GitHub

Published on May 25th, 2026

Introduction

The Context Store has several GitHub templated Data Sources to allow users to quickly pull relevant data into their Data Store. These templates are a starting point and often you'll want to apply filters or chained Data Sources to modify these templates to suit your needs.

Authentication

The built-in GitHub Data sources are split across two integrations:

  • github-enterprise-app (GitHub App installation auth)
  • github-enterprise-token (PAT/header auth)

Pre-built Data Sources

This table lists the GitHub API permissions needed for the GitHub data source seeds currently defined in this repo.

GitHub App

GitHub App integrations use installation tokens, not PAT scopes.

This table lists the GitHub API permissions needed for the GitHub App data source seeds currently defined in this repo (integrationSlug: github-app).

Permissions below are expressed as GitHub App permissions.

Data source seedGitHub endpoint(s) usedRecommended GitHub App permission(s)
GitHub App installationGET /installationMetadata (read)
GitHub App repositoriesGET /installation/repositoriesMetadata (read)
GitHub App pull requests (per repo)GET /installation/repositories then GET /repos/{full_name}/pulls?state=openMetadata (read), Pull requests (read)
GitHub App releases (per repo)GET /installation/repositories then GET /repos/{full_name}/releasesMetadata (read), Contents (read)
GitHub App Actions workflowsGET /installation/repositories then GET /repos/{full_name}/actions/workflowsMetadata (read), Actions (read)
GitHub App Dependabot alerts (per repo)GET /installation/repositories then GET /repos/{full_name}/dependabot/alerts?state=openMetadata (read), Dependabot alerts (read)
GitHub App collaborators (per repo)GET /installation/repositories then GET /repos/{full_name}/collaboratorsMetadata (read), Administration (read)
GitHub App markdown files (per repo)GET /installation/repositories then GET /search/code?q=extension:md+repo:{full_name}Metadata (read), Contents (read)
GitHub App YAML files (per repo)GET /installation/repositories then GET /search/code?q=extension:yaml+extension:yml+repo:{full_name}Metadata (read), Contents (read)

Practical recommendation

For broad compatibility with all current GitHub App seeds, configure:

  • Metadata (read)
  • Pull requests (read)
  • Contents (read)
  • Actions (read)
  • Dependabot alerts (read)
  • Administration (read)

If possible, grant permissions at the lowest repository scope needed by your installation.

PAT Tokens

The built-in github-token integration uses Personal Access Token-based auth.

Permissions below are expressed as classic PAT scopes, with notes where fine-grained token permissions are relevant.

Data source seedGitHub endpoint(s) usedRecommended token permission(s)
GitHub repositoriesGET /user/reposrepo
GitHub organizationsGET /user/orgsread:org
GitHub open pull requestsGET /search/issues?q=is:pr+is:open+author:@merepo
GitHub pull requests (per repo)GET /user/repos then GET /repos/{full_name}/pulls?state=openrepo
GitHub releases (per repo)GET /user/repos then GET /repos/{full_name}/releasesrepo
GitHub Actions workflowsGET /user/repos then GET /repos/{full_name}/actions/workflowsrepo, workflow
GitHub installed appsGET /user/installationsToken tied to account with app-installation visibility
GitHub codespacesGET /user/codespacescodespace (or equivalent Codespaces read permission)
GitHub organization membersGET /user/orgs then GET /orgs/{login}/membersread:org
GitHub teamsGET /user/orgs then GET /orgs/{login}/teamsread:org
GitHub Dependabot alerts (per repo)GET /user/repos then GET /repos/{full_name}/dependabot/alerts?state=openrepo, security_events
GitHub collaborators (per repo)GET /user/repos then GET /repos/{full_name}/collaboratorsrepo, read:org
GitHub catalog-info.yaml filesGET /search/code?q=filename:catalog-info.yaml+org:{org}repo (private repos), read:org
GitHub markdown filesGET /search/code?q=extension:md+org:{org}repo (private repos), read:org
GitHub YAML filesGET /search/code?q=extension:yaml+extension:yml+org:{org}repo (private repos), read:org

For broad compatibility with all GitHub seeds, start with:

  • repo
  • read:org
  • workflow
  • security_events
  • codespace (only if you need the codespaces seed)

If you use fine-grained tokens, grant the equivalent repository/org read permissions for each endpoint category above.