This page covers on-prem (self-hosted) setup. You create your own GitHub App
so webhook events and API traffic stay inside your infrastructure. For the
hosted SaaS integration, see Setup → GitHub.
Create the GPRA GitHub App
Open organization settings
Navigate to your organization’s app settings:Replace
<org> with your GitHub organization slug.Create a new app
Click New GitHub App and fill in the details below.
| Field | Value |
|---|---|
| GitHub App name | garth-<org> |
| Homepage URL | Garth: The AI Productivity Platform For Engineering Teams |
| Callback URL | https://<dns-host>/api/garth-assist/oauth/github/callback |
| Setup URL | https://<dns-host>/api/github/validation |
| Webhook URL | https://<dns-host>/api/webhook/github |
| Secret | A strong, randomly generated secret |
Set permissions
Under Repository permissions, grant:
Under Organization permissions, grant:
Under Account permissions, grant:
| Permission | Access |
|---|---|
| Actions | Read-only |
| Checks | Read-only |
| Commit statuses | Read-only |
| Contents | Read-only |
| Deployments | Read-only |
| Issues | Read and write |
| Metadata | Read-only |
| Pull requests | Read and write |
| Permission | Access |
|---|---|
| Members | Read-only |
| Permission | Access |
|---|---|
| Email addresses | Read-only |
Subscribe to events
Under Subscribe to events, enable:
- Create (branch or tag created)
- Check run (check run is created, requested, rerequested, or completed)
- Deployment status (deployment status updated from the API)
- Issues
- Member
- Organization
- Issue comment
- Label
- Pull request
- Pull request review
- Pull request review thread
- Push
- Status
- Workflow job
- Workflow run
Generate a private key
On the app’s settings page, scroll to Private keys and click
Generate a private key. GitHub downloads a
.pem file — store it securely.The On Windows (PowerShell):
.pem file content spans multiple lines, but GITHUB_PRIVATE_KEY must be
a single line. Replace every newline in the key with the literal characters
\n before setting the environment variable.On Linux/macOS:Environment variables
After the app is created, record the following values for your on-prem deployment:| Environment variable | Value |
|---|---|
GITHUB_APP_ID | The App ID shown on the app’s settings page |
GITHUB_PRIVATE_KEY | The private key (.pem) generated in step 8, on a single line with newlines replaced by \n |
GITHUB_WEBHOOK_SECRET | The webhook secret you set in step 3 |
GITHUB_CLIENT_ID | The Client ID shown on the app’s General settings page |
GITHUB_CLIENT_SECRET | The client secret generated in step 9 |

