Connecting CodeSee to your GitHub Enterprise Server Instance

📘

Support for GitHub Enterprise Server is an Enterprise-only feature

CodeSee supports integration and code analysis on a GitHub Enterprise Server. Setting this up requires a few easy steps, which this document will walk you through:

  1. Securely connecting CodeSee to a GitHub App on your instance.
  2. Preparing your instance to run the CodeSee GitHub Action.

Securely connecting CodeSee to a GitHub App on your instance

This can be set up in just a couple minutes by filling out the appropriate form on app.codesee.io! That form will walk you through:

  1. Sharing the url for your GitHub Enterprise instance.
  2. Creating the CodeSee GitHub App on your instance.
  3. Sharing GitHub App credentials with CodeSee.

1. Navigate to the form

To get started, you'll need to be logged in as an admin or owner of an Enterprise CodeSee workspace.

📘

CodeSee workspaces can either be connected to github.com or a GitHub Enterprise Server instance, but not both.

You'll need to start with an empty workspace to enable GitHub Enterprise Server

  1. Go to your workspace settings
  2. In the left margin, click "GitHub Enterprise Server"
  3. Click the button "Convert to GitHub Enterprise Server"

2. Enter your GHES instance location and org

  • Enter "Location": the url to your GHES instance
  • Enter your "GitHub Org": the name of the primary GitHub org. This is where we will install the CodeSee GitHub App.
  • Click "Next"

📘

The CodeSee GitHub App securely connects your GHES instance and CodeSee

GitHub Apps authorize specific access between CodeSee and the specific GitHub organizations and repos that you select (in a later step). For more information on exactly which access CodeSee requests and why, please see our security page.

3. Create the CodeSee GitHub App

  • Click "Create CodeSee GitHub App" and a new browser tab will open on your GHES instance.
  • You must uncheck the "Expire user authorization tokens" checkbox. This settings cannot be changed once the GitHub App has been created.
  • Click the "Create GitHub App" button at the bottom of the page and keep this browser tab open!
  • Return to the browser tab with CodeSee.

4. Share the GitHub App credentials

The data for each of these fields can be found on the GitHub App tab you opened in the previous step after you click "Create GitHub App:

  • App ID: Visible near the top of the page
  • Client ID: Visible near the top of the page
  • Client Secret: Generate a new client secret, then paste that value in the form
  • Private Key: Generate a new private key, download the file, then copy its contents into the form
  • Webhook secret: You must enter the same value into this field and the matching field on the GitHub App! You can enter any value you like, or click the "refresh" icon next to the field to have CodeSee generate a secure string, then copy-paste that value for the GitHub App:
The webhook field on the GitHub App page

The webhook field on the GitHub App page

Submit the form, and you should see some ✅ verifying things are looking good!

Configuring your GitHub Enterprise Server to run the CodeSee GitHub Action

CodeSee runs its code analysis securely on your instance by using its GitHub Action. You can learn more about GitHub Action on GHES instances here.

The action requires the following repos:

  • Codesee-io/codesee-action@v2
  • actions/checkout@v3
  • actions/setup-node@v3 (node support)
  • actions/setup-java@v3 (java support)
  • actions/setup-python@v4 (python support)
  • actions/setup-dotnet@v3 (.NET support)
  • dtolnay/rust-toolchain@stable (rust support)

There are three ways to configure your GHES instance to run CodeSee's action:

  • Option 1: If you have GitHub Connect, configure it to allow for CodeSee's action
  • Option 2: If your process is to sync actions to identical organization names on your GHES instance, then all you need to do is sync the above actions normally.
    (e.g. github.com/Codesee-io/codesee-action -> <your instance>/Codesee-io/codesee-action)
  • Option 3: If your process is to sync all actions to a single organization, then follow the additional steps below:
    (e.g. github.com/Codesee-io/codesee-action -> <your instance>/synced-actions/codesee-action)

If Option 3: Final steps after sync'ing action repos to your instance

If you have sync'ed all the actions to your instance in a single organization (e.g. synced-actions), you will need to fixup the rust toolchain reference. Unfortunately, GitHub does not have good support for the Rust toolchain in their own actions.

The problem code is lines 53-56 in the action.yml file in the codesee-action repo:

53    # We need the rust toolchain because it uses rustc and cargo to inspect the package
54    - name: Configure Rust 1.x stable
55      uses: dtolnay/rust-toolchain@stable
56      if: ${{ fromJSON(steps.detect-languages.outputs.languages).rust }}

Two options:

  • Option 1: If you want to support Rust, change line 55 to reference the correct location of the rust-toolchain repo on your GHES instance. For example synced-repos/rust-toolchain
  • Option 2: If you have no need for Rust language analysis, you can delete these lines of code. If you choose this option, you also do not need to sync the rust-toolchain repo.