Ep. #30, Probot with Bex Warner of GitHub Apps
In episode 30 of JAMstack Radio, Brian is joined by fellow GitHub developer advocate Bex Warner to talk about Probot and the ways its automation tools are improving the GitHub community.
Bex Warner is a developer advocate at GitHub where she works with the open source project Probot as part of GitHub Apps.
In episode 30 of JAMstack Radio, Brian is joined by fellow GitHub developer advocate Bex Warner to talk about Probot and the ways its automation tools are improving the GitHub community.
transcript
Brian Douglas: All right. Welcome to another installment of JAMStack Radio. In the house we've got Bex.
Bex Warner: Hi. Happy to be here.
Brian: I asked you to come on to talk about Probot. We've worked a lot in the last two weeks around Probot. Well you've worked a lot. I've upped my Probot skills in the last couple of weeks. Can you introduce how you got into Probot, as well as what your role is at GitHub?
Bex: I was hired as an intern last summer at GitHub on an engineering team. The team's overarching goal was to solve the problems highlighted by the open source survey, that open source projects struggle with. Such as negative interactions, really low maintainer response times, and just things that generally plague the open source community.
The idea was to do that utilizing GitHub's super awesome APIs. The goal was to utilize GitHub apps in order to create these customized workflows to solve these problems for open source maintainers. As I started working on GitHub apps I realized that the best way to achieve that would be to use Probot. Which is an awesome framework for building GitHub apps.
It abstracts away all of the authentication layers and all the problems.
I worked on that pretty much all summer and luckily GitHub decided to hire me back. So I'm back again this time on the developer relations team, still doing Probot GitHub app stuff.
Brian: What's the difference between a GitHub app and an OAuth integration? Because I know a lot of listeners are probably thinking, "GitHub app? I've never heard of this thing. I know I have an OAuth access through whatever means." How would you describe the difference between GitHub apps?
Bex: OAuth apps were the original way of creating integrations on top of GitHub. They acted as a user and got every single permission to your account. They had access to all your repositories, all your code, can do anything and act as a user.
Over time a lot of companies were like, "I can't have my employees installing OAuth apps because it gives them too many permissions and it's just way too much." So GitHub designed and implemented, it was mostly an engineer named Keavy, who is amazing. Keavy McMinn.
She implemented GitHub apps which achieved the original goal of OAuth apps, which was to make granular permissions for apps so that users know exactly what access they are giving apps. And more easily access the APIs.
Brian: Nice. At my previous employer, programming note, I'm no longer at Netlify. I know I previously did a lot with Netlify. I'm at GitHub now, working.
When I was at Netlify one of the biggest issues we had, at least on Twitter, was the conversation around how much access the Netlify app request through their integration. Because you can use GitHub or GitLab or Bitbucket to deploy your Netlify application. Or sorry, your repo as a Netlify site.
And from my understanding GitHub now with the OAuth permissions with GitHub apps you can now limit scopes, so if you need to deploy a repo you don't need to ask for a private repo access, or even ask for organization access. I think that's one more addition to GitHub apps in general.
Bex: Yeah absolutely. The limiting of scopes is really definitely a big perk.
Brian: Can you explain how Probot works and how it sits on a layer on top of GitHub apps and these interactions?
Bex: Absolutely. The way that you start with the GitHub app is you need to get an authentication access token. You do so through a method called JWT which stands for JSON Web Token, and it's this very complicated process that involves encrypting a secret and sending it to the GitHub API and then using the response as an installation ID to get a token back. And that all is horrible to do.
Probot abstracts all that away, and what you get is a webhook handler. You listen on GitHub webhooks and then you get an authenticated GitHub client already authenticated using your access token, and you can then respond to webhook events through the GitHub API.
Brian: And that's the full package. You start with Probot. I know you can do the Probot CLI, which is Create Probot App. So you get all of that out of the box.
Bex: Yeah. You just run Create Probot App which installs a folder with boilerplate files, which is the basics of what you need to get started with the Probot app. All of that out of the box.
All you need to do is register a GitHub app on GitHub itself and get an app ID from GitHub, as well as a private key from Github. Once you have those two pieces of information you plug them into your Probot app in your .env file. Which is just an environmental variable. And then Probot knows exactly to look there and to use those.
Brian: Cool. There's a lot of examples of apps out there. I'm curious if you have any examples of Probot apps that you've built, or maybe the community has put out front and center for people to use.
