Skip to main content

GitHub

Integrate GitHub with Torq to manage issues and repositories.

Updated over a month ago

GitHub is a software development service for hosting and version control.

Torq enables quick and easy integration with GitHub, so you can automate anything and everything within moments. Torq's public GitHub steps include:

  • Get Issue

  • Get File

  • Run GraphQL query

  • List Repositories

  • +30 more...

If you don't see a step you need, you can create your own in various ways, such as using the Send an HTTP Request step or Torq’s Step Builder, and share it across your organization.

You can integrate GitHub with Torq using either a personal access token or an installation access token (JWT).

Prerequisites

Before you begin:

  • Ensure you have access to a GitHub account that is associated with an organization that has at least the App Manager role.

  • Ensure you have access to a Torq account with at least the Contributor role.

Use GitHub to trigger workflows in Torq

Create a GitHub trigger integration in Torq

  1. Add the integration: Go to Build > Integrations > Triggers > GitHub and click Add Instance.

  2. Name the integration: Give the integration a unique and meaningful name.

  3. (Optional) Add an authentication header: Click Add.

    1. Enter a name.

    2. Click Generate Random Secret or enter your own.

    3. Click Copy Secret to save it for later.

  4. Finalize: Click Add and Copy the generated endpoint. You will need the URL for the webhook.

Create a GitHub App

  1. Open Github: Navigate to Settings > Developer settings.

  2. Create a GitHub App: Click New GitHub App, enter your password, and then click Confirm to confirm access to your account.

  3. Register the GitHub App:

    1. Name: Enter a meaningful name.

    2. Homepage URL: Enter https://app.torq.io/.

    3. Webhook URL: Paste the Torq endpoint you generated earlier.

  4. Finalize: Click Create GitHub App.

Use GitHub steps Torq workflow with personal access tokens

Generate a GitHub API key

  1. Open Github: Navigate to Settings > Developer settings > GitHub Apps and select the app you created earlier.

  2. Create a secret: Select the General tab and click Generate a new client secret in the Client secrets section.

  3. Finalize: Copy the client secret to save it for later.

Create a GitHub steps integration in Torq

  1. Navigate to the integration: Go to Build > Integrations > Steps > GitHub and click Add Instance.

  2. Configure the integration:

    1. Give the integration a unique and meaningful name.

    2. Paste the GitHub secret that you copied earlier.

  3. Finalize: Click Add.


Use GitHub steps in Torq workflows with installation access tokens

Create a GitHub App

  1. Open Github: Navigate to Settings > Developer settings.

  2. Create a GitHub App: Click New GitHub App, enter your password, and then click Confirm to confirm access to your account.

  3. Register the GitHub App:

    1. Enter a meaningful name.

    2. For Homepage URL, enter https://app.torq.io/.

    3. For Callback URL, enter https://redir.torq.io/integrations/oauth_2.

    4. Enable Expire user authorization tokens.

    5. Enable Request user authorization (OAuth) during installation.

    6. Disable the webhook.

    7. For Permissions, select the relevant permissions required for the Torq workflows’ interactions with the GitHub account.

    8. Select Only on this account to restrict the App's installation to this account.

  4. Finalize: Click Create GitHub App.

Install the GitHub App

  1. Copy the client ID: Select the GitHub App's General tab and copy the client ID to save it for later. You will need it to set up custom secrets in Torq.

  2. Create a private key: Click Generate a private key in the Private keys section.

  3. Copy the key: Copy the key to save it for later. You will need it to set up custom secrets in Torq.

  4. Copy the installation ID: Navigate to Settings > Applications, select the Installed GitHub Apps tab, and click Configure next to the installed App to copy the installation ID.

  5. Transfer ownership: Select the Advanced tab and click Transfer ownership.

    1. Enter the GitHub App's name.

    2. Enter the name of the organization to which you want to transfer the App.

    3. Click Transfer this GitHub App.

  6. Install and authorize the App: Select the Install tab and click Install.

    1. Select All repositories.

    2. Click Install & Authorize.

Create custom secrets in Torq

Store application tokens as custom secrets so you can easily access them via the workflow context and use them to verify GitHub steps.

  1. Navigate to the integration: In Torq, go to Build > Integrations > Custom Secrets and click Add Instance.

  2. Add the client ID:

    1. Enter a meaningful name for the client ID, such as github_app_client_id.

    2. Paste the client ID you copied earlier.

    3. Click Add.

  3. Add the installation ID:

    1. Enter a meaningful name for the installation ID, such as github_app_installation_id.

    2. Paste the installation ID you generated and copied earlier.

    3. Click Add.

  4. Add the private key:

    1. Enter a meaningful name for the installation ID, such as github_signing_key.

    2. Paste the private key you generated and copied earlier.

    3. Click Add.

Once the IDs are saved as custom secrets, you can access them in workflows by entering $.secrets and selecting them from the context.

Create a GitHub application access token in Torq

  1. Open the workflow: Navigate to Build > Workflows and open the relevant workflow.

  2. Create a JWT: Add the Create GitHub JWT step and configure its parameters.

    1. For the client ID, use the workflow context to select the client ID custom secret.

    2. For the private key, use the workflow context to select the private key custom secret.

  3. Create the app access token: Add the Get Application Access Token step and configure its parameters.

    1. For the API URL, enter https://api.github.com.

    2. For Installation, use the workflow context to select the installation ID custom secret.

    3. For the JWT, use the workflow context to select the output of the Create GitHub JWT step.

  4. (Optional) Test the integration: Add the List User Repositories step, click the More Options menu next to the Integration parameter, and click Set values separately.

    1. Use the workflow context to select the token you generated with the Get Application Access Token step.

    2. Run the step. If the integration was set up correctly, you will get a list of all the repositories the GitHub App can access.

Templates

Now that you've added your integrations, check out these specially crafted templates by Torq's security experts. Visit Torq's template library for more.

Related Articles
BlackBerry Cylance
Azure
Wiz
Workflow Template: Synchronize Torq Case Runbooks from a GitHub Repository
Google SecOps Response
Did this answer your question?