Demo Days - Creating a GitHub app

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

hey folks and welcome to uh this week's installment of github demo day um let me just share my screen here and we'll get going uh so my name is uh steve and i am glad to be presenting with two out to you all today um and i'm glad everyone could make it i hope everyone is is doing great um so i'm joined here as well by my colleague and friend john if john you were there and you want to jump on and just say hello quick hey everybody glad to be here thanks john and can you just make sure you can see my screen right i want to make sure we get that done right yep cool cool cool um so yeah it's demo days again everybody and we are excited to be here and today we will be talking to you all about creating a github app and it's going to be awesome um i do want to give a quick warning unexpectedly i have some uh workers outside my office like literally the other side of this door and they occasionally like to hit a hammer um or like turn a drill on so i do apologize in advance if any of that noise comes through and we'll do our best to kind of mitigate i didn't ask them to be quiet but they've got jobs to do as well um so we'll see how we go here um so please bear with me um and as i said my name is uh steve winton um i have the the pleasure of working at github as a partner engineer which means i get to work on things like github apps and help um our wonderful and amazing partners at github as they build integrations on top of github's platform um so we've got quite a bit of content to get through uh today and actually i'm reading straight from this gist which is public you can hit it at this url if you want to get a sneak peek but maybe you don't want to spoil the surprise i don't know um so yeah this is the stuff that we've got in store for you today a little bit of an intro uh i wanna i wanna i'd love to talk about github apps kind of what they are what the motivation is behind kind of their design where they came from what you can do with them um and then we'll actually uh build a github app or you know i'm gonna try and build it i'm gonna be writing it and go laying for fun and go laying isn't necessarily my favorite programming language i'm learning to love it um but let's let's see how we go there it's going to be a little bit of an experiment um and yeah if there's any i imagine we'll be done in maybe a little bit under an hour if there's any time remaining then i'm certainly happy to go get my bass over there i can like pull it down and i can play a major scale or something for you all and i know john you've got a keyboard i think so we can knock out a tune perhaps or we could just adjourn early honestly i'm open to whatever we want to do um and so let's let's dive in let's do our quick intro here so github apps what are they why do they exist so we'll dive into this in a little bit more detail but essentially um github apps are the the modern way for um third parties for integrators um or and really any user of github to kind of integrate with github via the api you might think of github apps as a bot that you grant access to different objects within your github repos and allow those bots to like get to work and automate things for you or check things for you or kind of greet your users or all kinds of wonderful and fancy things um essentially we like to say that you can kind of codify your workflow with these bots or github apps and a fun fact uh is that github itself is is also built with github apps so what i mean by that is that there are several products that github is comprised of and those products also kind of leverage github apps um so we'll we'll hopefully it'll kind of make a bit more sense by the end of the next hour so let's jump in and i find it helpful to first of all think of github apps in the context of oauth and um in the beginning you know that there was oauth but you know actually i think uh prior to oawf what we had was what was known i mean this is kind of showing my age a little bit but we had the password anti-pattern where if you wanted to give access to your account to a third party you would actually give that third party your password i'm sorry remember way back when spotify first came out and at that time i was a big fan of last fm and in those days when i wanted to kind of share what i was listening to on spotify to my last fm profile i literally would just give spotify my my last fm password you know nothing bad happened i trusted uh that spotify would would guard it well but it kind of became known then in the industry is like the password anti-pattern and o auth was kind of the the response to that this this design uh designed flow where like um a resource owners like a user could grant access to a third party to the stuff that they own on on white github and they could kind of attach um kind of scopes and give different access controls to that third party without having to um give out like the their password at all so uh you know oauth has been uh pretty pretty successful in in solving that and github itself supports version two of the oauth protocol and it's great for for many little things so i'm actually going to do a little bit of a demo here um of of oauth and i'm going to cheat a little bit though because um interesting interest of time um so we're going to be using this this repo over here which is um is private and it's also running on github enterprise.github.com so all of our stuff today is gonna be running on github enterprise for fun it will also work on github.com but we kind of wanted to show that this stuff works all on both dot com and gav enterprise server uh in case you're not aware github enterprise server is like the self-hosted version of github.com so you can download a virtual appliance and you can host github uh in your own private cloud if you want to so that's what i'm doing here um and i am going to uh do a little oath demo so fish ish we're gonna do that a lightweight one so um first thing i'm going to do to show this off is i'm going to jump over to so i'm signed in as as myself here i'm focused on demo