►
From YouTube: Demo Days - Creating a GitHub app
Description
Steve Winton, Partner Engineer, explains why someone might want to build a GitHub app, then builds one from scratch. Create 3rd party integrations to GitHub via the API and allow them to act autonomously on protected resources. Using the example of OAuth, walk through GitHub Enterprise Server and learn how to build then manage administration, monitoring and installations.
Once you've built your app, consider partnering with GitHub: https://partner.github.com/technology-partners
A
Hey
folks
and
welcome
to
this
week's
installment
of
github
demo
day,
let
me
just
share
my
screen
here
and
we'll
get
going
so
my
name
is
steve
and
I
am
glad
to
be
presenting
with
two
out
to
you
all
today
and
I'm
glad
everyone
could
make
it.
I
hope
everyone
is
is
doing
great,
so
I'm
joined
here
as
well
by
my
colleague
and
friend
john.
If
john
you
were
there
and
you
want
to
jump
on
and
just
say
hello,
quick.
A
B
A
Cool
cool
cool,
so
yeah,
it's
demo
days
again
everybody
and
we
are
excited
to
be
here
and
today
we
will
be
talking
to
you
all
about
creating
a
github
app
and
it's
going
to
be
awesome.
I
do
want
to
give
a
quick
warning.
A
Unexpectedly,
I
have
some
workers
outside
my
office,
like
literally
the
other
side
of
this
door,
and
they
occasionally
like
to
hit
a
hammer
or
like
turn
a
drill
on,
so
I
do
apologize
in
advance
if
any
of
that
noise
comes
through
and
we'll
do
our
best
to
kind
of
mitigate,
I
didn't
ask
them
to
be
quiet,
but
they've
got
jobs
to
do
as
well.
So
we'll
see
how
we
go
here.
So
please
bear
with
me
and,
as
I
said,
my
name
is
steve
winton.
A
A
So
we've
got
quite
a
bit
of
content
to
get
through
today
and
actually
I'm
reading
straight
from
this
gist,
which
is
public.
You
can
hit
it
at
this
url
if
you
want
to
get
a
sneak
peek,
but
maybe
you
don't
want
to
spoil
the
surprise.
I
don't
know
so
yeah.
This
is
the
stuff
that
we've
got
in
store
for
you
today,
a
little
bit
of
an
intro.
I
wanna
I
wanna
I'd
love
to
talk
about
github
apps
kind
of
what
they
are.
A
What
the
motivation
is
behind
kind
of
their
design
where
they
came
from
what
you
can
do
with
them
and
then
we'll
actually
build
a
github
app
or
you
know,
I'm
gonna
try
and
build
it.
I'm
gonna
be
writing
it
and
go
laying
for
fun
and
go
laying
isn't
necessarily
my
favorite
programming
language,
I'm
learning
to
love
it,
but
let's,
let's
see
how
we
go
there,
it's
going
to
be
a
little
bit
of
an
experiment
and
yeah.
If
there's
any,
I
imagine
we'll
be
done
in
maybe
a
little
bit
under
an
hour.
A
If
there's
any
time
remaining,
then
I'm
certainly
happy
to
go.
Get
my
bass
over
there.
I
can
like
pull
it
down
and
I
can
play
a
major
scale
or
something
for
you
all,
and
I
know
john
you've
got
a
keyboard.
I
think
so
we
can
knock
out
a
tune
perhaps
or
we
could
just
adjourn
early
honestly,
I'm
open
to
whatever
we
want
to
do,
and
so,
let's,
let's
dive
in,
let's
do
our
quick
intro
here
so
github
apps.
What
are
they?
Why
do
they
exist?
A
So
we'll
dive
into
this
in
a
little
bit
more
detail,
but
essentially
github
apps
are
the
the
modern
way
for
third
parties
for
integrators
or
and
really
any
user
of
github
to
kind
of
integrate
with
github
via
the
api.
A
You
might
think
of
github
apps
as
a
bot
that
you
grant
access
to
different
objects
within
your
github
repos
and
allow
those
bots
to
like
get
to
work
and
automate
things
for
you
or
check
things
for
you
or
kind
of
greet
your
users
or
all
kinds
of
wonderful
and
fancy
things.
Essentially,
we
like
to
say
that
you
can
kind
of
codify
your
workflow
with
these
bots
or
github
apps,
and
a
fun
fact
is
that
github
itself
is
is
also
built
with
github
apps.
A
So
what
I
mean
by
that
is
that
there
are
several
products
that
github
is
comprised
of
and
those
products
also
kind
of
leverage,
github
apps,
so
we'll
we'll,
hopefully
it'll
kind
of
make
a
bit
more
sense
by
the
end
of
the
next
hour.
A
So,
let's
jump
in
and
I
find
it
helpful
to
first
of
all
think
of
github
apps
in
the
context
of
oauth
and
in
the
beginning
you
know
that
there
was
oauth,
but
you
know
actually,
I
think,
prior
to
oawf.
What
we
had
was
what
was
known.
A
You
know
nothing
bad
happened.
I
trusted
that
spotify
would
would
guard
it
well,
but
it
kind
of
became
known
then
in
the
industry
is
like
the
password
anti-pattern
and
o
auth
was
kind
of
the
the
response
to
that
this.
A
This
design
designed
flow
where,
like
a
resource
owners
like
a
user,
could
grant
access
to
a
third
party
to
the
stuff
that
they
own
on
on
white
github
and
they
could
kind
of
attach
kind
of
scopes
and
give
different
access
controls
to
that
third
party
without
having
to
give
out
like
the
their
password
at
all.
A
So
you
know,
oauth
has
been
pretty
pretty
successful
in
in
solving
that,
and
github
itself
supports
version
two
of
the
oauth
protocol
and
it's
great
for
for
many
little
things,
so
I'm
actually
going
to
do
a
little
bit
of
a
demo
here
of
of
oauth
and
I'm
going
to
cheat
a
little
bit,
though,
because
interesting
interest
of
time.
So
we're
going
to
be
using
this
this
repo
over
here,
which
is,
is
private
and
it's
also
running
on
github
enterprise.github.com.
A
A
In
case
you're
not
aware,
github
enterprise
server
is
like
the
self-hosted
version
of
github.com,
so
you
can
download
a
virtual
appliance
and
you
can
host
github
in
your
own
private
cloud
if
you
want
to
so
that's
what
I'm
doing
here
and
I
am
going
to
do
a
little
oath
demo,
so
fish
ish,
we're
gonna.
