Files
wehub-resource-sync 4b6817381b
Benchmark image — build + push to ECR (any adapter) / build + push (push) Waiting to run
CI / quality (ubuntu-latest) (push) Waiting to run
CI / test (tools-runtime) (push) Waiting to run
CI / test (e2e-general) (push) Waiting to run
CI / test (cli-runtime) (push) Waiting to run
CI / test (e2e-provider-and-openclaw) (push) Waiting to run
CI / test (integrations-and-misc) (push) Waiting to run
CI / coverage-report (push) Blocked by required conditions
CI / test-kubernetes (push) Waiting to run
CI / should-run-thorough (push) Waiting to run
CI / test-thorough (cloudwatch-demo) (push) Blocked by required conditions
CI / test-thorough (flink-ecs) (push) Blocked by required conditions
CI / test-thorough (upstream-lambda) (push) Blocked by required conditions
CI / test-thorough (prefect-ecs-fargate) (push) Blocked by required conditions
CodeQL / Analyze (python) (push) Waiting to run
Release / build-binaries (zip, opensre.exe, onefile, windows-latest, windows-x64) (push) Blocked by required conditions
Release / publish-release (push) Blocked by required conditions
Release / publish-main-release (push) Blocked by required conditions
Release / prepare (push) Waiting to run
Release / verify (push) Blocked by required conditions
Release / build-python-dist (push) Blocked by required conditions
Release / build-binaries (tar.gz, opensre, onedir, macos-15-intel, darwin-x64) (push) Blocked by required conditions
Release / build-binaries (tar.gz, opensre, onedir, macos-latest, darwin-arm64) (push) Blocked by required conditions
Release / build-binaries (tar.gz, opensre, onedir, ubuntu-22.04, linux-x64) (push) Blocked by required conditions
Release / build-binaries (tar.gz, opensre, onedir, ubuntu-22.04-arm, linux-arm64) (push) Blocked by required conditions
Synthetic Deterministic Tests / Synthetic offline (deterministic) (push) Waiting to run
Interactive Shell Live (PR + post-merge) / turn-checks (no-LLM) (push) Waiting to run
Interactive Shell Live (PR + post-merge) / turn-live shard ${{ matrix.shard_index }} (push) Waiting to run
CI (OpenClaw E2E) / openclaw test (push) Has been cancelled
chore: import upstream snapshot with attribution
2026-07-13 13:10:45 +08:00

136 lines
4.8 KiB
Plaintext

---
title: "GitHub"
description: "Connect GitHub so OpenSRE can correlate recent commits and code changes with incidents"
---
OpenSRE connects to GitHub via the GitHub MCP server to search code, browse recent commits, inspect files, and trace changes correlated with alerts — helping identify which deployment or code change triggered an incident.
## First launch (macOS & Windows)
The first time you launch the interactive shell on macOS or Windows, OpenSRE asks
you to sign in to GitHub in your browser before the prompt appears. This runs the
same browser device-flow sign-in as Option 1 below, then connects GitHub
automatically. Sign in once and OpenSRE remembers it for future launches.
You can bypass this step — for example if GitHub sign-in is unavailable:
```bash
OPENSRE_SKIP_GITHUB_LOGIN=1 opensre
```
The first-launch prompt never runs on Linux or in CI/automation, and is skipped
when GitHub is already configured.
## Prerequisites
- GitHub account with repository access
- One of: browser sign-in (recommended), a personal access token, or GitHub Copilot MCP access
## Setup
### Option 1: Interactive CLI (browser sign-in)
```bash
opensre integrations setup
```
Select **GitHub** when prompted, then choose **Authorize in browser**. OpenSRE
opens GitHub's device authorization page and prints a one-time code — approve it
in your browser and the token is captured automatically. No personal access
token is required.
This uses GitHub's OAuth device flow, which has no client secret. The public
OAuth App client id ships with OpenSRE; override it with
`OPENSRE_GITHUB_OAUTH_CLIENT_ID` if you register your own app.
If you prefer, the same prompt lets you **paste a token (PAT)** instead.
### Option 2: Environment variables
```bash
GITHUB_MCP_AUTH_TOKEN=ghp_your_personal_access_token
GITHUB_MCP_URL=https://api.githubcopilot.com/mcp/ # default
GITHUB_MCP_MODE=streamable-http # default
GITHUB_MCP_TOOLSETS=repos,issues,pull_requests,actions # default
```
| Variable | Default | Description |
| --- | --- | --- |
| `GITHUB_MCP_AUTH_TOKEN` | — | GitHub personal access token. Required unless you authorize in the browser (Option 1) |
| `GITHUB_MCP_URL` | `https://api.githubcopilot.com/mcp/` | GitHub MCP server URL |
| `GITHUB_MCP_MODE` | `streamable-http` | Transport mode: `streamable-http`, `sse`, or `stdio` |
| `GITHUB_MCP_TOOLSETS` | `repos,issues,pull_requests,actions` | Comma-separated toolsets to enable |
| `GITHUB_MCP_COMMAND` | — | Command to run (required for `stdio` mode only) |
| `GITHUB_MCP_ARGS` | — | Space-separated args for `stdio` mode |
| `OPENSRE_GITHUB_OAUTH_CLIENT_ID` | _(built-in)_ | OAuth App client id for browser sign-in (device flow). Override to use your own app |
### Option 3: Persistent store
```json
{
"version": 1,
"integrations": [
{
"id": "github-prod",
"service": "github",
"status": "active",
"credentials": {
"url": "https://api.githubcopilot.com/mcp/",
"mode": "streamable-http",
"auth_token": "ghp_your_token",
"toolsets": ["repos", "issues", "pull_requests", "actions"]
}
}
]
}
```
## Creating a personal access token
1. In GitHub, go to **Settings** → **Developer settings** → **Personal access tokens** → **Tokens (classic)**
2. Click **Generate new token**
3. Select the following scopes: `repo`, `read:org`
4. Copy the token
<Info>
For GitHub Enterprise Server, set `GITHUB_MCP_URL` to your enterprise MCP endpoint.
</Info>
## Transport modes
| Mode | When to use |
| --- | --- |
| `streamable-http` | Default. Works with GitHub Copilot MCP and most hosted instances |
| `sse` | For older MCP servers using Server-Sent Events |
| `stdio` | For running a local MCP server process (`npx @modelcontextprotocol/server-github`) |
## Verify
```bash
opensre integrations verify github
```
Expected output:
```
Service: github
Status: passed
Detail: GitHub MCP validated for your-username; discovered 18 tools including repository source investigation helpers
```
## Troubleshooting
| Symptom | Fix |
| --- | --- |
| **Authentication failed** | Check that the token has `repo` scope and is not expired |
| **Required tools missing** | Ensure toolsets include `repos` — it provides `get_file_contents`, `list_commits`, etc. |
| **Connection refused** | Verify `GITHUB_MCP_URL` is reachable and the MCP server is running |
| **Browser sign-in unavailable** | Set `OPENSRE_GITHUB_OAUTH_CLIENT_ID` to a device-flow-enabled OAuth App, or fall back to pasting a PAT |
| **First-launch sign-in is blocking me** | Set `OPENSRE_SKIP_GITHUB_LOGIN=1` to bypass the first-launch GitHub prompt |
## Security best practices
- Use a **fine-grained personal access token** with read-only repository access.
- Limit token scope to the repositories OpenSRE needs to inspect.
- Store the token in `.env`, not in source code.