GitHub Integration On-Premise (Docker-Compose)

I followed this tutorial: Adding GitHub Integration and did not succeed.

There are two things that are not clear for me - and maybe I do wrong:

  1. I have all my configuration variables in my .env file so I can pull the latest from the sentry repository without overriding my config. But I get an exception in the internal Sentry bug tracker: Could not deserialize key data when I try to authenticate with GitHub. This is how my .env file looks like:

    SENTRY_GITHUB_APP_ID=12345
    SENTRY_GITHUB_APP_Name=Is this name even important?
    SENTRY_GITHUB_APP_CLIENT_ID=Iv1.123412341234
    SENTRY_GITHUB_APP_CLIENT_SECRET=123456789
    SENTRY_GITHUB_APP_WEBHOOK_SECRET=1234567890
    SENTRY_GITHUB_APP_PRIVATE_KEY=-----BEGIN RSA PRIVATE KEY-----\nMIIEorR\nMp6\n1dau3IJa68=\n…\n-----END RSA PRIVATE KEY-----

  2. After deployment of the configuration I go to Sentry Integrations and click on install GitHub but this just opens a popup that redirects me to the GitHub market place. If I Install the app from the GitHub user interface I get an exception in Sentry internal bug tracker that this is basically not supported: github.deletion-missing-integration

I’m trying to do the same, but didn’t got any success. Have you succeeded in integrating github?

No, I did not and I also got no response from any project member :frowning:

Have you tried integrating slack? Coz i’m also unable to integrate it.

There is no documentation about it - looks like they don’t like it if you host sentry on your own - but there is a forum post that helped me to fix Slack: How to configure Slack in your on-prem Sentry

I am following the same article but didn’t got any success in Event Subscriptions section.
Always shows Your request URL gave us a 500 error. Update your URL to receive a new request and challenge value.

and in the shell it shows invalid-token.

you also got these errors?

@jwillmer The error Could not deserialize key data is definitely from github-app.private-key having the incorrect value.

Where do you see documentation about putting your Github app config in your .env file? When I try it, the value of SENTRY_GITHUB_APP_PRIVATE_KEY is not picked up where it is used in src/sentry/integrations/github/utils.py. But you shouldn’t need to configure this in your .env file. You can just edit the yaml file in your home directory: ~/.sentry/config.yml. Just make sure to use the multiline string as demonstrated in the section YML Tip. Hope this helps. If you have any more questions, please let me know :slight_smile:

The documentation is crap. config.yml does not supply any properties for github-app.*. The properties are in sentry.conf.py. Except for github-app.name, that one is missing and I guess not needed - I added it anyhow.
The documentation also states that I can use \n to add my key in one line: "GITHUB_APP_SECRET" # Replace new lines with \n to preserve them. but this seems no to work because I get a Could not deserialize key data.

The documentation is crap. config.yml does not supply any properties for github-app.* .

Well you can just add the values yourself. Here is what I have in my config.yml (with now revoked secrets):

