There are a few ways to deploy the Copilot Metrics Viewer, depending on the type of metrics (Organization/Enterprise) and the level of control required.
The app runs in a Docker container, so it can be deployed anywhere containers are hosted (AWS, GCP, Azure, Kubernetes, etc.).
Review available Nuxt Deployment Options.
Warning
Copilot Metrics Viewer requires a backend, hence it cannot be deployed as a purely static web app.
The Metrics Viewer can be integrated with GitHub application authentication, which authenticates the user and verifies their permissions to view the metrics. This option is recommended since it doesn't use Personal Access Tokens. The downside of using a GitHub application is that it can only authorize users to view metrics at the organization level (no support for Enterprise).
For Enterprise level authentication review Github OAuth Apps.
With a Personal Access Token, user credentials are not verified, and the application simply renders Copilot metrics fetched using the PAT stored in the backend.
By default Azure Deployments deploy a web app available on the public Internet without authentication (unless GitHub app is used).
Application can be easily secured in azure using built-in features like Authentication settings on ACA/AppService (EasyAuth on Azure). Azure Container Apps and App Services allow for adding IP restrictions on ingress. Both can also be deployed using private networking architectures.
Options below provide most basic and cost effective ways of hosting copilot-metrics-viewer.
The simplest way to deploy is to use the "one-click" option that creates resources in Azure. The deployment includes:
- Azure Container App with a consumption environment
- Azure Log Analytics Workspace
Application will use a pre-built docker image hosted in GitHub registry: ghcr.io/github-copilot-resources/copilot-metrics-viewer.
Prerequisites: Contributor permission to a resource group in Azure and a subscription with the Microsoft.App resource provider enabled.
Important
Estimated cost for running this in Azure is about $1 per month, as Container Apps have the first 2 million requests each month free.
-
Option 1 - Using a Personal Access Token in the Backend:
-
Option 2 - Using GitHub App Registration and GitHub Authentication:
When using this method, register your app in Github first.
Important
Important: After deploying Option 2, the redirect URI needs to be updated with the URL of the deployed container app.
Go to: https://github.com/organizations/<your-org>/settings/apps/<your-app> or in the UI to the settings of the registered application and add the following redirect URL: https://<your-container-app-name-and-region>.azurecontainerapps.io/auth/github
Caution
When deploying to a private network, specify a subnet (at least /23) for the Azure Container Apps Environment. App deployment does not create any DNS entries for the application, in order to create a private DNS Zone linked to provided Virtual Network, follow up the deployment with DNS deployment targeting same resource group:
If more control over the deployed container image is needed, an infrastructure-as-code option has been provided using Azure Bicep. The application can be deployed using the Azure Developer CLI (azd).
In this scenario, the container is built from the source code locally, which provides additional opportunities to modify, scan, etc.
Prerequisites:
- Contributor permission to a subscription in Azure with the
Microsoft.Appresource provider enabled. - Permissions for creating role assignments.
- Azure CLI (az), Azure Developer CLI (azd) and Docker installed locally.
Important
Estimated cost for running this in Azure is about $10 per month, Container Apps have the first 2 million requests each month free and Container Registry costs about $5.
The deployment creates:
- Azure Resource Group
- Azure Container App with a consumption environment
- Azure Container Registry
- Azure Log Analytics Workspace
- Azure Application Insights
- Azure Key Vault
Run azd up and follow the prompts.
Application can be deployed anywhere where containers can run and configured via environment variables:
For GitHub App:
docker run -it --rm -p 3000:3000 \
-e NUXT_PUBLIC_SCOPE=organization \
-e NUXT_PUBLIC_GITHUB_ORG=<org name> \
-e NUXT_PUBLIC_USING_GITHUB_AUTH=true \
-e NUXT_OAUTH_GITHUB_CLIENT_ID=<client id> \
-e NUXT_OAUTH_GITHUB_CLIENT_SECRET=<client secret for the GH App> \
-e NUXT_SESSION_PASSWORD=<random string - min 32 characters> \
ghcr.io/github-copilot-resources/copilot-metrics-vieweror with PAT token and enterprise:
docker run -it --rm -p 3000:3000 \
-e NUXT_PUBLIC_SCOPE=enterprise \
-e NUXT_PUBLIC_GITHUB_ENT=<enterprise name> \
-e NUXT_GITHUB_TOKEN=<github PAT> \
-e NUXT_SESSION_PASSWORD=<random string - min 32 characters> \
ghcr.io/github-copilot-resources/copilot-metrics-vieweror with PAT token and organization:
docker run -it --rm -p 3000:3000 \
-e NUXT_PUBLIC_SCOPE=organization \
-e NUXT_PUBLIC_GITHUB_ORG=<org name> \
-e NUXT_GITHUB_TOKEN=<github PAT> \
-e NUXT_SESSION_PASSWORD=<random string - min 32 characters> \
ghcr.io/github-copilot-resources/copilot-metrics-viewerWhile it is possible to run the API Proxy without GitHub app registration and with a hardcoded token, it is not the recommended way.
To register a new GitHub App, follow these steps:
Tip
Navigate using link: replace <your_org> with your organization name and open this link:
https://github.com/organizations/<your_org>/settings/apps
or navigate using UI:
-
Go to your organization's settings.
-
Navigate to "Developer settings".
-
Select "GitHub Apps".
-
Click "New GitHub App".
-
Set a unique name.
-
Provide a home page URL: your company URL or just
http://localhost. -
Add a callback URL for
http://localhost:3000/auth/github. (We'll add the real redirect URL after the application is deployed.) -
Uncheck the "Webhook -> Active" checkbox.
-
Set the scopes:
- Select Organization permissions.
- Under GitHub Copilot Business, select Access: Read-only.
-
Click on 'Create GitHub App' and, in the following page, click on 'Generate a new client secret'. (IMPORTANT: Save it for later)
-
Install the app in the organization:
- Go to "Install App".
- Select your organization.
Note the Client ID and Private Key.