Set up the Bastion GitHub App

Bastion can optionally post checks and comments through a GitHub App. This page shows how to set it up.

1. Create the app on GitHub

Open GitHub's new-app form. For an org, usegithub.com/organizations/YOUR-ORG/settings/apps/new.

Open the new-app form

  1. Name. This is what the checks group under, for example YourOrg's Bastion. Must be globally unique.
  2. Webhook. Uncheck Active.
  3. Repository permissions. Set these, leave the rest at No access:
    ChecksRead and write
    Pull requestsRead and write
    ContentsRead-only
  4. Click Create GitHub App.

2. Capture the app's credentials

Click Generate a private key (a.pem downloads) and note theApp ID. Then open Install App and install it on the repositories that run Bastion.

3. Store the two secrets

Add these as Actions secrets, named exactly:

BASTION_APP_IDthe numeric App ID
BASTION_APP_PRIVATE_KEYthe full contents of the downloaded .pem

For Dependabot PRs, set them in the Dependabot secret store too.