{"id":35174194,"url":"https://github.com/skygenesisenterprise/github-enterprise","last_synced_at":"2026-04-15T14:05:24.347Z","repository":{"id":329560295,"uuid":"1084032615","full_name":"skygenesisenterprise/github-enterprise","owner":"skygenesisenterprise","description":"The Official Github App for Sky Genesis Enterprise Git Integration","archived":false,"fork":false,"pushed_at":"2025-12-22T02:24:39.000Z","size":79,"stargazers_count":0,"open_issues_count":5,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2025-12-22T15:48:05.083Z","etag":null,"topics":["api-service","docker","github-actions","github-app","github-deployment","javascript","typescript"],"latest_commit_sha":null,"homepage":"https://skygenesisenterprise.com","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/skygenesisenterprise.png","metadata":{"files":{"readme":"README.md","changelog":"changelog.md","contributing":".github/CONTRIBUTING.md","funding":".github/FUNDING.yml","license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":".github/CODEOWNERS","security":"SECURITY.md","support":".github/SUPPORT.md","governance":"Governance.md","roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":"AGENTS.md","dco":null,"cla":null},"funding":{"patreon":null,"open_collective":"skygenesisenterprise","ko_fi":null,"tidelift":null,"community_bridge":null,"liberapay":null,"issuehunt":null,"otechie":null,"lfx_crowdfunding":null,"custom":null}},"created_at":"2025-10-27T05:54:49.000Z","updated_at":"2025-12-20T11:45:54.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/skygenesisenterprise/github-enterprise","commit_stats":null,"previous_names":["skygenesisenterprise/github-enterprise"],"tags_count":1,"template":false,"template_full_name":null,"purl":"pkg:github/skygenesisenterprise/github-enterprise","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/skygenesisenterprise%2Fgithub-enterprise","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/skygenesisenterprise%2Fgithub-enterprise/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/skygenesisenterprise%2Fgithub-enterprise/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/skygenesisenterprise%2Fgithub-enterprise/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/skygenesisenterprise","download_url":"https://codeload.github.com/skygenesisenterprise/github-enterprise/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/skygenesisenterprise%2Fgithub-enterprise/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28104852,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-12-28T02:00:05.685Z","response_time":62,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["api-service","docker","github-actions","github-app","github-deployment","javascript","typescript"],"created_at":"2025-12-28T21:50:49.326Z","updated_at":"2025-12-28T21:50:54.232Z","avatar_url":"https://github.com/skygenesisenterprise.png","language":"Go","readme":"\u003cdiv align=\"center\"\u003e\n\n# 🚀 Enterprise Github App\n\n[![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT)\n[![Go](https://img.shields.io/badge/Go-1.23+-blue.svg)](https://golang.org/)\n[![Docker](https://img.shields.io/badge/Docker-Ready-blue.svg)](https://www.docker.com/)\n[![GitHub App](https://img.shields.io/badge/GitHub%20App-Enterprise-success.svg)](https://docs.github.com/en/developers/apps)\n\n**Enterprise DevOps Control Plane - Governed Releases, Deployment Authorization \u0026 CI/CD Orchestration**\n\n[🚀 Quick Start](#-quick-start) • [📋 Features](#-features) • [🛠️ Tech Stack](#️-tech-stack) • [📁 Architecture](#-architecture) • [🔧 Installation](#-installation)\n\n\u003c/div\u003e\n\n---\n\n## 🌟 What is Enterprise Github App?\n\nEnterprise Github App is the core GitHub App that serves as the control plane for enterprise DevOps operations. A separate GitHub Action acts as a thin client calling this App's API, providing seamless integration with existing workflows.