Do
that
a
lightweight
one.
So
first
thing
I'm
going
to
do
to
show
this
off.
A
I
know
look
at
that.
Github
apps,
but
we'll
come
back
to
that
later.
I'm
going
to
come
down
to
personal
access
token,
so
I
could
create
an
author,
but
I'm
just
going
to
create
a
personal
access
token,
which
are
kind
of
similar
to
the
to
the
oauth
app.
In
terms
of
the
token
that
you
get
you
just
don't
have
to
do
like
the
oauth
dance
to
get
one.
So
the
third
party
in
this
instance
is
kind
of
myself,
which
is
a
little,
maybe
a
little
bit
strange.
A
A
I'm
just
going
to
have
it
kind
of
authenticate
as
as
me,
but
it
won't
be
able
to
actually
do
anything
which
is
fine,
that's
perfectly
valid
and
also,
if
anyone
watching
steals
my
token,
then
they
can't
do
anything
because
I'm
about
to
show
you
what
my
token
is
so
here's
my
token
I'm
going
to
copy
that,
hopefully
that
works
and
then
I'm
going
to
jump
over
to
my
terminal,
which
is
over
here.
I'm
john.
Let
me
know
if
this
is
a
little
bit
too
too
tiny.
A
If
you
don't
mind,
hopefully
you
can
see
this
all
right,
so
I
copied
my
token
here.
I'm
gonna
just
use
it
in
a
request
against
the
github
api,
so
my
let's,
first
of
all,
actually
do
this
without
authenticating.
So
if
I
just
hit
this
this,
this
url,
which
is
the
same
kind
of
domain
as
up
here,
but
I'm
just
putting
api
slash
api
v3.
Excuse
me.
While
I
move
my
zoom
controls.
A
A
So
if
I
call
I
get
the
exact
same
response
back,
I
can
make
that
look
a
bit
prettier
by
passing
it
through
jq.
So,
let's
this
time,
let's
authenticate
so
I'm
gonna
use
my
token,
which
I
have
as
my
environment
variable.
So
this
time
I'm
gonna
do
curl
minus
h.
What
is
it
authorization
and
then,
if
I
type
bearer
and
that
environment
variable
and
hit
that
end
point
again
and
actually
I'll
hit
a
different
one,
I'll
hit
api
v3
user,
which
will
just
return
the
authenticated
user?
B
A
Bad
credentials,
why
is
that?
Why
doesn't
it
like
my
credentials.
A
Yeah,
let's
try
that
as
well.
Let
me
just
create
a
new
token
in
case
there's
an
issue
with
this
token.
Oh,
let's
call
it
demo2.
A
A
A
I
have
another
token
that
I
created
earlier,
so
I'm
gonna
jump
over
to
this
folder,
which
I
think
is
in
my
demo
days
and
now,
if
I
replay
that
request,
it's
the
same,
I
get
the
same
response
back
like
it's
me
right,
because
I'm
I'm
saying
who
is
the
authenticated
user
and
the
authenticated
user
is
myself,
but
this
time
let's
do
something
slightly
different,
so
I'm
gonna
pass
in
some
data
and
we'll
actually
try
and
open
a
github
issue.
So
this
this
token
has
kind
of
right
access
to
to
my
repo.
A
So
in
this
case
I'll
I'll
send
in
a
little
a
little
payload.
So
we'll
say
title
and
we'll
say
hello
world
right,
so
I'll
send
it
here,
but
we
can't
send
it
to
the
user.
We
have
to
send
it
to
v3
repos
slash.
A
I
have
a
repo
under
the
demodays.org
and
that
repo
is
called
spawn
spoon
knife,
slash
issues,
okay,
so
same
token
as
before.
Actually
the
the
my
pre-created
token
send
in
this
body
title
hello,
world
and
post
it
to
the
issues
endpoints,
and
hopefully
we
get
this
back,
which
is
looking
good
and
we
should
see
a
u
and
the
html.
Url
is
what
we
want.
A
A
So
I
won't
do
it
again.
What
I
can
do
is
I'll
just
go
straight
to
my
demo:
days.org
there's
the
demo
day,
spoon
knife
and
we
see
the
issue
and
here's
the
hello
world,
so
this
was
created
by
me
by
the
api
just
a
minute
ago,
but
you
can't
really
tell
from
looking
at
it
and
in
case
anyone's
in
any
doubt,
hyper
did
just
quit
on
me
unexpectedly,
which
has
never
happened
before
wonderful,
the
wonderful
of
of
live
twitch
streaming.
A
So
we'll
come
back
to
that
shortly.
So
this
is
cool
right,
pretty
cool.
Anyway,
we
got.
We
got
a
token
which
equally
could
have
been
obtained
through
the
oauth
flow.
We
exported
it
as
an
environment
variable
and.
C
A
Were
able
to
already
automate
some
things,
I
was
able
to
automate
the
creation
of
an
issue,
and
maybe
you
could
attach
that
to
some
kind
of
application,
performance
monitoring
system
and
when
you're,
when
your
production
environment
is
running
out
of
memory,
you
could
open
an
issue
or
something
to
alert
the
development
team
to
do
something
about
it
like
that
would
be
cool.
What
is
you
know?
A
Not
I
less
ideal
about
that
is
that
this
issue
is
owned
by
me
and
that
doesn't
always
make
sense
like
sometimes
the
issue
should
be
owned
by
kind
of
an
autonomous
user.
That
is,
is
essentially
like
a
bot.
A
A
But
if
I'm
using
this
token
across
lots
of
organizations,
lots
of
repos
and
also
lots
of
third-party
integrations-
and
I
could
very
easily
run
out
of
quota
also
if
you
are
using
our
on-prem
products,
this,
this
user,
who
might
be
like
a
machine
user,
has
to
consume
a
seat
and
the
token
that
I
created
is
is
long-lived,
so
that
will,
unless
it's
revoked
kind
of
manually
or
by
a
an
api,
that's
going
to
live
forever
and
also
that
token,
although
we
only
used
it
to
create
an
issue,
it
actually
has
what's
called
repost
scope.
