Installation

Prerequisites

• Provision a VM, most Linux distros should work, we prefer Ubuntu LTS. Minimum hardware requirements are 2 cores, 4GB of RAM and 20GB of disk space.
• The VM needs to be network accessible from the Gitlab/Github instance and for your employees on port 80 and 443 for HTTP and HTTPS.
• Create a DNS name under which Depfu will be available. We'll assume you've used depfu.company.internal as the hostname in the following instructions, please replace it with your own hostname.
• Make sure you have a SSL certificate covering that hostname, either as a wildcard or single certificate.
• If you’re running Gitlab and Depfu within a local network, you’ll have to configure Gitlab’s webhook security to allow it to access it:
  • See: https://docs.gitlab.com/ee/security/webhooks.html
  • Allow all local network requests for webhooks or add Depfu’s IP to the Allowlist.

1a. Prepare Gitlab

• Create a machine user user/bot user for Depfu. This user will be used for all actions that Depfu will do, like creating PRs and accessing repos. You can choose the username freely, "depfu" is recommended.
• Impersonate or login as this bot user.
• Add avatar: https://drive.google.com/file/d/1VONfiw9muy0GKN7dONW3dJKWne-A6aLI/view?usp=sharing
• Create Personal Access token for this bot user with these 2 scopes:
  • api
  • read_repository
• Write down the token, we'll need it later.
• Create OAuth app, note app id and secret, scope: api , this will be used to allow individual users to access the Depfu app and to allow them to add repos to Depfu
• Set Callback URL to
  • https://depfu.company.internal/auth/gitlab/callback

1b. Prepare Github Enterprise

• Create Organization named "depfu"
• Go to Org Settings -> Developer Settings -> GitHub Apps
• Click "New Github App"
  • Name
    • Depfu
  • Homepage URL
    • https://depfu.com
  • User authorization callback URL
    • https://depfu.company.internal/auth/github/callback
  • Setup URL:
    • https://depfu.company.internal/installations/new
  • Webhook URL:
    • https://depfu.company.internal/webhooks/github_integration
  • Webhook secret (optional):
    • leave blank
  • Permissions: Important, these have to be exactly like on this screenshot:
    • https://drive.google.com/file/d/1Aded4xhXBKg1Nq4m9PVBF0JceM8CUEmS/view?usp=sharing
  • Subscribe to Events
    • See screenshot above
  • Where can this GitHub App be installed?
    • Any account
• Create Github App
• On that page click Private key -> Generate private key
  • This will download a file, which we'll need later
• Upload the Depfu logo
  • https://drive.google.com/file/d/1VONfiw9muy0GKN7dONW3dJKWne-A6aLI/view?usp=sharing
• Keep this page open in the browser, we'll need the OAuth credentials later

Install Depfu Enterprise

Run these steps as the root user.

Make sure the clock is synchronized on the host and install required tools

apt-get install -y ntp wget git curl

Prepare

mkdir depfu && cd depfu
GIT CLONE
cd enterprise
./depfu prepare
source ~/.bash_profile

Configure

Edit values_local.yaml and start with the given config values from Depfu Support and then replace the following:

• depfu.company.internal replace with your real hostname everywhere
• depfuAdmins replace this list with your gitlab username (without the @)

For Gitlab (with values from above):

• GITLAB_ROOT_URL URL (with https) to your gitlab instance
• CLIENT_ID
• CLIENT_SECRET
• BOT_USERNAME usually just "depfu"
• BOT_ACCESS_TOKEN

Load the SSL certificate

./depfu ssl-update <path_to_crt.pem> <path_to_key.pem>

Install

./depfu install
watch kubectl get pods

Wait for all pods to be in Running state (apart from one), it will take a couple of minutes. After that Depfu should be available and you can login with your personal Gitlab/Github account on depfu.company.internal and start adding your first repos.