Setup Guide

We have provided a guide to test whether applications have been correctly set up.

Testing Guide

Creating an OAuth App for Sider

First of all, create a new OAuth app on GitHub Enterprise; check "Creating an OAuth App" as necessary. Fill in each field to match your specifications:

Application name: Sider
Homepage URL: https://[your-web-service-domain]/ (e.g. https://sider.review/)
Application description: (optional)
Authorization callback URL: https://[your-web-service-domain]/users/auth/github

After successful registration, store the Client ID and Client Secret with the environment variables below:

Client ID: GITHUB_CLIENT_ID
Client Secret: GITHUB_CLIENT_SECRET

Creating a new GitHub App for Sider

You must also create a new GitHub App for Sider. Follow these steps:

Go to https://[your-github-enterprise-domain]/organizations/[your-organization-name]/settings/apps/new
- [your-organization-name] is an arbitrary organization name. You can see your organizations on: https://[your-github-enterprise-domain]/settings/organizations
Fill out the Register new GitHub App form by specifying the following:
- GitHub App name: Sider
  - Store the value in lowercase as an environment variable GITHUB_APP_NAME
- Homepage URL: https://[your-web-service-domain]/ (e.g. https://sider.example.com/)
- User authorization callback URL: https://[your-web-service-domain]/users/auth/github_app_oauth2/callback
- Setup URL: https://[your-web-service-domain]/gh/setup
- Webhook URL: https://[your-web-service-domain]/webhooks/github
- Webhook secret: Arbitrary secret characters
  - For example, you can get it by running tr -dc '[:alnum:]' < /dev/urandom | head -c32 on your terminal.
  - Store the value as an environment variable GITHUB_APP_WEBHOOK_SECRET

Set up the application's Permissions like below:

Permission name Access

Repository contents Read-only

Repository metadata Read-only

Pull requests Read & Write

Commit statuses Read & Write

Organization members Read-only

Permission name	Access
Repository contents	Read-only
Repository metadata	Read-only
Pull requests	Read & Write
Commit statuses	Read & Write
Organization members	Read-only

GitHub App Permissions

Enable the following events on Subscribe to events:
- Member
- Organization
- Pull request
- Pull request review
- Pull request review comment
- Repository

GitHub App Events

Choose Any account on Where can this GitHub App be installed?

GitHub App Installable scope

Click Create GitHub App
- After the success of the registration, keep the parameters as environment variables:
  - ID as GITHUB_APP_ID
  - Client ID as GITHUB_APP_OAUTH2_CLIENT_ID
  - Client secret as GITHUB_APP_OAUTH2_CLIENT_SECRET
Click Generate private key
- Then your browser downloads PEM file
Encode the PEM file with Base64 and keep the value as an environment variable GITHUB_APP_PRIVATE_KEY
- Run base64 /path/to/PEM if your OS is macOS
- Run base64 -w0 /path/to/PEM if your OS is Linux

Create a Database Instance

Create a database instance on AWS; as needed, check "Creating a DB Instance Running the MySQL Database Engine". After creating a database, select the engine version 5.7.x. Then select an instance type and a stage size according to your team's scale. We have confirmed behaviors when we set db.t2.medium and 50GB storage size as a test.

Pay attention not to create initial databases when creating an instance on RDS because it has problems against character code. And, max_allowed_packet should be set around 128MB to store analysis results in the database properly.

Create an ElastiCache cluster

Create an ElastiCache cluster; as needed, check "What Is Amazon ElastiCache for Redis?". We have confirmed behaviors in our environment for testing; which is uses cache.r3.large.

In addition, set timeout around 60 in parameter group because Redis clusters created with ElastiCache has no setting for timeout.

Create a bucket

Create a bucket; as needed, check "Create a Bucket". The bucket you created stores your encrypted source code. One of Sider's applications downloads the source code by using URL which S3 created when analyzing.

You need to set the bucket policy like the example below to ensure Sider has permission for operation and security:

{
  "Id": "AllowVPCE",
  "Statement": [
    {
      "Action": "s3:GetObject",
      "Effect": "Allow",
      "Principal": "*",
      "Resource": "arn:aws:s3:::your-bucket-name/*",
      "Sid": "AllowS3Download"
    }
  ],
  "Version": "2012-10-17"
}

The policy permits access to objects via URL input directly although it doesn't permit access to the index of objects. You can be assured of security because Sider uploads files with designated unpredictable object keys.

If you'd like to be assured with a higher level of security, you could consider some additional methods; restricting access to specific VPC endpoints or restricting computers that can access via certain IP addresses?

Example Bucket Policies for VPC Endpoints for Amazon S3

We have recommended set rules to delete stored archives every week because the archives will remain if not set to be deleted.

Create an Amazon EC2 instance

Create an instance; as needed, check "Getting Started with Amazon EC2 Linux Instances". You can select EC2 instance type and storage size according to your team's scale. We have confirmed behaviors when we set c4.2xlarge and 50GB as storage size as a test.

The guide assumes you are using Amazon Linux AMI 2017.09. However, there are no requirements for AMI if you can run Docker.

An application that runs on an instance uploads your source code to S3. Thus, you need to set IAM roles that attach IAM policy in order to permit API calls. The following policy is an example which restricts API requests to specific buckets.

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "Stmt151246256049",
      "Action": "s3:*",
      "Effect": "Allow",
      "Resource": "arn:aws:s3:::your-bucket-name/*"
    }
  ]
}

Install Docker

Install Docker after connecting your EC2 instance via SSH; you can use the following document "Get Docker CE for CentOS". We had confirmed behavior when we used Docker 17.06.2-ce as a test.

Install docker-compose

Install docker-compose; you can use the following document "Install Compose". We had confirmed behavior when we used docker-compose version 1.17.0 as a test.

Download Application Images

Sider consists of 3 applications which are provided as Docker images on Quay.io. Pull the images with a robot account that can access Quay.io. When you login in with a robot account, the document "Robot Accounts" will help you.

$ docker pull quay.io/actcat/sideci:${VERSION}
$ docker pull quay.io/actcat/catpost:${VERSION}
$ docker pull quay.io/actcat/setaria:${VERSION}

We will introduce the details of the robot account and Docker images version separately.

Set Environment Variables

Set required environment variables for each application. You need to replace {{...}} with proper parameters.

ENV File for Sider

Create sideci.env as an env file for Sider.

EXCEPTION_NOTIFIER_EMAIL and EXCEPTION_NOTIFIER_BUGSNAG will be optional variables in the future.

BUGSNAG_API_KEY is required even if you don't use Bugsnag. Please set to something like "foo".

RAILS_ENV=onprem
SECRET_KEY_BASE={{FIXME: Secret for running the application}}
DATABASE_URL=mysql2://{{FIXME: RDS user name}}:{{FIXME: RDS user password}}@{{FIXME: RDS endpoint}}/sideci?encoding=utf8mb4&connectTimeout=5000&sslca=config/rds-combined-ca-bundle.pem
REDIS_URL=redis://{{FIXME: Redis endpoint}}/0
BUGSNAG_API_KEY={{FIXME: Bugsnag API key}}
EXCEPTION_NOTIFIER_RECIPIENT_EMAILS={{FIXME: Email address to receive exception notifications}}
ACTION_MAILER_SMTP_USER_NAME={{FIXME: SMTP user name}}
ACTION_MAILER_SMTP_USER_PASSWORD={{FIXME: SMTP user password}}
ACTION_MAILER_SMTP_DOMAIN={{FIXME: Domain name}}
ACTION_MAILER_SMTP_ADDRESS={{FIXME: SMTP server host}}
ACTION_MAILER_SMTP_PORT={{FIXME: SMTP server port number}}
ACTION_MAILER_SMTP_AUTHENTICATION={{FIXME: SMTP authentication method}}
ACTION_MAILER_SMTP_ENABLE_STARTSSL_AUTO=true
ACTION_MAILER_DEFAULT_FROM_EMAIL={{FIXME: Default FROM Email address}}
BASE_URL=https://{{FIXME: Your Sider domain name}}
PUSHER_API_ID={{FIXME: Your Pusher API ID}}
PUSHER_API_KEY={{FIXME: Your Pusher API Key}}
PUSHER_API_SECRET={{FIXME: Your Pusher API Secret}}
PUSHER_CLUSTER={{FIXME: Your Pusher cluster name}}
GITHUB_APP_ID={{FIXME: Your GitHub App ID}}
GITHUB_APP_NAME={{FIXME: Your GitHub App name}}
GITHUB_APP_PRIVATE_KEY={{FIXME: Your GitHub App Private Key encoded with Base64}}
GITHUB_APP_OAUTH2_CLIENT_ID={{FIXME: Your GitHub App OAuth2 Client ID}}
GITHUB_APP_OAUTH2_CLIENT_SECRET={{FIXME: Your GitHub App OAuth2 Client Secret}}
GITHUB_APP_WEBHOOK_SECRET={{FIXME: Your GitHub App Webhook Secret}}
GITHUB_CLIENT_ID={{FIXME: Your GitHub Enterprise OAuth2 client ID}}
GITHUB_CLIENT_SECRET={{FIXME: Your GitHub Enterprise OAuth2 client secret}}
GITHUB_OAUTH_HEAD_ENCRYPTION_KEY={{FIXME: Encryption key}}
GITHUB_API_ENDPOINT=https://{{FIXME: Your GitHub Enterprise host name}}/api/v3/
GITHUB_ENDPOINT=https://{{FIXME: Your GitHub Enterprise host name}}/
CATPOST_BASE_URL=http://catpost_web:3000
CATPOST_SECRET={{FIXME: Catpost secret}}
SETARIA_BASE_URL=http://setaria_web:3000
SETARIA_SECRET={{FIXME: Setaria secret}}
LOGGLY_URL=https://logs-01.loggly.com/inputs/{{FIXME: Loggly token}}/tag/sideci

