Integrate a Self hosted Git server with IDEs
If you are using a managed (SaaS) Git service provided by Bitbucket, GitHub, Gitlab or Azure DevOps, you do not need to configure this integration as these are already configured out-of-the-box by Conveyor.
If you are using a self-managed version you do need to allow Conveyor IDEs to access your Git repositories. Conveyor makes use of the git-credential-oauth tool for accessing Git repositories, as it has several advantages for enterprise environments:
- protection against token theft
- automatic support for popular hosts
- cloning of public repositories without setup
Prerequisites
This setup requires that your Git server supports the OAuth flow and your Git server is network-accessible from Conveyor.
In order to configure this setup, you will need to perform two steps:
- Create an OAuth application on your Git server
- Configure the OAuth credentials (e.g. clientId, clientSecret) in Conveyor IDEs using either environment variables or Git configuration.
Creating an OAuth application
In order for Conveyor IDEs to access your Git repository, you need to create an OAuth application. This will allow Conveyor IDEs to use your credentials to access your Git repository.
When creating an OAuth application, two settings need be configured:
- The
callback url
will be redirected to after successfully obtaining a token. For Conveyor this setting should be:https://app.conveyordata.com/api/v2/ide/callback
. This URL is unique to Conveyor IDEs as our backend needs to forward the redirect to the correct IDE instance. read, write
permissions to your repository should be provided. This allows you to manage your Git repository when using a Conveyor IDE.
After creating the OAuth application with these settings, you will obtain a key and secret for the application, which you need in the next step.
Configuring the OAuth credentials in Conveyor IDEs
The git-credential-oauth tool supports two ways for configuring custom hosts: environment variables and Git configuration. Using the custom IDE configuration or IDE base images, the following properties can be set:
- oauthClientId
- oauthClientSecret
- oauthScopes
- oauthAuthURL
- oauthTokenURL
- Generic Integration
- GitHub Enterprise Server
You can set these properties as follows using the buildSteps
block in the IDE configuration:
buildSteps:
- name: Set OAuth application configuration for custom host
cmd: |
git config --global credential.https://[gitHost].oauthClientId [CLIENTID]
git config --global credential.https://[gitHost].oauthClientSecret [CLIENTSECRET]
git config --global credential.https://[gitHost].oauthScopes read_repository write_repository
git config --global credential.https://[gitHost].oauthAuthURL /oauth/authorize
git config --global credential.https://[gitHost].oauthTokenURL /oauth/token
In this example the [gitHost]
is the hostname of your Git server (e.g: gitlab.conveyordata.com).
You can set these properties as follows using the buildSteps
block in the IDE configuration:
buildSteps:
- name: Set OAuth application configuration for custom host
cmd: |
echo 'export GC_OAUTH_GITHUB_CLIENT_ID=[CLIENTID]' >> ~/.bashrc
echo 'export GC_OAUTH_GITHUB_CLIENT_SECRET=[CLIENTSECRET]' >> ~/.bashrc
git config --global credential.https://[gitHost].oauthScopes repo
git config --global credential.https://[gitHost].oauthAuthURL login/oauth/authorize
git config --global credential.https://[gitHost].oauthTokenURL login/oauth/access_token
In this example the [gitHost]
is the hostname of your GitHub Enterprise Server (e.g: github.conveyordata.com).
With this setup, the provided OAuth credentials will be used when cloning a repository from your self-hosted Git server in a Conveyor IDE. The user flow is described in more detail here.