GitHub
Set up the GitHub App for authentication and repository access.
Overview
The Reviewate dashboard uses a GitHub App for both user authentication (OAuth) and repository access (installation tokens). You'll create one GitHub App that handles both.
Create a GitHub App
GitHub Apps can be created for a personal account or an organization:
- Personal: github.com/settings/apps
- Organization:
github.com/organizations/{your-org}/settings/apps
Click New GitHub App.
App Settings
| Setting | Value |
|---|---|
| App name | reviewate (or your preferred name) |
| Homepage URL | https://your-domain.com |
| Callback URL | https://your-domain.com/api/auth/callback/github |
| Webhook URL | https://your-domain.com/webhooks/github/pr |
| Webhook secret | Generate a random string |
Required Permissions
| Permission | Access | Purpose |
|---|---|---|
| Administration | Read | Access repository settings |
| Contents | Read | Read repository code for review |
| Emails | Read | Access user email for notifications |
| Issues | Read & Write | Read linked issues, post comments |
| Members | Read | List organization members |
| Metadata | Read | Basic repository information |
| Pull requests | Read & Write | Read PRs and post review comments |
Subscribe to Events
Check the following events:
- Issue comment
- Member
- Pull request
- Pull request review
- Pull request review comment
- Pull request review thread
- Push
- Repository
Generate Private Key
After creating the app:
- Scroll to Private keys and click Generate a private key
- Download the
.pemfile - Place it in your deployment (e.g.,
./certs/github-app-private-key.pem)
Configure Environment Variables
Add to your .env:
GITHUB_CLIENT_ID=<from app settings>
GITHUB_CLIENT_SECRET=<from app settings>
GITHUB_APP_ID=<from app settings>
GITHUB_APP_NAME=<your app name>
GITHUB_WEBHOOK_SECRET=<your webhook secret>
GITHUB_APP_PRIVATE_KEY_PATH=./certs/github-app-private-key.pem
GitHub Enterprise
For GitHub Enterprise Server, also set:
GITHUB_API_URL=https://github.yourcompany.com/api/v3
GITHUB_AUTHORIZE_URL=https://github.yourcompany.com/login/oauth/authorize
GITHUB_TOKEN_URL=https://github.yourcompany.com/login/oauth/access_token
Install the App
After creating the GitHub App, install it on repositories from the Reviewate dashboard:
- Go to the Reviewate dashboard and navigate to your organization settings
- Click Install GitHub App — this redirects you to GitHub's authorization page
- Select the repositories you want Reviewate to access
- Confirm the installation
Reviewate will automatically receive webhook events for pull requests on installed repositories.