github-app.id: 40849
github-app.name: "steve-s-github-app"
github-app.webhook-secret: 'secret'
github-app.private-key: |
  -----BEGIN RSA PRIVATE KEY-----
  MIIEpQIBAAKCAQEAqu1XfJ6Rt+t+c/i/cP1oK0tIJNtyBO4CtMqZFHOr3euXx6J7
  FoQCAvcLurDrrF4YdzNLpipRF657sZsxq1VgCpSFrSDRtsXYZQvlcgfocOrMjAiO
  3lIeLxVBNLfIw5Vl0RN++jj4WkBIPJVKHAYQ4dsb3Hh69Jmy3Qmoiu7Cl6eru4vX
  e+cnv759pq6klek68EuDhBOwgcdPTbN7zHIdKIMB4tdTSLDjXad3yD1TgIzmi0jn
  C/lzgHhtITdOaLW3SzVGFjzaQUu2Z7iBIrGqRduVKaYh/XYj0mYaWqaI29mce+wx
  iLN42Rz3XGFwXccF1lM8g4ZdthLqBW8lY5LjTQIDAQABAoIBAQCfv7ELjJv+O/90
  XiB2drAb/oEPyXUX/GbVF6DYh38yqtSxRT8q/PdwU/pHYsDw2QSeq3dhdp1Rt8Zt
  aPGUAvf/C26gL1MxMlmbnvGzkIaCuj+wBPOZ/z+sm33Uyou9l+yP6lu7evFKUFfz
  H0gjRtwSapjwhj3MS7XqdfNq3dlKqGhIooTQ3h4HhREUgmXUm85zVbZotufrOKiL
  87OfAZiU7xqSAqGDU2v7zCpD90dmBmvocKm7Cxwmyx9xab1gKo+bOBiOzGv2Wpjx
  LJnH6X86zVVGJY1TsHIwyc0aF8R1FOR3aOrMVyPvKKbiP4tMh07mV7kzFS/kayZr
  z+mIZ8yVAoGBANjup/aAwfwtVe7D98PFFl3V8ujBclT5xQdqQlocdsJ5uaIPM6mk
  y023vQqfW20qQjuhnP9qo/o+2QFKTTDhMB04I+bUUB3HhG1enWedcrpJ5J3hOFsz
  GCRZ3SbaRLaBygAEwdeBdbF5c8DwMRAXQnTX3pMA/3PQGfyqFAL1glUvAoGBAMm1
  r67c3WVK6tKyKs3g1kLqX3OgKAGxH+kRuILjPRZai6Lv1WJfBL7sljAWg+vwx7gh
  BuNdOIm6bkPPWl2eW+ugUxAG19TNLKEPvIrWeDRlybOOULslNLV74xD7+sK82/me
  ERxUPsBhTRQ41EYYOQ++YHf2Ybyl9WeNwnjF/OhDAoGAAgkjTF3i9CHcx5PRNGYa
  EqFaWTLPhtqdLbeijcPsnWCVDF9GJdZlDgKmZH4gVoLqAjM/DOqMRWHnmWqAFPBY
  Cj4noBfn9I+Vv4z+vyUsGXFuEsk1RS3SkSzCtYWg1XGcWqmww/v0BclU+7+FRlhh
  iEUqUojU3NpcFBHohCqXoYMCgYEAlEUXZOQ5YfHV9xa8XCW/meSKUYYSolu+5yX9
  iUjcaIgaSKUfJ3ZNGML0C1khk9ekF3c/hvXJT4RY9UOAW3zCeMubAxbkpCpFegcF
  QtEv/uQrhe9A7LAGtLjiSmPPCkKlODG2xiovDl73t7umXfgEScxZQRU89tzPLVWI
  9BolM90CgYEAzuovNmzH1ccepl+s21vg4W5RL1zk7StIY95/vgyXiX/nhmevJY/9
  ZT+z2gjBot2F6uXcw8sPOV6a4w+ApQVOnwjiAk7PEH4mz6mgUE7c3s1T5l56/t4V
  u8dDj9f+ACyDdS9yW+bGSPxiCaMcUeQG7XHVTtwAZZ91PEVGjKHUsdc=
  -----END RSA PRIVATE KEY-----
github-app.client-id: 'Iv1.864040de6e309766'
github-app.client-secret: 'd9c746d43fd66f285270c3a3097f9dc73212679e'

I was able to get it to work as well in sentry.conf.py with the following (though I am omitting other required fields):

SENTRY_OPTIONS['github-app.private-key'] = """-----BEGIN RSA PRIVATE KEY-----
MIIEpQIBAAKCAQEAqu1XfJ6Rt+t+c/i/cP1oK0tIJNtyBO4CtMqZFHOr3euXx6J7
FoQCAvcLurDrrF4YdzNLpipRF657sZsxq1VgCpSFrSDRtsXYZQvlcgfocOrMjAiO
3lIeLxVBNLfIw5Vl0RN++jj4WkBIPJVKHAYQ4dsb3Hh69Jmy3Qmoiu7Cl6eru4vX
e+cnv759pq6klek68EuDhBOwgcdPTbN7zHIdKIMB4tdTSLDjXad3yD1TgIzmi0jn
C/lzgHhtITdOaLW3SzVGFjzaQUu2Z7iBIrGqRduVKaYh/XYj0mYaWqaI29mce+wx
iLN42Rz3XGFwXccF1lM8g4ZdthLqBW8lY5LjTQIDAQABAoIBAQCfv7ELjJv+O/90
XiB2drAb/oEPyXUX/GbVF6DYh38yqtSxRT8q/PdwU/pHYsDw2QSeq3dhdp1Rt8Zt
aPGUAvf/C26gL1MxMlmbnvGzkIaCuj+wBPOZ/z+sm33Uyou9l+yP6lu7evFKUFfz
H0gjRtwSapjwhj3MS7XqdfNq3dlKqGhIooTQ3h4HhREUgmXUm85zVbZotufrOKiL
87OfAZiU7xqSAqGDU2v7zCpD90dmBmvocKm7Cxwmyx9xab1gKo+bOBiOzGv2Wpjx
LJnH6X86zVVGJY1TsHIwyc0aF8R1FOR3aOrMVyPvKKbiP4tMh07mV7kzFS/kayZr
z+mIZ8yVAoGBANjup/aAwfwtVe7D98PFFl3V8ujBclT5xQdqQlocdsJ5uaIPM6mk
y023vQqfW20qQjuhnP9qo/o+2QFKTTDhMB04I+bUUB3HhG1enWedcrpJ5J3hOFsz
GCRZ3SbaRLaBygAEwdeBdbF5c8DwMRAXQnTX3pMA/3PQGfyqFAL1glUvAoGBAMm1
r67c3WVK6tKyKs3g1kLqX3OgKAGxH+kRuILjPRZai6Lv1WJfBL7sljAWg+vwx7gh
BuNdOIm6bkPPWl2eW+ugUxAG19TNLKEPvIrWeDRlybOOULslNLV74xD7+sK82/me
ERxUPsBhTRQ41EYYOQ++YHf2Ybyl9WeNwnjF/OhDAoGAAgkjTF3i9CHcx5PRNGYa
EqFaWTLPhtqdLbeijcPsnWCVDF9GJdZlDgKmZH4gVoLqAjM/DOqMRWHnmWqAFPBY
Cj4noBfn9I+Vv4z+vyUsGXFuEsk1RS3SkSzCtYWg1XGcWqmww/v0BclU+7+FRlhh
iEUqUojU3NpcFBHohCqXoYMCgYEAlEUXZOQ5YfHV9xa8XCW/meSKUYYSolu+5yX9
iUjcaIgaSKUfJ3ZNGML0C1khk9ekF3c/hvXJT4RY9UOAW3zCeMubAxbkpCpFegcF
QtEv/uQrhe9A7LAGtLjiSmPPCkKlODG2xiovDl73t7umXfgEScxZQRU89tzPLVWI
9BolM90CgYEAzuovNmzH1ccepl+s21vg4W5RL1zk7StIY95/vgyXiX/nhmevJY/9
ZT+z2gjBot2F6uXcw8sPOV6a4w+ApQVOnwjiAk7PEH4mz6mgUE7c3s1T5l56/t4V
u8dDj9f+ACyDdS9yW+bGSPxiCaMcUeQG7XHVTtwAZZ91PEVGjKHUsdc=
-----END RSA PRIVATE KEY-----"""

