In part one of this series, Code Climate discussed how they used GitHub Apps to improve their GitHub integration. In this post, we explore how Sentry was able to simplify their signup process, improve security, and create a better experience for users by upgrading to GitHub Apps. Sentry explains how they used GitHub’s new guide on migrating OAuth apps to GitHub Apps, and what they learned in the process.
As source code management and error monitoring solutions, GitHub and Sentry work together to help developers improve their code and their productivity. After you ship a project in GitHub, Sentry alerts you to any errors or bugs, helping you understand what’s happening in production, and making it easier to start triaging, assigning, and fixing the problem.
The newest Sentry integration release provides GitHub users with faster sign-in, flexible repository permissions, and an easier organization-wide setup. For the first time, GitHub Enterprise users can also take advantage of these useful features.
Sentry moved to GitHub Apps for two reasons:
GitHub Apps enabled Sentry to provide users with a way to install an app to an organization, in addition to an individual account. This “future-proofs” the GitHub integration for the organization. Prior to GitHub Apps, if the credentials of the user who set up the integration became invalidated (for instance, they left the company, and their GitHub and Sentry credentials were revoked), the integration would break for all members of their organization. With GitHub Apps, Sentry is able to link the integration to the organization itself, providing a more robust experience when staff changes.
GitHub Apps allows Sentry users to be more selective in which repositories they give Sentry permission to access. While Sentry only used write access for creating new issues in GitHub, the old integration still required users to provide read/write permissions to all their repositories—even if it was only to use read access to the repository’s commit data. For Sentry’s releases feature to be implemented correctly, Sentry needs access to issues, but not to everything. This level of granularity didn’t exist before, but now, security-minded users can select specific repositories for which Sentry is granted access.
In addition to easily configuring repository and issue linking organization-wide, switching to Apps allowed Sentry to more efficiently authenticate users. Sentry’s new “sign-in to Sentry with GitHub” feature came as a result of this new functionality.
“In summary: transitioning from OAuth to GitHub Apps created a safer, more robust experience. The benefit we were able to bring to our users was well worth the effort”
-Meredith Heller, Software Engineer at Sentry.io and builder of Sentry’s integration with GitHub Apps
Upgrading to a GitHub App did not require touching Sentry’s old OAuth integration—Sentry’s team built it from scratch. Because of a recent framework Sentry put in place for integrations, the GitHub App was lightweight to implement and the documentation made building the GitHub App easier. It fit well with how Sentry is modeled—organizations are at the top of the hierarchy that own projects, and consist of teams of members. Since GitHub Apps allows Sentry to connect a Sentry organization with a GitHub organization (instead of a GitHub user), it complemented the existing architecture well.
Starting from scratch to rebuild the integration with Apps was the right decision. Like a puzzle with the wrong pieces, trying to re-work strictly from old code was not possible. In order to rebuild the pipeline, referencing the old code while working within a new structure worked best.
A couple of gaps that were discovered regarded a lack of “best practices” around workflow. Sentry needed to install the app on the GitHub side, which included establishing a cadence of going back and forth between the two platforms. This included redirecting from Sentry to GitHub, picking the repositories, and then redirecting back to Sentry. Additionally, a lot of information was stored in the old app, so Sentry engineers needed to be careful to not delete any information that could cause damage for users.
In short, the upgrade went well! Sentry’s new integration updates could not have happened without switching to Apps, and as such, the integration with GitHub is stronger for the developers who rely on it. Additionally, combining the integration with the identity management portion of what Sentry built (“sign-in to Sentry with GitHub”) saved time as the OAuth login used the same code to set up the application.
Through GitHub Apps, Sentry was able to consolidate all parts of the integration through one channel. While Sentry previously had separate authentication mechanisms powering issue tracking, release tracking, and the login button, all features are now powered by GitHub Apps. This was helpful for Sentry to keep the integration code concise, as well as streamline user experience.
“Overall, our application is a lot cleaner, and saves us maintenance time since we engineered the switch, as we only have to manage one app on GitHub’s side of things.”
-Meredith Heller, Sentry.io
If you’re interested in testing out how you can use Sentry to keep track of your errors in GitHub (and want to see our GitHub Apps workflow in action) check it out in the GitHub Marketplace! And, because Sentry is open source, you can check out all the code that went into building the integration.