https://github.com/ffflabs/cf-badger

CF-Badger creates public urls displaying workflow statuses for your private repos without exposing your personal access token.
https://github.com/ffflabs/cf-badger

cloudflare-workers github-actions github-api status-badge typescript

Last synced: about 1 month ago
JSON representation

CF-Badger creates public urls displaying workflow statuses for your private repos without exposing your personal access token.

• Host: GitHub
• URL: https://github.com/ffflabs/cf-badger
• Owner: ffflabs
• License: apache-2.0
• Created: 2021-09-12T08:09:32.000Z (over 3 years ago)
• Default Branch: master
• Last Pushed: 2023-01-07T11:21:21.000Z (about 2 years ago)
• Last Synced: 2024-10-28T17:12:54.628Z (3 months ago)
• Topics: cloudflare-workers, github-actions, github-api, status-badge, typescript
• Language: TypeScript
• Homepage: https://cf-badger.com
• Size: 2.03 MB
• Stars: 2
• Watchers: 1
• Forks: 0
• Open Issues: 10
• Metadata Files:
  • Readme: README.md
  • License: LICENSE_APACHE

Awesome Lists containing this project

README

        

         [![Logo](logo.svg)](https://cf-badger.com/)          

[Cf-Badger](https://cf-badger.com) generates short urls displaying current status (actually, delayed up to 5 min) of your private repos workflows without exposing but the bare minimum of your code.

 







  





  









CF-Badger is my project for the Cloudflare Developer Summer Challenge



 

[![CodeQL](https://cf-badger.com/badger/_b14dff568bb84d2bfe80/endpoint.svg?branch=master&style=for-the-badge)](https://github.com/ffflabs/cf-badger/actions/workflows/codeql-analysis.yml)

[![Deploy_Development](https://cf-badger.com/badger/_37f5d792a59297163894/endpoint.svg?branch=develop&style=for-the-badge)](https://github.com/TreidSPA/api.mydot.app/actions/workflows/sentry_deploy_dev.yml)

## 💥 Private Repos vs Public Badges. That's our pain point

Status badges are awesome. What's not to love about a self contained, colorful piece of relevant info?

The visual cue you get from a status badge conveys valuable info well beyond the specific concerns of development teams. However, it isn't possible to:

  -  make them visible to other people in your company unless they are given permission over the repo itself.

  -  embed them on wikis or dashboards, unless the repo is made public 

  -  having an accurate preview your README.md

  -  use Shields.io's excellent service

  

Basically, any road that aims to preserve the code's private nature leads to broken badge images.





How to get from broken to flawless?


------------

##### 🎉 Enter **CF-Badger** !!

CF-Badger will present you with a brief form (which, by the way, is hosted on [Cloudflare Pages](https://pages.cloudflare.com)) whose final output is a short url to your desired status badge, updated every 5 minutes. 

Each input control of this form is eventually filled with the available options, so you won't need to guess what goes where. 







--------------

### 🎯 How?

We request the outcome of your workflows directly to Github's API, on your behalf. To do this, [CF-Badger's Github App](https://github.com/apps/cf-badger) needs to be enabled on a per-repo basis, which in turn will give us read-only access to your workflow results. 

This result is formatted in compliance to Shields.io schema, and provided as parameter to [Shields.io endpoint API](https://shields.io/endpoint), (🙌 without which CF-Badger wouldn't work). 

Finally, we'll generate and provide you with a shortened URL to the computed status badge







## **🔐 Security Concerns**

CF-Badger was inspired on **[Atrox's Github Actions Badge](https://actions-badge.atrox.dev/)**. Although I loved it, it felt too limited to be constrained to just one workflow per repo, which you cannot pick, btw. More important, it needs you to enter a personal access token with `repo` privileges, which in turn is part of the shareable URL. That was too risky...

We shaped CF-Badger to connect to Github through a Github App, because they can request very specific and, in this case, harmless permissions. 

The app requests read only access to repo actions, which is *the bare minimum needed to retrieve your workflow statuses*. We won't be able to read any other kind of restricted info, much less change anything. 







The access tokens used by the app has a short lived lifetime and revoking the app's permission would effectively cut us out when it does. The temporary token we use is stored internally on the persistent storage of a [Durable Object](https://blog.cloudflare.com/introducing-workers-durable-objects/) and it's never exposed to third parties nor used other than to query Github's API on your behalf. 

If your use case for CF-Badger involves public repos, you might want to use Shields.io direcly. Just look in their [Builds Category](https://shields.io/category/build) for "Github Workflows" section.

### 🤷 Why do you address yourself as "we" if you're the only contributor? 

It kinda makes the project sound like a serious initiative. 

--------------

## 🏆 Acknowledgements 

**[Cloudflare Workers](https://www.cloudflare.com/products/workers)**, along with [Workers KV](https://www.cloudflare.com/products/workers-kv/), [Cloudflare Pages](https://pages.cloudflare.com/) and [Durable Objects](https://blog.cloudflare.com/introducing-workers-durable-objects/). This is the blazing fast platform on which CF-Badger runs and replicates over 200+ locations worldwide. Did I mention CF-Badger is my project for the **[Cloudflare Developer Summer Challenge](https://challenge.developers.cloudflare.com/)**?

**[Shields.io](https://shields.io)**, whose service renders actual badges and without which CF-Badger would generate broken images, which would be ironic.

**[Atrox's Github Actions Badge](https://actions-badge.atrox.dev/)**, on which CF-Badger was inspired.

**[Vitedge](https://vitedge.js.org)**, which is used to build the UI 

**[Miniflare](https://miniflare.dev/)**, whithout which developing is a less likeable experience overall