From 914ba47497d91196b6d410a6f5ff02b1aa77658b Mon Sep 17 00:00:00 2001
From: Jaemin Choi <1dotolee@gmail.com>
Date: Thu, 23 May 2024 23:03:31 -0700
Subject: [PATCH] feat: configure github login (#51)

* feat: configure github login

* feat: restrict github user to skkuding
---
 .github/workflows/update-stage.yml |  4 +++-
 config/grafana/grafana.ini         | 14 +++++++++++++-
 2 files changed, 16 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/update-stage.yml b/.github/workflows/update-stage.yml
index b7cfc52..a361cbd 100644
--- a/.github/workflows/update-stage.yml
+++ b/.github/workflows/update-stage.yml
@@ -22,6 +22,8 @@ jobs:
           MINIO_ROOT_USER = ${{ secrets.MINIO_ROOT_USER }}
           MINIO_ROOT_PASSWORD = ${{ secrets.MINIO_ROOT_PASSWORD }}
           MS_WEBHOOK_URL = ${{ secrets.MS_WEBHOOK_URL }}
+          GH_CLIENT_ID = ${{ secrets.GH_CLIENT_ID }}
+          GH_CLIENT_SECRET = ${{ secrets.GH_CLIENT_SECRET }}
 
           EOF
 
@@ -33,7 +35,7 @@ jobs:
             docker compose --profile start-up ps -q
             echo EOF
           } >> "$GITHUB_OUTPUT"
-          
+
       - name: when initial containers are not running, start all containers
         if: steps.check-start-up-container.outputs.stdout == ''
         run: >
diff --git a/config/grafana/grafana.ini b/config/grafana/grafana.ini
index b7a9c05..25343d7 100644
--- a/config/grafana/grafana.ini
+++ b/config/grafana/grafana.ini
@@ -35,7 +35,7 @@ domain = grafana.codedang.com
 ;
 ;# The full public facing url you use in browser, used for redirects and emails
 ;# If you use reverse proxy and sub path specify full url (with sub path)
-root_url = %(protocol)s://%(domain)s
+root_url = https://grafana.codedang.com
 ;
 ;# Serve Grafana from subpath specified in `root_url` setting. By default it is set to `false` for compatibility reasons.
 serve_from_sub_path = true
@@ -98,3 +98,15 @@ startTLS_policy = MandatoryStartTLS
 ;welcome_email_on_sign_up = false
 ;templates_pattern = emails/*.html, emails/*.txt
 ;content_types = text/html
+
+#################################### AUTH ##########################
+[auth.github]
+enabled = true
+client_id = ${GH_CLIENT_ID}
+client_secret = ${GH_CLIENT_SECRET}
+allow_signup = true
+auto_login = false
+skip_org_role_sync = true
+allowed_organizations = ["SKKUDING"]
+# TODO: Configure team sync
+# https://grafana.com/docs/grafana/latest/setup-grafana/configure-security/configure-authentication/github/#configure-team-synchronization