You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: Readme.md
+14-2Lines changed: 14 additions & 2 deletions
Original file line number
Diff line number
Diff line change
@@ -1,6 +1,6 @@
1
1
# Sample GitHub App
2
2
3
-
Minimal example of a GitHub App using [octokit.js](https://github.com/octokit/octokit.js).
3
+
Example of an integration via GitHub App using [octokit.js](https://github.com/octokit/octokit.js).
4
4
5
5
## Requirements
6
6
@@ -9,7 +9,8 @@ Minimal example of a GitHub App using [octokit.js](https://github.com/octokit/oc
9
9
- Pull requests: Read & write
10
10
- Metadata: Read-only
11
11
- (For local development) A tunnel to expose your local server to the internet (e.g. [smee](https://smee.io/), [ngrok](https://ngrok.com/) or [cloudflared](https://developers.cloudflare.com/cloudflare-one/connections/connect-apps/install-and-setup/tunnel-guide/local/))
12
-
12
+
- Your GitHub App Webhook must be configured to receive events at a URL that is accessible from the internet.
13
+
13
14
## Setup
14
15
15
16
1. Clone this repository.
@@ -29,3 +30,14 @@ the corresponding Webhook [payload](https://docs.github.com/webhooks-and-events/
29
30
The server in this example listens for `pull_request.opened` events and acts on
30
31
them by creating a comment on the pull request, with the message in `message.md`,
31
32
using the [octokit.js rest methods](https://github.com/octokit/octokit.js#octokitrest-endpoint-methods).
33
+
34
+
## Security considerations
35
+
36
+
To keep things simple, this example reads the `GITHUB_APP_PRIVATE_KEY` from the
37
+
environment. A more secure and recommended approach is to use a secrets management system
38
+
like [Vault](https://www.vaultproject.io/use-cases/key-management), or one offered
0 commit comments