Skip to main content

Set up GitHub Enterprise Server

This guide covers connecting a self-hosted GitHub Enterprise Server instance to Glean. For an overview of what the connector indexes and how multiple instances work, see the GitHub Enterprise Server overview.

Network reachability

These instructions work only for on-prem instances the Glean crawler can access. Your GitHub Enterprise Server instance must be network-accessible to the Glean crawler running in your cloud. Contact Glean Support for any network configuration required.

Before you begin

  • You must be a GitHub organization owner to create the GitHub App. If you are not, ask an organization owner to create it on your behalf.
  • Confirm your GitHub Enterprise Server instance is reachable from the Glean crawler.
  • Have the Glean Admin console open so you can copy the generated webhook URL and secret into the GitHub App, and copy the App credentials and admin token back into Glean.

Required admin token scopes

Setup requires a classic personal access token, created by an admin, with no expiration and the following scopes:

ScopePurpose
user:emailRead user email addresses for identity
read:enterpriseRead enterprise-level data
read:orgRead organization-level data

Connect to GitHub Enterprise Server

The instructions below will work only for on-prem instances that the Glean Crawler running on GCP can access. Please reach out to Glean Support for any network configuration required.

Step 1. Create a GitHub App

warning

This step must be performed by a GitHub organization owner. If you aren't an organization owner, contact one to create the GitHub App on your behalf.

This app will be used by Glean to crawl your GitHub instance.

  1. Go to your GitHub Enterprise Server instance.
  2. Click on any one of your organizations.
  3. Click settings.
  4. Click GitHub Apps.
  5. Click New GitHub App.
  6. Fill the following fields:
    1. Name: Glean
    2. Homepage URL: https://app.glean.com
    3. Identifying and authorizing users
      • User authorization callback URL: Copy the generated URL from the setup page
      • Request user authorization: unchecked
    4. Post installation
      • Leave blank
    5. Webhook
      • Webhook Active: checked
      • Webhook URL: Copy the generated URL from the setup page
      • Webhook secret: sk_test_123456789 %1%
        • Copy the webhook secret into the corresponding field in Glean
        • Copy the webhook secret into the corresponding field in the GitHub App
    6. Repository permissions
      1. Set only the following to read-only:
        • Repository permissions
          • Administration
          • Contents
          • Commit statuses
          • Issues
          • Metadata
          • Pull requests
          • Pages
        • Organization permissions
          • Members
        • User permissions (or Account Permissions)
          • Email addresses
    7. Subscribe to events
      • Check only the following:
        • Commit comment
        • Issues
        • Issue comment
        • Member
        • Organization
        • Pull request
        • Pull request review
        • Pull request review comment
        • Push
        • Repository
        • Team
        • Team add
    8. Where can this App be installed: Any account

Step 2. Configure the GitHub App

Copy the following values into the corresponding fields in Glean:

  • App ID
  • Client ID
  • Client Secret At the very bottom of the page, click "Generate a private key" It will download the key to your local machine. Upload this file into the corresponding field in Glean.

Step 3. Install the GitHub App

Click on Install App from the menu on the left. Click Install for all organizations you want to connect.

Step 4. Create an admin token

  1. Go to your GitHub Enterprise Server instance.
  2. Click on the User Profile dropdown on the top right.
  3. Click on User settings.
  4. Click on Developer settings.
  5. Click on Personal access tokens.
  6. Click on Tokens (classic)
  7. Generate a new classic token with no expiration with the following permissions:
    • user:email
    • read:enterprise
    • read:org
  8. Copy the token into the Admin Personal Access Token field in Glean.

Step 5. Configure additional configs on Admin Console

Enter the following configs in Glean:

  1. Git Domain

After setup

  • Exclusion (redlisting) of repositories is supported, along with control over which file extensions have full content indexed.
  • Per-user OAuth maps each user's GitHub alias to their email so Glean can resolve their identity. Until a user completes it, no GitHub content (public or private) appears in their search results. Once complete, the next identity crawl syncs their aliases.

For any questions or issues with setup, file a support ticket at https://support.glean.com/hc/en-us.