Overview
Git Providers

Git Cloud Providers

By integrating with popular Git providers, the platform empowers users to seamlessly access, collaborate, and manage their repositories, leveraging the robust features and security mechanisms. This section explores the supported Git providers and their integration within the platform.

Supported Git Providers

The GobletQA Platform currently supports the following Git providers:

GitHub

GitHub (opens in a new tab) is a widely-used web-based hosting service for Git repositories. It offers version control functionality, collaboration features, and extensive community support. The GobletQA Platform integrates seamlessly with GitHub, allowing users to authenticate with their GitHub accounts and access their repositories.

GitLab

GitLab (opens in a new tab) is another popular web-based Git repository management solution. It provides a comprehensive set of features for version control, issue tracking, continuous integration, and more. With the GobletQA Platform's integration with GitLab, users can authenticate using their GitLab accounts and utilize their repositories within the platform.

Bitbucket

Coming soon ...

Authentication Process

By following security best practices, the platform ensures that user authentication is handled securely and that user data remains protected throughout their testing sessions. This is achived through the following steps:

  • User Authorization
    When users sign in to the GobletQA Platform, they are prompted to authorize the platform's access to their repositories on the chosen Git provider. This authorization is essential to enable synchronization of repository changes and collaboration functionalities.

  • Authentication Token
    Upon successful authorization, the GobletQA Platform obtains an authentication token from the provider which is later used for syncing changes between the two.

  • API Integration
    By leveraging the authentication token and the APIs provded by the Git providers, the platform retrieves the meta-data of a user's repositories, including both public and private repositories when authorized.

  • Repository Selection
    After the retriving the users repositories meta-data, the users is presented with the option to select a specific repository and branch. They can choose create a new repository or branch instead directly from the user interface. Which is then synced bacl to the users git provider,

  • Cloned Repository Isolation
    Each user's session within the GobletQA Platform is associated with a session container that operates in an isolated environment. When the session container is started, it clones the user's selected repository and checks out the specified branch. This isolation ensures that a user's session and repository are independent of others.

  • Proxy-Based Access
    To access the session container, all requests must pass through a proxy. The proxy authenticates each request using JWT (JSON Web Token) authentication generated from the user's encrypted authentication token. This proxy-based access control adds an extra layer of security, protecting the session container from unauthorized access.

  • Token Expiration
    The generated JWT tokens have a limited lifespan. They expire after one hour, upon user sign-out, or if the user's session remains inactive for an extended amount of time. These measures minimize the risk of prolonged access to a user's session by unauthorized entities.

Git Provider Benefits

The integration with Git providers offers several advantages over using a database:

  • Version Control
    Git providers provide robust version control capabilities, enabling users to track changes, review commit history, and manage branches effectively. The GobletQA Platform leverages these capabilities, ensuring that users can work with their preferred repository structure and utilize Git's powerful version control features.

  • Secure Access
    By utilizing the authentication mechanisms of the Git providers, the platform ensures that only authorized users can access the repositories. This authentication process enhances the security and integrity of users' code and prevents unauthorized access to sensitive information.

  • Ownership
    By using the user git provider, the user always owns and has full control of the repository. The platform never permently stores any of the users data, which further eliminates potential risks unauthorized access to the repository files.

  • Collaboration
    Users can easily collaborate with teammates by granting access to shared repositories. The integration ensures that all team members can work on the same codebase, facilitating smooth collaboration and streamlined development processes.


Authentication By Provider

Github

  • GobletQA platform
    • Navigate your browser to http://dev.gobletqa.app (opens in a new tab)
    • When presented with the modal to login select the GitHub button
    • An external window will open, which will ask you to autozied the GobletQA application
    • Once authorized, the external window will close
    • The Goblet platform will present you with the Repo Connect modal
    • From the dropdown, select the repo you wish to mount into the session container

GitLab

Due to how Gitlab handles OAuth, an application must be configured before logging via the GitLab provider and registering the GobletQA application. This is done in the oauth/applications section of the public gitlab.com (opens in a new tab) of a hosted version of the GitLab application

For more information, see GitLab documentation (opens in a new tab)



Configure GitLab OAuth 2.0

  • GitLab Account

    • Create an Application by navigating to Edit Profile > Applications
    • In the Add new application form
      • Specify the name GobletQA in the Name field
      • Next, in Redirect URI field enter https://dev.gobletqa.app
    • In the Scopes section, ensure that you select the following check boxes:
      • api
      • email
      • openid
    • Leave the remaining fields empty (default).
    • Click Save application
    • The application should now be created.
    • Note down the Application ID and Secret
      • This will be used later in Goblet

  • GobletQA platform

    • Navigate your browser to http://dev.gobletqa.app (opens in a new tab)
    • When presented with the modal to login select the GitLab button
    • Then enter in the Application ID noted down from the GitLab steps above, and hit next
    • An external window will open, which will ask you to autozied the GobletQA application
    • Once authorized, the external window will close
    • The Goblet platform will present you with the Repo Connect modal
    • From the dropdown, select the repo you wish to mount into the session container
ArchitectureMounted Repo