Create The GitHub App¶
Overview¶
Create a GitHub App for the self-hosted Code Review deployment. The app lets CloudAEye receive pull request webhooks, read repository content for indexing and review, write review output back to pull requests, and update check results.
See GitHub's Registering a GitHub App guide for reference.
Prerequisites¶
- Access to create a GitHub App in the target organization or account.
Step 1: Fill In General Settings¶
Use values like the following:
| GitHub App setting | Value |
|---|---|
| GitHub App name | A unique name such as cloudaeye-code-review-<company> |
| Description | CloudAEye self-hosted code review integration |
Step 2: Configure Webhooks¶
Keep webhooks active and set the webhook endpoint:
| GitHub App setting | Value |
|---|---|
| Active | Enabled |
| Webhook secret | Generate a long random secret and save it for terraform.tfvars |
If the final ALB is not available yet, create the GitHub App, complete the Terraform deployment, get the final value from terraform output app_base_url, then update the GitHub App Webhook URL before testing pull request reviews.
Subscribe to these webhook events in the GitHub App:
| Event | GitHub event description |
|---|---|
| Check run | Check run is created, requested, rerequested, or completed |
| Check suite | Check suite is requested, rerequested, or completed |
| Commit comment | Commit or diff commented on |
| Issue comment | Issue comment created, edited, or deleted |
| Issues | Issue opened, edited, deleted, closed, reopened, or assigned |
| Pull request | Pull request opened, reopened, synchronized, or ready for review |
| Pull request review | Pull request review submitted, edited, or dismissed |
| Pull request review comment | Pull request diff comment created, edited, or deleted |
| Pull request review thread | Pull request review thread resolved or unresolved |
Step 3: Set Repository Permissions¶
Set the minimum permissions needed for Code Review:
| Permission | Access | Why CloudAEye needs it |
|---|---|---|
| Checks | Read and write | Create or update review checks |
| Commit statuses | Read | Read commit status context |
| Contents | Read-only | Read source files for indexing and review |
| Issues | Read and write | Read and write issue-style pull request comments where GitHub uses issue APIs |
| Metadata | Read-only | Required by GitHub for GitHub Apps |
| Pull requests | Read and write | Read pull request diffs and write review output |
Step 4: Choose Where The App Can Be Installed¶
Select Only on this account so that the app can be installed in the current account only.
Step 5: Generate App Credentials¶
After the app is created:
- On the GitHub App settings page, copy the
App ID. - Copy the
Client ID. - Generate a
Client secretand copy it immediately. - Under
Private keys, clickGenerate a private key. - Download the
.pemprivate key and store it securely.
GitHub downloads the private key once; keep the PEM file secure and do not commit it to source control.
Step 6: Install The GitHub App¶
Install the app on the repositories CloudAEye should review:
- In the GitHub App settings page, click
Install App. - Click
Installnext to the organization or account. - Select
All repositories. - Click
Install.
After installation, record the installation ID. You can usually find it in the browser URL while viewing the installation, for example:
https://github.com/organizations/<org>/settings/installations/<installation-id>
Step 7: Add GitHub App Values To Terraform¶
Add the collected values to terraform.tfvars:
| Terraform value | Source |
|---|---|
github_app_id |
GitHub App settings page |
github_client_id |
GitHub App settings page |
github_client_secret |
Generated client secret |
github_installation_id |
GitHub App installation URL |
github_private_key |
Downloaded PEM private key value |
github_webhook_secret |
Webhook secret you generated |
github_app_key |
App slug or key required by the Terraform bundle |