Skip to main content
This page covers on-prem (self-hosted) setup. You create your own GitHub App so webhook events and API traffic stay inside your infrastructure. For the hosted SaaS integration, see Setup → GitHub.
You must have owner-level access to the GitHub organization to create an organization-owned GitHub App and generate its credentials.

Create the GPRA GitHub App

1

Open organization settings

Navigate to your organization’s app settings:
https://github.com/organizations/<org>/settings/apps
Replace <org> with your GitHub organization slug.
2

Open GitHub Apps

Under Developer settings, select GitHub Apps.
3

Create a new app

Click New GitHub App and fill in the details below.
FieldValue
GitHub App namegarth-<org>
Homepage URLGarth: The AI Productivity Platform For Engineering Teams
Callback URLhttps://<dns-host>/api/garth-assist/oauth/github/callback
Setup URLhttps://<dns-host>/api/github/validation
Webhook URLhttps://<dns-host>/api/webhook/github
SecretA strong, randomly generated secret
Replace <dns-host> with the DNS host of your on-prem Garth deployment. Generate the webhook secret with a secure random generator (for example openssl rand -hex 32) and store it in the GITHUB_WEBHOOK_SECRET environment variable.
4

Set permissions

Under Repository permissions, grant:
PermissionAccess
ActionsRead-only
ChecksRead-only
Commit statusesRead-only
ContentsRead-only
DeploymentsRead-only
IssuesRead and write
MetadataRead-only
Pull requestsRead and write
Under Organization permissions, grant:
PermissionAccess
MembersRead-only
Under Account permissions, grant:
PermissionAccess
Email addressesRead-only
5

Subscribe to events

Under Subscribe to events, enable:
  • Create (branch or tag created)
  • Check run (check run is created, requested, rerequested, or completed)
  • Deployment status (deployment status updated from the API)
  • Issues
  • Member
  • Organization
  • Issue comment
  • Label
  • Pull request
  • Pull request review
  • Pull request review thread
  • Push
  • Status
  • Workflow job
  • Workflow run
6

Create the app

Click Create GitHub App to finish creating the app.
7

Generate a private key

On the app’s settings page, scroll to Private keys and click Generate a private key. GitHub downloads a .pem file — store it securely.
The private key is shown/downloaded only once. Keep the .pem file safe; it grants full access to the app.
The .pem file content spans multiple lines, but GITHUB_PRIVATE_KEY must be a single line. Replace every newline in the key with the literal characters \n before setting the environment variable.On Linux/macOS:
awk 'NF {sub(/\r/, ""); printf "%s\\n", $0}' private-key.pem
On Windows (PowerShell):
((Get-Content private-key.pem -Raw) -replace "`r`n", "`n").TrimEnd("`n") -replace "`n", "\n"
8

Generate a client secret

On the app’s General settings page, note the Client ID, then under Client secrets click Generate a new client secret and copy the value.
The client secret is shown only once. Copy and store it securely before leaving the page.

Environment variables

After the app is created, record the following values for your on-prem deployment:
Environment variableValue
GITHUB_APP_IDThe App ID shown on the app’s settings page
GITHUB_PRIVATE_KEYThe private key (.pem) generated in step 8, on a single line with newlines replaced by \n
GITHUB_WEBHOOK_SECRETThe webhook secret you set in step 3
GITHUB_CLIENT_IDThe Client ID shown on the app’s General settings page
GITHUB_CLIENT_SECRETThe client secret generated in step 9