From f15e02572dd2a44a2c11a0658ce0b425d1d0f525 Mon Sep 17 00:00:00 2001
From: Trevor Elkins <trevor@emergetools.com>
Date: Thu, 28 Aug 2025 10:44:08 -0400
Subject: [PATCH 1/2] fix(github): update to latest dev practices and add new
 permissions

---
 develop-docs/integrations/github.mdx | 72 +++++++++++++++++-----------
 1 file changed, 44 insertions(+), 28 deletions(-)

diff --git a/develop-docs/integrations/github.mdx b/develop-docs/integrations/github.mdx
index 314cb494ca424..7161c0bea9717 100644
--- a/develop-docs/integrations/github.mdx
+++ b/develop-docs/integrations/github.mdx
@@ -3,28 +3,40 @@ title: GitHub Integration
 sidebar_title: GitHub
 ---
 
+## Configure ngrok
+
+`ngrok` allows your local developer environment to be reachable by Github callbacks and webhooks and is needed for the `${url-prefix}` later on in this setup.
+
+Follow the steps in the [ngrok documentation](/development-infrastructure/ngrok/) to get started.
+
 ## Create a GitHub App
 
 To configure the GitHub integration you'll need to create a GitHub app and obtain credentials. Installation will fail if your GitHub App's name contains spaces.
 
+For local development make sure to use your ngrok URL as the prefix.
+
 <Alert level="warning">
   The GitHub App name and GitHub Org Slug must not contain any spaces.
 </Alert>
 
-<CreateGitHubAppForm url="https://github.com/organizations/:org/settings/apps/new?name=:org-Sentry-Integration&public=false&members=read&emails=read&administration=read&contents=read&issues=write&pull_requests=write&repository_hooks=write&url=:url-prefix&callback_url=:url-prefix%2Fauth%2Fsso%2F&setup_url=:url-prefix%2Fextensions%2Fgithub%2Fsetup%2F&webhook_url=:url-prefix%2Fextensions%2Fgithub%2Fwebhook%2F&events[]=push&events[]=pull_request&webhook_active=true" defaultOrg="your-organization" defaultUrlPrefix="https://your-sentry-url-prefix.com" />
+<CreateGitHubAppForm
+  url="https://github.com/organizations/:org/settings/apps/new?name=:org-Sentry-Integration&public=false&members=read&emails=read&administration=read&contents=read&issues=write&pull_requests=write&repository_hooks=write&url=:url-prefix&callback_url=:url-prefix%2Fauth%2Fsso%2F&setup_url=:url-prefix%2Fextensions%2Fgithub%2Fsetup%2F&webhook_url=:url-prefix%2Fextensions%2Fgithub%2Fwebhook%2F&events[]=push&events[]=pull_request&webhook_active=true"
+  defaultOrg="your-organization"
+  defaultUrlPrefix="https://your-sentry-url-prefix.com"
+/>
 
 Start by following GitHub's [official guide on creating a GitHub App](https://developer.github.com/apps/building-github-apps/creating-a-github-app/).
 
 If the form above does not work for you, you need the following settings for your GitHub Application.
 You'll need to come up with your own webhook secret:
 
-| Setting                         | Value                                                                   |
-| ------------------------------- | ----------------------------------------------------------------------- |
-| Homepage URL                    | `${url-prefix}`                                                         |
-| Callback URLs                   | `${url-prefix}/auth/sso/` and  `${url-prefix}/extensions/github/setup/` |
-| Setup URL (optional)            | `${url-prefix}/extensions/github/setup/`                                |
-| Webhook URL                     | `${url-prefix}/extensions/github/webhook/`                              |
-| Webhook secret                  | "my-super-secret-example-secret"                                        |
+| Setting              | Value                                                                  |
+| -------------------- | ---------------------------------------------------------------------- |
+| Homepage URL         | `${url-prefix}`                                                        |
+| Callback URLs        | `${url-prefix}/auth/sso/` and `${url-prefix}/extensions/github/setup/` |
+| Setup URL (optional) | `${url-prefix}/extensions/github/setup/`                               |
+| Webhook URL          | `${url-prefix}/extensions/github/webhook/`                             |
+| Webhook secret       | "my-super-secret-example-secret"                                       |
 
 When prompted for permissions, choose the following:
 
@@ -34,48 +46,52 @@ When prompted for permissions, choose the following:
 | Repository / Contents                            | Read-only    |
 | Organization permissions / members (optional)    | Read-only    |
 | Account permissions / Email addresses (optional) | Read-only    |
+| Repository / Checks                              | Read & write |
+| Repository / Commit Statuses                     | Read & write |
 | Repository / Issues                              | Read & write |
 | Repository / Pull requests                       | Read & write |
 | Repository / Webhooks                            | Read & write |
 
 When prompted to subscribe to events, choose the following:
 
- - Pull Request
- - Push
+- Pull Request
+- Push
 
 <Alert title="Trick">
-  Enabling optional permissions will also enable the <Link to="/self-hosted/sso/#github-auth">GitHub SSO</Link> for your instance.
+  Enabling optional permissions will also enable the{" "}
+  <Link to="/self-hosted/sso/#github-auth">GitHub SSO</Link> for your instance.
 </Alert>
 
-You'll be given various credentials, configure them in `config.yml`:
+You'll be given various credentials, configure them in `~/.sentry/sentry.conf.py`:
 
