我们经常发布文档更新,此页面的翻译可能仍在进行中。有关最新信息,请访问英文文档。如果此页面上的翻译有问题,请告诉我们

此版本的 GitHub Enterprise 将停止服务 此版本的 GitHub Enterprise 已停止服务 2020-08-20. 即使针对重大安全问题,也不会发布补丁。 要获得更好的性能、改进的安全性和新功能,请升级到 GitHub Enterprise 的最新版本。 如需升级方面的帮助,请联系 GitHub Enterprise 支持

文章版本: Enterprise Server 2.18

关于应用程序

You can build integrations with the GitHub APIs to add flexibility and reduce friction in your own workflow. You can also share integrations with others on GitHub Marketplace.

本文内容

Apps on GitHub allow you to automate and improve your workflow. You can build apps to improve your workflow.

GitHub Apps are the officially recommended way to integrate with GitHub because they offer much more granular permissions to access data, but GitHub supports both OAuth 应用程序s and GitHub 应用程序. For information on choosing a type of app, see "About apps" and "Differences between apps."

For a walkthrough of the process of building a GitHub 应用程序, see "Building Your First GitHub 应用程序."

关于 GitHub 应用程序

GitHub 应用程序 are first-class actors within GitHub. A GitHub 应用程序 acts on its own behalf, taking actions via the API directly using its own identity, which means you don't need to maintain a bot or service account as a separate user.

GitHub 应用程序 can be installed directly on organizations and user accounts and granted access to specific repositories. 它们拥有内置 web 挂钩和狭窄的特定权限。 When you set up your GitHub 应用程序, you can select the repositories you want it to access. 例如,您可以设置一个名为 MyGitHub 的应用程序,允许它在 octocat 仓库且octocat 仓库写入议题。 To install a GitHub 应用程序, you must be an organization owner or have admin permissions in a repository.

By default, only organization owners can manage the settings of GitHub Apps in an organization. To allow additional users to manage GitHub Apps in an organization, an owner can grant them GitHub App manager permissions. See "GitHub App Managers" to learn how to add and remove GitHub App managers in your organization.

GitHub 应用程序 are applications that need to be hosted somewhere. For step-by-step instructions that cover servers and hosting, see "Building Your First GitHub 应用程序."

To improve your workflow, you can create a GitHub 应用程序 that contains multiple scripts or an entire application, and then connect that app to many other tools. For example, you can connect GitHub 应用程序 to GitHub, Slack, other in-house apps you may have, email programs, or other APIs.

Keep these ideas in mind when creating GitHub 应用程序:

  • A GitHub 应用程序 should take actions independent of a user (unless the app is using a user-to-server token).

  • Make sure the GitHub 应用程序 integrates with specific repositories.

  • The GitHub 应用程序 should connect to a personal account or an organization.

  • Don't expect the GitHub 应用程序 to know and do everything a user can.

  • Don't use a GitHub 应用程序 if you just need a "Login with GitHub" service. But a GitHub 应用程序 can use a user identification flow to log users in and do other things.

  • Don't build a GitHub 应用程序 if you only want to act as a GitHub user and do everything that user can do.

To begin developing GitHub 应用程序, start with "Creating a GitHub 应用程序."

About OAuth 应用程序s

OAuth2 is a protocol that lets external applications request authorization to private details in a user's GitHub account without accessing their password. 此协议优先于基本验证,因为令牌可能仅限于特定类型的数据,用户可以随时撤销。

Warning: Revoking all permission from an OAuth 应用程序 deletes any SSH keys the application generated on behalf of the user, including deploy keys.

An OAuth 应用程序 uses GitHub as an identity provider to authenticate as the user who grants access to the app. This means when a user grants an OAuth 应用程序 access, they grant permissions to all repositories they have access to in their account, and also to any organizations they belong to that haven't blocked third-party access.

Building an OAuth 应用程序 is a good option if you are creating more complex processes than a simple script can handle. Note that OAuth 应用程序s are applications that need to be hosted somewhere.

Keep these ideas in mind when creating OAuth 应用程序s:

  • An OAuth 应用程序 should always act as the authenticated GitHub user across all of GitHub (for example, when providing user notifications).
  • An OAuth 应用程序 can be used as an identity provider by enabling a "Login with GitHub" for the authenticated user.
  • Don't build an OAuth 应用程序 if you want your application to act on a single repository. With the repo OAuth scope, OAuth 应用程序s can act on all of the authenticated user's repositories.
  • Don't build an OAuth 应用程序 to act as an application for your team or company. OAuth 应用程序s authenticate as a single user, so if one person creates an OAuth 应用程序 for a company to use, and then they leave the company, no one else will have access to it.

For more on OAuth 应用程序s, see "Creating an OAuth 应用程序" and "Registering your app."

个人访问令牌

个人访问令牌是一个字符串,与 OAuth 令牌功能相似,您可以通过作用域指定其权限。 个人访问令牌还与密码类似,但您能拥有很多令牌,而且可以随时撤销对每个令牌的访问权限。

例如,您可以启用个人访问令牌,以写入仓库。 然后,如果您运行 cURL 命令或编写脚本,在仓库中创建议题,需要传递个人访问令牌进行验证。 您可以将个人访问令牌存储为环境变量,以免每次使用时都要输入。

使用个人访问令牌时,请牢记以下几点:

  • 记得只能用此令牌代表您自己。
  • 您可以执行一次性 cURL 请求。
  • 您可以运行个人脚本。
  • 不要为整个团队或公司设置脚本。
  • 不要设置共享用户账户以用作自动程序用户。

确定要构建的集成

Before you get started creating integrations, you need to determine the best way to access, authenticate, and interact with the GitHub APIs. The following image offers some questions to ask yourself when deciding whether to use personal access tokens, GitHub 应用程序, or OAuth 应用程序s for your integration.

应用程序问题流程简介

请考虑关于您的集成需要如何操作及它需要访问什么等问题:

  • 我的集成是只像我一样,还是更像一个应用程序?
  • 我是否希望它作为单独的实体独立于我运行?
  • 它是否能访问我可以访问的一切,或者说我想限制它的访问权限?
  • 它是简单还是复杂? For example, personal access tokens are good for simple scripts and cURLs, whereas an OAuth 应用程序 can handle more complex scripting.

请求支持

有关 GitHub 应用程序、OAuth 应用程序 和 API 开发的问题、漏洞报告和讨论,请访问 GitHub API 开发和支持论坛。 该论坛由 GitHub Enterprise 工作人员管理和维护,但不能保证发布到论坛的问题都会得到 GitHub Enterprise 工作人员的回复。

对于以下问题,请考虑使用联系表直接联系 GitHub Support

  • 要保证得到 GitHub Enterprise 工作人员的回应
  • 涉及敏感数据或私人问题的支持请求
  • 功能请求
  • 关于 GitHub Enterprise 产品的反馈

问问别人

找不到要找的内容?

联系我们