# GitHub

> Learn how to get started with GitHub pre-built Data Sources for the Roadie Context Store.

*Published: 2026-05-25T12:00:00.0Z*


## Introduction

The Context Store has several GitHub templated Data Sources to allow users to quickly pull relevant data into their Data Store. These templates are a starting point and often you'll want to apply filters or chained Data Sources to modify these templates to suit your needs.

## Authentication

The built-in GitHub Data sources are split across two integrations:
- `github-enterprise-app` (GitHub App installation auth)
- `github-enterprise-token` (PAT/header auth)

## Pre-built Data Sources

This table lists the GitHub API permissions needed for the GitHub data source seeds currently defined in this repo.

### GitHub App 

GitHub App integrations use installation tokens, not PAT scopes.  

This table lists the GitHub API permissions needed for the GitHub App data source seeds currently defined in this repo (`integrationSlug: github-app`).

Permissions below are expressed as **GitHub App permissions**.

| Data source seed | GitHub endpoint(s) used | Recommended GitHub App permission(s) |
| --- | --- | --- |
| `GitHub App installation` | `GET /installation` | `Metadata` (read) |
| `GitHub App repositories` | `GET /installation/repositories` | `Metadata` (read) |
| `GitHub App pull requests (per repo)` | `GET /installation/repositories` then `GET /repos/{full_name}/pulls?state=open` | `Metadata` (read), `Pull requests` (read) |
| `GitHub App releases (per repo)` | `GET /installation/repositories` then `GET /repos/{full_name}/releases` | `Metadata` (read), `Contents` (read) |
| `GitHub App Actions workflows` | `GET /installation/repositories` then `GET /repos/{full_name}/actions/workflows` | `Metadata` (read), `Actions` (read) |
| `GitHub App Dependabot alerts (per repo)` | `GET /installation/repositories` then `GET /repos/{full_name}/dependabot/alerts?state=open` | `Metadata` (read), `Dependabot alerts` (read) |
| `GitHub App collaborators (per repo)` | `GET /installation/repositories` then `GET /repos/{full_name}/collaborators` | `Metadata` (read), `Administration` (read) |
| `GitHub App markdown files (per repo)` | `GET /installation/repositories` then `GET /search/code?q=extension:md+repo:{full_name}` | `Metadata` (read), `Contents` (read) |
| `GitHub App YAML files (per repo)` | `GET /installation/repositories` then `GET /search/code?q=extension:yaml+extension:yml+repo:{full_name}` | `Metadata` (read), `Contents` (read) |

## Practical recommendation

For broad compatibility with all current GitHub App seeds, configure:

- `Metadata` (read)
- `Pull requests` (read)
- `Contents` (read)
- `Actions` (read)
- `Dependabot alerts` (read)
- `Administration` (read)

If possible, grant permissions at the lowest repository scope needed by your installation.

### PAT Tokens 

The built-in `github-token` integration uses Personal Access Token-based auth. 

Permissions below are expressed as **classic PAT scopes**, with notes where fine-grained token permissions are relevant.

| Data source seed | GitHub endpoint(s) used | Recommended token permission(s) |
| --- | --- | --- |
| `GitHub repositories` | `GET /user/repos` | `repo` |
| `GitHub organizations` | `GET /user/orgs` | `read:org` |
| `GitHub open pull requests` | `GET /search/issues?q=is:pr+is:open+author:@me` | `repo` |
| `GitHub pull requests (per repo)` | `GET /user/repos` then `GET /repos/{full_name}/pulls?state=open` | `repo` |
| `GitHub releases (per repo)` | `GET /user/repos` then `GET /repos/{full_name}/releases` | `repo` |
| `GitHub Actions workflows` | `GET /user/repos` then `GET /repos/{full_name}/actions/workflows` | `repo`, `workflow` |
| `GitHub installed apps` | `GET /user/installations` | Token tied to account with app-installation visibility |
| `GitHub codespaces` | `GET /user/codespaces` | `codespace` (or equivalent Codespaces read permission) |
| `GitHub organization members` | `GET /user/orgs` then `GET /orgs/{login}/members` | `read:org` |
| `GitHub teams` | `GET /user/orgs` then `GET /orgs/{login}/teams` | `read:org` |
| `GitHub Dependabot alerts (per repo)` | `GET /user/repos` then `GET /repos/{full_name}/dependabot/alerts?state=open` | `repo`, `security_events` |
| `GitHub collaborators (per repo)` | `GET /user/repos` then `GET /repos/{full_name}/collaborators` | `repo`, `read:org` |
| `GitHub catalog-info.yaml files` | `GET /search/code?q=filename:catalog-info.yaml+org:{org}` | `repo` (private repos), `read:org` |
| `GitHub markdown files` | `GET /search/code?q=extension:md+org:{org}` | `repo` (private repos), `read:org` |
| `GitHub YAML files` | `GET /search/code?q=extension:yaml+extension:yml+org:{org}` | `repo` (private repos), `read:org` |

For broad compatibility with all GitHub seeds, start with:

- `repo`
- `read:org`
- `workflow`
- `security_events`
- `codespace` (only if you need the codespaces seed)

If you use fine-grained tokens, grant the equivalent repository/org read permissions for each endpoint category above.
