GitHub Setup
Create a new GitHub App for the organisation Governor should manage. The App should be installed for all repositories in the organisation. Make a note of the Application ID, Client ID, the Webhook secret, and download the private key. These values are required when configuring the AWS Secret in the next step.
Repository Permissions
The permissions required by Governor depend on the configuration. The following permissions are required for the default configuration.
| Permission | Access | Description |
|---|---|---|
| Metadata | Read-only | Required for fetching repository and organization metadata. |
| Administration | Read and write | Required for managing repository settings. If you do not want Governor to manage repository settings, you can omit this permission and remove the repository section from the organisation's configuration in the bot's configuration file. |
| Contents | Read-only | Required for reading the configuration file, and checking for missing package manager lock files. |
| Dependabot Alerts | Read-only | Required for monitoring security alerts. |
| Pull Requests | Read and write | Required for managing pull requests. |
Subscribe to Events
The App must be subscribed to the following events.
- Pull request
- Repository
- Dependabot alert