Skip to content


Repository files navigation

GitHub App integration for Kiwi TCMS Python updates Tidelift Become a sponsor Kiwi TCMS on Twitter


This package provides the GitHub App integration for Kiwi TCMS Enterprise and is designed to work only for multi-tenant environments! You don't need this add-on in order to run Kiwi TCMS without extended GitHub integration!

Communication from GitHub to this plugin is via webhooks.

Plugin behavior:

  • Auto-configure which tenant to use for database operations, either 'public' or a single private tenant to which user has access.
  • If unable to auto-configure display warning and redirect to configuration page once the GitHub account who installed this integration onto their GitHub repository logs into Kiwi TCMS
  • Existing & newly created repositories are added as products in Kiwi TCMS
  • BugSystem records are automatically configured for repositories
  • Fork repositories are skipped
  • Newly created git tags are added as product versions in Kiwi TCMS

See Issues for other ideas!


pip install kiwitcms-github-app

inside Kiwi TCMS's docker image and make sure the following settings are configured:

KIWI_GITHUB_APP_SECRET = b'your-webhook-secret'
-----END RSA PRIVATE KEY-----"""

everything else will be taken care for by Kiwi TCMS plugin loading code!

GitHub App configuration

This plugin needs an existing GitHub App application with the following configuration:

Then configure how the application interacts with GitHub:

  • Repository permissions:
    • Contents: Read-only
    • Issues: Read & write (required for 1-click bug report on private repos)
    • Metadata: Read-only
  • User permissions:
    • Email addresses: Read-only
  • Subscribe to events:
    • Meta
    • Create
    • Repository


v2.0.1 (18 Jun 2024)

  • Filter DB only for 'github-app' instead of unconditionally using the first record. Fixes Sentry KIWI-TCMS-P5

v2.0.0 (07 Jun 2024)

  • Relicense this package under GNU Affero General Public License v3 or later
  • Prior versions are still licensed under GNU General Public License v3

v1.7.0 (06 May 2024)

  • Pin indirect requirements to reduce the chance of installing vulnerable dependencies
  • Remove the wrapper GithubKiwiTCMSBot() class
  • Simplify self.requester override in PatchedGithub() class
  • Start using the new GitHub Auth parameters introduced in PyGithub==1.59.0

v1.6.0 (15 Jan 2024)

  • 1-click bug report will now use instead of following changes in Kiwi TCMS, see: <>_ and PR #3439 for more details
  • Require minimum version of several transitive dependencies, certifi>=2023.7.22, cryptography>=41.0.4, pyjwt>=2.4.0, requests>=2.31.0 in order to minimize exposure to known security vulnerabilities
  • Build & test with Python 3.11
  • Start testing with psycopg3
  • Small updates around test jobs & CI

v1.5.1 (28 Mar 2023)

  • Unpin PyGithub dependency
  • Add more tests

v1.5.0 (24 Feb 2023)

  • Refactor code so it works with PyGithub==1.58.0
  • Remove PatchedGithubIntegration class
  • Add sanity tests for upstream/downstream interfaces for PyGithub

v1.4.1 (13 Feb 2023)

  • Adjust arguments for latest github.Github implementation
  • Raise RuntimeError instead of Exception

v1.4.0 (05 Sep 2022)

  • Don't ask user to configure GitHub App if they are not tenant owner. Breaks an endless loop cycle in case tenant creation goes wrong
  • Specify 30 sec timeout for internal HTTP requests
  • Improvements to CI

v1.3.3 (31 Jan 2022)

v1.3.2 (05 Jan 2022)

v1.3.1 (04 Oct 2021)

  • Adjust 2 parameters for changes introduced in PyGithub 1.55

v1.3.0 (14 Feb 2021)

  • Migrate to Python 3.8
  • Always test with the latest Kiwi TCMS version
  • Adjustments to the internal test suite now that Kiwi TCMS is available via source
  • Prevent crash if uid field is not a number to make it work with Keycloak

v1.2.4 (14 Feb 2021)

  • Don't cause ISE in case of race conditions between webhooks
  • Fix ISE for existing Version

v1.2.3 (25 Jan 2021)

  • Allow POST request (web hooks) without CSRF token

v1.2.2 (08 Dec 2020)

  • Update for newer PyGithub

v1.2.1 (17 Sep 2020)

  • Require login for views.Resync()

v1.2 (13 Sep 2020)

  • Adjusted to work with Django 3.1 and Kiwi TCMS > 8.6
  • Replace deprecated url() with re_path()
  • Migrate the payload field to newer models.JSONField type
  • Setting PUBLIC_VIEWS is removed in Kiwi TCMS so remove the automatic adjustment
  • Make error messages for missing AppInst more clear
  • Remove redundant if condition in Resync()
  • Update translation strings
  • Update documentation around GitHub permission requirements for 1-click bug report

v1.1 (05 Aug 2020)

  • Add GitHub issue-tracker integration which authenticates as the installed app. Fixes Issue #25
  • Configure BugSystem for new repos. Fixes Issue #15
  • Create Product & BugSystem records when installation_repositores change. Fixes Issue #21
  • Trigger resync from GitHub via menu. Fixes Issue #19
  • Trigger resync from GitHub after AppInstallation is configured. Fixes Issue #20
  • Database: Add AppInstallation.settings_url field
  • Link to the correct URL for GitHub settings. Fixes Issue #33
  • Require user to be logged in for ApplicationEdit. Fixes Issue #36
  • Update translation strings
  • Add more tests

v1.0 (13 Apr 2020)

  • Install settings overrides under tcms_settings_dir/ (compatible with Kiwi TCMS v8.2 or later):
    • does not need MIDDLEWARE and PUBLIC_VIEWS override anymore
  • Remove GithubAppAuth backend, shipped with social-auth-core v3.3.0
  • Fix a redirect to use the correct name of our social_core backend

v0.0.5 (19 Feb 2020)

  • Address GitHub API deprecation not yet fixed in social-auth-core

v0.0.4 (25 Dec 2019)

  • Do not fail if product already exists
  • Do not fail if repository doesn't have description
  • Search UserSocialAuth by uid and provider

v0.0.1 (24 Dec 2019)

  • initial release