Skip to content

CRAVEX GitHub workflow integration #362

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 4 commits into
base: main
Choose a base branch
from
Open

CRAVEX GitHub workflow integration #362

wants to merge 4 commits into from

Conversation

tdruez
Copy link
Contributor

@tdruez tdruez commented Jul 16, 2025

A few notes

  • This is a prototype, expect errors and missing pieces
  • The interaction goes one way only, pushing the data from DejaCode to GitHub (any changes on the GitHub side is not pushed to DejaCode)

Changes

  • Add a new issue_tracker_id field on the RequestTemplate model. It should be enough to provide the type and the location of the external tracker, for example: https://github.com/org/repo (platform = github, repo = org/repo)
  • Add a new model to support integrations: ExternalIssueLink to keep the link between a DejaCode Request and the external Issue on a tracker (GitHub, Jira, ...). This model is also used to provide links to the external issue in the DejaCode UI.
  • New DEJACODE_GITHUB_INTEGRATION_TOKEN setting to provide authentication credentials

How to use

  • Set the DEJACODE_GITHUB_INTEGRATION_TOKEN in your settings: provide a "Fine-Grained Token" that has read and write permissions on your GitHub repo.
  • Create a new RequestTemplate in your Dataspace and use your repo URL as the Issue Tracker ID, e.g.: https://github.com/org/repo_name
  • From now on, any new DejaCode Request using this template will be pushed to GitHub provided repo. Edits such as field updates and closing the Request are also propagated to the GitHub issue (comments are not supported yet)

@DennisClark
Copy link
Member

@tdruez we're off to a great start! The GH link on the DejaCode side is perfect. Great to see the priority of the request showing up as a label in GH -- very nice touch.

A few comments/suggestions:

I submitted a request from staging nexB signed on as dmclark, but the GH issue says it was opened by tdruez. If possible, it would be better to say it was opened by DennisClark (my GH name).

Instead of "Product Context - None" it would be better not to show that field at all when it is null.

I assigned the request in DejaCode to tomd, and it shows that in the GH description, but it would be better if it could also set the actual GH assignment to tdruez

Generated GH issue 2025-07-16 at 09 51 26

@DennisClark
Copy link
Member

DennisClark commented Jul 16, 2025
edited
Loading

Thinking about the user experience on the GH side now: Unless that user is also a DejaCode user who can go back and look at the product in question, there is not much in the way of information. It might make sense for the originator of the DejaCode Request to also generate an SBOM (or some kind of report, perhaps formatted as a spreadsheet) to be applied as an attachment to the Request and passed along to GH. Something to think about.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@tdruez @DennisClark