GitHub Core App for Organizations¶
This guide describes the concept, setup, and configuration of a GitHub Core App for organization-level automation.
What is a GitHub Core App?¶
Definition
A GitHub Core App is an organization-level GitHub App that provides centralized, secure authentication for GitHub Actions workflows operating across multiple repositories. It serves as the foundational authentication mechanism for org-wide automation.
Why Use a Core App?¶
Traditional Approach (PATs)
- Personal Access Tokens tied to individual user accounts
- Token revoked when user leaves organization
- Difficult to audit actions across repositories
- No granular permission control
- Lower rate limits (5000 requests/hour for authenticated users)
Core App Approach
- Organization-owned identity independent of individuals
- Survives personnel changes
- Complete audit trail of all actions
- Fine-grained, repository-scoped permissions
- Higher rate limits (5000 requests/hour per installation)
- Team-based repository access control
Use Cases¶
A GitHub Core App enables:
- Cross-repository operations - Synchronize files across multiple repositories
- Team-scoped automation - Query and operate on team repositories
- Centralized CI/CD - Single authentication source for all workflows
- Compliance automation - Enforce policies across organization
- Repository management - Create, configure, and manage repositories programmatically
Core App vs. Standard GitHub Apps¶
| Aspect | Core App | Standard App |
|---|---|---|
| Scope | Organization-wide | Single repository or selected repos |
| Purpose | Infrastructure automation | Feature-specific functionality |
| Permissions | Broad, covers common operations | Narrow, task-specific |
| Installation | All repositories | Selective repositories |
| Ownership | Organization-level admin | Project or team |
| Lifespan | Permanent infrastructure | Project lifecycle |
Prerequisites¶
Required Access¶
Required Access
To create a Core App, you need:
- Organization owner role
- Access to organization settings:
https://github.com/organizations/{ORG}/settings/apps
Planning Considerations¶
Planning Considerations
Before creating the app, determine:
- Permission scope - Which repository and organization permissions are needed
- Installation scope - All repositories or specific teams
- Token management - Where secrets will be stored (repository or organization level)
- Naming convention - Standard naming (e.g., "CORE App", "Automation Core")
Guide Sections¶
- Creating the Core App - Step-by-step app creation and configuration
- Storing Credentials - Managing secrets in GitHub
- Permission Patterns - Common permission configurations
- Security Best Practices - Securing your Core App
- Installation Scopes - Choosing the right installation scope
- Common Permissions - Permission requirements by use case
- Troubleshooting - Common issues and solutions
- Maintenance - Ongoing care and key rotation
Next Steps¶
After setting up your Core App:
- GitHub Actions Integration - Learn how to use the app in workflows
- Distribution Workflows - Example use case patterns