GitHub App Setup
Create and configure a GitHub App for PR drafting, issue ingestion, and CI status tracking.
Optional: You can skip this section if you don't need GitHub integration. NestFleet works without it — you just won't get PR drafting or GitHub issue ingestion.
1. Create the GitHub App
- Go to GitHub → Settings → Developer settings → GitHub Apps → New GitHub App.
- Set Homepage URL to your NestFleet domain (e.g.
https://ops.yourcompany.com). - Set Webhook URL to
https://<your-domain>/api/v1/github/webhook. - Generate a Webhook secret (e.g.
openssl rand -hex 32) and save it — you'll need it forGITHUB_WEBHOOK_SECRET. - Uncheck Expire user authorization tokens.
2. Set permissions
| Permission | Level | Why |
|---|---|---|
| Repository → Contents | Read & write | Read files for PR context; create/update files for doc fixes |
| Repository → Issues | Read & write | Ingest GitHub issues as cases; comment with triage results |
| Repository → Pull requests | Read & write | Draft and update change request PRs |
| Repository → Statuses | Read | Track CI status on change request PRs |
| Repository → Metadata | Read | Required by GitHub for all apps |
3. Subscribe to webhook events
- Issues — opened, edited, closed, labeled
- Issue comment — created
- Pull request — opened, closed, synchronize
- Push — for CI status tracking
- Status — CI check results on PRs
4. Generate a private key
After saving the app, scroll to Private keys and click Generate a private key. A .pem file will download. Keep it safe — you need it for the environment variable below.
5. Set environment variables
GITHUB_APP_ID=123456 GITHUB_APP_PRIVATE_KEY="-----BEGIN RSA PRIVATE KEY-----\nMIIE...\n-----END RSA PRIVATE KEY-----" GITHUB_WEBHOOK_SECRET=your-webhook-secret
The private key value must have literal \n newlines (not actual line breaks) when set as an environment variable. You can convert it with:
awk 'NF {sub(/\r/, ""); printf "%s\\n",$0;}' your-app.pem6. Install the app on your repositories
In your GitHub App settings, go to Install App and install it on the repositories you want NestFleet to monitor. You can grant access to all repositories or select specific ones.