ENV File for Catpost

Create catpost.env as an env file for Catpost.

EXCEPTION_NOTIFIER_EMAIL and EXCEPTION_NOTIFIER_BUGSNAG will be optional variables and API_TOKEN will be replaced with API_SECRET in the future.

BUGSNAG_API_KEY is required even if you don't use Bugsnag. Please set to something like "foo".

RAILS_ENV=onprem
SECRET_KEY_BASE={{FIXME: Secret for running the application}}
DATABASE_URL=mysql2://{{FIXME: RDS user name}}:{{FIXME: RDS user password}}@{{FIXME: RDS endpoint}}/catpost?encoding=utf8mb4&charset=utf8mb4&sslca=config/rds-combined-ca-bundle.pem
REDIS_URL=redis://{{FIXME: Redis endpoint}}/1
BUGSNAG_API_KEY={{FIXME: Bugsnag API key}}
EXCEPTION_NOTIFIER_RECIPIENT_EMAILS={{FIXME: Email address to receive exception notifications}}
ACTION_MAILER_SMTP_USER_NAME={{FIXME: SMTP user name}}
ACTION_MAILER_SMTP_USER_PASSWORD={{FIXME: SMTP user password}}
ACTION_MAILER_SMTP_DOMAIN={{FIXME: Domain name}}
ACTION_MAILER_SMTP_ADDRESS={{FIXME: SMTP server host}}
ACTION_MAILER_SMTP_PORT={{FIXME: SMTP server port number}}
ACTION_MAILER_SMTP_AUTHENTICATION={{FIXME: SMTP authentication method}}
ACTION_MAILER_SMTP_ENABLE_STARTSSL_AUTO=true
ACTION_MAILER_DEFAULT_FROM_EMAIL={{FIXME: Default FROM Email address}}
S3_BUCKET_NAME={{FIXME: Your S3 bucket name}}
S3_REGION_NAME={{FIXME: Your AWS region name}}
API_TOKEN={{FIXME: Catpost secret}}
URL_ENCRYPTION_KEY={{FIXME: URL Encryption key}}
ARCHIVE_ENCRYPTION_KEY={{FIXME: Archive Encryption key}}
ARCHIVE_NAME_SECRET={{FIXME: Archive name secret}}
GIT_REPOS_DIR=/var/git_repos
TERM_CHILD=1
QUEUE=*
VERBOSE=1
LOGGLY_URL=https://logs-01.loggly.com/inputs/{{FIXME: Loggly token}}/tag/catpost

ENV File for Setaria

Create setaria.env as an env file for Setaria.

EXCEPTION_NOTIFIER_EMAIL and EXCEPTION_NOTIFIER_BUGSNAG will be optional variables in the future.

BUGSNAG_API_KEY is required even if you don't use Bugsnag. Please set to something like "foo".