A
So
it
can
do
lots
of
other
things
in
this
repository
as
well
like
read
the
code
and
we
might
want
to
you
know,
create
a
token
that
has
more
fine-grained
access
than
that.
So
there
are
a
you
know
a
few,
a
few
issues
with
this.
Certainly
it's
helpful
in
in
many
cases,
and
I
use
like
personal
access
tokens
or
oauth
apps
for
lots
of
other
reasons,
but
github
apps
has
kind
of
been
designed
to
solve
a
lot
of
those
problems.
A
So,
let's,
let's
talk
about,
we
talked
about
this:
let's
go
into
a
little
bit.
Actually,
I'm
gonna,
I'm
gonna
skip
some
of
the
theory.
This
is,
as
I
said,
this
is
a
public
public
gist
and
the
url
is
up
here.
There
are
those
workers
getting
hard
at
work
outside
apologies.
If
you
can
hear
that
so
yeah
interesting
about
so
the
benefits
you
get,
this
autonomy,
it's
not
tied
to
a
user.
A
On
your
instance,
you
get
an
improved
security
model
because
you
can
attach
really
fine
grained
scopes
to
the
bot
and
you
get
really
dedicated
rate
limits
that
the
bot
kind
of
has
to
itself
so
yeah,
it's
great
and
I'm
going
to
jump
over
the
key
concepts
and
we'll
do
a
deeper
lab
in
a
second,
but
because
this
is
a
demo
day.
A
This
one
is
public
at
swinton,
github,
hello,
world,
and
it's
I
mentioned
golang
earlier,
but
this
is
actually
written
in
node
and
I
like
to
think
of
this-
I
mean
it's
fairly
new,
but
I
like
to
think
of
this
as
kind
of
the
hello
world
of
github
apps.
A
A
So
here's
my
repo
the
code
to
reproduce
what
we
just
did
is
kind
of
here
and
where
previously
I
was
using
curl
on
the
command
line.
This
time
we
are
kind
of
using
this
octokit
library,
which
is
an
awesome
open
source
library
for
using
the
github
rest
apis,
and
when
I
am
instantiating
my
my
octokit
kind
of
instance
here
I'm
providing
this
auth
strategy,
which
is
this
kind
of
create
app
auth.
A
It's
going
to
authenticate
as
an
app
and
I'm
passing
in
my
app
credentials,
which
are
available
over
here
in
my
app
credentials
files.
Let's
go
check
out
app
credentials
and
essentially
like
we'll
dig
into
what
these
things
are,
but
to
authenticate
as
a
github
app.
There
are
a
few
things
that
we
need.
We
need
our
github
app
id.
We
need
what's
called
an
installation
id
and
we
need
a
kind
of
private
key
and
in
this
instance,
I'm
just
reading
them
all
from
environment
variables.
A
A
It
up
a
little
bit
more
okay,
so
this
is,
if
I
do
like
a
git
remote
minus
v.
This
is
the
same.
The
same
repo
right
as
just
the
one
that's
checked
out
locally,
and
this
is
the
environment-
is
configured
here.
Actually,
let's
open
this
up
in
my
editor.
B
And
steve
yo
h142
thanks
for
that
question.
If
you
could
send
me
the
link
to
that
gist
that
you
had
it's
like
a
piece
in
chat,
yeah,
some
couldn't
do.
A
A
Oh
thanks
as
well.
I
understand
I
can't
see
the
chat,
but
I
heard
that
h142
you
spotted
that
the
x
I
didn't
export
the
environment
variable.
Thank
you.
So
much.
A
You
got
the
link
to
my
gist
yep,
I
mean
there's
a
ton
of
stuff
in
here.
We
probably
won't
get
through
it
all
today,
so
yeah
thanks
for
doing
that,
john
and
yeah.
Let's,
let's
let
me
get
back
to,
I
think
I
was.
I
was
going
to
talk
about
this
code
so
over
here
in
this
dot
m,
I'm
just
exporting
the
environment
variables
that
I
need-
and
this
is
just
the
one.
A
A
So
if
I
just
do
like
a
node
github
helloworld.js,
hopefully
this
is
going
to
work
and
yeah.
We
got
an
issue,
so
I'm
going
to
just
go
ahead
and
open
this
and
this
time,
let's
do
a
nice
side
by
side
comparison
right
with
the
first.
The
first
issue,
which
is
here
so
this
was
this-
is
the
issue
I
created
with
my
personal
access
token,
which
is
pretty
cool.
It's
okay,
it's
useful
for
some
things.
A
B
Hey
steve,
really
quick,
it
was
a
great
question
from
david
carlson.
Is
there
any
way
to
make
it
easier
for
users
to
install
an
app
when
it's
designed
to
run
on,
in
instance,
per
org?
It's
not
essentially
run
instance.
So
not
a
single
web
hook
event
for
every
single
web
hook,
endpoint
for
every
org,
but
is
there
an
easier
way
to
configure
that.
A
Did
you
mind,
let
me
I
need
to
kind
of
wrap
my
head
around
that
question
a
bit
better.
Do
you
mind
replaying,
that
for
me,
john,
I.
B
C
A
So
if
I
have
like
a
single
so
let's
go
back,
let's
go
to
the
home
page
here
so
on
this.
In
this
instance
right
I
have
my.
I
don't
want
to
be
on
this
page,
so
I'm
going
to
go
somewhere
else.
A
So
here's
my
server
right
and
I've
got
like
my
swinton
account
and
my
demo
days
and
I
could
create
another
organization
and
I'll
just
call
it
foobar
or
whatever
and
then
I'll
just
say,
skip
this
step
and
let's
go
back
so
now
I
have
two
organizations
and
it's
the
question
kind
of
how
do
I?
How
do
I
easily
and
set
up
my
app?
A
So
it
has
access
to
all
of
these
organizations,
so
we've
got
swinton
demo
days
and
foobar
and
we
just
want
to
have
a
single
github
app
that
has
access
to
all
of
this
stuff
independently.
C
B
A
A
So
on
that
instance,
you've
got
a
single
github
app,
and
in
this
case
we
have
two
installations
of
the
app
the
first
one
is
id123456,
which
is
living
on
this
battenberg
org
and
the
other
one.
Is
this
id
456789
which
is
living
on
this
other
org
right,
so
they
are
kind
of
independent
installations,
so
they're
completely
siloed
from
each
other.
A
But
the
cool
thing
is:
is
that
they
all
kind
of
point
back
to
the
same
github
app
so
as
we'll
see
in
a
second,
all
the
permissions
are
shared
kind
of
the
the
web
hook.
Handler
is
shared
it's
kind
of
shared
at
this
level,
but
when
you
grab
a
token
which
is
down
here
so
when
this
installation
id
has
a
this
token,
it
can
only
access
what
has
been
granted
within
that
org.
So
to
access
the
other
stuff.
You
just
have
to
have
a
different
token.
A
A
A
Here,
yeah,
I
should
be
fine,
so
in
this
lab,
let's,
let's
create
a
github
app
and
before
we
create
this
github
app.
So
let's
go
back
we'll
kind
of
what
should
we
do
right?
What
should
our
new
github
app
do
that
we're
about
to
create
and
code?
So
there
are
lots
of
things
that
we
could
do
here
and
if
we
want
some
inspiration,
we
could
go.
Look
at
the
github
marketplace
at
all
of
these
apps
that
other
people
have
created.
A
We
can
look
at
this
probot
page
for
inspiration
of
what
you
can
do,
but
for
our
github
app
today,
we're
just
going
to
say
that
this
will
be
a
simple
bot
that
will
listen
for
pull
requests
and
if
the
title
of
the
pull
request
include
the
robot
emoji,
then
the
bot
is
just
going
to
automatically
approve
the
pull
request.
So
this
particular
bot
really
likes
pull
requests
that
mention
bots.
A
It's
a
bit
of
like
an
inception
thing.
I
guess
so,
let's
give
this
a
go
and
actually.
A
They're
working
outside
apologies-
actually
the
first
thing
we
need
to
do
is
go
figure
out
from
the
docs.
What
apis
we
need.
So
there
is
this
amazing
website,
which
is
the
documentation
website
for
github.com
and
github
enterprise
server,
and
we
need
to
look
at
the
rest,
api,
docs
and
because
our
bot
is
going
to
be
interacting
with
pull
requests.
A
A
So
previously
we
were
hitting
the
issues
endpoint
in
this
case
we're
going
to
hit
the
polls
kind
of
route
with
details
of
the
the
repo,
so
the
organization
that
it
lives
in
and
the
name
of
the
repo
so
demo
day,
spoon
knife,
the
pull
request,
number
the
reviews,
kind
of
path,
and
there
are
a
number
of
other
things
like
we'll
need
to
send
in
the
commit
id
the
body
which
of
our
kind
of
review
and
then
what's
called
the
event.
A
So
what
what
kind
of
action
are
we
performing
with
our
review
of
the
pull
request?
Are
we
approving
it?
Are
we
requesting
changes
or
are
we
commenting?
So
I
imagine
that
this
spot
if
it
sees
a
pull
request
that
doesn't
include
the
bot
emoji,
it's
going
to
request,
changes
right
and
say
I
need
a
bottom
emoji
to
approve
this.
A
So
that's
one
aspect
is
the
api
and
the
other
aspects
that
we
need
to
go
look
at
is
other
web
hooks.
So
again
we
can
look
at
the
documentation.
Oh
sorry,
I
wanted
to
point
out
one
more
thing,
quick
back
back
over
here,
so
it's
not
immediately
obvious,
but
while
most
of
our
rest
apis
are
available
for
github
apps,
some
of
them
are
not.
A
So
we
can
check
that
and
it's
kind
of
a
little
bit
subtle
in
our
documentation,
but
when
you're
looking
at
the
documentation
for
an
api
endpoint
like
this
one,
if
you
scroll
down
through
through,
like
the
description
through
the
parameters
through
the
code,
samples,
there's
some
notes
at
the
end
and
if
it
works
with
github
apps
there'll
be
a
no
saying
works
with
github
apps.
So
this
one
works
with
github
apps,
so
we're
good
to
use
it.
So,
let's,
let's
go
and
look
at
the
developer,
docs
and
handily
over
here.
A
Actually,
I
should
probably
bump
up
the
zoom
on
this
as
well
always
forget
to
do
that
over
here
on
this
page.
There's
a
web
hooks
area
and
I
believe
we
go
to
the
we
can
go
to
the
events
and
get
of
events
type
and
we
should
see
a
pull
request
event
now.
This
is
the
wrong
one.
This
is
the
one
I
want
web
hooks
and
web
book
events
and
payloads.
A
There's
a
difference
between
events
and
web
hooks
events
are
kind
of
the
same
data
but
available
over
a
rest.
Api
web
hooks
are
the
payloads
that
you
actually
are
sent
to
you.
So
let's
go
look
at
the
pull
request
event.
So
we'll
our
bot
will
listen
for
pull
requests.
It
will
receive
an
event
that
kind
of
looks
like
this,
so
we'll
be
able
to
consume
this
we'll
get
the
number
we'll
get
the
title
because
we
need
to
validate
the
title,
we'll
get
the
the
repo
where
that
pull
request
lives
further
down.
A
Maybe
it's
in
this.
I
know
it's
in
this
payload.
There
is
repositories
we'll
get
the
name
and
we'll
get
the
full
name
and
the
owner,
so
we
this
gives
us
all
of
the
all
of
the
data
that
we
need
to
build
our
application.
A
A
So
previously
we
created
my
personal
access
token
on
my
personal
account,
so
we
did
it
over
here
under
swinton,
but
this
time
for
the
github
app
I'm
going
to
create
it
under
an
org
and
in
most
cases
I
actually
recommend
doing
it
this
way,
because
you
can
then
share
the
adverse
administration
or
kind
of
the
upkeep
or
kind
of
the
the
monitoring
of
your
github
app.
You
can
share
that
amongst
the
team,
so
I'm
to
jump
to
my
org
settings
page
here.
A
I
really
hope
my
power
stays
on
when
they're
out
there
drilling
just
occurred
to
me.
I
really
do
apologize
if
we
have
a
power
car
over
here
fingers
crossed
so
okay.
Here
we
are
now
on
this
page,
get
up
demo
days
in
my
in
my
settings,
github
apps
and
check
that
out.
There's
our
issue,
bot
friend
that
we
saw
earlier-
and
that's
me
I'm
I
can.
A
A
So
not
this
is
a
really
long
form
right
and
there's
a
way
that
you
can
post
data
to
this
page
so
that
you
can
like
trim
down
what
the
what
you
actually
see
here,
but
it's
a
little
bit
out
of
scope
for
for
what
we're
doing
today.