days i'm going to jump down to my settings over here and in my profile we have these developer settings i know look at that github apps but we'll come back to that later um i'm going to come down to personal access token so i could create an author but i'm just going to create a personal access token um which are kind of similar to the to the oauth app in terms of the token that you get you just don't have to do like the oauth dance to get one so the third party in this instance is kind of myself which is a little maybe a little bit strange um let's go ahead and generate a new token and i've gotta do this thing um and i'm just gonna call my token demo um and i can attach these scopes to my uh token but i'm not going to do that i'm just going to have it kind of authenticate as as me but it won't be able to actually do anything which is fine that's perfectly valid and also if anyone watching steals my token then they can't do anything because i'm about to show you what my token is so here's my token um i'm going to copy that hopefully that works and then i'm going to jump over to my terminal which is over here i'm john let me know if this is a little bit too too tiny if you don't mind uh hopefully you can see this all right so i copied my token here um i'm gonna just use it in a request against the github api so my um let's first of all actually do this without uh authenticating so if i just hit um this this this url which is the same uh kind of domain as up here but i'm just putting api slash api v3 excuse me while i move um my zoom controls so if i come up here and i i hit api v3 then we get like this json response back but it says that um i am i must authenticate to access this api so let's repeat that on the command line using curl so if i call i get the exact same um response back i can make that look a bit prettier by passing it through jq um so let's this time let's authenticate so i'm gonna use my token which i have as my environment variable so this time i'm gonna do curl minus h um what is it authorization and then if i type bearer and that environment variable um and hit that end point again and actually i'll hit a different one i'll hit api v3 user which will just return the authenticated user uh i get bad credentials um let's try that again yeah uh bad credentials why is that why doesn't it like my credentials steve try token in front of bearer or instead of bearer uh yeah let's try that as well let me just create a new token in case there's an issue with this token oh let's call it demo2 so it's called they should vote work right so it's just oh i think i didn't maybe export my environment variable i think i have to do export github token equals that okay there we go that was the issue i hadn't exported it so silly mistake um okay so now i'm authenticated as myself and i get this information back and um that's pretty cool right now i have access to the github rest api and i can do all kinds of cool things so i'm actually gonna i have another token that i created earlier so i'm gonna jump over to this folder which i think is in my demo days and now if i replay that request it's the same um i get the same response back like it's me right because i'm i'm saying who is the authenticated user and the authenticated user is myself but this time let's do something slightly different so i'm gonna pass in uh some data and we'll actually try and open a github issue so this this token has um kind of right access to to my repo so in this case i'll i'll send in a little uh a little payload so we'll say title and um we'll say hello world right so i'll send it here but we can't send it to the user we have to send it to um v3 repos slash um i have a repo under the demodays.org and that repo is called spawn spoon uh knife slash issues okay so same token as before actually the the my pre-created token send in this body title hello world and post it to the issues endpoints and hopefully we get this back which is looking good and we should see a u and the html url is what we want so let's go and oops over here let's go and check that out where has my where's my window gone i think hyper just crashed on me ugh hyper so i won't do it again what i can do is i'll just go straight to my demo days.org there's the demo day spoon knife and we see the issue and here's the hello world so this was created by me by the api just a minute ago but you can't really tell from looking at it and in case anyone's in any doubt hyper did just quit on me unexpectedly which has never happened before wonderful the wonderful of of live twitch streaming um so we'll come back to that shortly so this is cool right um pretty cool anyway we got we got a token which equally could have been obtained through the oauth flow we exported it as an environment variable and we were able to already automate some things i was able to automate the creation of an issue and maybe you could attach that to some kind of application performance monitoring system and when you're um when your production environment is running out of memory you could open an issue or something to alert the development team to do something about it like that would be cool um what is uh you know not i less ideal about that is that this um issue is owned by me and that doesn't always make sense like sometimes the issue should be owned by kind of an autonomous user that um is is essentially like a bot um the other thing that is not so great about this is that um as swinton as myself i have a certain rate limit which is capped at something like 5000 requests per hour but if i'm using this token across lots of organizations lots of repos and also lots of third-party integrations and i could very easily run out of quota um also if you are using our on-prem products this this user who might be like a machine user has to consume a seat um and the token that i created is is long-lived um so that will unless it's revoked kind of manually or by a an api that's going to live forever and also that token although we only used it to create an issue it actually has what's called repost scope so it can do lots of other things in this repository as well