• 
      

    Add GitHub App connectivity.

    Review Request #15144 — Created June 30, 2026 and updated — Latest diff uploaded

    Information

    Review Board
    release-9.x

    Reviewers

    This change adds a GitHub App as an alternative to Personal Access
    Tokens. This involves a bunch of moving parts:

    1. The actual GitHub App backend, which includes a redirect view that
      will trigger the GitHub App Manifest flow, and callback views for
      when the app has been created and when the app has been installed
      into a user or organization. This ends up creating a hidden
      HostingServiceAccount which holds the app registration keys, and
      then each time the app gets installed (for a user or organization)
      will create a new HostingServiceAccount for that entry.

    2. Modifications to the GitHub client to use the app for authentication.
      This involves minting short-lived RS256 JWT tokens for the actual API
      requests to GitHub.

    3. Customized UI parts for the connected services list. This involves:

    • Special templates and flows for the "Connect a service" wizard which
      lets users choose how they want to connect, and triggers for the new
      app creation flow.

    • An override for the entry template which adds an extra controls
      panel that either encourages users to create the app (if they have
      existing connections using PATs only), or provides a link into
      GitHub's settings UI (allowing changes to URLs or transferring the
      app registration to another owner).

    This also currently includes a stub webhook handler (since GitHub Apps
    have a single webhook endpoint for all authorized repositories), as well
    as some commented-out bits for future enhancement.

    • Connected a GitHub App and installed it into multiple organizations.
    • Tested all aspects of the wizard flow, including creation of the app
      and reassignment of any PAT-based repositories after app install.
    • Verified that API access works correctly when authenticating using the
      app tokens.
    • Ran unit tests.

    Commits

    Files