RAILS_ENV=onprem
SECRET_KEY_BASE={{FIXME: Secret for running the application}}
DATABASE_URL=mysql2://{{FIXME: RDS user name}}:{{FIXME: RDS user password}}@{{FIXME: RDS endpoint}}/setaria?encoding=utf8mb4&sslca=config/rds-combined-ca-bundle.pem
REDIS_URL=redis://{{FIXME: Redis endpoint}}/2
BUGSNAG_API_KEY={{FIXME: Bugsnag API key}}
EXCEPTION_NOTIFIER_RECIPIENT_EMAILS={{FIXME: Email address to receive exception notifications}}
ACTION_MAILER_SMTP_USER_NAME={{FIXME: SMTP user name}}
ACTION_MAILER_SMTP_USER_PASSWORD={{FIXME: SMTP user password}}
ACTION_MAILER_SMTP_DOMAIN={{FIXME: Domain name}}
ACTION_MAILER_SMTP_ADDRESS={{FIXME: SMTP server host}}
ACTION_MAILER_SMTP_PORT={{FIXME: SMTP server port number}}
ACTION_MAILER_SMTP_AUTHENTICATION={{FIXME: SMTP authentication method}}
ACTION_MAILER_SMTP_ENABLE_STARTSSL_AUTO=true
ACTION_MAILER_DEFAULT_FROM_EMAIL={{FIXME: Default FROM Email address}}
QUAY_ROBOT_NAME={{FIXME: Quay robot account name}}
QUAY_ROBOT_PASSWORD={{FIXME: Quay robot account password}}
API_SECRET={{FIXME: Setaria secret}}
SSH_KEY_ENCRYPTION_KEY={{FIXME: SSH Key Encryption key}}
TERM_CHILD=1
QUEUE=*
VERBOSE=1
LOGGLY_URL=https://logs-01.loggly.com/inputs/{{FIXME: Loggly token}}/tag/setaria