like read the code and we might want to you know create a token that has more fine-grained access than that um so there are a you know a few a few issues with this certainly it's helpful um in in many cases and i use um like personal access tokens or oauth apps for lots of other reasons but um github apps has kind of been designed to solve a lot of those problems so let's um let's talk about we talked about this let's go into a little bit uh actually i'm gonna i'm gonna skip some of the theory this is as i said this is a public um public gist and the url is up here there are those workers getting hard at work outside apologies if you can hear that um so yeah interesting about so the benefits you get this autonomy it's not tied to a user on your instance you get an improved security model because you can attach really fine grained scopes to the bot and you get really dedicated um rate limits that the bot kind of has to itself um so yeah it's great and i'm going to jump over the key concepts and we'll do a deeper lab in a second but because this is a demo day it'd be good to do another demo right so i wanted to look at this repo this one is public um at swinton github hello world and it's i mentioned uh golang earlier but this is actually written in node and i like to think of this i mean it's fairly new but i like to think of this as kind of the hello world of github apps um let's so let's take a look at what it looks like to kind of do the same thing we did over here with a personal access token let's kind of replay that and instead this time let's do it as a github app so here's my repo uh the code uh to reproduce what we just did is kind of here and um where previously i was using curl on the command line this time we are um kind of using this octokit library which is an awesome open source library for using the github rest apis and when i am instantiating my um my octokit kind of instance here i'm providing this auth strategy which is um this kind of create app auth it's going to authenticate as an app and i'm passing in my app credentials which are available um over here in my app credentials files let's go check out app credentials and essentially like we'll um dig into what these things are but to um authenticate as a github app there are a few things that we need we need our um github app id we need what's called an installation id uh and we need a kind of private key and in this instance i'm just reading them all from environment variables so let's go and uh check this out so if i cd2 and we're going to actually bump up the zoom because it's crashed didn't it john let me know if i need to bump it up a little bit more if you wouldn't mind or is it looking okay looking okay on my end yeah i'll bump it up a little bit more um okay so this is uh if i do like a git remote uh minus v this is the same the same repo right as just the one that's checked out locally and uh this is the environment is configured here um actually let's open this up in my editor and steve yo uh h142 thanks for that question uh if you could send me the link to that gist that you had it's like a piece in chat yeah some couldn't do that thank you thank you thank you uh that was it this one right so let's go to the top that's here get dot io slash creating github apps and i'll i'll put it in the um in the chat as well oh thanks as well uh i understand i can't see the chat but i heard that h142 you spotted that the x i didn't export the environment variable thank you so much uh i threw the link in there you got the link to my gist yep i mean there's a ton of stuff in here we probably won't get through it all today so yeah thanks for doing that john and um yeah let's let's let me get back to i think i was i was going to talk about this code so over here in this dot m i'm just exporting the environment variables that i need and uh this is just the one this is the real one is here right and in my app credentials i'm reading it from the environment and we're going to run our code so let's actually try and run this fingers crossed everyone so if i just do like a node github helloworld.js hopefully this is going to work and yeah we got an issue so i'm going to just go ahead and open this and this time let's do a nice side by side comparison right with the first the first issue which is here so this was um this is the issue i created with my personal access token which is pretty cool it's okay it's useful for some things this is the really cool issue that's open with my issue bot so i've got this issue bot here installed on my repo that can also interact with my repo and what's cool about this issue bar is that all of the things that were not cool about this approach well issue bot is pretty good at this stuff like issue bot has only access to issues in my repo and issue bot isn't consuming a seat on my github enterprise server and issue bot has a dedicated rest api rate limit and all the other things i said about github apps autonomy improved security model dedicated rate limits um issue bot hey steve really quick it was a great question from david carlson is there any way to make it easier for users to install an app when it's designed to run on in instance per org it's not essentially run instance so not a single web hook event for every single web hook endpoint for every org but is there an easier way to configure that um did you mind let me i need to kind of wrap my head around that question a bit better do you mind replaying that for me john i think the way it it's written is the idea of let's talk about stale bot something like that a different scale bot for every org that point you have to have a different web hook endpoint set up for every organization so is it maybe talking about having an app a different app for a kind of instance of github enterprise server for a different organization individual organization on github enterprise server so if i have like a single so let's go back let's go to the home page here so on this um in this instance right i have my uh i don't want to be on this page so i'm going to go somewhere else so here's my server right and i've got like my swinton