To set up Banzai Cloud Pipeline to authenticate users using GitHub, you'll have to do the following:

  1. Create a personal access token on GitHub. It is advised to create this in the name of an impersonated user, since it will be used by Pipeline to scrape Spotguide metadata from GitHub.

    Take note of the generated GitHub access token as it will be needed (we will use it as ${PERSONAL_ACCESS_TOKEN}).

  2. Register an OAuth application on GitHub for the Pipeline.

    Take note of the generated GitHub OAuth Application's Client ID and Client Secret values as those will be needed (we will use them as ${GITHUB_CLIENT_ID} and ${GITHUB_CLIENT_SECRET}).

    GitHub Client ID

    Fill in Authorization callback URL with: https://${PIPELINE_HOST}/dex/callback

    GitHub Callback URL
  3. Extend the values.yaml file in the workspace of your Pipeline instance with the following values (please replace the variables with the previously noted values):

    dex:
      config:
        connectors:
          publicGithub:
            type: github
            id: github
            name: GitHub
            config:
              clientID: ${GITHUB_CLIENT_ID}
              clientSecret: ${GITHUB_CLIENT_SECRET}
              redirectURI: https://${PIPELINE_HOST}/dex/callback
              loadAllGroups: false
              orgs:
                - name: ${MY_GITHUB_ORGANIZATION}
    pipeline:
      configuration:
        github:
          token: ${PERSONAL_ACCESS_TOKEN}
    

4. Run the <cmd>banzai pipeline up</cmd> command to apply the changes.

## Troubleshooting

### I can't see my GitHub Organization on the Pipeline UI

This is a common issue, and there are two solutions for this:

* Press org sync on the UI

    <img src="org-sync.png" alt="UI Org Sync" width="500"/>

* Enable the application to access your new organization

    Please visit `https://github.com/settings/connections/applications/${GITHUB_CLIENT_ID}` and Press *Request* or *Grant* (based on your organization rights) to enable the GitHub application to see your newly registered organization.

    > Note: For [our online demo](../../quickstart/try) this is https://github.com/settings/connections/applications/a4e374bd7d0139fd953e
    > <img src="allow-github-app.png" alt="Allow GitHub Application" width="500"/>
    >
    > In the above example you can see that some GitHub orgs are already allowed to be used in the Pipeline (green mark), for some organizations where I'm just a guest with reduced rights, I can request access (*Request* button), and for some others I can grant access myself (*Grant* button).

    After granting access you can press the *Sync* button again on the Pipeline UI or Logout/Login again, to let the Pipeline pick up the organizations from the upstream provider.