Skip to main content

Set up GitHub Cloud

This guide covers connecting GitHub Cloud (GitHub.com, including GitHub Enterprise Cloud) to Glean. For self-hosted deployments, see GitHub Enterprise Server or GitHub Server instead.

Disclaimer

The instructions below are updated periodically. For the latest steps, refer to the Glean Admin console.

Required access

The GitHub connector requires specific permissions to function correctly:

  • Organization admin to install the GitHub App and set up the connector.
  • Admin read-only access for the ongoing running and operation of the GitHub App.
  • Individual user authorization (per-user OAuth) for private repositories.

Organization admins cannot change the App's permission scopes. They are fixed and read-only. See API endpoints and permissions for the full list.

Install the Glean GitHub App

  1. Go to https://github.com/apps/glean-github-app, or in Glean go to Admin console → Connectors → GitHub and select Install the Glean GitHub App.
  2. Select Install or Configure.
  3. Select the organization where the App should be installed.
  4. Select All repositories, then select Install & Authorize. The Glean GitHub App is always installed against all repositories in the organization; the installation cannot be scoped to a subset. Use crawling restrictions to control which repositories are indexed.

Set up the connector in Glean

  1. Enter the connector name in the Name text box.
  2. Choose an icon for the connector.
  3. Enter your GitHub organization name in the GitHub organization name text box.
  4. Select Save.

Enable per-user OAuth for private repositories

The GitHub App crawls content, but it does not expose user emails to the connector. Each user must authorize Glean once so their GitHub identity can be matched to their Glean identity. Until they do, they cannot see private repositories they have access to.

Each user authorizes from Glean → Settings → Connectors → GitHub by selecting Authorize. After a user authorizes, Glean picks up the change on the next identity crawl and syncs the private repositories and aliases they have access to.

Once setup is complete, you can limit which repositories Glean crawls or review the API endpoints and permissions the connector uses.