account and my demo days and i could create another organization and i'll just call it foobar or whatever um and then i'll just say skip this step and let's go back so now i have two organizations and it's the question kind of how do i how do i easily and set up my app so it has access to all of these organizations so we've got uh swinton demo days and foobar and we just want to have a single github app that has access to all of this stuff independently i think yes so no no no no no let me let me rephrase that it's the opposite yeah so we're dealing with three orgs having three apps that are completely segregated siloed so to speak and yeah david to answer your question you would have to have three different installations of that on a you know website or somewhere three different web hooks right that would listen so so we're going to unpack this actually that's a great question so this is the model for github apps and assume that this is all living in a box which is your github enterprise server instance so on that instance you've got a single github app and in this case we have two installations of the app uh the first one is id123456 which is living on this uh battenberg org and the other one is this id 456789 which is living on this other org right so they are kind of independent installations so they're completely siloed from each other um but the cool thing is is that they all kind of point back to the same github app so as we'll see in a second all the permissions are shared kind of the the web hook handler is shared it's kind of shared at this level uh but when you grab a token which is down here so when this installation id has a this token it can only access what has been granted within that org so to access the other stuff you just have to have a different token so hopefully that answers that question um if not let's come let's come back to it and maybe try and clarify in a bit a bit more but i'm i'm hoping that the rest of this is going to get us um through uh to kind of build that that mental model um so yeah we saw the we saw this uh issue uh hello world issue 2 created by our github app um i know the lab will take about half an hour so i'm going to jump into the lab now which is uh here so um i'm gonna clean up some tabs quickly because it's getting a bit busy up here yeah i should be fine so um in this lab let's um let's create a github app and before we create this github app so let's go back we'll um uh kind of what should we do right um what should our new github app do that we're about to create and code so there are lots of things that we could do here and if we want some inspiration we could go look at the github marketplace at all of these apps that other people have created we can look at this probot page for inspiration of what you can do but for our github app today we're just going to say that this will be a simple bot that will listen for pull requests and if the title of the pull request include the robot emoji then the bot is just going to automatically approve the pull request so this particular bot really likes pull requests that mention bots um it's a bit of like an inception thing i guess uh so let's give this a go and actually they're working outside apologies actually the first thing we need to do is go figure out from the docs what apis we need so um there is this amazing website which is the documentation website for github.com and github enterprise server and we need to look at the rest api docs and because our bot is going to be interacting with pull requests so it's going to approve a pull request if it includes the bot emoji then let's go check out the put the pulls section over here and i think i believe this is what we want create a review for a pull request and this is the documentation so we get we need to hit this end point so previously we were hitting the issues endpoint in this case we're going to hit the polls kind of route with details of the the repo so the organization that it lives in and the name of the repo so demo day spoon knife the pull request number the reviews uh kind of path and there are a number of other things like we'll need to send in the commit id um the body which uh of our kind of review and then what's called the event so what what kind of action are we performing with our review of the pull request are we approving it are we requesting changes or are we commenting so i imagine that this spot if it sees a pull request that doesn't include the bot emoji it's going to request changes right and say i need a bottom emoji to approve this um so that's one aspect is the api and the other aspects that we need to go look at is other web hooks so again we can look at the documentation oh sorry i wanted to point out one more thing quick back back over here so it's not immediately obvious but while most of our rest apis are available for github apps um some of them are not so we can check that and it's kind of a little bit subtle in our documentation but when you're looking at the documentation for an api endpoint like this one if you scroll down through through like the description through the parameters through the code samples there's some notes at the end and if it works with github apps there'll be a no saying works with github apps so this one works with github apps so we're good to use it so let's um let's go and look at the developer docs and handily over here actually i should probably bump up the zoom on this as well always forget to do that um over here on this page there's a web hooks area and i believe we go to the we can go to the events and get of events type and we should see a pull request event now this is the wrong one this is the one i want web hooks and web book events and payloads there's a difference between events and web hooks events are kind of the same data but available over a rest api web hooks are the payloads that you actually uh are sent to you so let's go look at the pull request event so we'll our bot will listen for pull requests it will receive an event that kind of looks like this so we'll be able to consume this we'll get the number um we'll get the title because