Details of Environment Variables

Variable Name	Application	Description
`RAILS_ENV`	ALL	Set `onprem`. You don't need to change the value.
`SECRET_KEY_BASE`	ALL	A value to create a Cookie. You need to use the value created from executing `rake secret` and it MUST use a different value for each application.
`DATABASE_URL`	ALL	The endpoint when you created a database instance. Although you should use parameters of `encoding`, `charset`, and `sslca` without revisions, you should revise the username, password, domain and port number according to your team.
`REDIS_URL`	ALL	The endpoint when you create an ElastiCache cluster. The domain and port number should be revised according to your team. Set different IDs at the end of the parameters for each application. Don't share queues because we suppose that three Sider applications use the same ElastiCache cluster.
`EXCEPTION_NOTIFIER_RECIPIENT_EMAILS`	ALL	An email address to notify with details when applications raise unhandled exceptions. You can set multiple email addresses by separating them with commas.
`ACTION_MAILER_SMTP_USER_NAME`	ALL	The username to authenticate your mail server. See "Action Mailer Configuration".
`ACTION_MAILER_SMTP_USER_PASSWORD`	ALL	The user password to authenticate your mail server. See "Action Mailer Configuration".
`ACTION_MAILER_SMTP_DOMAIN`	ALL	A HELO domain to identify the domain name. See "Action Mailer Configuration".
`ACTION_MAILER_SMTP_ADDRESS`	ALL	The remote mail server to send emails from applications. See "Action Mailer Configuration".
`ACTION_MAILER_SMTP_PORT`	ALL	The port number of your mail server. See "Action Mailer Configuration".
`ACTION_MAILER_SMTP_AUTHENTICATION`	ALL	The authentication type. See "Action Mailer Configuration".
`ACTION_MAILER_SMTP_ENABLE_STARTSSL_AUTO`	ALL	Detects if STARTTLS is enabled in your STTP server. The default value is `true`. See "Action Mailer Configuration".
`ACTION_MAILER_DEFAULT_FROM_EMAIL`	ALL	Default FROM Email address which is included in Emails sent from Sider
`BASE_URL`	sideci	Homepage URL you got when you registered for an OAuth App.
`PUSHER_API_ID`	sideci	Value provided by Pusher.
`PUSHER_API_KEY`	sideci	Value provided by Pusher.
`PUSHER_API_SECRET`	sideci	Value provided by Pusher.
`PUSHER_CLUSTER`	sideci	Value provided by Pusher.
`GITHUB_APP_ID`	sideci	GitHub App ID. See "Creating a new GitHub App for Sider".
`GITHUB_APP_NAME`	sideci	GitHub App name. We recommend you to set the value to `sider`. See "Creating a new GitHub App for Sider".
`GITHUB_APP_PRIVATE_KEY`	sideci	GitHub App private key encoded with Base64. See "Creating a new GitHub App for Sider".
`GITHUB_APP_OAUTH2_CLIENT_ID`	sideci	GitHub App OAuth2 client ID. See "Creating a new GitHub App for Sider".
`GITHUB_APP_OAUTH2_CLIENT_SECRET`	sideci	GitHub App OAuth2 client secret. See "Creating a new GitHub App for Sider".
`GITHUB_APP_WEBHOOK_SECRET`	sideci	GitHub App Webhook secret. See "Creating a new GitHub App for Sider".
`GITHUB_CLIENT_ID`	sideci	Client ID you got when registering for an OAuth App.
`GITHUB_CLIENT_SECRET`	sideci	Client Secret you got when registering for an OAuth App.
`GITHUB_OAUTH_HEAD_ENCRYPTION_KEY`	sideci	Key that is used to encrypt an OAuth token for each user generated in GitHub. Set characters; you can get it with following command. DO NOT CHANGE the value after you set it once because Sider fails to decrypt stored OAuth tokens.
`GITHUB_API_ENDPOINT`	sideci	API endpoint that Sider uses to connect GitHub Enterprise; which is `https://[your-github-enterprise-host]/api/v3/`.
`CATPOST_BASE_URL`	sideci	Set `http://catpost_web:3000`. If you would like to change the service name or port number on `docker-compose`, replace the URL with the name/number you set.
`CATPOST_SECRET`	sideci	Set the same value of `API_TOKEN`.
`SETARIA_BASE_URL`	sideci	Set to `http://setaria_web:3000`. If you would like to change the service name or port number on `docker-compose`, replace the URL with the name/number you set.
`SETARIA_SECRET`	sideci	Set the same value of `API_SECRET`.
`API_TOKEN`	catpost	The token that is used for authentication for API connections. We recommend you to set it to an adequate length of characters, which you can generate with `rake secret`.
`API_SECRET`	setaria	The token that is used for authentication for API connections. We recommend you to set it to an adequate length of characters, which you can generate with `rake secret`.
`BUGSNAG_API_KEY`	ALL	API key provided by Bugsnag. Bugsnag is used for investigating problems.
`LOGGLY_URL`	ALL	URL provided by Loggly. Loggly is used for investigating problems.
`S3_BUCKET_NAME`	catpost	The bucket name you got when you created a bucket.
`S3_REGION_NAME`	catpost	The region name you got when you created a bucket.
`URL_ENCRYPTION_KEY`	catpost	The key used to encrypt the URL that includes the OAuth token. Set characters; you can get it with following command.
`ARCHIVE_ENCRYPTION_KEY`	catpost	The key that is used to encrypt source code before analyzing. Set characters; you can get it with following command.
`ARCHIVE_NAME_SECRET`	catpost	The random data that is used to hash archived names of encrypted source code. Set characters; you can get it with following command.
`GIT_REPOS_DIR`	catpost	Directory names that Catpost stores cache to at local storage. Specify the file path on the container which is mounted on run.
`SSH_KEY_ENCRYPTION_KEY`	setaria	The encryption key to encrypt the SSH private key. It resolves private dependencies. Set characters; you can get it with following command. DO NOT CHANGE the value after you set it once because Setaria fails to decrypt stored OAuth tokens and source code.
`QUAY_ROBOT_NAME`	setaria	The robot name provided by Quay.io. It is used to pull Docker images of analyzers.
`QUAY_ROBOT_PASSWORD`	setaria	The robot password provided by Quay.io. It is used to pull Docker images of analyzers.

Command to get keys

The following command will give you keys to untilize as encryption keys:

GITHUB_OAUTH_HEAD_ENCRYPTION_KEY
URL_ENCRYPTION_KEY
ARCHIVE_ENCRYPTION_KEY
ARCHIVE_NAME_SECRET
SSH_KEY_ENCRYPTION_KEY.

