Setting Up a GitHub App
If GitHub is your VCS provider, you must create a GitHub App and install it on the repositories that Garden Cloud should have access to. The app will be used to authenticate users, import projects, run workflows on GitHub events (e.g. when a pull request is opened), and more.
Note that you must create a GitHub App, not an Oauth App.
The relevant GitHub App properties (e.g. App ID and private key) will be provided to Garden Cloud. See below for more.
Please refer to the official GitHub documentation for up to date instructions on creating a GitHub App. Once you're at the "Create GitHub App" page, fill in the appropriate values as described below.
GitHub App name
You can choose your own app name and description.
Homepage URL
You can choose which URL you set here but we recommend using the main URL for Garden Enterprise. For Garden Cloud, you will receive your main URL from the Garden Team.
Callback URL
The main URL for Garden Enterprise along with the path /github/callback. For Garden Cloud, you will receive your main URL from the Garden Team.
For example:
https://<main-url>/github/callback
Expire user authorization tokens
Unselect.
Request user authorization (OAuth) during installation
Select.
Skip.
Active
Select.
Webhook URL
The main URL for Garden Enterprise along with the path /api/webhooks. For Garden Cloud, you will receive your main URL from the Garden Team.
For example:
https://<main-url>/api/webhooks
Webhook secret
The webhook secret is required for Garden Cloud, even though it's marked as optional by GitHub. The value you provide here will also be used during the installation of Garden Cloud. Note that you can always look it up from the GitHub App page later.
SSL verification
Select "Enable SSL verification".
Permission | Access |
Checks | Read & write |
Content | Read-only |
Issues | Read-only |
Metadata | Read-only |
Pull requests | Read & write |
Webhooks | Read & write |
Permission | Access |
Members | Read-only |
Permission | Access |
Email Addresses | Read-only |
The GitHub App should subscribe to the following events:
Check Run
Check Suite
Issue Comment
Pull Request
Push
We recommend that you only install the GitHub App on the repositories that Garden Cloud should have access to, as opposed to the entire organization. This is because Garden Cloud will receive events from all the repositories the GitHub App is installed on which may result in unnecessary traffic. Furthermore, it's good practice to only grant the minimum levels of access required.
The GitHub App must be installed on all the repositories that Garden Cloud should have access to. This includes repositories that are referenced as remote sources in your Garden projects. Please follow the official instructions for installing the app.
Note that the access token only works for clones over HTTPS. If your workflow runs require remote sources to be cloned over SSH, you will still need to configure git specifically for that.
You'll need to have the following values from your GitHub App at hand when installing Garden Cloud:
App ID and Client ID (see top of the app page)
A generated Client secret (see top of the app page)
The user generated webhook secret
A generated Private key (see bottom of app page)