So
we
don't
need
to
fill
out
this
whole
thing.
We
just
need
to
fill
out
the
the
required
parts.
I'm
going
to
give
my
bot
a
home
page.
I'm
just
going
to
say
my
bot
lives
are
example.com
pr
there
we
go!
A
That's
my
boss,
home
page,
I'm
not
gonna!
Do
any
of
this
identifying
and
authorizing
users.
I'm
gonna!
Leave
that
empty,
I'm
not
doing
any
post
installation
stuff.
So
I'm
gonna
leave
that
empty.
I
am
gonna!
Do
web
hooks,
so
I'm
going
to
paste
in
my
web
hook:
url
I'm
going
to
use
ngrok
here
so
ngrok
is
a
really
fancy
service
that
will
allow
me
to
tunnel
webhook
events
from
the
internet
to
my
local
machine,
so
I
can
handle
them
and
develop
locally.
A
It's
really
really
useful
and
then
I'm
going
to
put
in
a
webhook
secret-
and
I
don't
mind
telling
you
all
this,
but
my
web
hook
secret
here-
is
going
to
be
development
d-e-v-e-l-o-p-n-e-n-t
and
enable
ssl
verification,
yeah,
that's,
okay,
so
repository
permissions.
A
I
need
to
be
able
to
write
to
pull
requests
because
we're
gonna
review
a
pull
request.
So
I'm
gonna
request,
read
and
write
access
to
pull
requests
and
we
can.
We
can
skip
a
lot
of
this.
Don't
need
any
organization!
Permissions
don't
need
any
user.
Permissions
do
need
to
subscribe
to
events,
so
I'm
going
to
subscribe
to
the
pull
request
event.
So
this
will
tell
us
when
a
pull
request
is
open,
closed
and
so
on,
and
where
can
this
app
be
installed,
I'm
going
to
say
it
can
be
installed
on
any
account.
A
So
let's
go
ahead
and
create
our
app.
Don't
need
to
save
my
password
go
away,
one
password,
don't
need
you
right
now.
Thank
you
and
I
do
get
this
message
saying.
You
need
to
generate
a
private
key.
So
remember
when
we
authenticated
the
app
we
had
a
private
key,
so
I'm
going
to
just
download
that
so
that's
generating
we'll
come
back
to
that
in
a
second.
I
also
quite
like
to
give
my
bots
a
logo,
so
I
should
have
a
logo
over
here
somewhere
under
pictures
and
bots
and
bots
zero
zero
one.
A
So
I'm
going
to
give
my
bot
a
nice
logo
that
looks
great
and
I
can
set
a
background
color
if
I
want,
but
I
like
the
way,
that's
looking
and
now,
let's
go
ahead
and
install
the
app
and
remind
me
john,
to
keep
this
to
keep
this
page
open.
Actually,
so
let's
do
okay,
I'll
keep
this
page
open
and
let's
install
the
app
separately
over
here
and
I'm
gonna
say:
I'm
gonna
install
the
app
on
my
demo
days.org
and
I'm
just
going.
A
You
can
say
like
actually,
you
can
only
have
access
to
spoon
knife,
but
I'm
going
to
say
all
repositories
and
there's
only
one
repositories
doesn't
really
make
a
difference.
But
if
there
are
future
repositories,
then
mobile
will
get
access
to
that
repository
as
well.
So
that's
pretty
useful,
often
so
I'm
going
to
install
my
bot
there-
and
this
is
why
I
stayed
on
this
page
because
now
I
see
john
you've
jumped
on
the
camera.
A
We
got
a
ping
event
which
was
sent
to
my
ngrok
tunnel
and
we
got
a
404
response,
but
because
my
tunnel
isn't
running
yet
so
we're
gonna
go
do
that
next,
so
I'm
gonna
keep
that
page
open
and
I'm
actually
gonna
go
over
to
this
repo
here,
which
this
is
a
public
repo
and
I'm
going
to
throw
that
in
the
chat.
John.
A
Cute,
as
I
said,
I've
been
messing
around
with
some
go,
laying
recently
it's
pretty.
It's
pretty
fancy
it's
pretty
clever
stuff
and
I've
got
this
template
repo
for
github
apps,
that's
written
in
golang,
and
it's
using
a
framework
which
is
based
on
if
anyone
is
familiar
with
the
pro
bot
framework
for
node.
It's
kind
of
inspired
by
that
framework,
but
we're
not
going
to
get
into
that
we're
just
going
to
use
the
template
and
I'm
going
to
get
on
with
it.
A
So
let's
go
ahead
and
use
this
template,
so
I'm
going
to
hit
the
green
button
and
we
should
get
a
copy
of
this
repo,
so
I
can
start
coding
so
we're
going
to
call
it
pull
request
bot
and
I'm
going
to
make
this
private.
So
I'm
a
little
bit
shy
and
it
might
not
be
very
good.
So,
let's
create
my
repository
pull
request
box.
A
A
Okay,
so
here
is
here's
the
copy
of
the
code,
and
the
nice
thing
is-
is
that
the
author
of
this
template
gave
us
some
nice
instructions
on
how
to
get
going
here.
So
we
need
to
generate
a
repo
from
this
template,
which
we
just
did
that
then
we
need
to
configure
our
local
environment
and
we
need
to
provide
values
for
these
environment
variables
which
are
listed
in
nvrc.example.
A
So
it's
extremely
useful
when
you're
jumping
in
between,
like
different
environments-
or
you
know,
different
github
apps
all
day
long,
which
I
often
do
nvrc,
is
a
great
kind
of
way
to
do
that
and
it's
dirn.net
is
the
is
the
thing
so
we
need
to
anyway
fill
in
these
details,
so
we
need
a
github
base.
Url
we
need
to
get
about
id.
We
need
a
private
keypad.
We
need
our
web
secret,
which,
as
I
mentioned
before,
was
is
development,
so
that's
all
good
and
we
downloaded
so
we
downloaded
that
certificate.
A
If
you
remember
so
that
should
be
waiting
here
in
my
in
my
downs,
this
is
a
nice
thing
about
d-I-r-n.
You
have
to
explicitly
kind
of
say:
yeah,
that's
good!