\n\n### 🎯 Our Vision\n\n- **Enterprise-Ready Security** - GitHub App authentication with JWT and installation tokens\n- **Governance First** - Release validation and deployment authorization built-in\n- **Audit Trail** - Complete logging and compliance for all operations\n- **Developer-Friendly** - Clean API design with comprehensive documentation\n- **Scalable Architecture** - Built for enterprise-scale deployments\n- **Security by Design** - Webhook signature verification and least-privilege access\n\n---\n\n## 📋 Features\n\n### ✅ **V1 Foundation Features**\n\n- **GitHub App Authentication** - JWT generation and installation token handling\n- **Public HTTP API** - Health endpoint, release validation, deployment authorization\n- **GitHub Webhook Handling** - Installation events, ping event, signature verification\n- **Audit Logging** - Store basic events (release check, deployment check)\n- **Configuration Management** - Environment-based configuration with no hardcoded secrets\n- **Database Integration** - PostgreSQL with proper migrations and schema\n- **Containerized Deployment** - Docker and docker-compose ready\n\n### 🔄 **Security Features**\n\n- **Webhook Signature Verification** - SHA-256 HMAC verification for all webhooks\n- **JWT Authentication** - GitHub App JWT with proper expiration handling\n- **Installation Access Tokens** - Per-installation token management\n- **Least Privilege Design** - Minimal required permissions and scopes\n- **Secure Configuration** - Environment-based secrets management\n- **PostgreSQL Integration** - Secure database with connection pooling\n\n---\n\n## 🛠️ Tech Stack\n\n### 🏗️ **Backend Foundation**\n\n```\nGo 1.23+ with Clean Architecture\n├── 🌐 Gin HTTP Framework (High Performance Router)\n├── 🗄️ PostgreSQL (Enterprise Database)\n├── 🔐 JWT Authentication (GitHub App Integration)\n├── 🔒 Webhook Signature Verification (Security)\n├── 📊 Audit Logging (Compliance)\n├── 🐳 Docker Support (Containerization)\n└── 📝 Environment Configuration (12-Factor App)\n```\n\n### 🏛️ **Architecture Components**\n\n```\nPlatform Layer (HTTP Server)\n├── GitHub Client (Authentication \u0026 API)\n├── API Handlers (Release Validation \u0026 Deployment Auth)\n├── Webhook Handlers (Event Processing)\n├── Audit Service (Event Logging)\n├── Storage Layer (Database Operations)\n└── Configuration (Environment Management)\n```\n\n---\n\n## 📁 Architecture\n\n### 🏗️ **Clean Architecture Structure**\n\n```\ngithub-enterprise/\n├── cmd/server/main.go              # Application Entry Point\n├── app/\n│   ├── platform/                   # HTTP Server \u0026 Routes\n│   │   ├── server.go              # Main HTTP server\n│   │   ├── api.go                 # API handlers\n│   │   └── webhooks.go            # Webhook handlers\n│   ├── github/                     # GitHub Integration\n│   │   └── client.go              # GitHub App client\n│   ├── api/                        # API Layer\n│   │   └── handlers.go            # API request handlers\n│   ├── releases/                   # Release Management\n│   │   └── models.go              # Release data structures\n│   ├── deployments/                # Deployment Management\n│   │   └── models.go              # Deployment data structures\n│   ├── audit/                      # Audit Logging\n│   │   └── service.go             # Audit service\n│   ├── config/                     # Configuration\n│   │   └── config.go              # Environment config\n│   └── storage/                    # Database Layer\n│       ├── database.go             # Database connection\n│       └── migrations/             # Database migrations\n├── docs/                           # Documentation\n├── .github/workflows/              # CI/CD workflows\n├── Dockerfile                      # Container definition\n├── docker-compose.yml              # Development environment\n└── README.md                       # This file\n```\n\n### 🔄 **Data Flow Architecture**\n\n```\nGitHub Webhooks ──► Sky Genesis Enterprise ──► PostgreSQL Database\n       ▲                        │                        │\n       │                        ▼                        ▼\nGitHub Actions ◄─────── HTTP API ◄────── Audit Logs ◄───────\n         (Future Client)          (Release Validation)      (Event Storage)\n```\n\n---\n\n## 🚀 Quick Start\n\n### 📋 Prerequisites\n\n- **Go** 1.23 or higher\n- **PostgreSQL** 14.0 or higher\n- **Docker** and **Docker Compose** (optional, for containerized setup)\n- **GitHub App** configured with required permissions\n\n### 🔧 Installation \u0026 Setup\n\n#### Option 1: Docker Compose (Recommended)\n\n1. **Clone the repository**\n   ```bash\n   git clone https://github.com/skygenesisenterprise/github-enterprise.git\n   cd github-enterprise\n   ```\n\n2. **Configure environment variables**\n   ```bash\n   cp .env.example .env\n   # Edit .env with your GitHub App credentials\n   ```\n\n3. **Start services**\n   ```bash\n   docker-compose up -d\n   ```\n\n4. **Verify installation**\n   ```bash\n   curl http://localhost:8080/api/v1/health\n   ```\n\n#### Option 2: Local Development\n\n1. **Install dependencies**\n   ```bash\n   go mod download\n   ```\n\n2. **Set up PostgreSQL database**\n   ```bash\n   # Create database\n   createdb sky_genesis\n   \n   # Run migrations\n   psql -d sky_genesis -f app/storage/migrations/001_initial_schema.sql\n   ```\n\n3. **Configure environment variables**\n   ```bash\n   export GITHUB_APP_ID=your_app_id\n   export GITHUB_PRIVATE_KEY=\"-----BEGIN RSA PRIVATE KEY-----\\n...\"\n   export GITHUB_WEBHOOK_SECRET=your_webhook_secret\n   export DB_HOST=localhost\n   export DB_PORT=5432\n   export DB_USER=postgres\n   export DB_PASSWORD=your_password\n   export DB_NAME=sky_genesis\n   ```\n\n4. **Run the application**\n   ```bash\n   go run cmd/server/main.go\n   ```\n\n### 🌐 API Endpoints\n\nOnce running, the following endpoints are available:\n\n- **Health Check**: `GET /api/v1/health`\n- **Release Validation**: `POST /api/v1/releases/validate`\n- **Deployment Authorization**: `POST /api/v1/deployments/authorize`\n- **GitHub Webhooks**: `POST /webhook/github`\n\n### 🔧 Environment Configuration\n\n| Variable | Required | Description | Default |\n|----------|----------|-------------|---------|\n| `PORT` | No | HTTP server port | `8080` |\n| `GITHUB_APP_ID` | Yes | GitHub App ID | - |\n| `GITHUB_PRIVATE_KEY` | Yes | GitHub App private key (PEM format) | - |\n| `GITHUB_WEBHOOK_SECRET` | Yes | GitHub webhook secret | - |\n| `GITHUB_BASE_URL` | No | GitHub API base URL | `https://api.github.com` |\n| `DB_HOST` | No | Database host | `localhost` |\n| `DB_PORT` | No | Database port | `5432` |\n| `DB_USER` | No | Database user | `postgres` |\n| `DB_PASSWORD` | Yes | Database password | - |\n| `DB_NAME` | No | Database name | `sky_genesis` |\n| `DB_SSLMODE` | No | Database SSL mode | `disable` |\n\n---\n\n## 🔧 GitHub App Configuration\n\n### 📋 Required Permissions\n\nConfigure your GitHub App with these permissions for V1 functionality:\n\n#### **Repository Permissions**\n- **Read access to:**\n  - `Metadata` - Read repository metadata\n  - `Contents` - Read repository contents\n  - `Issues` - Read issues (for audit context)\n  - `Pull requests` - Read pull requests\n\n#### **Organization Permissions**\n- **Read access to:**\n  - `Members` - Read organization members\n  - `Administration` - Read organization settings\n\n#### **Webhook Events**\n- `Installation` - Installation/uninstallation events\n- `Installation repositories` - Repository added/removed from installation\n- `Ping` - GitHub ping events\n- `Release` - Release events (for future V2 features)\n- `Deployment` - Deployment events (for future V2 features)\n\n### 🔧 Webhook Configuration\n\n- **Webhook URL**: `https://your-domain.com/webhook/github`\n- **Content type**: `application/json`\n- **Secret**: Use a strong, randomly generated secret\n- **SSL verification**: Enabled (recommended for