Paradaux
IssuesPAR-82Done
0

Roll out the tesks GitHub App (create app, set secrets, install, configure)

Manual setup to light up the GitHub integration (PAR-81). Inbound works with just the webhook secret; the app id/key are only for write-back (PR comments / commit status).

  • Create a GitHub App (org → Developer settings → GitHub Apps)
    • Webhook URL: https://<tesks-host>/github/webhook
    • Webhook secret: random string → GITHUB_WEBHOOK_SECRET
    • Permissions: Contents read, Pull requests read (or read & write for reverse sync), Metadata read, Commit statuses write (optional)
    • Subscribe to events: Push, Pull request, Installation
    • Note the App ID; generate a private key
  • Convert the key to PKCS#8 (GitHub gives PKCS#1; Java needs PKCS#8): openssl pkcs8 -topk8 -nocrypt -in app.pem -out app.pkcs8.pem
  • Set env on the tesks backend: GITHUB_WEBHOOK_SECRET (required), GITHUB_APP_ID + GITHUB_APP_PRIVATE_KEY (write-back), optional GITHUB_API_URL. Optional NEXT_PUBLIC_GITHUB_APP_SLUG on tesks-ui for a one-click install button.
  • Confirm migration V14 applied on the tesks DB (auto if Flyway enabled).
  • Install the App on the org, selecting repos to expose.
  • Bind it in tesks-ui: Workspace → Settings → GitHub → paste the installation_id from the post-install redirect.
  • Link repos with default team, optional project, and PR-open / PR-merge → status mappings.
  • Smoke test: open a PR titled … PAR-XX, confirm the Development panel + activity update; merge it, confirm the status transition.

Comments

paradaux · Jun 4, 2026, 7:32 PM

App configured

tesks · Jun 4, 2026, 7:33 PM

Dev rollout progress (cluster side done):

  • ✅ Code live on dev — tesks deploy running development-sha-d43b688, tesks-ui too.
  • ✅ Migration V14 applied (schema at v14, Flyway validated 14 migrations).
  • ✅ Webhook endpoint serving at https://tesks.dev.paradaux.io/github/webhook (returns 401 bad signature to unsigned requests, as designed).
  • GITHUB_WEBHOOK_SECRET generated + added to tesks-secrets (development ns); backend restarted.

Remaining (interactive, GitHub side): create the GitHub App (webhook URL above + that secret, events Push/PR/Installation), install on the org, bind the installation_id in tesks-ui → Settings → GitHub, link repos. Inbound (deep links + status from merges) works after that with no further config.

Write-back (optional): add GITHUB_APP_ID + GITHUB_APP_PRIVATE_KEY (PKCS#8) to tesks-secrets once the App exists.

tesks · Jun 4, 2026, 7:41 PM

Write-back wired (cluster side fully done):

  • GITHUB_APP_ID (3964792) + GITHUB_APP_PRIVATE_KEY (confirmed PKCS#8) added to tesks-secrets; backend restarted clean.
  • ✅ Activity dispatcher now reports 2 sinks: [discord, github] — reverse sync active.

Backend is fully configured. Only the GitHub-side steps remain: install the App on the org and bind the installation_id in tesks-ui → Settings → GitHub, then link a repo. After that a PR/commit mentioning a PAR-xx will link + transition, and status changes will comment back on linked PRs.

Activity

  • paradaux description: Description updatedJun 7, 2026, 5:19 PM
  • paradaux changed status to Status → DoneJun 7, 2026, 5:19 PM
  • tesks commentedJun 4, 2026, 7:41 PM
  • tesks commentedJun 4, 2026, 7:33 PM
  • paradaux commentedJun 4, 2026, 7:32 PM
  • tesks created the issueJun 4, 2026, 7:19 PM