So,
okay,
so
here
is
there's
my
private
key.
I'm
just
going
to
move
that
private
key
down
oops
down
tab.
I
have
a
folder
called
search.
I'm
going
to
move
it
into
my
search.
Folder
cd
search,
oops
see
search
present
working
directory,
so
my
my
github
priva
this
one
right.
A
If
I
do
an
ls
mines,
ltr
we'll
get
that
token,
we'll
get
that
secret.
I
mean,
and
I
gotta
go
back
to
my
my
pull
request
spot,
which
is
there,
so
we
have
now
this
this
certificate,
my
github
app
id.
I
think
that's
going
to
be
two,
that's
going
to
be
my
beta,
but
it's
going
to
be
github
app
id
2.,
so
it's
available.
If
you
in
case
you
don't
know
it's
going
to
be
available
here
in
general,
look
at
that!
That
was
right.
A
Let's
get
our
app
id2,
so
I'm
going
to
copy
that
and
then
I
need
my
github
base
url,
which
is
going
to
take
which
is
going
to
be
in
this
form,
but
I
need
to
change
the
kind
of
host
name.
So
I'm
just
going
to
copy
that
from
up
here
and
then
this
thing
should
be
almost
configured.
We
can
run
it
and
then
we
can
write
some
code
and
I've
got
15
minutes
left.
So
I'm
going
to
allow
this
and
okay.
A
That's
that's
looking
good,
so
I
d-I-r-n
just
exported
those
environment
variables
so
that
I
can
use
them
and
let's
go
back
to
the
readme.
So
I
can
see
what
I
have
to
do
next
so
over
here
in
the
let's
close
this
down.
Let
me
read
that
now:
okay
in
the
read
me
so
we're
gonna,
we're
gonna
run
the
app
now
right.
So
there's
this
other
tool,
which
is
pretty
handy,
called
reflex
which
will
just
when
you
run
it.
A
It
will
just
look
for
any
changes
to
files
that
you
can
specify
and
when
any
of
those
files
change
or
reload
kind
of
the
command
that
you
pass
it.
So
in
my
case,
I'm
just
going
to
ask
it
to
re-run
or
reload.
This
go
run,
main.go
command.
So
let's
get
that
going
over
here
and
actually
I'm
gonna,
I'm
gonna.
Do
it
in
this
window
in
this
tab,
so
pull
request
bar
and
then
let's
run
reflex.
So
reflex
is
gonna
start
our
app.
A
So
I
have
this
again
in
my
readme,
so
you
can.
I
can
do
ngrok
http
8000,
but
I've
also
got
this
configuration
file
which
you
can
read
about
here,
which
allows
me
to
just
run
ngrok
start
main
instead.
A
So
let's
do
that
and
now
we
are
online
and
that
web
hook
payload
should
should
now
work
and
the
nice
thing
as
well
about
ncroc.
Is
you
get
this
pretty
cool
web
interface?
So
you
can
see
you
can
see
the
the
web
hooks
kind
of
come
in
and
you
can
see
the
responses
and
you
can
replay
them.
It's
all
pretty
pretty
useful.
A
So
right
now
it
hasn't
done
anything.
So
I've
got
my
ngrok
here.
Let
me
just
rearrange
something.
So
I
get
a
bit
more
organized.
I've
got
my
angr,
which
is
hasn't
received
anything.
Yet
I've
got
my
github
app.
Let's
go,
let's
go
and
create
a
pull
request.
A
What
do
you
say
and
see
if,
if
this
app
will
do
anything
for
us
so
over
here
in
my
spoon
knife
repo,
where
the
app
is
installed,
I'm
going
to
go
ahead
and
open
a
pull
request,
quick,
so
I'm
going
to
say,
create
new
file,
I'm
just
going
to
say:
apps
are
nice
dot
md
and
I'm
going
to
say
we
like
apps
and
I'm
going
to
say,
robot,
I'm
going
to
also
say
unicorn.
A
Yeah
that'll
do
I'm
going
to
create
a
new
branch
and
I'm
going
to
propose
this
change,
I'm
going
to
create
the
pull
request,
so
this
should
have
generated
an
event,
and
so,
if
I
go
back
to
my
advanced
tab
here,
we
got
a
new
web
hook
and
it
posted
this
time
a
pull
request
event
with
the
action
open.
But
again
we
got
a
400.
Previously
previously
we
got
a
404.
Now
we've
got
a
400.
A
This
is
expected
because
the
framework
is
telling
us
that
there
isn't
a
handler
here
yet
to
to
handle
this
event.
If
I
go
into
the
ngrok
inspector,
we've
got
the
same
thing
here,
which
is
pretty
nice,
so
the
next
thing
we
need
to
do
is
actually
create
our
handler
so
that
we
can
respond
to
this
pull
request.
That's
been
opened,
so
we're
going
to
jump
back
and
we're
going
to
edit
this
main.go
and
the
way
you
register
handlers
is
via
this
main
function
on
this
kind
of
pro
probot
package.
A
That's
imported
from
here,
you
can
just
say:
hey
probot
handle
event.
Whatever
the
event
is
with
this
function
and
when
that
event
comes
in
your
function
will
get
called
and
you
can
handle
it,
and
if
something
goes
wrong,
you
can
just
return
an
error
and
everything
will
be,
will
be
wonderful.
So
we
need
another
one
of
these,
because
this
one
handles
issues
we
need
to
handle
pull
requests.
So
this
is
where
I
type
code-
and
this
is
where
it
all
starts-
to
go
potentially
messy,
because
I
don't
really
enjoy
live
coding.
A
All
that
much
from
honest
with
you.
A
little
bit
can
be
a
little
bit
stressful,
so
the
function
needs
to
be
written
in
a
very
specific
way,
because
this
is
go
lang
and
golang
likes
kind
of
static
types,
which
is
fair
enough.
Quite
honestly,
I
could
see
the
benefit
so
our
pro
bot
handle
event.
It's
gonna
listen
for
a
pull
request
and
then
this
event
is
gonna
run
this
function.
Sorry,
it's
gonna
run
and
we'll
get
past
this
context,
which
has
some
pretty
useful
stuff
on
it.
We
it's
got
our
app.
A
It's
got
the
incoming
payload,
which
is
the
the
webhook
event
that
we're
handling,
and
it's
got
this
github
client
and
the
github
client
will
be
already
kind
of
associated
with
the
with
the
installation.