we need to validate the title we'll get the um the repo where that pull request lives further down maybe it's in this i know it's in this payload uh there is repositories we'll get the name and we'll get the full name and the owner so we this gives us all of the um all of the data that we need to build our application so let's actually go ahead and build this um and i am going to to do this i'm going to actually navigate to my github demo days or i'm going to jump into the settings here so previously we created my personal access token on my personal account uh so we did it over here under swinton but this time for the github app i'm going to create it under an org and in most cases i actually recommend doing it this way because you can then share the adverse administration or kind of the upkeep or um uh kind of the uh the monitoring of your github app you can share that amongst the team so i'm to jump to my org settings page here i really hope my power stays on when they're out there drilling just occurred to me i really do apologize if we have a power car over here fingers crossed so okay here we are now on this page get up demo days uh in my in my settings github apps and check that out there's our issue bot friend that we saw earlier and that's me i'm i can i can i'm an organization owner over here so i'm gonna jump in here and i'm going to create a new github app and because i'm feeling very imaginative today i'm going to call my github app pull request spot and i'm going to um copy some details from over here so not this is a really long form right and there's a way that you can post data to um this page so that you can like trim down what the what you actually see here but it's a little bit out of scope for for what we're doing today so we don't need to fill out this whole thing we just need to fill out the the required parts i'm going to give my um bot a home page i'm just going to say my bot lives are example.com pr uh there we go that's my boss home page uh i'm not gonna do any of this identifying and authorizing uh users i'm gonna leave that empty uh i'm not doing any post installation stuff so i'm gonna leave that empty i am gonna do web hooks so i'm going to paste in my web hook url i'm going to use ngrok here so ngrok is a really fancy service that will allow me to tunnel webhook events from the internet to my local machine so i can handle them and develop locally it's really really useful um and then i'm going to put in a webhook secret and i don't mind telling you all this but my web hook secret here is going to be development d-e-v-e-l-o-p-n-e-n-t um and enable ssl verification yeah that's okay so repository permissions uh i need to be able to write to pull requests because we're gonna review a pull request so i'm gonna request read and write access to pull requests and we can we can skip a lot of this don't need any organization permissions don't need any user permissions do need to subscribe to events so i'm going to subscribe to the pull request event so this will tell us when a pull request is open closed and so on and where can this app be installed i'm going to say it can be installed on any account so let's go ahead and create our app don't need to save my password go away one password don't need you right now thank you and i do get this message saying you need to generate a private key so remember when we uh authenticated the app we had a private key so i'm going to just download that so that's generating we'll come back to that in a second i also quite like to give my bots a logo so i should have a logo over here somewhere under pictures and bots and bots zero zero one so i'm going to give my bot a nice logo that looks great and i can set a background color if i want but i like the way that's looking and now let's go ahead and install the app and remind me john to keep this to keep this page open actually so let's do okay i'll keep this page open and let's install the app separately over here uh and i'm gonna say uh i'm gonna install the app on my demo days.org and i'm just going you can say like actually you can only have access to spoon knife but i'm going to say all repositories and there's only one repositories doesn't really make a difference but if there are future repositories then mobile will get access to that repository as well so that's pretty useful often um so i'm going to install my bot there and this is why i stayed on this page because now i see john you've jumped on the camera it's nice to see you so under here so i'm back here on the github app page and if i jump down to advanced you can see recent deliveries of webhook events which is very useful and we get this webhook event down here which i think is going to be a ping yeah we got a ping event uh which was sent to my ngrok tunnel and we got a 404 response but because my tunnel isn't running yet so we're gonna go do that next um so i'm gonna keep that page open um and i'm actually gonna go over to this repo here which this is a public repo and i'm going to throw that in the chat john uh if you want to share that as well uh as i said i've been getting cute as i said i've been messing around with some go laying recently it's pretty it's pretty fancy um it's pretty clever stuff and i've got this template uh repo for github apps that's written in golang and it's using a framework which is based on if anyone is familiar with the pro bot framework for node it's kind of inspired by that framework um but we're not going to get into that we're just going to use the template and i'm going to get on with it so let's go ahead and use this template so i'm going to hit the green button and we should get a copy of this repo so i can start coding so we're going to call it pull request bot and i'm going to make this private so i'm a little bit shy and it might not be very good um so let's create my repository pull request box this may take a few seconds please bear with us now let's have a little drink there we go that wasn't too bad so now i've got my pull request spot which is not the same as the template we're just looking at it's a copy of the template i'm going to go ahead