Setting Up a GitHub App

If GitHub is your VCS provider, you must create a GitHub App and install it on the repositories that Garden Cloud should have access to. The app will be used to authenticate users, import projects, run workflows on GitHub events (e.g. when a pull request is opened), and more.

Note that you must create a GitHub App, not an Oauth App.

The relevant GitHub App properties (e.g. App ID and private key) will be provided to Garden Cloud. See below for more.

Creating the GitHub App

Please refer to the official GitHub documentation for up to date instructions on creating a GitHub App. Once you're at the "Create GitHub App" page, fill in the appropriate values as described below.

Basic information

GitHub App name

You can choose your own app name and description.

Homepage URL

You can choose which URL you set here but we recommend using the main URL for Garden Enterprise. For Garden Cloud, you will receive your main URL from the Garden Team.

Identifying and authorizing users

Callback URL

The main URL for Garden Enterprise along with the path /github/callback. For Garden Cloud, you will receive your main URL from the Garden Team.

For example:

https://<main-url>/github/callback

Expire user authorization tokens

Unselect.

Request user authorization (OAuth) during installation

Select.

Post Installation

Skip.

Webhook

Active

Select.

Webhook URL

The main URL for Garden Enterprise along with the path /api/webhooks. For Garden Cloud, you will receive your main URL from the Garden Team.

For example:

https://<main-url>/api/webhooks

Webhook secret

The webhook secret is required for Garden Cloud, even though it's marked as optional by GitHub. The value you provide here will also be used during the installation of Garden Cloud. Note that you can always look it up from the GitHub App page later.

SSL verification

Select "Enable SSL verification".

Repository Permissions

Permission

Access

Checks

Read & write

Content

Read-only

Issues

Read-only

Metadata

Read-only

Pull requests

Read & write

Webhooks

Read & write

Organization Permissions

Permission

Access

Members

Read-only

User Permissions

Permission

Access

Email Addresses

Read-only

Event Subscriptions

The GitHub App should subscribe to the following events:

  • Check Run

  • Check Suite

  • Issue Comment

  • Pull Request

  • Push

Installing the GitHub App

We recommend that you only install the GitHub App on the repositories that Garden Cloud should have access to, as opposed to the entire organization. This is because Garden Cloud will receive events from all the repositories the GitHub App is installed on which may result in unnecessary traffic. Furthermore, it's good practice to only grant the minimum levels of access required.

The GitHub App must be installed on all the repositories that Garden Cloud should have access to. This includes repositories that are referenced as remote sources in your Garden projects. Please follow the official instructions for installing the app.

Note that the access token only works for clones over HTTPS. If your workflow runs require remote sources to be cloned over SSH, you will still need to configure git specifically for that.

Required Values for Garden Cloud

You'll need to have the following values from your GitHub App at hand when installing Garden Cloud:

  • App ID and Client ID (see top of the app page)

  • A generated Client secret (see top of the app page)

  • The user generated webhook secret

  • A generated Private key (see bottom of app page)