So
we
can
just
like
call
the
api.
We
don't
have
to
worry
about
creating
a
token
or
anything
like
that
show,
and
the
other
thing
is
because
we
know
it's
a
pull
request
event.
We
can
go
ahead
and
get
the
actual
kind
of
concrete,
concrete
class.
A
Sorry
interface
that
we
know
actually
is
so
we
can
say
context.payload
and
we
can
say
this
is
not
so
up
here.
It
was
an
issues
event
because
we're
handling
issues
and
down
here
it's
going
to
be
a
pool.
I
believe
it's
a
pull
request
event.
A
This
is
going
to
be
one
of
those
and
let's
just
do
something
else.
Now
now
we've
got
this
event,
which
is
a
pull
request
event.
We
can
actually
get
the
pull
request
from
it,
so
we
can
say
the
pr
is
going
to
be
event,
dot
get
get
pull
request
right
like
so,
and
just
for
funsies,
let's
go
ahead
and
log
out
log.
How
am
I
doing
on
time?
A
Let's
say
that
we
got
the
pr
title
percent
s
and
we're
going
to
say
here's
our
pr
title
pr.title
and
we're
going
to
say
return,
so
we
have
to
return
something
and
because
we
haven't
handled,
we
haven't
encountered
an
error.
I
can
just
return
nil
for
the
for
this
error
up
here,
so
this
is
kind
of
the
wonderful
world
of
go
lane
we're
living
in
now.
A
A
So
this
is
this
reloaded
previously
we
got
a
or
four
hundred
bad
requests
and
if
I
jump
back
over
to
here
and
couple
things,
let's
pump
up
the
zoom
and
replay
this
now
we
got
a
200
okay
and
we
go
all
the
way
down
to
the
bottom
of
the
page.
Oh
wow,
that's
a
long
way
we
get!
We
just
received
that
return.
This
response
saying
yeah
we
received
that
message
received.
A
A
And
what
we
want
to
do
is
we
want
to
approve
or
request
changes
on
the
pull
request.
Remember
all
the
way
over
here
right.
If
the
title
includes
the
robot
emoji,
then
we're
going
to
say
that's
a
good
pull
request.
Otherwise
we're
going
to
say
no,
we
want.
We
want
some
changes
on
this
thing,
so
let's
go
ahead
and
do
that
back
in
back
in
the
handler.
A
Oh,
this
is
getting
confusing.
Isn't
it
too
many
too
many
things
are
open.
This,
that's
that's
what
I
want
so
back
in
my
hand,
we're
going
to
say:
okay,
does
the
title
include
a
robot
emoji,
or
doesn't
it
so
actually
before
we
do
that?
Let's,
let's
look
at
the
documentation
for
the
and
on
the
github
api
client
that
we're
using
this
create
review
method
just
quickly
review
this.
So
this
is
what
we're
going
to
call
to
create
our
review
on
the
pull
request.
A
We
need
to
pass
in
the
owner
repo
the
number
of
the
pull
request
and
this
pull
request
kind
of
object,
and
then
we
get
some
stuff
back.
So
the
first
thing
we're
going
to
do
is
actually
create
this
new
pull
request,
pull
request
review,
they
call
it
a
pull
request,
review
request,
which
I
find
a
little
bit
confusing,
but
we're
going
to
run
with
it.
So,
let's
just
say
that
we
have
a
new
review,
which
is
our
review
of
the
pull
request
and
it's
going
to
be
equal
to
the
github
pull
request,
review.
A
Request
pull
request,
review
request
there.
It
is,
and
it
needs
to
have
a
commit
id
so
that
which
is
really
just
a
commit
sha,
which
is
available
from
our
pull
request
that
we'll
just
send
it
in
the
head
pr
dot
head
the
head,
we'll
just
send
in
the
head,
sharp
from
our
pull
request.
The
most
recent
commit
to
the
pull
request,
pull
requests.
Our
review
will
be
attached
to
this
commit
sharp
okay.
A
So
my
linter
is
yelling
at
me
because
I'm
not
doing
anything
with
new
review
yet
so
we
better
do
something
with
it.
So
let's
say
if
if
the
title
includes
the
robot,
so
the
way
we
do
that
in
golang
is
something
like
if
strings
dot
contains,
and
we
say
the
string
is
going
to
be
the
pull
request
title
if
it
contains
this
string,
which
is
going
to
be
snip,
my
robot
that
guy,
if
it
contains
this,
then
we're
happy
right.
So
we
can
say
new
review
dot
event
equals.
A
Did
I
type
that
right?
I
prefer
it
when
it
auto
completes
to
be
honest
event.
Equals
github.string
and
we're
going
to
say,
approve,
approve
that
pull
request
and
we're
gonna
pass
in
a
body
which
will
just
be
a
little
message
from
the
bot.
So
body
is
gonna,
be
we'll
just
say,
looks
good
to
me
and
let's
send
in
a
nice
rocket,
emoji
isn't
that
lovely
and
if
this
is
not
true,
this
is
not
the
case
on
our
robot
is
not
happy.
A
So,
let's
say
blue
review,
dot
event
equals
github
dot
string
and
we're
gonna
say:
request
changes
in
a
stern
voice,
request,
changes
and
the
body
is
going
to
say:
hey
needs
more
robot.
A
Boom
and
okay,
so
we
all
we've
done
so
far.
We
haven't
actually
created
this
yet
right.
We've
just
got
this
object
locally,
so
we
just
send
that
to
github,
and
I
said
that
this
context
object
has
an
or
a
kind
of
a
hydrated
github
api
client
already
attached
to
it.
So
we
can
just
plug
into
that
by
saying
ctx,
which
is
the
context
that's
given
to
us.
There's
a
github
dot,
oops.pull.pull
requests
create
review
and
we
have
to
pass
in
this
context.
A
So
I'm
just
going
to
say
context.background,
I
believe
that's
like
if
you
want
to
like
time
out
the
request,
if
it's
taking
too
long,
you
can
do
that.
I'm
just
going
to
pass
in
this
default
background.
We're
not
going
to
do
anything
like
that,
so
we
need
to
pass
in
the
the
owner,
which
is
repo
owner
dot,
login,
oops
login
and
the
other
one.