and clone this locally so i'm going to copy my snippet here and hopefully hyper doesn't crash again right so let's just do a get clone of pull request bot and let's see the interpol request box and let's open that in my editor can't believe hyper crashed um okay so here is here's the copy of the code and the nice thing is is that the author of this template gave us some nice instructions on how to get going here so um we need to generate a repo from this template which we just did that then we need to configure our local environment and we need to provide uh values for these environment variables which are listed in nvrc.example so i'm going to open that up and if you're not familiar with this.nvrc format let me tell you i'm a fan so if i create this.nvrc file here what this means is that whenever i change directory into this directory this nvrc file will kind of execute and automatically populate the environment with the environment variables i need but only while i'm in that directory so it's extremely useful when you're jumping in between like different environments or you know different github apps all day long which i often do um nvrc is a great kind of way to do that and it's dirn.net is the is the thing so we need to anyway fill in these details um so we need a github base url we need to get about id we need a private keypad we need our web secret which as i mentioned before was is development so that's all good and we downloaded so we downloaded that certificate if you remember so that should be waiting here in my in my downs this is a nice thing about d-i-r-n uh you have to explicitly kind of say yeah that's good so um okay so here is there's my private key i'm just going to move that private key down oops down tab i have a folder called search i'm going to move it into my search folder cd search oops see search present working directory so my uh my github priva this one right uh if i do an ls mines ltr we'll get that token we'll get that uh secret i mean and i gotta go back to my um my uh pull request spot which is there so we have now this uh this certificate my github app id i think that's going to be two that's going to be my beta but it's going to be github app id 2. um so it's available if you in case you don't know it's going to be available here in general look at that that was right let's get our app id2 so i'm going to copy that and then i need my github base url which is going to take which is going to be in this form but i need to change the kind of host name so i'm just going to copy that from up here and then this thing should be almost configured we can run it and then we can write some code and i've got 15 minutes left so i'm going to allow this and um okay that's that's looking good so i uh d-i-r-n just exported those environment variables so that i can use them and let's go back to the readme so i can see what i have to do next so over here in the let's close this down let me read that now okay in the read me so we're gonna we're gonna run the app now right so there's this other tool which is pretty handy called reflex which will just when you run it it will just look for any changes to files that you can specify and when any of those files change or reload um kind of the command that you pass it so in my case i'm just going to ask it to re-run or reload this go run main.go command so let's get that going over here and actually i'm gonna i'm gonna do it in this window in this uh tab so pull request bar and then let's run reflex so reflex is gonna start our app so it's got a nice message saying it's loaded github app id2 and it's listening now localhost and this is where we need our ngrok command as well to just expose that to the interwebs um so i have this again in my readme so you can i can um do ngrok http 8000 but i've also got this configuration file which you can read about here which allows me to just run ngrok start main instead so let's do that and now we are online and that web hook uh payload should should now work and the nice thing as well about ncroc is you get this pretty cool web interface so you can see um you can see the the web hooks kind of come in and you can see the responses and you can replay them it's all pretty pretty useful so right now it hasn't done anything so i've got my ngrok here let me just rearrange something so i get a bit more organized i've got my angr uh which is um hasn't received anything yet i've got my github app uh let's go let's go and create a pull request what do you say and see if uh if this app will do anything for us so over here in my spoon knife repo where the um app is installed i'm going to go ahead and open a pull request quick so i'm going to say create new file i'm just going to say apps are nice dot md and i'm going to say we like apps and i'm going to say robot um i'm going to also say unicorn yeah that'll do i'm going to create a new branch and i'm going to propose this change i'm going to create the pull request so this should have generated an event um and so if i go back to my advanced tab here um we got a new web hook and it posted this time a pull request event with the action open but again we got a 400 previously previously we got a 404 now we've got a 400 this is expected because the framework is telling us that there isn't a handler here yet to to handle this event if i go into the ngrok inspector we've got the same thing here which is pretty nice so the next thing we need to do is actually create our handler so that we can respond to this pull request that's been opened so we're going to jump back and we're going to edit this main.go and the way you register handlers is via this main function on this kind of pro probot package that's imported from here you can just say hey probot handle event whatever the event is with this function and when that event comes in your function will get called and you can handle it and if something goes wrong you can just return an error and everything will be will be wonderful so we need another one of these because this one handles issues we need to handle pull requests so this is where i type code and this is where it all starts