Git integration for GitHub Enterprise Server

Overview

SnapLogic supports integrating with your on-premises GitHub Enterprise Server (GHES). You can use the app gateway, a secure transparent proxy, to route Git requests through your Groundplex, providing an additional layer of security for GHES. This support in the data plane helps your organization mitigate security risks and protect sensitive information.

To implement this solution, we are introducing a transparent proxy that the GitHub Enterprise Server (GHES) integration calls from the SnapLogic control plane to route through the proxy and reach the Git host servers through your Groundplex.

To enable interaction between GHES and SnapLogic,
  • A GHES administrator must create a GitHub App in GHES.
  • A network administrator must configure the network to allow communication between GHES and the SnapLogic control plane.
  • A SnapLogic Org admin (Environment admin) must configure the Org to integrate with GHES.

You need the following:

  • A GHES repository for SnapLogic assets
  • Other prerequisites for each step

Architecture

The app gateway establishes two additional WebSocket connections between your Groundplex and the SnapLogic Control Plane. The following shows the OAuth2 flow when using GHES:


OAuth2 flow when using GHES

Note: We recommend that you use this method to connect your Groundplex to the GHES machine. Previously, connectivity required IP filtering on requests to GHES from the SnapLogic control plane or endpoint restrictions, where a limited subset of API endpoints are available.

Workflow

Use the following workflow to integrate your on-premises GHES into your SnapLogic Org:


1: Create GitHubApp. 2: Configure your Org for Git. 3: Create the app gateway Git URL. 4: Connect the Groundplex to the app gateway.

Formulate the GHES URL

The app gateway requires that you create a GHES URL based on your Org. You add this URL to the Git On-Prem URL when you configure Git for your SnapLogic Org. The URL has the following format:

org-location-environment-appname.podname:port

Use the following segments to build in the GHES URL in the order that they are listed:

  • org: Org name
  • location: location of your groundplex. Always sidekick.
  • environment: the value in the Environment field in the Snaplex Settings tab.
  • appname: github
  • podname: the value for the control plane your Org connects to:
    • Production: appgateway.prod.snaplogic.io:8095
    • UAT: appgateway.uat.snaplogic.io:8095
    • EMEA: appgateway.emea.snaplogic.io:8095

For a Groundplex having environment dev running GHES in the Org test on Elastic, the gateway URL would be as follows:

http://test-sidekick-dev-github.appgateway.prod.snaplogic.io:8095