Skip to main content
CNAP’s GitHub integration connects your GitHub accounts and organizations to enable secure repository access and automated deployments. The GitHub App integration provides secure, scoped access to your repositories without requiring personal access tokens, and all workspace members can use connected installations for collaboration.

How GitHub Integration Works

When you connect a GitHub account or organization, CNAP requests permission to install the GitHub App. This creates a secure connection that doesn’t require storing personal access tokens. You choose which repositories to make available to your workspace—all repositories, selected repositories, or public repositories only. Once connected, all workspace members can deploy applications from connected repositories, access repository contents for building and deployment, and view repository metadata and commit history.

Key Features

  • Secure authentication - GitHub App provides secure, scoped access without personal tokens
  • Team collaboration - Share GitHub access across all workspace members
  • Multiple sources - Connect both personal and organization accounts in one workspace
  • Automated deployments - Deploy directly from GitHub repositories
  • Granular permissions - Control exactly which repositories are accessible

Personal Accounts and Organizations

You can connect both personal GitHub accounts and GitHub organizations to your workspace:

Personal Accounts

Connect your personal GitHub account to access your individual projects and repositories. This is useful for personal blogs and websites, side project APIs and services, open source contributions, and learning and experimentation.

Organizations

Connect GitHub organizations to enable team collaboration and access to shared repositories. This is useful for agencies connecting multiple client organizations, companies accessing internal tools and applications, open source organization projects, and consulting work managing different client repositories.

Multiple Installations

CNAP supports multiple GitHub App installations within a single workspace, enabling flexible access patterns:
  • Multiple personal accounts - Add different team members’ personal accounts
  • Multiple organizations - Connect various client or company organizations
  • Mixed access - Combine personal and organizational repositories
  • Team collaboration - All workspace members can use all connected installations
Once an installation is added to a workspace, all workspace members can use it. Any workspace member can deploy from those repositories, even if they don’t have direct GitHub access. This is by design for collaboration.

Security and Permissions

The GitHub App integration maintains security through scoped permissions:
  • Repository contents - For building and deployment purposes
  • Repository metadata - Name, description, language, and structure
  • Commit history - For deployment tracking and versioning
  • Branch information - To understand repository structure
  • Private repository contents - Unless explicitly granted access
  • User personal information - Email, profile data, or private details
  • Organization settings - Billing, member management, or admin settings
  • Other applications - Access to other GitHub Apps or integrations
  • Repository access - Only repositories you explicitly grant
  • Read-only by default - Cannot modify your code or settings
  • Temporary tokens - Short-lived access tokens for security
  • Revocable - You can revoke access at any time

Repository Deployment

Once GitHub accounts are connected, you can deploy applications directly from repositories. CNAP automatically detects your application type and build configuration for supported languages and frameworks including Node.js (Express, Next.js, SvelteKit, Remix, Nuxt), Python (Django, FastAPI, Flask), Go (Gin, Echo, Chi), Ruby (Rails, Sinatra), Java (Spring Boot, Quarkus), Rust (Actix, Rocket, Axum), and PHP (Laravel, Symfony). The deployment process handles repository selection, automatic detection of build configuration, building and packaging your application, deployment to your selected clusters, and configuration for pricing and product availability.

Private Container Images

If your GitHub Actions workflow builds and pushes images to GitHub Container Registry (GHCR) as a private repository, you’ll need to configure registry credentials:
  1. Go to Settings → Registries in your workspace
  2. Add GitHub Container Registry credentials with a PAT that has read:packages scope
  3. CNAP will automatically pull your private images through its registry proxy
See Private Container Registries for details on how this works.

Best Practices

  • Start simple - Begin with one GitHub account and expand as needed
  • Principle of least privilege - Grant access only to necessary repositories
  • Regular review - Periodically review connected accounts and permissions
  • Team coordination - Coordinate with team members before adding new installations
  • Access management - Remove access for team members who leave the workspace
Leaving a workspace does not automatically uninstall the GitHub App from your GitHub profile or organization. If you want to remove the GitHub App installation, go to your GitHub settings and uninstall it manually.

Troubleshooting

  • Verify the repository is included in the GitHub App installation
  • Check that the repository is not private (unless explicitly granted access)
  • Ensure the GitHub App has the necessary permissions
  • Try reconnecting the GitHub account
  • Check that your repository has a supported language/framework
  • Verify all dependencies are properly declared
  • Review build logs for specific error messages
  • Consider adding a Dockerfile for custom build requirements
  • Verify you have access to the repository
  • Check that the GitHub App installation is still active
  • Ensure the repository hasn’t been moved or deleted
  • Try refreshing the GitHub connection