to go potentially messy because i don't really enjoy live coding all that much from honest with you a little bit can be a little bit stressful so the function needs to be written in a very specific way because this is go lang and golang likes kind of static types which is fair enough quite honestly i could see the benefit um so our pro bot handle event it's gonna uh listen for a pull request and then this event is gonna run this function sorry it's gonna run and we'll get past this context which has some pretty useful stuff on it um we it's got our app it's got the incoming payload which is the um the webhook event that we're handling and it's got this github client and the github client will be already kind of associated with the um with the installation so we can just like call the api we don't have to worry about creating a token or anything like that show and the other thing is because we know it's a pull request event we can go ahead and get the actual kind of concrete um concrete class uh sorry interface that we know actually is so we can say context.payload and we can say um this is not so up here it was an issues event because we're handling issues and down here it's going to be a pool i believe it's a pull request event this is going to be one of those um and let's just uh do something else um now now we've got this event which is a pull request event we can actually get the um pull request from it so we can say the pr is going to be uh event dot get get pull request right like so and just for funsies let's go ahead and log out log how am i doing on time blog.printf um let's say that we got the pr title uh percent s and we're going to say here's our pr title pr.title and we're going to say return so we have to return something um and because we haven't handled we haven't uh encountered an error i can just return nil for the for this error up here so this is kind of the wonderful world of go lane we're living in now um so i think this will make sense i'm gonna save that and as i said the wonderful thing if i jump over here it just automatically reloads so i'm going to actually move some windows around to make this a little bit easier we'll get rid of this okay so this is this reloaded previously we got a or four hundred bad requests and if i jump back over to here and couple things let's pump up the zoom and replay this now we got a 200 okay um and we go all the way down to the bottom of the page oh wow that's a long way we get we just received that return this response saying yeah we received that message received we didn't do anything um and what we want to do is we want to approve or request changes on the pull request remember all the way over here right if the title includes the robot emoji then we're going to say that's a good pull request otherwise we're going to say no we want we want some changes on this thing so let's go ahead and do that back in back in the handler oh this is getting confusing isn't it too many too many things are open this that's that's what i want so back in my hand we're going to say um okay does the title include a robot emoji or doesn't it so um actually before we do that let's um let's look at the documentation for the uh and on the github api client that we're using this create review method just quickly review this so this is what we're going to call to create our review on the pull request we need to pass in the owner repo the number of the pull request and this pull request kind of object um and then we get some stuff back so the first thing we're going to do is actually create this new pull request pull request review they call it a pull request review request which i find a little bit confusing um but we're going to run with it so let's just say that we have a new review which is our review of the pull request and it's going to be equal to the github pull request review request pull request review request there it is um and it needs to have a commit id so that which is really just a commit sha which is available from our pull request that we'll just send it in the head pr dot head the head we'll just send in the head sharp from our pull request the most recent commit to the pull request pull requests our review will be attached to this commit sharp okay so uh my linter is yelling at me because i'm not doing anything with new review yet so we better do something with it so let's say if um if the title includes the robot so the way we do that in golang is something like if strings dot contains and we say the string is going to be the pull request title if it contains uh this string which is going to be snip my robot that guy if it contains this then we're happy right so we can say new review dot event um equals did i type that right i prefer it when it auto completes to be honest event equals uh github.string and we're going to say approve approve that pull request and we're gonna pass in a body which will just be a little message from the bot so body is gonna be um we'll just say looks good to me and let's send in a nice rocket emoji isn't that lovely uh and if this is not true this is not the case on our robot is not happy so let's say blue review uh dot event equals github dot string and we're gonna say request changes in a stern voice request changes and the body is going to say hey needs more robot boom um and okay so we all we've done so far we haven't actually created this yet right uh we've just got this object locally so we just send that to github and i said that this context object um has an or a kind of a hydrated github api client already attached to it so we can just plug into that by saying ctx which is the context that's given to us uh there's a github dot uh oops.pull.pull requests create review and we have to pass in this context so i'm just going to say context.background i believe that's like if you want to like time out the request if it's taking too long you can do that i'm just going to pass in this default background we're not going to do anything like that so we need to pass in the the owner which is repo owner dot login oops login and the other one i feel like we're not going to have time