "url": "https://github.internal.net:443/api/v3", "owner":"repo-owner", "repo":"reponame", "appId":1, "privateKeyFile":"config/github-private-key" } }
  • The token to be used should be an Agent token

  • The value of the URL should be the on prem Github API url

  • Once the above steps have been completed, it’s time to run the task runner .jar file, specifying the configuration file created in the previous step:

java -Dsl.config.file=config/sl-taskrunner-cfg.json -jar sl_task_runner.jar

It is also possible to pass the same parameters as Java properties, like in the example below

java -Dsl.tokenFile=/path/to/sltoken.txt -Dsl.github.url=http://github.internal.net:443/api/v3 -Dsl.github.appId=<app ID assigned to SL app> -Dsl.github.privateKeyFile=</path/to/private-key-file> -jar sl_task_runner.jar

Configuring the pull request job

The pull request job needs to run the SeaLights build scan and test listener for the test stages you want the analysis on. These results will be compared to the latest build you reported to SeaLights for the branch you are merging the Pull Request to.

Generating a session ID

You create the Pull Request build session ID by using the SeaLights Java Build Scanner (See: Downloading the java agent files) with the prConfig option:

java -jar sl-build-scanner.jar -prConfig {-token <arg> | -tokenfile <arg>} -appname <arg> -targetBranch <arg> -latestCommit <arg> -pullRequestNumber <arg> -repoUrl <arg> [-pi <arg>] [-pe <arg>]

Pull Request parameters explanation as seen in GitHub.com

You can easily identify the relevant values to pass to the Build Scanner based on the illustration below. The screenshot is from GitHub.com, but is relevant for On Premise solutions as well.

Sample of Results on GitHub's Pull Request page

At the completion of the analysis, Sealights' App will appear as part of the "Checks" of your Pull Request. Result will appear similar to the one below: