Announcing LGTM migration to Github Apps

April 24, 2019

Category

Reading time

Over the past year or so, we've been very excited as we've watched the number of projects using LGTM's automated code review with their GitHub repositories increase greatly. With the increased usage, we've had an extensive amount of user feedback, which has highlighted 2 issues in particular:

  • LGTM requires too many permissions to enable automated code review.
  • Users don't like comments being posted with their own accounts, and would prefer if a bot account was used instead.

Well, today we're pleased to announce that we've just deployed the first stage of our migration from GitHub's OAuth API to GitHub's Apps API; addressing both of these issues, and in addition, providing a bunch of other benefits:

  • The permissions required are now much narrower (and you can choose the specific repositories we can access, rather than requiring access to all of your repositories).
  • Comments (if enabled) are made using LGTM's bot account.
  • The integration is tied to a repository rather than a specific user.
  • You now have access to GitHub's Checks API, which provides much richer information directly in the GitHub UI.
  • You can add projects to LGTM simply by installing the LGTM app on the appropriate repository, rather than through LGTM's UI.

checks screenshot

Can I start using this now?

Yes! Simply head on over to the LGTM app page to install LGTM to whichever repositories you like. Automated code review will be enabled for you automatically.

How does this affect repositories already using LGTM?

If you have repositories that are already using automated code review, simply install the LGTM GitHub App on them. LGTM will then automatically use the new integration for all pull requests going forward. Once you have done this to all repositories using automated code review, it's safe to revoke access to the LGTM OAuth app from GitHub, as well as remove repository webhooks. This won't affect the integration on your repositories.

What's next?

As we continue to migrate the rest of our systems to use GitHub Apps, we'll start using Apps instead of OAuth for new integrations. We'll also start prompting existing OAuth users to switch to the GitHub Apps version instead.

If you have any questions about this migration, or anything else, feel free to ask them on the Community Forum.

Note: Post originally published on LGTM.com on April 24, 2019

Join us in securing the software that runs the world!

Enter your email address below to stay up-to-date with Semmle news, security announcements and product updates.

Loading...