How to Build GitHub Apps For Fun and Profit

John Bohannon - Apr 6 '21 - - Dev Community

Hi there, GitHub developer! So you host your code on GitHub, and you've seen some comments like this:

dependabot

Dependabot and thousands of bots like it are what are called GitHub Apps. Today, I'll teach you how to make a GitHub App and how to list it for purchase in GitHub Marketplace. GitHub Apps have been around for several years but are worth another look as the GitHub Platform expands and improves.

About GitHub Apps

GitHub Apps are a great way to programmatically interact with GitHub:

  • Flexible, first class actors on GitHub
  • Secure, fine-grained permissions model
  • Scalable, dedicated rate limits
  • Built-in webhooks

You might need a GitHub App for:

GitHub Apps replace OAuth apps, are used to build GitHub Actions, and work on GitHub.com and GitHub Enterprise alike. Some APIs are exclusive to GitHub Apps โ€“ for example, Checks and Content Attachments.

A GitHub App can be programmed to act as itself, as a (scoped) "installation", or as one of its users, if permitted.

Also, GitHub Apps fit together with GitHub Actions like peanut butter and jelly, which is rad. So let's build one! Today, I'll build the simplest thing possible, a bot that approves a pull request if "๐Ÿค–" is in the title.

What will you build ๐Ÿ‘€?

Probot, the helper framework

Know JavaScript? Great. Probot is a trusty Node.js framework for building GitHub Apps, and we'll use it to make the following steps easier:

  1. Create the App by registering a set of permissions, webhook events, and metadata
  2. Install the App on as few or as many repositories as you want
  3. Use the App to make GitHub API requests

Create the App

In a terminal with Node.js installed, type npx create-probot-app pr-bot and follow the prompts, choosing basic-js as the template. cd pr-bot when the installation is done.

Open up app.yml in your favorite text editor. This is a one-time use creation spec or "manifest" โ€“ย of course, App settings can be changed later at https://github.com/settings/apps.

Uncomment default_events.pull_request and change default_permissions.pull_requests to write. When you're done it should look like this:



default_events:
  - pull_request
default_permissions:
  metadata: read
  pull_requests: write
description: A silly pull request bot!
public: true


Enter fullscreen mode Exit fullscreen mode

Now add the logic of the App in index.js. Add this block just below the line, app.log.info("Yay, the app was loaded!"):



app.on(
  ["pull_request.opened", "pull_request.edited", "pull_request.reopened"],
  async (context) => {

    if (context.payload.pull_request.title.indexOf('๐Ÿค–') > -1) {
      await context.octokit.pulls.createReview({
        ...context.pullRequest(),
        event: 'APPROVE'
      })
    }
  }
);


Enter fullscreen mode Exit fullscreen mode

context.octokit gives us access to an authenticated octokit/rest.js client to make GitHub API calls with ease. (Psst: check out the other official and 3rd party Octokit libraries, even if you aren't using Probot!)

Back in your terminal, run npm run start and then click "Register GitHub App" at http://localhost:3000:

create the app

Follow the prompts to finish creating the app. Notice that an .env file has appeared with some secret data only you as App developer have, namely the APP_ID, PRIVATE_KEY, and WEBHOOK_SECRET.

Install the App

Follow the prompts to install the app on all or select repositories. This lets the App "see and respond" to the resources you configured before (pull_requests), but in only these repositories.

Use the App

In one of these repositories, open a pull request. The pull_request webhook was received, but no "๐Ÿค–" was in the title, so pr-bot stayed quiet! Now add a "๐Ÿค–" in the title and notice the approval!

use the app

But you're not going to use your own machine for long ๐Ÿ˜‰. Probot apps are just Node.js apps, so they can be deployed to all the environments you'd expect.

No Probot, no problem

So far we've used Probot as a helper framework to create, install, and use the app to extend our experience on GitHub! Did you know you can easily follow this pattern even without Probot?

Create the App

Head over to https://github.com/settings/apps/new and fill out the fields, with Creating a GitHub App - GitHub Docs as your guide. Now you can appreciate the complexity that Probot solves by utilizing the app manifest flow behind the scenes.

create the app manually

Install the App

Visit your App's page at https://github.com/apps/yourappname to start an installation process as before.

Use the App

Now you should have a private key, App ID (found at the top of your app settings page, https://github.com/settings/apps/yourappname), and Installation ID (via API or in post-install URL like https://github.com/settings/installations/1234567). You can use these to form API requests, either manually, via one of the Octokit libraries, or even as an action.

Check out this video for a walkthrough example using Go on GitHub Enterprise Server:

YouTube

Listing in GitHub Marketplace

GitHub Marketplace is a one stop shop for sharing your app with the GitHub community and even allowing developers to pay you for it. See Requirements for listing an app - GitHub Docs for instructions!

Wrapping up

Today, we created, installed, and used a simple GitHub App and highlighted some great features about GitHub Apps:

  • Flexible, powerful integration model to build rich experiences and programmatic access to GitHub
  • Can be discovered, purchased, and sold on GitHub Marketplace
  • Fully backed by GitHub and extensively used by integrators and developers

Happy developing! See you around!

Additional resources:

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .