Git on Cloud

git on cloud runs git integration in resolve managed cloud infrastructure no satellite deployment is required when to use it use git on cloud when you want the fastest setup path you cannot deploy a satellite in your environment use git on satellite docid\ xpgmd3gralx1wkgfybh8a instead if repository access must stay inside your own cluster/network prerequisites repositories must be reachable from resolve cloud for github managed auth github access to install/authorize resolve for ghe (byo github app) auth a github app you own on the target github instance, app id, installation id, and private key (pem) see app for github → bring your own github app docid\ jr5wemheelnozhvsz81ne for app creation steps and required permissions for token auth provider username + token with required repo permissions setup option 1 github managed auth (recommended) open git integrations https //app0 resolve ai/integrations/git/edit create a cloud git connection select github auth complete the github authorization/install flow select repositories verify health check and repository listing option 2 bring your own github app (ghe) use this option when you want to connect resolve via a github app that you own and operate it works for any github variant github com, github enterprise cloud, or github enterprise server (on prem) the instance must be reachable from resolve cloud see app for github → bring your own github app docid\ jr5wemheelnozhvsz81ne first it walks through creating the github app, the recommended permissions, generating a private key, and capturing app id / installation id / api base url come back here once you have those four values create the github app on your github instance and install it on the target organization see app for github → bring your own github app docid\ jr5wemheelnozhvsz81ne for the full walkthrough; it covers github com, ghe cloud, and ghe server capture api base url (e g https //api github com for github com, or https //ghe your company com/api/v3 for ghe server) app id installation id (from the install url, e g /settings/installations/\<id> ) private key (pem) open git integrations https //app0 resolve ai/integrations/git/edit and create a cloud git connection select ghe auth and fill in the four fields above save and verify health check and repository listing option 3 token auth open git integrations https //app0 resolve ai/integrations/git/edit create a cloud git connection select token auth provide connection name username token repository https urls verify health check and repository listing connection schemas github auth example { "connection" { "authconfigs" { "githubapp" { "type" "github" } } } } ghe (byo github app) example { "connection" { "authconfigs" { "mygheapp" { "type" "ghe", "ghe" { "baseurl" "https //ghe your company com/api/v3", "appid" "12345", "installationid" "67890" } } }, "gheauthcredentials" { "mygheapp" { "privatekey" " begin rsa private key \n \n end rsa private key \n" } } } } the same shape works for github com (use https //api github com as baseurl ) and github enterprise cloud token auth example { "connection" { "authconfigs" { "prodgithubtoken" { "type" "token", "tokenauthremoteurls" \[ "https //github com/org/repo a git", "https //github com/org/repo b git" ] } }, "tokenauthcredentials" { "prodgithubtoken" { "username" "your username", "token" "your token" } } } } optional fields { "connection" { "disablewrites" true, "disabledsubcommands" \["config", "remote"] } } disablewrites set to true to force read only mode for this integration blocks write/remediation tools if omitted, default behavior is computed from auth type ( github or ghe auth > writes enabled by default, token only > read only by default) disabledsubcommands blocks specific git \<subcommand> operations even when other git tools are available example \["config", "remote"] prevents running git config and git remote useful as a hardening control to restrict subcommands you don't want resolve to run in your repositories writes, prs, and tool access read only repository operations are always available (clone/fetch/search/read/history) write/remediation behavior is controlled by disablewrites if disablewrites is omitted defaults to false when a github or ghe auth config exists defaults to true for token only config reading pr data and querying github actions / pr check status works with any auth that targets github repos and carries the right scopes github and ghe auth, provided the github app has the recommended permissions docid\ jr5wemheelnozhvsz81ne token auth, when the repos are hosted on github and the token grants the equivalent scopes (e g fine grained pat with actions read , pull requests read , checks read , contents read , metadata read ) faq is token auth strictly read only? no token based connections can use write/remediation tools when disablewrites false and tool support is available are ssh urls supported? no use https repository urls