Dockstore Github Integration

Hello,

We are wondering if someone could help troubleshoot Dockstore integration with our org’s GitHub. I was using my personal GitHub account while developing and then I recently moved the source code to our organization. (Imaging Data Commons · GitHub). By default, I have read access to all repos in our org and admin access to this repo. (GitHub - ImagingDataCommons/Cloud-Resources-Workflows) where the WDL and CWL files reside. We tried linking Dockstore to just my repo and are unable to do so and get this error as seen in the screenshot attached.

Could we know if/why Dockstore needs to read private repos when I’m trying to link to just my repo which is public? Due to the security policies of our organization, it is not acceptable to provide Dockstore access to private data, or rights to modify its public data to Dockstore, and we do not see why it would be necessary to enable integration.

Could we know what we could do to get around this issue?

Thank you very much,

Vamsi

Hi,

I think what is occurring here is that the message, while technically true is incomplete.

The actual permissions we request for the OAuth Dockstore app are listed just above in your screenshot, we need to ability to read your org membership to see what organizations you belong to so you can manage them in “My workflows” and we access email addresses but both permissions are read-only.

Your organization administrator just needs to allow for read-only app access to public data and that should be sufficient, we do not need read access to private repos (but obviously, as a result we cannot publish from them) and we do not need to modify (since both permissions above are read-only).

There’s a bit of a tutorial on how to access these controls at Approving OAuth apps for your organization - GitHub Docs
Afterwards you should be able to request access from your administrator

1 Like

@dyuen thank you for the response! I am one of the admins for the org in question. I followed the instructions you referenced, and following those steps it seems clear that “Grant access” button will “give this application the ability to request access to private data”. I do not see any option that would allow me to choose to grant read-only app access to public data, as you suggested. What am I missing?

Hi,

Bit of a possibly silly question. Is it possible that the app is already working for public repos?

i.e. the button message indeed seems to say that the button would grant access to private data
Our permissions as listed above only refer to public data (and are the scopes that we expect).
Is it possible that the public repos are already registered (or are available to be registered) and the fact that you have the option of providing private data is just informational?

Or alternatively, what do you two see when you try to register through the wizard and install the github app on a public repo in the org?

As an example, when I try to install the app on an organization that I have access to with a mix of public and private repos. I can request that the app be installed on the org as a whole (and also notes it will only look at public repos), or just specify individual public repos. Do you have the option of the latter?

Yes, we do have an option to do that, and this is exactly what we did, and the authorized repo is listed. That’s where we started before writing the first post in this thread!

Thanks, it was unclear to me that the install was actually successful as in your last screenshot.

In the screenshot it looks like the app was successfully installed on Cloud-Resources-Workflows 5 days ago. But I see that the last change on GitHub - ImagingDataCommons/Cloud-Resources-Workflows was made on the 12th, 7 days ago. ( Merge pull request #3 from vkt1414/main · ImagingDataCommons/Cloud-Resources-Workflows@a48f38a · GitHub )

Could you try making another commit to the repo now (for example, updating a readme) that the app has been installed and seeing if it shows up in the github app logs? I’m wondering whether the change on the 12th was not sent to Dockstore since the app was installed after that change.

https://docs.dockstore.org/en/stable/getting-started/github-apps/github-apps-troubleshooting-tips.html#how-do-i-view-the-github-app-logs

1 Like

@dyuen That’s it. Updating the repo, worked! I can now see them on my Dockstore account. Thank you so much for your help!

2 Likes