Setting Up a GitHub App

If GitHub is your VCS provider, you must create a GitHub App and install it on the repositories that Garden Enterprise should have access to. The app will be used to authenticate users, import projects, run workflows on GitHub events (e.g. when a pull request is opened), and more.

Note that you must create a GitHub App, not an Oauth App.

The relevant GitHub App properties (e.g. App ID and private key) will be provided to Garden Enterprise during the installation process. See below for more.

Creating the GitHub App

Please refer to the official GitHub documentation for up to date instructions on creating a GitHub App. Once you're at the "Create GitHub App" page, fill in the appropriate values as described below.

Basic information

GitHub App name

You can choose your own app name and description.

Homepage URL

You can choose which URL you set here but we recommend using the main URL for Garden Enterprise.

Identifying and authorizing users

Callback URL

The main URL for Garden Enterprise along with the path /github/callback.

For example:


Expire user authorization tokens


Request user authorization (OAuth) during installation


Post Installation





Webhook URL

The main URL for Garden Enterprise along with the path /api/webhooks.

For example:


Webhook secret

The webhook secret is required for Garden Enterprise, even though it's marked as optional by GitHub. The value you provide here will also be used during the installation of Garden Enterprise. Note that you can always look it up from the GitHub App page later.

SSL verification

Select "Enable SSL verification".

Repository Permissions




Read & write







Pull requests

Read & write


Read & write

Organization Permissions





User Permissions



Email Addresses


Event Subscriptions

The GitHub App should subscribe to the following events:

  • Check Run

  • Check Suite

  • Issue Comment

  • Pull Request

Installing the GitHub App

We recommend that you only install the GitHub App on the repositories that Garden Enterprise should have access to, as opposed to the entire organization. This is because Garden Enterprise will receive events from all the repositories the GitHub App is installed on which may result in unnecessary traffic. Furthermore, it's good practice to only give the minimum levels of access required.

The GitHub App must be installed on all the repositories that Garden Enterprise should have access to. This includes repositories that are referenced as remote sources in your Garden projects. Please follow the official instructions for installing the app.

Note that the access token only works for clones over HTTPS. If your workflow runs require remote sources to be cloned over SSH, you will still need to configure git specifically for that.

Required Values for Garden Enterprise

You'll need to have the following values from your GitHub App at hand when installing Garden Enterprise:

  • App ID and Client ID (see top of the app page)

  • A generated Client secret (see top of the app page)

  • The user generated webhook secret

  • A generated Private key (see bottom of app page)

See here for a full list of environment configuration for Garden Enterprise.