https://github.com/github/github-app-js-sample

Sample of a GitHub App that comments new pull requests
https://github.com/github/github-app-js-sample

Last synced: 10 months ago
JSON representation

Sample of a GitHub App that comments new pull requests

• Host: GitHub
• URL: https://github.com/github/github-app-js-sample
• Owner: github
• License: mit
• Created: 2023-03-28T15:49:16.000Z (almost 3 years ago)
• Default Branch: main
• Last Pushed: 2025-02-20T18:32:02.000Z (about 1 year ago)
• Last Synced: 2025-04-12T08:37:37.846Z (11 months ago)
• Language: JavaScript
• Size: 140 KB
• Stars: 134
• Watchers: 11
• Forks: 190
• Open Issues: 4
• Metadata Files:
  • Readme: README.md
  • Contributing: CONTRIBUTING.md
  • License: LICENSE
  • Code of conduct: CODE_OF_CONDUCT.md
  • Codeowners: CODEOWNERS
  • Security: SECURITY.md
  • Support: SUPPORT.md

Awesome Lists containing this project

README

          
# Sample GitHub App

This sample app showcases how webhooks can be used with a GitHub App's installation token to create a bot that responds to issues. Code uses [octokit.js](https://github.com/octokit/octokit.js).

## Requirements

- Node.js 20 or higher

- A GitHub App subscribed to **Pull Request** events and with the following permissions:

  - Pull requests: Read & write

  - Metadata: Read-only

- (For local development) A tunnel to expose your local server to the internet (e.g. [smee](https://smee.io/), [ngrok](https://ngrok.com/) or [cloudflared](https://developers.cloudflare.com/cloudflare-one/connections/connect-apps/install-and-setup/tunnel-guide/local/))

- Your GitHub App Webhook must be configured to receive events at a URL that is accessible from the internet.

## Setup

1. Clone this repository.

2. Create a `.env` file similar to `.env.example` and set actual values. If you are using GitHub Enterprise Server, also include a `ENTERPRISE_HOSTNAME` variable and set the value to the name of your GitHub Enterprise Server instance.

3. Install dependencies with `npm install`.

4. Start the server with `npm run server`.

5. Ensure your server is reachable from the internet.

    - If you're using `smee`, run `smee -u  -t http://localhost:3000/api/webhook`.

6. Ensure your GitHub App includes at least one repository on its installations.

## Usage

With your server running, you can now create a pull request on any repository that

your app can access. GitHub will emit a `pull_request.opened` event and will deliver

the corresponding Webhook [payload](https://docs.github.com/webhooks-and-events/webhooks/webhook-events-and-payloads#pull_request) to your server.

The server in this example listens for `pull_request.opened` events and acts on

them by creating a comment on the pull request, with the message in `message.md`,

using the [octokit.js rest methods](https://github.com/octokit/octokit.js#octokitrest-endpoint-methods).

## Security considerations

To keep things simple, this example reads the `GITHUB_APP_PRIVATE_KEY` from the

environment. A more secure and recommended approach is to use a secrets management system

like [Vault](https://www.vaultproject.io/use-cases/key-management), or one offered

by major cloud providers:

[Azure Key Vault](https://learn.microsoft.com/en-us/azure/key-vault/secrets/quick-create-node?tabs=windows),

[AWS Secrets Manager](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/clients/client-secrets-manager/),

[Google Secret Manager](https://cloud.google.com/nodejs/docs/reference/secret-manager/latest),

etc.