I
feel
like
we're
not
going
to
have
time
to
get
the
get
your
keyboard
out,
john
for
you
to
do
a
little
song
for
everyone.
A
Hey
I
shouldn't
be
talking
to
you.
This
is
the
crucial
time.
Will
you
stop
interrupting
me?
Goodness
me
trying
to
try
to
code
this
thing
over
here,
I'm
just
joking.
So
hopefully
I've
probably
messed
this
up,
because
I
decided
to
be
clever,
so
we
need
to
pass.
In
this
background
the
login,
the
name,
the
pull
request
number
and
our
review
is
shouting
at
me,
which
honestly
that
always
makes
me
a
bit
nervous.
Oh,
and
this
is
going
to
return
some
things
that
we
might
want
to
catch.
A
So,
let's
catch
those
things,
it's
going
to
return
our
review,
the
response
and
the
error.
So
I'll
just
say
I'll,
say:
review.
Let's
ignore
the
response,
we'll
just
say
error
or
rather
equals
those
things
oops
and
then
we'll
say.
If
if
and
now
my
dog
is
barking,
so
I
don't
know
if
you
can
it's
chaos
here
today
and
telling
you
I
don't
know
if
you
can
hear
my
dog
barking
over
there
she's
probably
barking
at
those
construction
workers.
These
are
not
the
ideal
circumstances
to
be
live
coding
under.
A
I
guess
I
gotta
say
so:
let's
print
f,
a
new
review
created
and,
let's
say,
percent,
we'll
just
we'll
just
log
out
that
review.
If
this
works
honestly,
it's
going
to
be
a
miracle,
it's
just
too
much
all
right,
so
I
coded
that
miraculously
and
I'm
going
to
save
it,
and
hopefully
this
compiles
and
undefined
reap
oh
yeah.
I
got
to
get
the
repo
right.
Where
do
I
get
that?
I
think
I
can
get
that
off
of
the
event
so
say
repo,
there's
the
event.getrepo
or
something
yeah.
A
It
says:
let's
try
that
again
starting
service
fingers
crossed
there.
It
is
it's
loaded,
so
I'm
gonna
jump
back
over
to
my
what,
wherever
it
is
oops.
How
do
I
do
this
over
to
my
pull
request?
Actually,
no
sorry
over
to
here,
I'm
just
going
to
replay,
I
mean
I
could
create
a
new
pull
request
right
and
do
it
from
the
beginning
to
end
I'm
just
going
to
replay
it
and
we've
got
200.
Okay.
A
A
And
let's
do
that
and
now
my
robot
has
kindly
approved
the
pull
request
for
us,
so
what
a
good
robot
so
so
long
as
all
of
your
pull
requests
have
the
robot
emoji
in
the
title,
then
this
robot,
this
particular
app,
is
going
to
be
pretty
happy.
A
So,
okay,
that
was
like
a
pretty
whirlwind:
end-to-end
demo,
we
managed
to
do
it.
We
created
this
github
app,
it
listens
for
new
call
requests
and
it
approves
it
if
we
have
a
a
robot
emoji
in
it
just
by
way
of
review.
A
This
great
way
for
third
parties
to
like
autonomously
access,
protected,
github
resources
and
manipulate
them
and
they're
also
used
by
github,
with
they're
like
a
first-class
platform,
primitive
internally
for
us
to
build
our
our
own
products,
and
some
of
my
favorite
github
apps
are
kind
of
dependable,
which
helps
you
keep
your
dependencies
updated
in
in
your
repos,
and
also
github
actions
is
also
a
github
app
and
if
you
were
wondering
well
couldn't
I
have
done
all
of
this,
this
code
that
we
just
painstakingly
wrote
and
we're
hosting
and
have
like
a
web
hook
listener
and
one
of
those
things
couldn't
it
just
be
a
github
action.
A
Well,
I
mean
actually
in
this
case
it
could
and
on
our
public
docs
here
that
public
docs
here
there's
a
this
handy
page
that
compares
github
actions
to
github
apps.
Interestingly,
there
there
is
some
overlap
and
github
actions.
Kind
of
is
a
github
app.
When
you
look
at
the
token
that
you
get
this
isn't.
A
Then
you
could
absolutely
write
a
github
app,
which
is
really
just
a
github
action
and
we
would
host
it
and
and
run
it
for
you
and
that's
for
a
topic
for
another
demo
day,
and
I
don't
say
someone
has
already
actually
done
this,
but
there's
more
on
creating
actions
here
and
if
that,
if
this
is
too
limited
for
you
like
we
don't
have
you
don't
have
the
right
web
book
events
or
the
permission.
You
need
more
permissions
than
this
or
you
you
need
to
run.
A
You
need
to
run
or
handle
the
compute
yourself,
because
you
need
the
architecture
or
you
need
the
data
that
you're
hosting
then
github
apps
would
be
the
right
way
to
go.
So
I
really
hope
that
that
was
helpful.
I
know
that
was
a
lot
in
an
hour
and
thanks
for
bearing
with
me,
I
will
just
say
that
there
is
this
github
apps
cheat
sheet
available
at
this
url
and
I'll
just
copy
the
link
and
maybe
drop
it
in
there.
A
So
yeah
that,
I
think
is,
is
everything
for
today
I
am
swinton
on
github
and
my
email
is
swinton.github.com.
So
if
there
are
any
questions,
concerns
or
comments
then
feel
free
to
hit
me
up
there
and
john.
Is
there
any?
Are
there
any
like
questions
that
we
should
quickly
chat
about
before?
We
hang
up
here.
C
No,
I
think,
we're
good.
We
definitely
covered
a
lot
today
and
so
lots
of.
B
A
C
A
Yeah,
that's
a
great
idea,
all
right
cool.
Well,
I
will
stop
sharing
and
I
do
hope
this
was
helpful.
The
gist
is
public.
There's
the
resources
are
public.
The
probot
template
is
public.
The
pro
bot
go
lane
framework
is
public,
so
yeah.
I.
I
hope
that
this
has
been
helpful
and
thanks
so
much
for
tuning
in.
A
I
believe
that
we
have
another
one
next
friday,
if
you'd
like
to
join
us
again-
and
I
will
hang
out
in
the
twitch
chat
just
to
see,
if
there's
any
any
questions
I
can
answer
there.
So
I'm
going
to
stop
the
share
now,
thanks
so
much
everyone
awesome.