GitHub actions

Created:
September 24, 2024
Updated:
December 4, 2024

The FireTail GitHub API Discovery Docker image automates the discovery of APIs in your GitHub organization or account. It scans for OpenAPI/Swagger specifications in your repositories and generates them via static code analysis. Each repository will have an API created in the FireTail SaaS Platform, potentially with multiple collections for that API.

Requirements

To use the FireTail API Discovery tool, you need:

  • A classic GitHub access token with read:packages scope.
  • Any GitHub access token with read:contents scope for the repositories you wiant to scan.
    • If using a fine-grained token with specific repository access, you must list these repos individually.
  • A FireTail app token.

Configure the scanner

1. Create a file named config.yml (not .yaml) with the following structure to configure which organizations, users, or individual repositories to scan:


# List organisations to scan their repositories
organisations: # default []
  example-organisation:
    # Under each org, you can skip public, private, internal, archived or fork repositories
    skip_public_repositories: False # default False
    skip_private_repositories: False # default False
    skip_internal_repositories: False # default False
    skip_archived_repositories: False # default False
    skip_forks: False # default False

# List users to scan their repositories
users: # default []
  example-user:
    # Under each user, you can skip public, private, archived or fork repositories
    skip_public_repositories: False # default False
    skip_private_repositories: False # default False
    skip_archived_repositories: False # default False
    skip_forks: False # default False

# List individual repositories to include or exclude explicitly - has higher
# precedence than scanning via users or orgs
repositories: # default []
  example-user/example-repository: exclude
  example-organisation/example-repository: include

2. Copy the configuration example above and modify it as needed, replacing example-organisation and example-user with your actual GitHub organization and user names.

3. Adjust the skip_* options and repositories list to fit your specific requirements.

Run the scanner

Authenticate your docker CLI. Log in to Docker using your GitHub credentials:


docker login \
  --username ${YOUR_GITHUB_USERNAME} \
  --password ${YOUR_GITHUB_CLASSIC_TOKEN} \
  ghcr.io

Start the scan. Run the scanner with the following command:


docker run --rm \
  --env GITHUB_TOKEN=${YOUR_GITHUB_TOKEN} \
  --env FIRETAIL_APP_TOKEN=${YOUR_FIRETAIL_APP_TOKEN} \
  --mount type=bind,source="${PWD}/config.yml",target=/config.yml,readonly \
  ghcr.io/firetail-io/firetail-code-repository-scanner:latest

Container environment variables

When running the Docker image, set the following environment variables using the --env flag:

Variable Name Description Required Default
GITHUB_TOKEN A GitHub access token Yes None
FIRETAIL_APP_TOKEN A FireTail app token Yes None
FIRETAIL_API_URL The API URL for your FireTail SaaS instance No https://api.saas.eu-west-1.prod.firetail.app
LOGGING_LEVEL The scanner's verbosity No INFO