production)\n\n---\n\n## 🔒 Security\n\n### 🛡️ **Security Features**\n\n- **Webhook Signature Verification** - All webhooks verified using SHA-256 HMAC\n- **JWT Authentication** - GitHub App JWT with 10-minute expiration\n- **Installation Token Management** - Secure token handling with proper expiration\n- **Environment-Based Configuration** - No hardcoded secrets or credentials\n- **Least Privilege Access** - Minimal required permissions and scopes\n- **Secure Database Connections** - SSL/TLS support with connection pooling\n\n### 🔐 **Security Best Practices**\n\n1. **Environment Variables** - All secrets managed via environment variables\n2. **Token Rotation** - JWT tokens expire in 10 minutes, installation tokens in 1 hour\n3. **Input Validation** - All API inputs validated and sanitized\n4. **Error Handling** - Sensitive information never leaked in error messages\n5. **Audit Logging** - All security events logged for compliance\n6. **CORS Configuration** - Proper cross-origin resource sharing settings\n\n---\n\n## 📊 API Documentation\n\n### 🔍 **Health Check**\n\n```http\nGET /api/v1/health\n```\n\n**Response:**\n```json\n{\n  \"status\": \"ok\",\n  \"timestamp\": \"2025-01-15T10:30:00Z\",\n  \"service\": \"skygenesisenterprise\"\n}\n```\n\n### ✅ **Release Validation**\n\n```http\nPOST /api/v1/releases/validate\nContent-Type: application/json\n\n{\n  \"repository_id\": 123456789,\n  \"repository_name\": \"my-repo\",\n  \"owner_login\": \"my-org\",\n  \"tag_name\": \"v1.0.0\",\n  \"target_commitish\": \"main\",\n  \"installation_id\": 987654321\n}\n```\n\n**Response:**\n```json\n{\n  \"release_id\": \"uuid-string\",\n  \"validation_status\": \"approved\",\n  \"validation_message\": \"Release validated successfully\"\n}\n```\n\n### 🚀 **Deployment Authorization**\n\n```http\nPOST /api/v1/deployments/authorize\nContent-Type: application/json\n\n{\n  \"repository_id\": 123456789,\n  \"repository_name\": \"my-repo\",\n  \"owner_login\": \"my-org\",\n  \"ref\": \"main\",\n  \"sha\": \"abc123def456\",\n  \"environment\": \"production\",\n  \"installation_id\": 987654321\n}\n```\n\n**Response:**\n```json\n{\n  \"deployment_id\": \"uuid-string\",\n  \"authorization_status\": \"approved\",\n  \"authorization_message\": \"Deployment authorized successfully\"\n}\n```\n\n---\n\n## 🗺️ Development Roadmap\n\n### 🎯 **Phase 1: Foundation (✅ Complete - Q1 2025)**\n\n- ✅ **GitHub App Authentication** - JWT and installation token handling\n- ✅ **HTTP API Server** - Core endpoints with Gin framework\n- ✅ **Webhook Processing** - Signature verification and event handling\n- ✅ **Database Integration** - PostgreSQL with migrations\n- ✅ **Audit Logging** - Basic event storage and retrieval\n- ✅ **Containerization** - Docker and docker-compose support\n\n### 🚀 **Phase 2: Enhanced Features (🔄 In Progress - Q2 2025)**\n\n- 🔄 **Advanced Validation Rules** - Custom release validation policies\n- 🔄 **Deployment Approval Workflows** - Multi-level authorization\n- 🔄 **Enhanced Audit System** - Detailed event correlation and reporting\n- 📋 **Admin Dashboard** - Web-based configuration interface\n- 📋 **Metrics \u0026 Monitoring** - Prometheus integration and health checks\n\n### 🌟 **Phase 3: Enterprise Features (Q3-Q4 2025)**\n\n- 📋 **Multi-Environment Support** - Staging, production, custom environments\n- 📋 **Policy Engine** - Advanced governance rules engine\n- 📋 **Integration Marketplace** - Third-party tool integrations\n- 📋 **Advanced Security** - SAML/OIDC integration, RBAC\n- 📋 **Analytics \u0026 Reporting** - Comprehensive DevOps insights\n\n---\n\n## 🤝 Contributing\n\nWe welcome contributions to Sky Genesis Enterprise! Whether you're experienced with Go, GitHub Apps, or enterprise DevOps, there's a place for you.