GitHub
Konductro integrates with GitHub as a per-project git provider — branches, pull requests, ticket-spec push, and PR status sync all work the same way they do for Azure DevOps, Bitbucket Cloud, and the Konductro-managed Gitea backend. Both GitHub.com and GitHub Enterprise Cloud repositories are supported.
What Syncs
| Data | Direction | Detail |
|---|---|---|
| Branches | Konductro to GitHub | Feature branches created via the GitHub REST API when a developer starts work |
| Ticket specs | Konductro to GitHub | .tickets/TICKET-KEY.md files pushed to the branch via the GitHub contents API |
| Pull requests | Konductro to GitHub | PRs created with title, description, and acceptance criteria checklist |
| Reviewers | Konductro to GitHub | Auto-assigned reviewer added to the PR as a requested reviewer, by GitHub username |
| PR status | GitHub to Konductro | Pull-request opened / merged events update the linked ticket in real time via webhook (see below) |
Authentication
GitHub authentication is per-user. Each developer who works on a GitHub-backed project adds their own GitHub personal access token to their Konductro profile — there is no shared service account. Konductro authenticates to the GitHub REST API as that user (Bearer token) for every git operation.
Create a token at github.com → Settings → Developer settings → Personal access tokens with access to the repositories you'll work on. Either token type works:
| Token type | Required scope / permission |
|---|---|
| Classic | repo (full control of the repositories — covers branches, contents, and pull requests) |
| Fine-grained | Repository permissions — Contents: Read and write, Pull requests: Read and write, Metadata: Read-only (mandatory) |
Copy the token — GitHub shows it only once.
Setup
Create a personal access token
Generate a token in GitHub with the scope/permission shown above, scoped to the org or repositories you need.
Add the credential in Konductro
In your Konductro profile, under Git Credentials, click Add Credential and select GitHub. Fill in:
- Owner (org or username) — the GitHub account that owns the repos (e.g.
acme-teamor your username). Credentials are stored one per provider/owner combination. - Token — the personal access token from step 1.
Konductro validates the token against GitHub before saving.
Set the project's git provider
When creating a project, pick GitHub as the git provider. For existing projects, change it in Project → Git → Settings.
Link your repos
In Project → Git, click Link Existing Repository, choose GitHub, pick the credential to use, and select the repos to link from the owner's repo list.
Webhooks — PR status sync
Each webhook delivery is authenticated with an HMAC-SHA256 signature: GitHub signs the request body with the secret you configure and sends it in the X-Hub-Signature-256 header, which Konductro verifies against the project's webhook secret. A request with a missing or invalid signature is rejected.
Generate the webhook secret in Konductro
In the project's Settings → Webhooks, click Generate webhook secret and copy the value. It is shown only once.
Add the webhook in GitHub
For each repository linked to the project: Settings → Webhooks → Add webhook. Set:
- Payload URL:
https://<tenant>.konductro.com/api/webhooks/github/<project-id>— the exact URL is shown on the Webhooks card. - Content type:
application/json - Secret: the webhook secret from step 1.
- Events: choose Let me select individual events and tick Pull requests.
Per-User Token Model
Every developer who needs git operations on a GitHub-backed project configures their own personal access token in their Konductro profile. Konductro resolves the calling user's stored credential before each git operation — there is no shared service account.
Practical consequences:
- Branch creation, ticket-spec push, and PR creation are attributed to the developer who initiated the action.
- Reviewer assignment uses the reviewer's GitHub username — for auto-reviewer to land on the PR, both the PR creator and the reviewer must have GitHub credentials configured.
- Token rotation is per-user: revoke it at github.com and re-add it in your profile.