-```yml
+```python
 # App ID
-github-app.id: GITHUB_APP_ID
+SENTRY_OPTIONS["github-app.id"] = "GITHUB_APP_ID"
 # App Name
-github-app.name: "GITHUB_APP_NAME"
+SENTRY_OPTIONS["github-app.name"] = "GITHUB_APP_NAME"
 # Client ID
-github-app.client-id: "GITHUB_CLIENT_ID"
+SENTRY_OPTIONS["github-app.client-id"] = "GITHUB_CLIENT_ID"
 # Client Secret
-github-app.client-secret: "GITHUB_CLIENT_SECRET"
+SENTRY_OPTIONS["github-app.client-secret"] = "GITHUB_CLIENT_SECRET"
 # Webhook Secret
-github-app.webhook-secret: "my-super-secret-example-secret"
+SENTRY_OPTIONS["github-app.webhook-secret"] = "my-super-secret-example-secret"
 ```
 
 <Alert title="Invalid Application Name">
-  If you're receiving invalid application or application not found error, it's suggested to change the `github-app.name` to the correct application slug.
+  If you're receiving invalid application or application not found error, it's
+  suggested to change the `github-app.name` to the correct application slug.
   This can occur if the application includes non-alphanumeric characters.
 </Alert>
 
 Last, generate and download the private key, and add it to your configuration for your app:
 
-```yml
-github-app.private-key: |
-  -----BEGIN RSA PRIVATE KEY-----
-  privatekeyprivatekeyprivatekeyprivatekey
-  privatekeyprivatekeyprivatekeyprivatekey
-  privatekeyprivatekeyprivatekeyprivatekey
-  privatekeyprivatekeyprivatekeyprivatekey
-  privatekeyprivatekeyprivatekeyprivatekey
-  -----END RSA PRIVATE KEY-----
+```python
+SENTRY_OPTIONS["github-app.private-key"] = """-----BEGIN RSA PRIVATE KEY-----
+privatekeyprivatekeyprivatekeyprivatekey
+privatekeyprivatekeyprivatekeyprivatekey
+privatekeyprivatekeyprivatekeyprivatekey
+privatekeyprivatekeyprivatekeyprivatekey
+privatekeyprivatekeyprivatekeyprivatekey
+-----END RSA PRIVATE KEY-----
+"""
 ```

From 2287519c6616c30e466e7399778733b284ba3445 Mon Sep 17 00:00:00 2001
From: Trevor Elkins <trevor@emergetools.com>
Date: Thu, 28 Aug 2025 11:05:55 -0400
Subject: [PATCH 2/2] revert config changes

---
 develop-docs/integrations/github.mdx | 32 ++++++++++++++--------------
 1 file changed, 16 insertions(+), 16 deletions(-)

diff --git a/develop-docs/integrations/github.mdx b/develop-docs/integrations/github.mdx
index 7161c0bea9717..e2138d4dc54b4 100644
--- a/develop-docs/integrations/github.mdx
+++ b/develop-docs/integrations/github.mdx
@@ -62,19 +62,19 @@ When prompted to subscribe to events, choose the following:
   <Link to="/self-hosted/sso/#github-auth">GitHub SSO</Link> for your instance.
 </Alert>
 
-You'll be given various credentials, configure them in `~/.sentry/sentry.conf.py`:
+You'll be given various credentials, configure them in `config.yml`:
 
-```python
+```yml
 # App ID
-SENTRY_OPTIONS["github-app.id"] = "GITHUB_APP_ID"
+github-app.id: GITHUB_APP_ID
 # App Name
-SENTRY_OPTIONS["github-app.name"] = "GITHUB_APP_NAME"
+github-app.name: "GITHUB_APP_NAME"
 # Client ID
-SENTRY_OPTIONS["github-app.client-id"] = "GITHUB_CLIENT_ID"
+github-app.client-id: "GITHUB_CLIENT_ID"
 # Client Secret
-SENTRY_OPTIONS["github-app.client-secret"] = "GITHUB_CLIENT_SECRET"
+github-app.client-secret: "GITHUB_CLIENT_SECRET"
 # Webhook Secret
-SENTRY_OPTIONS["github-app.webhook-secret"] = "my-super-secret-example-secret"
+github-app.webhook-secret: "my-super-secret-example-secret"
 ```
 
 <Alert title="Invalid Application Name">
@@ -85,13 +85,13 @@ SENTRY_OPTIONS["github-app.webhook-secret"] = "my-super-secret-example-secret"
 
 Last, generate and download the private key, and add it to your configuration for your app:
 
-```python
-SENTRY_OPTIONS["github-app.private-key"] = """-----BEGIN RSA PRIVATE KEY-----
-privatekeyprivatekeyprivatekeyprivatekey
-privatekeyprivatekeyprivatekeyprivatekey
-privatekeyprivatekeyprivatekeyprivatekey
-privatekeyprivatekeyprivatekeyprivatekey
-privatekeyprivatekeyprivatekeyprivatekey
------END RSA PRIVATE KEY-----
-"""
+```yml
+github-app.private-key: |
+  -----BEGIN RSA PRIVATE KEY-----
+  privatekeyprivatekeyprivatekeyprivatekey
+  privatekeyprivatekeyprivatekeyprivatekey
+  privatekeyprivatekeyprivatekeyprivatekey
+  privatekeyprivatekeyprivatekeyprivatekey
+  privatekeyprivatekeyprivatekeyprivatekey
+  -----END RSA PRIVATE KEY-----
 ```