\n\n### 🎯 **How to Get Started**\n\n1. **Fork the repository** and create a feature branch\n2. **Check the issues** for tasks that need help\n3. **Review the architecture** and code patterns\n4. **Start small** - Documentation, tests, or minor features\n5. **Follow our coding standards** and commit guidelines\n\n### 🏗️ **Areas Needing Help**\n\n- **Backend Development** - Go services, API endpoints, business logic\n- **Security Experts** - Authentication, authorization, vulnerability assessment\n- **DevOps Engineers** - Deployment, monitoring, CI/CD optimization\n- **Database Specialists** - Schema design, query optimization, migrations\n- **Documentation** - API docs, user guides, technical writing\n- **Testing** - Unit tests, integration tests, security testing\n\n### 📝 **Development Guidelines**\n\n- **Clean Architecture** - Follow established patterns and separation of concerns\n- **Idiomatic Go** - Use standard Go conventions and best practices\n- **Security First** - All code reviewed for security implications\n- **Comprehensive Testing** - Unit tests for all business logic\n- **Documentation** - Clear, concise documentation for all APIs\n\n---\n\n## 📞 Support \u0026 Community\n\n### 💬 **Get Help**\n\n- 📖 **[Documentation](./docs/)** - Comprehensive guides and API documentation\n- 🐛 **[GitHub Issues](https://github.com/skygenesisenterprise/github-enterprise/issues)** - Bug reports and feature requests\n- 💡 **[GitHub Discussions](https://github.com/skygenesisenterprise/github-enterprise/discussions)** - General questions and ideas\n- 📧 **Email** - [support@skygenesisenterprise.com](mailto:support@skygenesisenterprise.com)\n\n### 🐛 **Reporting Issues**\n\nWhen reporting bugs, please include:\n\n- Clear description of the problem\n- Steps to reproduce the issue\n- Environment information (Go version, PostgreSQL version, etc.)\n- Error logs or screenshots\n- Expected vs actual behavior\n\n---\n\n## 📄 License\n\nThis project is licensed under the **MIT License** - see the [LICENSE](./LICENSE) file for details.\n\n```\nMIT License\n\nCopyright (c) 2025 Sky Genesis Enterprise\n\nPermission is hereby granted, free of charge, to any person obtaining a copy\nof this software and associated documentation files (the \"Software\"), to deal\nin the Software without restriction, including without limitation the rights\nto use, copy, modify, merge, publish, distribute, sublicense, and/or sell\ncopies of the Software, and to permit persons to whom the Software is\nfurnished to do so, subject to the following conditions:\n\nThe above copyright notice and this permission notice shall be included in all\ncopies or substantial portions of the Software.\n```\n\n---\n\n## 🙏 Acknowledgments\n\n- **Sky Genesis Enterprise** - Project leadership and development\n- **Go Team** - Excellent programming language and ecosystem\n- **Gin Framework** - High-performance HTTP web framework\n- **GitHub** - Platform and excellent developer tools\n- **PostgreSQL** - Powerful, reliable database system\n- **Docker** - Container platform simplifying deployment\n- **Open Source Community** - Tools, libraries, and inspiration\n\n---\n\n\u003cdiv align=\"center\"\u003e\n\n### 🚀 **Join Us in Building the Future of Enterprise DevOps!**\n\n[⭐ Star This Repo](https://github.com/skygenesisenterprise/github-enterprise) • [🐛 Report Issues](https://github.com/skygenesisenterprise/github-enterprise/issues) • [💡 Start a Discussion](https://github.com/skygenesisenterprise/github-enterprise/discussions)\n\n---\n\n**🔧 V1 Foundation Complete - Ready for Enterprise Deployment!**\n\n**Made with ❤️ by the [Sky Genesis Enterprise](https://skygenesisenterprise.com) team**\n\n*Building enterprise DevOps governance with security-first design and scalable architecture*\n\n\u003c/div\u003e","funding_links":["https://opencollective.com/skygenesisenterprise"],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fskygenesisenterprise%2Fgithub-enterprise","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fskygenesisenterprise%2Fgithub-enterprise","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fskygenesisenterprise%2Fgithub-enterprise/lists"}