Bex: Yes. One of the first Probot apps that I worked on was inspired by the idea of solving open source community problems through the open source survey, and that app is called Sentiment Bot. And the goal of Sentiment Bot was to decrease negative interactions in the open source community. It utilizes Google's prespective API in order to perform sentiment analysis on comments.
Brian: Can you go into more details of what sentiment results you get from Sentiment Bot?
Bex: Absolutely. So imagine if you're having a comment section and someone, not a member of your community comments, "This issue is--" a swear word, or something really awful. And just goes off and talks about how horrible everyone on your team is and just says really mean things. Sentiment Bot will immediately listen on the webhook that that issue comment was created and immediately perform sentiment analysis on that comment.
Based on the sentiment threshold that you can customize, you could take more or less toxic comments, Sentiment Bot will reply to that comment with a link to your repository's code of conduct as well as @-mention any teams that might be relevant. So if you have a maintainers team, you could tag them right there.
Brian: Are there any projects using this bot yet?
Bex: Yes. I don't know them off the top of my head.
Brian: Cool. Can we take a short break from Probot? I'm curious more about your internship last year about the Community & Safety team and how all this stuff came about. There is a team at GitHub that's working on solving some of these problems that Sentiment Bot and Behavior Bot Bot potentially are solving. So what are the new features in GitHub?
Bex: The Community & Safety team is doing a lot of awesome work around making sure our users are protected from harassment and protected publicly in their profiles. One thing I know that they've worked on for a long time is making sure that if you want to keep your email private, it's completely private throughout. So dealing with email permissions.
They've also been leading the effort for minimized comments. Which is if there is a comment that's spammy on your issue, you can market as spam and it will disappear from the timeline. Or it will be like, "This comment was minimized for being spam." They've also worked on the comment edit history, which I think is really important.
Brian: That's a recent feature.
Bex: Yeah, very recent. GitHub is unique in that it allows other people to edit your comments. And so the comment edit history allows you to see what edits that are going on, and confirm that these weren't bad things that shouldn't have been edited.
Brian: It was a happy, but also a sad time when that was shipped, because I'll open up an issue and then I'll think about it. I tend to open a lot of issues at night, as I'm thinking, or doing some code. And also PRs. So I'll open up issues and then I'll edit it 100 times.
Because I'm like, "I should reword this," or, "I need to change the wording of this so it doesn't seem like I'm so demanding." And now everybody can see my history. And I know you can delete history now, if you'd like to. But I'm like, "Aw man. I'm foiled again. My open source work is out in the open."
Bex: Personally, I love to use the feature to correct people's usage of my pronouns.
Brian: I like that you can edit issues that you created as well, but you can also erase that from the history too. I know about Behavior Bot, I think the listeners would love to hear a little bit more about Behavior Bot and your one problem you mentioned about solving sentiments. But what other features of your whole scope of Behavior Bot can you use today?
Bex: Behavior Bot was the name for all of the different GitHub apps that got created from that project as a result. And within Behavior Bot, there's Sentiment Bot which I think is one of the most interesting. There's also Welcome which does exactly what it sounds like. It welcomes new users to your repository. So it listens on new issues, new PRs and pull requests merged.
If those users are taking any of those individual actions for the first time in your repository it will comment on them with whatever the maintainers of the repository want it to comment with.
In Probot for example, when people merge their first PR we reply to it with a .gif of a dancing robot.
Brian: Very cool. I love that you could enhance GitHub through adding your own features. A couple of years ago, and a lot of people might not remember or might not be aware of, the "Dear GitHub..." letter where open source maintainers presented their grievances and said, "These are things that aren't working in open source and contributions."
The cool thing about GitHub apps and Probot is that a lot of these features that we would love to have as maintainers of projects and users or consumers at GitHub, you can add yourself. So one of them I saw, which I don't know if you can provide more background, is the WIP Bot which is "Work In Progress."
Which is a feature that I didn't know existed as an app until I joined GitHub. A lot of times I'll open up a PR, and I only open up a PR for feedback not for merging. I always put WIP on my branches I don't want to merge, and this bot itself literally blocks mergers from happening by adding WIP on there.
Bex: Yes. It updates a status check, which is what your CI looks like at the bottom of a GitHub pull request, and sets it to failing. If you have work in progress or WIP or any variation of that in the title of your pull request.
Brian: If listeners want to build a Probot app today, or enhance GitHub through GitHub apps. How could someone get started?
