Setting up the Git Repository

To use a Git provider, every user has to define an access token for the Git. All supported Git providers provide the possibility to create these personalized access tokens. Each user can only specify one token per provider. This token will be from then on used for every interaction with the remote Git and also to restrict the capabilities of the user to the permissions that are set in the remote Git repository.

If microservices should be stored at different places, an admin user can define multiple Git endpoints. While creating a microservice, the creator could define, where the microservice should be stored. Also, a specific group could be specified while creation. These groups are usually used to restrict permissions on certain microservices for dedicated users.

In order to create and manage Git providers you must have admin privileges. To access the Admin Settings page use the Settings capability on the top right of the page. There you will get an overview of the already existing Git providers and their master data.

To create a new Git provider use the Create capability.

The master data of a Git provider consists of:

• Alias: Used to specify a Git provider under the given alias name (required)
• Type: The Git provider platform. There are three options: GitHub Enterprise, GitLab and Bitbucket Server ( required)
• Base URL: The URL to the Git provider. This value must be unique (required)
• Label: Short description of the Git provider (optional)
• Read-only Git provider: Used to mark the Git provider as read-only. Read-only Git providers can not be used to create new projects. Projects can not be exported to asset catalogs using read-only Git providers.

Admin users can edit the Git provider for any record in the application within the Admin settings. Here, the label can be edited and if the Git provider is read-only or not.

To delete a Git provider use the header or inline Delete capability. After confirming the action, the Git provider and all tokens related to it will be permanently deleted.

Repository or group administrators on the remote Git are responsible to grant access permissions on the repositories for the actual users.

GitLab:

• To create new microservices: at least developer permissions on the group must be granted.
• To edit the microservice content: at least developer permission (on the group or the repository) must be granted.
• To view the microservice: at least guest or reporter permission (on the group or the repository) must be granted.
• To delete a microservice: at least owner permission on the group must be granted.

Bitbucket Server:

• To create new microservices: administrator permission on project must be granted.
• To edit the microservice content: at least write permission (on the project or the repository) must be granted.
• To view the microservice: at least read permission (on the project or the repository) must be granted.
• To delete a microservice: administrator permission on project or repository must be granted.

GitHub Enterprise:

• To create new microservices: The authenticated user must be at least a member of the GitHub organization.
• To edit the microservice content: at least write permission in the GitHub organization must be granted.
• To view the microservice: at least read permission in the GitHub organization must be granted.
• To delete a microservice: admin access on the organization must be granted.

Usually, one could explicitly define the basic permissions for the token while creating the token in the remote Git provider.

Minimum permissions that need to be granted for the token:

GitLab:

• Select scope api
• Select scope read_repository
• Select scope write_repository (for GitLab version 11.11 or higher)

Bitbucket Server:

• Select permission "Read" for basic read access
• Select permission "Write" to allow create, delete and edit capabilities, as well as committing to the repository
• Select permission "Administrator" to allow create, import and delete microservices

GitHub Enterprise:

• Select permission "public_repo" to access public repositories.
• Select permission "write_org" to read and write organization and team membership, read and write organization projects.
• Select permission "repo_status" to access commit status in a repository.
• Select "delete_repo" to be able to delete organization repositories.
• Select "admin_org" to get full access of organization and teams, read and write organization projects.

Each user can have only one token for each Git provider for which he has rights. To create a new token use the header capability Create in the Git tokens tab on the User Settings page.

A Git token is defined using the following master data:

• Token name: Name of the token. (required, unique for each user)
• Git provider: List of all Git providers for which the current user has access permission. The Git providers are represented with their assigned alias that was provided by the admin user (required)
• Git access token: The actual Git token (required)
• Git username: The username as defined in the Git provider (required)

To verify a Git token use the inline or header Verify capability. You will get either a "Success" or an "Error" notification displayed.

To delete a Git token use the inline or header Delete capability. After you confirm the action the Git token will be permanently deleted.

In order to update a Git token use the inline or header Edit capability. This action only allows a change of the access token itself. If your username has changed delete the previous Git token and create a new Git token for the same Git provider. After saving the changes, all Pipeline Configurations using your personal credentials will also be updated.