GitHub
OAuth/PAT, webhook, and workflow nodes.
The GitHub integration enables workflows to interact with repositories: create and manage branches, open pull requests, read and modify files, post comments, and trigger workflows based on repository events.
What you can do
- Branch operations: create, list, delete
- Pull request management: create, merge, close, add reviewers, change title/description
- File operations: read, create, modify, delete with full blob/tree access
- Code review: create/update reviews, request reviewers
- Checks and CI: create check runs, set commit status
- Webhooks: receive push, pull_request, pull_request_review, check_run, and status events
- Agent actions: agents can commit code, create PRs, and respond to CI failures
Connect GitHub
Authorize Rensei via OAuth (recommended)
- In Rensei, go to Settings → Integrations and select the GitHub card
- Click Connect
- You are redirected to GitHub's OAuth authorization flow
- Select the organization (or personal account) to authorize
- Click Authorize
The platform stores the OAuth token encrypted. OAuth is preferred over a PAT for team setups because access inherits the authorizing user's GitHub permissions.
Alternative: use a Personal Access Token
If OAuth is unavailable:
- In Rensei, go to Settings → Integrations → GitHub
- Click Use Personal Access Token
- Go to github.com/settings/tokens → Generate new token (classic)
- Required scopes:
repo- read/write access to repositories (public and private)workflow- write access to GitHub Actions workflow filesread:org- read organization membership
- Copy the token and paste it into Rensei
- Click Connect
Configure webhooks on your repositories
Unlike Linear and Vercel, GitHub webhooks must be configured manually per repository.
After connecting, Rensei shows a Webhook URL and Webhook Secret in the integration settings. For each repository you want to trigger workflows from:
- Go to the repository on GitHub → Settings → Webhooks → Add webhook
- Fill in:
- Payload URL: the URL from Rensei integration settings
- Content type:
application/json - Secret: the secret from Rensei integration settings
- Under Which events would you like to trigger this webhook? choose Let me select individual events and check:
Push- code pushed to any branchPull requests- PR opened, synchronized, closed, mergedPull request reviews- reviews postedCheck runs- CI check resultsStatuses- commit status updatesWorkflow runs- GitHub Actions run completions (for GitHub Actions integration)
- Ensure Active is checked
- Click Add webhook
Repeat for every repository you want to use as a workflow trigger source.
Credential summary
| Method | Required scopes |
|---|---|
| OAuth | Inherits from GitHub OAuth app; covers repo, workflow, read:org |
| PAT (Classic) | repo, workflow, read:org |
| Webhook endpoint | POST /api/webhooks/ingest/github - HMAC-SHA256 on x-hub-signature-256 |
Event filtering
GitHub webhooks send a payload for every selected event type. Rensei workflows filter by:
- Branch name (e.g.,
main,develop) - Event action (e.g.,
opened,synchronize,closed) - Commit author or PR author
- Custom conditions using workflow expressions
Refer to workflow triggers for details.
Workflow nodes
All GitHub workflow nodes live in the GitHub section of the node palette. Available only when the GitHub integration is connected.