Bex: I think the best place to start is the Probot docs. They're found at Probot.GitHub.io/docs and that walks you through the basics of understanding everything from web hooks, to how to use the GitHub API, to understanding how to utilize Probot and utilize the APIs within Probot.
Brian: Awesome. And there is a Slack group, as well?
Bex: Yes. We have a lot of community outreach right now. We have a channel that anyone is welcome to join, ask any kind of questions. Whatever they are stuck on. We also offer once a week office hours at 10:00 a.m. on Thursdays, Pacific time. Anyone is welcome to join. Ask any questions that they might be struggling with building their Probot app.
Brian: Very cool. I think we had a really great conversation on Probot and around GitHub apps. I think it's an awesome project and hopefully people can reach out to you on the Twitters, or in some speaking engagements, or in your comments on your blogs in the future. But from there I want to transition us to picks.
These are things that we are jamming on, things that keep us going and keep us excited about the stuff that we do day to day as developers. I will go first. I'll give you the benefit to think through if you don't have any picks prepared.
My first pick is going to be The Carters, which is the the new Beyonce, Jay-Z album. I was a big fan of Jay-Z growing up listening to his hip hop. Not as big of a fan anymore. I'm more of a Beyonce fan at this point. I appreciate the collaboration, I think it's a good album to listen to if you're interested in rap, and hip hop, and R&B of the day. Very trappy, this album.
It's nice to have that mind-numbing experience to listen to in the background.
Because I know a lot of people like to listen to music that doesn't have words in it. I like to listen to music that does have words in it, because when I need to take a break from thinking, I can stop and listen to whatever nonsense Jay-Z's rapping about.
That's going to be my pick. That's my music pick. For my other pick, I built a Probot app and it's called Gipht. And basically you just do .Gipht into a comment on issues and it will, you have to install it first. You have to go to GitHub.com/Apps/Gipht, and then once you've installed it any repo that has an issue comment, just type in "Gipht" with a type of word.
If you want "Gipht cat," then it'll just do a gipht of a cat in a comment. That was my first experience in Probot and the first thing I shipped. So check that out. I've also been live streaming on Twitch, so follow me on Twitter. You guys know my Twitter account.
You'll see me whenever I tweet out that I'm going to be live making Probot apps and other code related to my day to day. Stuff I'm looking up to. So Bex, have I stalled enough? Do you have anything you want to share?
Bex: My first pick is definitely also a music pick. It's been a song that I've been obsessed with for a long time but has recently come back into my life. It's "Come Together" by The Beatles. It is a true classic and really just brings back a lot of memories for me. So it's been keeping me going.
Brian: I never grew up listening to The Beatles, but once I got into college and I think, "Across the Universe," I'm dating myself. College years was a while ago for me. When that came out my brother gave me every illegally downloaded Beatles album.
I don't know if I should be admitting this out loud. But anyway, so I listened to all of The Beatles catalog at that time and then I became to love The Beatles and actually know their songs. Do you have any other picks for us?
Bex: I think my general life pick right now would be having many irons in the fire.
Right now I'm investing myself in a lot of different things and as much as it can be a little overwhelming, it's also really satisfying when things work out.
Brian: Awesome. It's like hedging your bets. Like, "If this project doesn't work, out I've got six others."
Bex: Exactly.
Brian: Awesome. Well, Bex, I really appreciate you jumping on and chatting with me about Probot and your experiences that GitHub as an intern. Best of luck the rest of the summer as you continue intern and hopefully things work out. Future endeavors and other irons that are in the fire.
Bex: Thank you so much.
Brian: Listeners, keep spreading the JAM.
Subscribe to Heavybit Updates
You don’t have to build on your own. We help you stay ahead with the hottest resources, latest product updates, and top job opportunities from the community. Don’t miss out—subscribe now.
Content from the Library
O11ycast Ep. #71, Evaluating LLM-based Apps with Shir Chorev of Deepchecks
In Episode 71 of o11ycast, Jessica Kerr and Austin Parker sit down with Shir Chorev to delve into the nuances of incorporating...
How It's Tested Ep. #4, Session-Based Testing with Jacob Stevens
In episode 4 of How It’s Tested, Eden Full Goh speaks with testing expert Jacob Stevens. Together they unpack session-based...
O11ycast Ep. #61, What Comes After o11y with Heidi Waterhouse of Sym
In episode 61 of o11ycast, Jessica and Martin speaks with Heidi Waterhouse of Sym. Together they explore the sensations of...