This sample app showcases how webhooks can be used with a GitHub App's installation token to create a bot that responds to issues. Code uses octokit.js.

• Node.js 12 or higher
• A GitHub App subscribed to Pull Request events and with the following permissions:
  • Pull requests: Read & write
  • Metadata: Read-only
• (For local development) A tunnel to expose your local server to the internet (e.g. smee, ngrok or cloudflared)
• Your GitHub App Webhook must be configured to receive events at a URL that is accessible from the internet.

1. Clone this repository.
2. Create a .env file similar to .env.example and set actual values. If you are using GitHub Enterprise Server, also include a ENTERPRISE_HOSTNAME variable and set the value to the name of your GitHub Enterprise Server instance.
3. Install dependencies with npm install.
4. Start the server with npm run server.
5. Ensure your server is reachable from the internet.
   • If you're using smee, run smee -u <smee_url> -t http://localhost:3000/api/webhook.
6. Ensure your GitHub App includes at least one repository on its installations.

With your server running, you can now create a pull request on any repository that your app can access. GitHub will emit a pull_request.opened event and will deliver the corresponding Webhook payload to your server.

The server in this example listens for pull_request.opened events and acts on them by creating a comment on the pull request, with the message in message.md, using the octokit.js rest methods.

To keep things simple, this example reads the GITHUB_APP_PRIVATE_KEY from the environment. A more secure and recommended approach is to use a secrets management system like Vault, or one offered by major cloud providers: Azure Key Vault, AWS Secrets Manager, Google Secret Manager, etc.