to get the um get your keyboard out john for you to do a little song for everyone apologize that's okay with me maybe you could record something for us yeah synthesizer guitar drums whatever hey i shouldn't be talking to you this is the crucial time will you stop interrupting me goodness me um trying to try to code this thing over here i'm just joking um so hopefully i've probably messed this up because i decided to um be clever so we need to pass in this background the login the name the pull request number and our review is shouting at me which honestly that always makes me a bit nervous oh and this is going to return some things that we might want to um catch so let's catch those things it's going to return our review the response and the error so i'll just say i'll say review let's ignore the response we'll just say error or rather equals those things oops and then we'll say um if if and now my dog is barking so i don't know if you can it's chaos here today and telling you i don't know if you can hear my dog barking over there she's probably barking at those construction workers these are not the ideal circumstances to be um live coding under i guess i gotta say so let's print f uh a new review created and let's say percent we'll just we'll just log out that review if this works honestly it's going to be a miracle it's just too much all right so i coded that miraculously and i'm going to save it and hopefully this compiles and undefined reap oh yeah i got to get the repo right um where do i get that i think i can get that off of the event so say repo there's the event.getrepo or something yeah it says let's try that again starting service fingers crossed there it is it's loaded um so i'm gonna jump back over to my what wherever it is um oops how do i do this over to my pull request actually no sorry over to here i'm just going to replay i mean i could create a new pull request right and do it from the beginning to end i'm just going to replay it and we've got 200 okay if i go back to my pull request and my my robot has noticed that there is no bot emoji and my robot is not happy and says needs more robots so let's go ahead and change the title and let's say robot and let's do that and now my robot has kindly approved the pull request for us so what a good robot um so so long as uh all of your pull requests have the robot emoji in the title then this robot this particular app is going to be pretty happy um so okay that was like a pretty whirlwind end-to-end um demo uh we managed to do it we created this github app it listens for new call requests and it approves it if we have a a robot emoji in it just by way of review so github apps are kind of this this great way for third parties to like autonomously access protected github resources and manipulate them and they're also used by github with um they're like a first-class uh platform primitive internally for us to build our our own products and some of my favorite uh github apps are kind of dependable which helps you keep your dependencies updated in in your repos um and also github actions is also a github app and if you were wondering uh well couldn't i have done all of this this code that we just uh painstakingly wrote and we're hosting and have like a web hook listener and one of those things couldn't it just be a github action well i mean actually in this case it could and on our public docs here that public docs here there's a this handy page that compares github actions to github apps interestingly um there there is some overlap and github actions kind of is a github app when you look at the token that you get this isn't this is an app token and so long as you are happy with the permissions on that token and you're happy that the web hook events that are supported through actions are the ones that you want and you can run your code fully on on github's um servers then you could absolutely write a github app which is really just a github action and we would host it and and run it for you and that's for a topic for another demo day and i don't say someone has already actually done this uh but there's more on creating actions here and if that if this is too uh limited for you like we don't have you don't have the right web book events or um the permission you need more permissions than this or um you you need to run you need to run or handle the compute yourself because you need the architecture or you need um the data that you're hosting then github apps would be the right way to go so i really hope that that was helpful i know that was a lot in an hour and thanks for bearing with me i will just say that there is this github apps cheat sheet available at this url and i'll just copy the link and maybe drop it in there so yeah that i think is is everything for today i am swinton on github and my email is swinton.github.com so if there are any questions concerns or comments then feel free to hit me up there and john is there any are there any like questions that we should quickly chat about before we hang up here no i think we're good uh we definitely covered a lot today and so lots of things and if you want steve you can always jump into the chat even after you go offline there cool yeah that's a great idea all right cool well i will stop sharing and i do hope this was helpful uh the gist is public uh there's the resources are public uh the probot uh template uh is public the uh pro bot go lane uh framework is public um so yeah i i hope that this has been helpful and thanks so much for tuning in um i believe that we have another one next friday if you'd like to join us again and i will hang out in the twitch chat just to see if there's any any questions i can answer there so i'm going to stop the share now thanks so much everyone awesome steve thank you

Info

Channel: GitHub

Views: 26,763

Rating: undefined out of 5

Keywords: git, github, github universe, github universe 2019, collaboration, programming, version control, open source, software development, octocat, innersource, enterprise software

Id: iaBEWB1As0k

Channel Id: undefined

Length: 60min 13sec (3613 seconds)

Published: Wed Sep 30 2020