The Concore Action Dev docs
Introduction
The current implementation uses Github REST API to push code to github by authenticating with github fine grained access token (refer https://github.blog/2022-10-18-introducing-fine-grained-personal-access-tokens-for-github/)
How it works
On triggering
contribute
action in fri server, it executes thecontribute.py
script- Let’s assume the paramters provided are:
Study Name - test study
Study Path - F:\example
Author Name - test user
It will create a new branch named
AuthorName_StudyName
i.e test_user_test_study in the bot repositoryconcore-bot/concore-studies
which references the default branch inControlCore-Project/concore-studies
Now creating Github blob (refer https://docs.github.com/en/rest/git/blobs ) for each file in the directory here
F:\\example
. After creating blobs , create a new Git tree (refer https://docs.github.com/en/rest/git/trees)After creating Github tree, change the refrence of the newly created branch to the that tree
Now the changes have been pushed to github, and for creating pull request the
pull_request.yml
workflow is runned which creates pull request to upstream repo using persoanl access token of upstream repo
Note: You need to store the personal access token of upstream repo as github secret in bot repo
Creating token for bot
This token is used to create branches and push studies to bot repo.After pushing studies to bot repo it dispatch pull_request.yml
workflow.
Open the ControlCore-Project account at github and navigate as follow:
settings > Developer settings > Personal access token > Fine-grained access token > Generate New token
Or
click https://github.com/settings/personal-access-tokens/new
Fill token name,description expiration time
Under the
Repository access
section selectOnly select repositories
to select the repository for which you want to provide the accessUnder the
Permissions
, provide the read-write permissions for Contents and Actions in theRepository permission
Click Generate token button
Then copy the generated token and hash it using this website in base64 encoding http://www.unit-conversion.info/texttools/base64/ . Note this hashing is important as Github automatically revoke any token present in the code.
Place the token in
contribute.py
script at https://github.com/ControlCore-Project/concore/blob/dev/contribute.py#L7
Note: This token has max life time of 1 year and needs to be updated after this duration
Creating token for workflow
This token is used to create pull request to upstream repo using bot account as author of pull request.
Open
concore-bot
account at GithubCreate a Personal access token of bot account at https://github.com/settings/tokens/new
Fill the details as shown below:
Click
Generate token
at bottom of the page , then Copy the token
Add this token as Github secret in bot repo at https://github.com/concore-bot/concore-studies/settings/secrets/actions/new with name
token
Click
Add secret
Note: This token can have unlimited life span so it is just one-time setup
Architecture
When
contribute
action is triggered it pushes local study toconcore-bot/concore-studies
repository
After pushing study to Github , it creates a pull reuqest for that study to the
ControlCore-Porject/concore-studies
repositoryUnitl the Pull reuqest is merged or closed this branch serves as staging area
Optional:- If you want to explore why we came up with this approach , please refer https://docs.google.com/document/d/1DdmPO51qOb9OQoiQ4RMH-3O80gxrGWJuHc9QV_AlW0U/edit?usp=sharing