PullApprove 5
CODEREVIEW.toml
Self-Hosted
Log in

GitHub Setup

Configure GitHub integration for your self-hosted PullApprove5 deployment.

Create a GitHub App

Fill in your details below and click "Create GitHub App" to open GitHub with the correct permissions pre-filled.

Use your GitHub Enterprise URL if applicable

The GitHub organization where the app will be created

The domain where your PullApprove5 instance will be hosted

Permissions

Contents: Read Metadata: Read Pull requests: Write Commit statuses: Write Members: Read Emails: Read

Events: push, pull_request, pull_request_review

Create GitHub App

Configure the GitHub App

After creating your GitHub App, you'll need to generate a few credentials from the app settings page before configuring your deployment.

Private Key

Click "Generate a private key" to download a .pem file. This is a multiline file — how you pass it as an environment variable depends on your deployment method. Some systems require you to replace newlines with literal \n characters, while others (AWS Secrets Manager, Vault, K8s Secrets) support multiline values natively. PullApprove normalizes line endings on startup, so both formats work.

Client Secret

Click "Generate a new client secret" and save the value.

Webhook Secret

Generate a random secret, for example:

python3 -c "import secrets; print(secrets.token_urlsafe(32))"

Paste this value into the Webhook secret field in your GitHub App settings.

Environment Variables

Set the following environment variables in your deployment.

# Public URL of your GitHub App (found on the app's settings page)
GITHUB_APP_URL=https://github.com/apps/pullapprove5-yourorg
GITHUB_APP_ID=123456
GITHUB_APP_PRIVATE_KEY="-----BEGIN RSA PRIVATE KEY-----\n...\n-----END RSA PRIVATE KEY-----\n"
GITHUB_WEBHOOK_SECRET=your-generated-webhook-secret
GITHUB_CLIENT_ID=Iv23_abc123def456
GITHUB_CLIENT_SECRET=your-client-secret

# GitHub Enterprise Server only
# GITHUB_API_BASE_URL=https://github.example.com/api/v3

# Status check name
# (default: "pullapprove5")
GITHUB_STATUS_CONTEXT=pullapprove5

# Comma-separated usernames to ignore webhooks from
# (e.g., your-app[bot])
GITHUB_WEBHOOK_SENDER_BLOCKLIST=your-app-name[bot]

Verify

Test that GitHub can deliver webhooks to your PullApprove5 instance:

  1. Go to your GitHub App settings page
  2. Click on the "Advanced" tab
  3. Scroll down to "Recent Deliveries"
  4. Click "Redeliver" on the ping webhook
  5. Verify the delivery shows a successful response (status 200)

GitHub App Advanced tab showing Recent Deliveries and Redeliver button

If the webhook ping is successful, your self-hosted instance is ready. You can now install the GitHub App on repositories to start using PullApprove5.