{"id":34717945,"url":"https://github.com/cruxstack/github-app-setup-go","last_synced_at":"2026-01-13T20:02:25.553Z","repository":{"id":328863456,"uuid":"1117092769","full_name":"cruxstack/github-app-setup-go","owner":"cruxstack","description":"Library to provide a simple setup wizard that allow users to register and install your GitHub App","archived":false,"fork":false,"pushed_at":"2025-12-24T23:32:21.000Z","size":92,"stargazers_count":1,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2025-12-26T12:42:04.197Z","etag":null,"topics":["agnostic","aws","github","github-app","go","golang","ssm","ssm-parameter-store","wizard"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/cruxstack.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2025-12-15T20:26:48.000Z","updated_at":"2025-12-24T23:32:17.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/cruxstack/github-app-setup-go","commit_stats":null,"previous_names":["cruxstack/github-app-setup-go"],"tags_count":5,"template":false,"template_full_name":null,"purl":"pkg:github/cruxstack/github-app-setup-go","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cruxstack%2Fgithub-app-setup-go","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cruxstack%2Fgithub-app-setup-go/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cruxstack%2Fgithub-app-setup-go/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cruxstack%2Fgithub-app-setup-go/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/cruxstack","download_url":"https://codeload.github.com/cruxstack/github-app-setup-go/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cruxstack%2Fgithub-app-setup-go/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28398971,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-13T14:36:09.778Z","status":"ssl_error","status_checked_at":"2026-01-13T14:35:19.697Z","response_time":56,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["agnostic","aws","github","github-app","go","golang","ssm","ssm-parameter-store","wizard"],"created_at":"2025-12-25T01:17:14.378Z","updated_at":"2026-01-13T20:02:25.547Z","avatar_url":"https://github.com/cruxstack.png","language":"Go","readme":"# github-app-setup-go\n\nA Go library for creating and managing GitHub Apps using the\n[GitHub App Manifest flow](https://docs.github.com/en/apps/sharing-github-apps/registering-a-github-app-from-a-manifest).\nProvides a web-based installer, multiple credential storage backends, and\nutilities for configuration management in containerized environments.\n\n## Features\n\n- **Unified runtime** - Single API for both HTTP servers and Lambda functions\n- **Web-based installer** - User-friendly UI for creating GitHub Apps with\n pre-configured permissions\n- **Multiple storage backends** - AWS SSM Parameter Store, `.env` files, or\n individual files\n- **Hot reload support** - Reload configuration via SIGHUP or installer callback\n- **SSM ARN resolution** - Resolve AWS SSM Parameter Store ARNs in environment\n variables (useful for Lambda)\n- **Ready gate** - HTTP middleware that returns 503 until configuration is\n loaded\n\n## Installation\n\n```bash\ngo get github.com/cruxstack/github-app-setup-go\n```\n\n## Packages\n\n| Package | Description |\n|---------------|-----------------------------------------------------------|\n| `ghappsetup` | **Unified runtime** for HTTP servers and Lambda functions |\n| `installer` | HTTP handler implementing the GitHub App Manifest flow |\n| `configstore` | Storage backends for GitHub App credentials |\n| `configwait` | Startup wait logic and ready gate middleware |\n| `ssmresolver` | Resolves SSM Parameter Store ARNs in environment vars |\n\n## Quick Start\n\nThe `ghappsetup.Runtime` provides unified lifecycle management for both HTTP\nservers and Lambda functions:\n\n```go\npackage main\n\nimport (\n \"context\"\n \"fmt\"\n \"log\"\n \"net/http\"\n \"os\"\n\n \"github.com/cruxstack/github-app-setup-go/ghappsetup\"\n \"github.com/cruxstack/github-app-setup-go/installer\"\n)\n\nfunc main() {\n ctx := context.Background()\n\n // Create runtime with unified lifecycle management\n runtime, err := ghappsetup.NewRuntime(ghappsetup.Config{\n LoadFunc: loadConfig,\n AllowedPaths: []string{\"/healthz\", \"/setup\", \"/callback\", \"/\"},\n })\n if err != nil {\n log.Fatal(err)\n }\n\n // Set up routes\n mux := http.NewServeMux()\n mux.HandleFunc(\"/healthz\", runtime.HealthHandler())\n mux.HandleFunc(\"/webhook\", webhookHandler)\n\n // Create installer using convenience method (auto-wires Store and reload callback)\n installerHandler, err := runtime.InstallerHandler(installer.Config{\n Manifest: installer.Manifest{\n URL: \"https://example.com\",\n Public: false,\n DefaultPerms: map[string]string{\n \"contents\": \"read\",\n \"pull_requests\": \"write\",\n },\n DefaultEvents: []string{\"pull_request\", \"push\"},\n },\n AppDisplayName: \"My GitHub App\",\n })\n if err != nil {\n log.Fatal(err)\n }\n\n mux.Handle(\"/setup\", installerHandler)\n mux.Handle(\"/callback\", installerHandler)\n\n // Start HTTP server with ReadyGate middleware\n srv := \u0026http.Server{\n Addr: \":8080\",\n Handler: runtime.Handler(mux),\n }\n go srv.ListenAndServe()\n\n // Block until config