incubator-devlake icon indicating copy to clipboard operation
incubator-devlake copied to clipboard
verified publisher icon apache

[Refactor][GitHub] Switch to GraphQL only use

Open kostas-petrakis opened this issue 11 months ago • 4 comments

What and why to refactor

The current implementation of the GitHub connector in Apache Devlake includes an option to use the GraphQL API. However, it is recommended to remove this option and exclusively use the GraphQL API for GitHub repositories. The GraphQL API is more performant and helps reduce the effects of rate limits.

Describe the solution you'd like

  • Enable GraphQL by default for the GitHub connector
  • Update the documentation to reflect the use of the GraphQL API.

Related issues

https://github.com/apache/incubator-devlake/issues/8339

kostas-petrakis avatar Apr 17 '25 06:04 kostas-petrakis

I understand that this option is removed from the UI (it was confusing as it is referenced in the documentation at https://devlake.apache.org/docs/Configuration/GitHub/).

My question/concern is how will this impact fine-grained tokens. I couldn't get those tokens to work in a recent version. I don't want to create a classic token because it will then expose all my personal repositories too (or I would have to add a special user to my enterprise). GitHub Apps didn't work (see #8394). It seems my only option is to wait for a fix for GitHub Apps but I also want to confirm if fine-grained tokens are no longer supported.

Thank you!

hussainweb avatar Apr 24 '25 17:04 hussainweb

@hussainweb thanks for the input, question, did you test the fine grained token against private repos of an org? And did you configure according to the following guide? I will try to test with a local image, in order to see if there are any issues with fine grained tokens as well.

kostas-petrakis avatar Apr 28 '25 11:04 kostas-petrakis

Thanks, @kostas-petrakis!

I meant to test the fine-grained token against private repos of an org but it didn't work at the time. Yes, I followed the guide you linked to. Resource owner was set to the org I wanted to target. For repository access, I selected all repositories.

Further, I followed the DevLake guide here to set the permissions. It lists 6 permissions but it didn't work. I'll quickly give a few details but maybe this is a different issue. In this issue, I only wanted to know if fine-grained tokens are still supported because the documentation for fine-grained access tokens says this (same link):

Note: this token doesn't support GraphQL APIs. You have to disable Use GraphQL APIs on the connection page if you want to use it.

So, if DevLake is going to be GraphQL only, then will fine-grained token still work?

Continuing with my problem:

As I said, I gave it 6 permissions mentioned in the documentation and clicked "Test Connection". It would give me this error:

Please check the field(s) repo:status, repo_deployment, read:user, read:org.

These are permissions on a PAT, not fine-grained tokens.

I clicked "Save Connection" anyway. On the "Add Data Scope" page, I could see only my GitHub user name and public repos, not the org I mentioned in the "Resource owner".

Workaround:

@zeshanziya pointed me to permissions listed under GitHub Apps. I gave all those permissions to the fine-grained token (except "Checks" because that's not present for tokens). Now, I can see the org and private repos of that org in the "Add Data Scope" page. However, the "Test Connection" page still shows that warning.

So, I see a few issues that need to be fixed:

  • Test Connection gives an error for a valid fine-grained token.
  • Documentation for fine-grained tokens does not list all the required permissions.
  • The error message for "Test connection" button lists permissions only for a PAT, even though a fine-grained token was given.

I don't want to hijack this issue but I thought I should give these details for the question asked. I'm happy to create a new issue(s) if fine-grained tokens are still going to be supported.

Thanks!

hussainweb avatar Apr 28 '25 16:04 hussainweb

Regarding the support of fine-grained tokens, I think this is now supported by GitHub according to their blog I will try to test this locally first and let you know, thanks for the feedback!

kostas-petrakis avatar Apr 29 '25 06:04 kostas-petrakis

This issue has been automatically marked as stale because it has been inactive for 60 days. It will be closed in next 7 days if no further activity occurs.

github-actions[bot] avatar Jun 29 '25 00:06 github-actions[bot]

This issue has been closed because it has been inactive for a long time. You can reopen it if you encounter the similar problem in the future.

github-actions[bot] avatar Jul 07 '25 00:07 github-actions[bot]