Set up the Bastion GitHub App
Bastion can optionally post checks and comments through a GitHub App. This page shows how to set it up.
1. Create the app on GitHub
Open GitHub's new-app form. For an org, usegithub.com/organizations/YOUR-ORG/settings/apps/new.
- Name. This is what the checks group under, for example YourOrg's Bastion. Must be globally unique.
- Webhook. Uncheck Active.
- Repository permissions. Set these, leave the rest at No access:ChecksRead and writePull requestsRead and writeContentsRead-only
- Click Create GitHub App.
2. Capture the app's credentials
Click Generate a private key (a.pem downloads) and note theApp ID. Then open Install App and install it on the repositories that run Bastion.
3. Store the two secrets
Add these as Actions secrets, named exactly:
BASTION_APP_IDthe numeric App IDBASTION_APP_PRIVATE_KEYthe full contents of the downloaded .pemFor Dependabot PRs, set them in the Dependabot secret store too.