loads, then listen for SIGHUP reloads\n if err := runtime.Start(ctx); err != nil {\n log.Fatal(err)\n }\n log.Println(\"Configuration loaded, service is ready\")\n runtime.ListenForReloads(ctx)\n}\n\nfunc loadConfig(ctx context.Context) error {\n // Validate required environment variables are present\n if os.Getenv(\"GITHUB_APP_ID\") == \"\" {\n return fmt.Errorf(\"GITHUB_APP_ID not set\")\n }\n return nil\n}\n\nfunc webhookHandler(w http.ResponseWriter, r *http.Request) {\n // Handle GitHub webhooks\n w.WriteHeader(http.StatusOK)\n}\n```\n\n## Configuration\n\n### Environment Variables\n\n#### Installer\n\n| Variable | Description | Default |\n|--------------------------------|---------------------------------------------|----------------------|\n| `GITHUB_URL` | GitHub base URL (for GHE Server) | `https://github.com` |\n| `GITHUB_ORG` | Organization (empty = personal account) | - |\n| `GITHUB_APP_INSTALLER_ENABLED` | Enable the installer UI (`true`, `1`, `yes`)| - |\n\n#### Storage\n\n| Variable | Description | Default |\n|---------------------------|----------------------------------------------|-------------|\n| `STORAGE_MODE` | Backend: `envfile`, `files`, or `aws-ssm` | `envfile` |\n| `STORAGE_DIR` | Directory/path for local storage backends | `./.env` |\n| `AWS_SSM_PARAMETER_PREFIX`| SSM parameter path prefix (for `aws-ssm`) | - |\n| `AWS_SSM_KMS_KEY_ID` | Custom KMS key for SSM encryption | AWS managed |\n| `AWS_SSM_TAGS` | JSON object of tags for SSM parameters | - |\n\n#### Config Wait\n\n| Variable | Description | Default |\n|-----------------------------|--------------------------------------|---------|\n| `CONFIG_WAIT_MAX_RETRIES` | Maximum retry attempts | `30` |\n| `CONFIG_WAIT_RETRY_INTERVAL`| Duration between retries (e.g., `2s`)| `2s` |\n\n## Storage Backends\n\n### AWS SSM Parameter Store\n\nStores credentials as encrypted SecureString parameters:\n\n```go\nstore, err := configstore.NewAWSSSMStore(\"/my-app/prod/\",\n configstore.WithKMSKey(\"alias/my-key\"),\n configstore.WithTags(map[string]string{\n \"Environment\": \"production\",\n }),\n)\n```\n\nParameters are stored at paths like `/my-app/prod/GITHUB_APP_ID`,\n`/my-app/prod/GITHUB_APP_PRIVATE_KEY`, etc.\n\n### Local .env File\n\nSaves credentials to a `.env` file, preserving existing content:\n\n```go\nstore := configstore.NewLocalEnvFileStore(\"./.env\")\n```\n\n### Local Files\n\nSaves each credential as a separate file:\n\n```go\nstore := configstore.NewLocalFileStore(\"./secrets/\")\n// Creates: ./secrets/app-id, ./secrets/private-key.pem, etc.\n```\n\n## Hot Reload\n\nThe Runtime supports hot-reloading configuration via SIGHUP signals. When the\ninstaller saves new credentials, it automatically triggers a reload via the\ncallback:\n\n```go\n// ListenForReloads handles both SIGHUP signals and installer callbacks\nruntime.ListenForReloads(ctx)\n```\n\nFor manual reload triggering:\n\n```go\n// Trigger a reload programmatically\nruntime.Reload()\n```\n\n## Lambda Usage\n\nFor AWS Lambda functions, use `EnsureLoaded()` for lazy initialization:\n\n```go\nvar runtime *ghappsetup.Runtime\n\nfunc init() {\n runtime, _ = ghappsetup.NewRuntime(ghappsetup.Config{\n LoadFunc: func(ctx context.Context) error {\n // Resolve SSM parameters passed as ARNs\n if err := ssmresolver.ResolveEnvironmentWithDefaults(ctx); err != nil {\n return err\n }\n return validateConfig()\n },\n })\n}\n\nfunc handler(ctx context.Context, req events.APIGatewayV2HTTPRequest) (Response, error) {\n // Lazy-load config with retries (idempotent after first success)\n if err := runtime.EnsureLoaded(ctx); err != nil {\n return Response{StatusCode: 503, Body: \"Service unavailable\"}, nil\n }\n return handleRequest(ctx, req)\n}\n```\n\nThe Runtime auto-detects Lambda environments and adjusts retry settings:\n- **HTTP**: 30 retries, 2-second intervals (suitable for startup)\n- **Lambda**: 5 retries, 1-second intervals (suitable for cold starts)\n\n## SSM ARN Resolution\n\nFor Lambda deployments where secrets are passed as SSM ARNs:\n\n```go\n// Resolve all environment variables that contain SSM ARNs\nerr := ssmresolver.ResolveEnvironmentWithRetry(ctx, ssmresolver.NewRetryConfigFromEnv())\n\n// Or resolve a single value\nresolver, _ := ssmresolver.New(ctx)\nvalue, err := resolver.ResolveValue(ctx, os.Getenv(\"MY_SECRET\"))\n```\n\n## Stored Credentials\n\nAfter a GitHub App is created, the following credentials are stored:\n\n| Key | Description |\n|---------------------------|---------------------------------------|\n| `GITHUB_APP_ID` | The numeric App ID |\n| `GITHUB_APP_SLUG` | The app's URL slug |\n| `GITHUB_APP_HTML_URL` | URL to the app's GitHub settings page |\n| `GITHUB_WEBHOOK_SECRET` | Webhook signature secret |\n| `GITHUB_CLIENT_ID` | OAuth client ID |\n| `GITHUB_CLIENT_SECRET` | OAuth client secret |\n| `GITHUB_APP_PRIVATE_KEY` | Private key (PEM format) |\n\n## License\n\nMIT License - Copyright 2025 CruxStack\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcruxstack%2Fgithub-app-setup-go","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcruxstack%2Fgithub-app-setup-go","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcruxstack%2Fgithub-app-setup-go/lists"}