2. Create the GitHub App
Create the GitHub App that Sinatra uses to read code, open PRs, and receive webhooks.
Sinatra integrates with GitHub through a GitHub App (not a personal access token, not OAuth). The App gets installed on each repo or org you want Sinatra to work in.
Create it
Go to github.com → Settings → Developer settings → GitHub Apps → New GitHub App. (For an organization-owned App, replace the user Settings with Organization → Settings → Developer settings.)
Fill in:
- GitHub App name: pick something globally unique, e.g.
Sinatra (Acme). - Homepage URL: anything — your company URL or GitHub profile.
- Callback URL: leave empty.
- Request user authorization (OAuth) during installation: off.
- Setup URL:
https://YOUR_PUBLIC_API/install/github/callback(use your eventual public URL — see step 8). - Webhook → Active: on.
-
Webhook URL:
https://YOUR_PUBLIC_API/webhooks/github. -
Webhook secret: generate a random secret and save it — this becomes
GITHUB_APP_WEBHOOK_SECRET.node -e "console.log(require('crypto').randomBytes(32).toString('hex'))"
-
Permissions
Repository permissions:
| Permission | Access |
|---|---|
| Contents | Read & write |
| Pull requests | Read & write |
| Issues | Read & write |
| Checks | Read-only |
| Metadata | Read-only |
Issues: Read & write is required if you want to trigger Sinatra from GitHub Issues (the agent comments on issues, reacts with 👀, and may edit the issue body to publish a plan). For PR-only flows you can drop it to read-only.
Subscribe to events
Tick these:
Check suite, Delete, Installation target, Issue comment, Issues, Label, Pull request, Pull request review, Repository.
Installability
Where can this GitHub App be installed? — pick "Only on this account" for a single-org deploy, or "Any account" if you're operating Sinatra for multiple orgs.
Capture the credentials
After clicking Create GitHub App, you'll land on the App's settings page. You need:
- App ID — shown at the top of the page. Goes into
GITHUB_APP_ID. - Client ID — shown next to App ID. Not used by Sinatra today but record it anyway.
- Slug — visible in the URL, e.g.
github.com/apps/sinatra-acme→ slug issinatra-acme. Goes intoGITHUB_APP_SLUG. - Private key — scroll down, click Generate a private key. A
.pemfile downloads. Open it; the contents (including theBEGIN/ENDlines) becomeGITHUB_APP_PRIVATE_KEY.
Wrap the PEM in double quotes in your env file so newlines are preserved:
GITHUB_APP_PRIVATE_KEY="-----BEGIN RSA PRIVATE KEY-----
MIIE...
-----END RSA PRIVATE KEY-----"Install it on your repos
On the App's settings page, click Install App in the left sidebar. Pick the org/account, choose either "All repositories" or specific ones, and confirm. You can come back and add more repos at any time.
Recap — values you've captured
| Env var | Where it came from |
|---|---|
GITHUB_APP_ID | App ID at top of settings page |
GITHUB_APP_SLUG | URL slug |
GITHUB_APP_WEBHOOK_SECRET | Random secret you generated |
GITHUB_APP_PRIVATE_KEY | Downloaded .pem contents |