GitHub Integration
Rack Gateway integrates with GitHub to verify commits and (optionally) post PR comments when deploy approval requests are created.
Features
Section titled “Features”- Commit verification against a branch
- PR detection for the branch being deployed
- Optional PR comments when a request is created
- Branch policy controls (default branch restrictions)
Configuration
Section titled “Configuration”Gateway Environment Variable
Section titled “Gateway Environment Variable”# GitHub personal access token or app installation tokenGITHUB_TOKEN=ghp_xxxxxxxxxxxxxxxxxxxxToken Permissions
Section titled “Token Permissions”The token needs permissions to read branches/commits and post PR comments:
| Permission | Scope | Purpose |
|---|---|---|
repo | Read | Verify commits and branches |
issues | Write | Post PR comments |
- Go to GitHub Settings → Developer settings → Personal access tokens
- Generate a token with
repoandissues:write - Store it as
GITHUB_TOKEN
- Create a GitHub App
- Grant permissions: Contents (read), Pull requests (read), Issues (write)
- Use an installation token as
GITHUB_TOKEN
Per-App Settings
Section titled “Per-App Settings”These settings live under Apps → {app} → Settings:
| Setting | Description | Example |
|---|---|---|
vcs_provider | Must be github | github |
vcs_repo | Repository in owner/repo format | MyOrg/myapp |
github_verification | Enable commit verification | true |
verify_git_commit_mode | branch or latest | latest |
require_pr_for_branch | Require an open PR | true |
default_branch | Default branch name | main |
allow_deploy_from_default_branch | Allow deploys from default branch | false |
github_post_pr_comment | Post PR comment on request creation | true |
# Environment variable configurationRGW_APP_MYAPP_SETTING_VCS_PROVIDER=githubRGW_APP_MYAPP_SETTING_VCS_REPO=MyOrg/myappRGW_APP_MYAPP_SETTING_GITHUB_VERIFICATION=trueRGW_APP_MYAPP_SETTING_VERIFY_GIT_COMMIT_MODE=latestRGW_APP_MYAPP_SETTING_REQUIRE_PR_FOR_BRANCH=trueRGW_APP_MYAPP_SETTING_DEFAULT_BRANCH=mainRGW_APP_MYAPP_SETTING_ALLOW_DEPLOY_FROM_DEFAULT_BRANCH=falseRGW_APP_MYAPP_SETTING_GITHUB_POST_PR_COMMENT=trueCommit Verification
Section titled “Commit Verification”When a deploy approval request is created, the gateway verifies the commit:
- latest: commit must equal branch HEAD
- branch: commit must exist somewhere in branch history
If verification fails, the request is rejected.
Pull Request Detection
Section titled “Pull Request Detection”When GitHub verification is enabled, the gateway attempts to find an open PR for the branch. If found, the PR URL is stored and shown in the approval UI.
PR Comments
Section titled “PR Comments”If github_post_pr_comment is enabled, the gateway posts a comment when the request is created. The comment includes a link to the approval request.
Troubleshooting
Section titled “Troubleshooting”- Ensure
GITHUB_TOKENis set and has access to the repo - Verify
vcs_repomatchesowner/repo - Check Audit Logs for GitHub verification failures