GitHub Enterprise

Buildkite can connect to your GitHub Enterprise installation and use the Commit Status API to update the status of commits in Pull Requests.

Register Buildkite as a new application

Go to your GitHub Enterprise installation, and start by registering a new Developer application. This can be done by going to your GitHub User Settings, clicking Applications on the left, then selecting Developer applications at the top:

Github user settings
Applications menu

From this page, click Register new application

Register application button

Fill out the form with the following:

Name

Buildkite

URL

https://buildkite.com

Callback URL

https://buildkite.com/user/authorize/github_enterprise/callback

Here's an image you can use:

Buildkite square

Once filled out, click the Register application button at the bottom of the form:

Register application

Now that we've created an application, we have access to the Client ID and Client Secret. We'll need those to setup your GitHub Enterprise installation on Buildkite.

Client secrets

Update your Buildkite organization settings

Go to the Settings page of the organization you'd like to connect to your GitHub Enterprise installation to:

Account settings

Scroll down to see your GitHub Enterprise settings. Copy the Client ID, Client Secret, and the URL of your GitHub Enterprise Installation to this form, then press Save GitHub Enterprise Settings.

Setup enterprise

Once saved, the last step is to authorize your GitHub Enterprise user account with Buildkite.

Connect your GitHub Enterprise account

So Buildkite can mark commits and pull requests as pass or fail, you'll need to authorize your GitHub Enterprise user account with Buildkite.

Go to your "Connected Apps" settings page (https://buildkite.com/user/connected-apps). Here you'll see your GitHub Enterprise Installation as an option to connect to. Click Connect.

Oauth

You should be redirected back to your GitHub Enterprise Installation, where it will ask you to authorize Buildkite with your account. Click the Authorize application button at the bottom.

Oauth connect

That's it! Next time you create a pipeline with a repository that's either https://git.mycompany.com/acme/app.git or git@git.mycompany.com:acme/app.git, Buildkite will recognize that it's hosted on your GitHub Enterprise Installation, and use your newly created oAuth authorization to update the commit statuses.

Firewalled installs

If your GitHub Enterprise is behind a firewall you’ll need to whitelist Buildkite’s network so we can perform oAuth authentications and call to the API to update your pull request statuses.

Whitelist the IP address 54.165.103.71 to allow Buildkite to perform API calls on your Github Enterprise instance.

For additional security you can create a proxy which allows only the API endpoints we require:

  • /api/v3/repos/.*/.*/statuses
  • /api/v3/user
  • /login/oauth

The following is an example NGINX server configuration that proxies the required URLs and can be used with the "Public API URL" Github Enterprise setting in Buildkite:

daemon off;

events {
  worker_connections 1024;
}

http {

  server {
    listen 443 ssl;

    location / {
      allow 54.165.103.71;
      deny all;
    }

    location ~ ^/api/v3/repos/.*/.*/statuses {
      proxy_pass https://ghe.internal:443;
    }

    location /api/v3/user {
      proxy_pass https://ghe.internal:443;
    }

    location /login/oauth {
      proxy_pass https://ghe.internal:443;
    }

  }
}