GitHub Enterprise Integration

🚧

Note

GitHub Enterprise is only supported on env0 Organizations signed up for our Self-Hosted Agent.

Supported GitHub Enterprise Server versions are:

• 2.21.13 and above
• 3.x

Initial GitHub Enterprise Setup

For env0 to be able to clone your code and post back commit statuses when running Plan on Pull Request you need to create and install a personal env0 GitHub App on your organization.

This only needs to be done once per GitHub Server.

1. Create GitHub App (Only Organization is currently supported)

   1. Name your GitHub app env0
   2. Set Homepage URL to https://env0.com
   3. Skip ahead to the Webhooks section
      • Make sure Active is checked
      • You will now need to set the Webhook URL and Secret.
      • To fetch these, go to the Templates page.
        • If a template does not exist, create a New Template
          • Choose IaC framework (e.g. Terraform/OpenTofu)
            • Add Name
            • Click Next
            • Click GitHub Enterprise.
            • Copy Webhook URL and Secret and set both on the GitHub App
        • If a template already exists, use the Existing Template and update it as necessary.
   4. Skip ahead to the Repository permissions section and grant the following permissions:
      • Checks - Read and write
      • Contents - Read-only
      • Deployments - Read and Write
      • Metadata - Read-only
      • Pull requests - Read and Write
   5. Skip ahead to the Subscribe to events section and check the following:
      • Push
      • Pull Request
   6. On "Where can this GitHub App be installed?" Check "Any account - Allow this GitHub App to be installed by any user or organization.". Note however - currently you may only install the app on a single organization of your choice on your GitHub Enterprise instance
   7. Click "Create GitHub App"
   8. Make a note of the App ID and Client ID
   9. Click the "Generate a new client secret" and make note of that secret. You'll need it later.
   10. Scroll all the way down and "Click the Generate a private key". A pem file will be downloaded and saved on your computer. You'll need it later.
   11. Under the "Display information", click the "Upload a logo..." button and upload a logo (Optional)

2. On the lefthand side menu, click on Install App to install the app on the organization of your choice

   1. Note the env0 app may only be installed on a single organization at this time.
   2. Grant env0 access to all or selected repositories in the organization
   3. Once the installation is done completed - you'll need to make a note of the installation id. It is the last URL part of the page you are in: http://github-ee.acme.com/organizations/{my-organization}/settings/installations/{installation-id}

3. You'll need the following set as Helm values when installing the env0 agent:

   • githubEnterpriseAppId - The App ID from step 1.8
   • githubEnterpriseAppClientId - The Client ID from step 1.8
   • githubEnterpriseAppInstallationId - The Installation ID from step 2.3
   • githubEnterpriseAppClientSecretEncoded - The App Client Secret from step 1.10 Please base64 encode it before setting it
   • githubEnterpriseAppPrivateKeyEncoded - The content of the pem file downloaded in step 1.9 Please base64 encode it before setting it

🚧

Note

If deploying via Docker, DO NOT base64 encode the following keys:

• githubEnterpriseAppClientSecretEncoded
• githubEnterpriseAppPrivateKeyEncoded

📘

Encode to Base64

You can open browser Dev Tools - go to console and use

btoa("secret")

to encode the string to base 64

githubEnterpriseAppId: 111
githubEnterpriseAppClientId: xxxxxxx
githubEnterpriseAppInstallationId: 222
githubEnterpriseAppClientSecretEncoded: bb=
githubEnterpriseAppPrivateKeyEncoded: aa==

4. Install the agent

Now you can create templates for GitHub Enterprise