Triggers
| Node | Payload |
|---|---|
trigger.github.push | Branch, commits, author, repository URL |
trigger.github.pull_request | PR #, title, description, head/base branches, author, changed files |
trigger.github.pull_request_review | Review body, state (approved/changes_requested), reviewer |
trigger.github.check_run | Check name, status, conclusion, output text |
Branch operations
| Node | Description |
|---|---|
github.branch.create | Create a new branch from a ref (commit SHA or branch name) |
github.branch.get | Get branch metadata (protected status, commit SHA) |
github.branch.list | List all branches in a repository |
github.branch.delete | Delete a branch |
Example: Create a branch for a feature request
- id: create_branch
type: github.branch.create
inputs:
repo: "owner/repo"
branchName: "feature/{{ $trigger.github.pull_request.title }}"
fromRef: "main" # or a commit SHAPull request operations
| Node | Description |
|---|---|
github.pr.create | Create a pull request from one branch to another |
github.pr.get | Get PR details (title, description, state, reviewers) |
github.pr.update | Update title, description, or base branch |
github.pr.merge | Merge a PR (squash, rebase, or merge commit) |
github.pr.close | Close a PR without merging |
github.pr.request_review | Request reviewers on a PR |
github.pr.request_review_removal | Remove a review request |
github.pr.list_reviews | List reviews and review comments |
Example: Create a PR with an automated message
- id: create_pr
type: github.pr.create
inputs:
repo: "owner/repo"
title: "Fix: {{ $trigger.github.issue.title }}"
body: |
Automated fix for {{ $trigger.github.issue.url }}
Changes:
- Updated code
- Added tests
head: "feature/fix-{{ $trigger.id }}"
base: "main"
draft: false
maintainer_can_modify: trueFile operations
| Node | Description |
|---|---|
github.file.read | Read a file's contents (supports binary with base64 encoding) |
github.file.create | Create a file in a repository (with commit message) |
github.file.update | Update an existing file with new contents |
github.file.delete | Delete a file |
github.file.list | List files in a directory |
Example: Read a configuration file
- id: read_config
type: github.file.read
inputs:
repo: "owner/repo"
path: "config.json"
ref: "main" # optional; defaults to default branchExample: Create a file with generated content
- id: create_file
type: github.file.create
inputs:
repo: "owner/repo"
path: "src/generated.ts"
contents: "{{ $steps.agent.output }}"
branch: "feature/generated"
message: "Generated by Rensei agent"
committer:
name: "Rensei"
email: "rensei@rensei.ai"Code reviews
| Node | Description |
|---|---|
github.review.create | Post a code review (approve, request changes, or comment) |
github.review.update | Update a review's state or body |
github.review.list_comments | Fetch review comments on a specific PR |
Example: Approve a PR after checks pass
- id: approve
type: github.review.create
inputs:
repo: "owner/repo"
pr_number: "{{ $trigger.github.pull_request.number }}"
event: "APPROVE" # APPROVE | REQUEST_CHANGES | COMMENT
body: "Approved by Rensei checks"Commit status and checks
| Node | Description |
|---|---|
github.status.create | Set a commit status (pending, success, failure, error) |
github.check_run.create | Create a check run with a conclusion and output |
github.check_run.update | Update a check run's conclusion or output |
Example: Create a check run after a test suite
- id: check_run
type: github.check_run.create
inputs:
repo: "owner/repo"
head_sha: "{{ $trigger.github.push.commits[0].id }}"
name: "Rensei Tests"
status: "completed" # or 'in_progress'
conclusion: "{{ $steps.tests.status == 'pass' ? 'success' : 'failure' }}"
output:
title: "Test Results"
summary: |
{{ $steps.tests.passed }}/{{ $steps.tests.total }} tests passed
text: "{{ $steps.tests.log }}"Repository metadata
| Node | Description |
|---|---|
github.repo.get | Get repository metadata (stars, language, topics, etc.) |
github.repo.update | Update repository settings (description, topics, default branch) |
Authentication and scope
The GitHub integration requires the following scopes:
repo- read/write access to public and private repositoriesworkflow- write access to GitHub Actions workflowsread:org- read-only access to organization metadata
If you use a Personal Access Token, create it with classic (not fine-grained) permissions to ensure all required scopes are granted.
Cost and rate limits
GitHub's REST API has rate limits:
- Authenticated requests: 5,000 requests/hour
- Workflow engines (agents) operating at scale may hit this limit if many work items dispatch in parallel
Recommendation: If you're running high-volume agent workflows, consider:
- Caching frequently-accessed data (e.g., branch lists) in workflow steps
- Batching multiple file operations into a single API call when possible
- Using GitHub's GraphQL API (advanced; not yet exposed as a workflow node)
Cost is zero - GitHub includes API calls in your personal or organization plan.
Troubleshooting
"Authentication failed"
- Verify your GitHub token or OAuth grant is still valid
- Re-authorize in Settings → Integrations
- Check that the token has the required scopes
"Webhook delivery failed"
- Ensure the webhook URL is publicly accessible
- Check GitHub's webhook delivery logs (Settings → Webhooks → Recent Deliveries)
- Verify the webhook secret matches what Rensei provided
- Check Rensei's audit logs for inbound webhook errors
"API rate limit exceeded"
- Wait 1 hour for your rate limit to reset
- Use GraphQL (batching) for bulk operations (advanced)
- Consider caching results in workflow steps to reduce API calls
Next steps
- Workflow triggers - Configure when workflows run
- Expressions - Use GitHub trigger data in downstream steps
- Workflow testing - Test GitHub integrations locally
- Agent sessions - Watch agents interact with GitHub in real time