ACCESSING YOUR SOURCE CODE
Last updated
Last updated
iCR for Python is designed to work with source code managed by industry leading Version-Control Systems (VCS). In this release, iCR supports GitHub, GitLab and Bitbucket. iCR also allows you to copy or upload a project source tree to your private platform and analyze it that way if your source code is managed using some other system. Assuming that you are using a cloud-based VCS, you need to permit iCR for Python to access your projects. Once you are logged into your source code control system, iCR will connect to your repositories and analyze the specific project branches that you choose. In order to do this securely, and to ensure that OpenRefactory NEVER has access to your Users’ login credentials, we employ the industry standard protocol: OAuth . From Wikipedia: “OAuth is an open standard for access delegation, commonly used as a way for Internet users to grant websites or applications access to their information on other websites but without giving them the passwords.” To allow iCR to use OAuth, you must authorize it with your VCS. For these examples, we will be using GitHub.
Similar steps are available for GitLab (see Appendix B for details) and Bitbucket (see Appendix C for details).
To register a new OAuth app in GitHub, login into GitHub and traverse to “Settings”
Then, select “Developer settings”
From here, click on “OAuth Apps”. This will open the page allowing you to add iCR for Python to the set of approved third parties from which you will accept login redirect requests.
Clicking will open the window shown to the right. You can enter a helpful string, such as “iCR-for-Python” for the Application name. The Homepage URL will need to use the IP address of your host system. For the purposes of this guide, we will use an example IP address, http://3.237.77.219
iCR uses port 3002 to communicate with the browser, so that needs to be added to the IP address to create the Homepage URL. Using the sample IP address, you would enter: http://3.237.77.219:3002
The application description is optional so you can leave it blank. Note that this information will not necessarily be seen by anyone logging into GitHub. Once the OAuth app is created, Users will log in to GitHub using their private credentials and will not see this information. The Authorization callback needs to provide the server’s URL of the callback, so, enter: http://3.237.77.219:3002/login/github/return
Clicking on “Register Application” opens a window that asks you to create the secret keys that you will use on your server to authenticate it with GitHub.
You will need both the client ID (d0263baf689029e051e8) and the client secret (2b61ff5c94c97bef935a91396c4fd0d750229dd6). Copy and paste these values in a convenient place as you will need to present them to the Navigator when you first select GitHub as your preferred repository, as described in Section 4.5 Selecting Your Source Code.
A similar process is used to allow access for GitLab and Bitbucket. Details of that are given in Appendix B and Appendix C respectively.