$ tr -dc '[:alnum:]' < /dev/urandom | head -c32

Settings for docker-compose

Create docker-compose.yml to run Sider applications. sideci.env, catpost.env and setaria.env are the files mentioned above. You need to replace {{RELEASE_TAG}} with an actual tag name.

version: '3'
services:
  sideci_web:
    image: quay.io/actcat/sideci:{{RELEASE_TAG}}
    env_file:
      - ./sideci.env
    command: bundle exec puma
    ports:
      - "3000:3000"
  sideci_worker:
    image: quay.io/actcat/sideci:{{RELEASE_TAG}}
    env_file:
      - ./sideci.env
    command: bundle exec sidekiq -C ./config/sidekiq.yml
  catpost_web:
    image: quay.io/actcat/catpost:{{RELEASE_TAG}}
    env_file:
      - ./catpost.env
    command: bundle exec puma
    ports:
      - "3000"
    volumes:
      - git_repos:/var/git_repos
  catpost_worker:
    image: quay.io/actcat/catpost:{{RELEASE_TAG}}
    env_file:
      - ./catpost.env
    command: bundle exec rake environment resque:work
    volumes:
      - git_repos:/var/git_repos
  catpost_scheduler:
    image: quay.io/actcat/catpost:{{RELEASE_TAG}}
    env_file:
      - ./catpost.env
    command: bundle exec rake environment resque:scheduler
    volumes:
      - git_repos:/var/git_repos
  setaria_web:
    image: quay.io/actcat/setaria:{{RELEASE_TAG}}
    env_file:
      - ./setaria.env
    command: bundle exec puma
    ports:
      - "3000"
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
  setaria_worker:
    image: quay.io/actcat/setaria:{{RELEASE_TAG}}
    env_file:
      - ./setaria.env
    command: bundle exec rake environment resque:work
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
volumes:
  git_repos:

Setup Database

Start containers and create a database and tables base with the docker-compose.yml.

$ docker-compose run sideci_web bundle exec rake db:setup db:seed_fu
$ docker-compose run catpost_web bundle exec rake db:setup
$ docker-compose run setaria_web bundle exec rake db:setup

Starting Applications

Run the applications after completing the database setup.

$ docker-compose up

Create Elastic Load Balancing(ELB)

Create a load balancer to receive requests from the exterior through port 443 because you can send HTTP requests to the applications on port 3000 from the EC2 instance. To create the Application Load Balancer, you need to route HTTPS requests to port 3000 for the EC2 instance. This document, "Create an Application Load Balancer" will tell you about the load balancer creation on AWS.

We recommend to permit only HTTPS requests when introducing Sider.
- Of course, you can examine Sider with HTTP.
Designate /api/health_check as the path for health check.
DO NOT use Classic Load Balancer because we have confirmed that problems occurred when connecting it to sideci.

Lastly, register CNAME record which can resolve BASE_URL with ELB endpoint on DNS.

Check Behaviors of Applications

When all configurations are completed, you will see the Sider pages with the URL registered on DNS. Please do the checks below:

Correctly redirect to GitHub Enterprise when signing up to Sider.
The repositories you have on GitHub Enterprise show up in "Select a Repository" page.
Pull requests that are added into Sider start getting analyzed.

The Sider build is complete if the check behaviors pass!

Settings for Batch Tasks

Sider has tasks which should be executed to keep operations stable. Set crontab to run the following commands every day.

$ docker-compose run sideci_web bundle exec rake onprem:batch:daily
$ docker-compose run catpost_web bundle exec rake onprem:batch:daily
$ docker-compose run setaria_web bundle exec rake onprem:batch:daily

We recommend executing these commands when there is less analysis because these commands update database records for all users and all repositories.

Prune Docker Images

As you use Sider, disk usage will increase because of the increase in unused images. This is why:

Older versions of images of Sider won't be used after you update it.
Older versions of images of analyzers won't be used after you update them.

Unexpected errors occur when unused images occupy the disk. We recommend pruning the images on a regular basis.

$ docker image prune
$ docker image prune --all     # To prune ALL unused images of containers.

If you run these processes while running Sider, the application images, which are sideci, catpost and setaria, won't be deleted. On the other hand, idled analyzer images will be deleted. If that were the case, the missing analyzer images would be downloaded automatically when Sider requires them for analysis.

Set Administrators

You can assign administrators who are able to access the administration console. The page provides registered users information, analysis information and so on for the administrators.

$ docker-compose run sideci_web bundle exec rake admin:promote[{{FIXME: github nickname}}]

Replace {{FIXME: github nickname}} with your GitHub username and execute the command. Only GitHub users assigned as administrators can access the console. You can see the GitHub usernames if you look at the user page in GitHub Enterprise; for example, if the page URL is https://github.com/sider_user, the user name is sider_user.

If a user is assigned as an administrator with the command above, sign into Sider with the GitHub Enterprise account and access it with /admin in Sider. For example, https://github.com/sider_user/admin.