What did you put in your sentry.conf.py that didn’t work?

2 Likes

As I wrote in the topic. I’m not interested in putting my configuration in any file that comes with sentry. This breaks my upgrade experience. I like to supply all configuration details in my .env file and map it with docker. Sentry does allow this and has the necessary configuration but there is no example on how to format the private key. If someone knows how the private key needs to be formatted then please let me know.

From what I know dotenv in docker doesn’t allow you to define multiline values at all, so this is not a Sentry bug.

We are not suggesting you to modify any built-in configuration coming with Sentry. If you look at our on-premise repo, you’d see that we provide a base template for these config files for you to override with your custom settings and bake these into the on-premise image on build time. This should not affect your upgrade experience.

If you insist on using environment variables, you’d still need to implement some custom logic in sentry.conf.py where you read the environment variable, replace a special character you define with newlines as you cannot have newlines in environment variables and then assign that to the actual config key.

Hope this helps.

In my sentry.conf.py I see a list of environment variables I can use. And there is a variable for the GitHub private key. So I was expecting some kind of transformation is already implemented. I just don’t know how I need to format my key to comply. As shown by @scefali there is a implementation that can deal with a key that is supplyed as one long string.

# For Docker, the following environment variables are supported:
# [...]
#  SENTRY_GITHUB_APP_PRIVATE_KEY
# [...]

I just don’t know how I need to format my key to comply

@jwillmer I understand, it took me a few attempts to get it right myself. Did you try the approach I posted on Oct 9th? I posted how I got it to work in my sentry.conf.py.

@jwillmer this may also help you (along with the referenced link in it): https://stackoverflow.com/a/56477465/90297

@BYK I came through this github comment I tried

# encoded
SENTRY_OPTIONS['github.integration-private-key'] = base64.b64decode(env('SENTRY_GITHUB_APP_PRIVATE_KEY'))
    SENTRY_OPTIONS['github-app.private-key'] = SENTRY_OPTIONS['github.integration-private-key']
# and decoded and directly used
SENTRY_OPTIONS['github.integration-private-key'] = env('SENTRY_GITHUB_APP_PRIVATE_KEY')
    SENTRY_OPTIONS['github-app.private-key'] = SENTRY_OPTIONS['github.integration-private-key']

I also printed the value to make sure that it works, the private key is 100% valid in both cases but it doesn’t work and i also get the error

Could not deserialize key data.
22. return jwt.encode(payload, github_private_key, algorithm=‘RS256’)

The only time it workes for me is when i hard code the private key value like what @ scefali said.
But it’s not something good hard coding the value.
It’s really hard to see how these components are connected!

sentry.conf.py is just a Python file that reads the value from the environment variable you set, using the env function there, it doesn’t do anything special. If you get that error, that means what you put in the environment variable is not correct. You can add a print statement after you set the value to try debugging it:

SENTRY_OPTIONS['github-app.private-key'] = env('SENTRY_GITHUB_APP_PRIVATE_KEY')
print("This is the GitHub App Private Key", "\n", SENTRY_OPTIONS['github-app.private-key'])

Thanks for the fast reply, I understand that.
The value is set and valid, i printed it as you said and i have a valid value but sentry is still throwing the excepting saying that it Could not deserialize key data.

I am quite sure something changes when you pass the data through the environment variables, especially new lines. See this issue on PyJWT for reference: https://github.com/jpadilla/pyjwt/issues/257