Skip to content

feat: support multiple GitHub Apps for per-org authentication#163

Open
js-murph wants to merge 1 commit intomainfrom
johnm/multiple-github-apps
Open

feat: support multiple GitHub Apps for per-org authentication#163
js-murph wants to merge 1 commit intomainfrom
johnm/multiple-github-apps

Conversation

@js-murph
Copy link
Collaborator

@js-murph js-murph commented Feb 26, 2026

Summary

  • Restructure github-app config from a single block to multiple labeled blocks, each with its own app-id, private-key, and installation mappings
  • TokenManager now routes org lookups to the correct GitHub App internally, so different orgs can authenticate via different apps
  • Errors on duplicate org mappings across apps at startup

Config format

github-app "primary" {
  app-id = "111"
  private-key-path = "/path/to/key1.pem"
  installations = { "org1": "inst-1", "org2": "inst-2" }
}

github-app "secondary" {
  app-id = "222"
  private-key-path = "/path/to/key2.pem"
  installations = { "org3": "inst-3" }
}

Test plan

  • All existing tests pass
  • New unit tests for multi-app routing, duplicate org detection, empty/incomplete configs, nil safety
  • Linter passes
  • Manual test with multiple GitHub App configurations

🤖 Generated with Claude Code

@js-murph @claude
feat: support multiple GitHub Apps for per-org authentication
7db29ca 
Restructure the github-app config to support multiple labeled blocks,
each with its own app-id, private-key, and installation mappings. The
TokenManager now routes org lookups to the correct app internally.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@js-murph js-murph requested a review from a team as a code owner February 26, 2026 09:14
@js-murph js-murph requested review from nssherpa and removed request for a team February 26, 2026 09:14
alecthomas
alecthomas reviewed Feb 26, 2026
View reviewed changes
internal/githubapp/tokens.go
orgToApp := map[string]*appState{}

for _, config := range configs {
if config.AppID == "" || config.PrivateKeyPath == "" || len(config.Installations) == 0 {
Copy link
Collaborator

@alecthomas alecthomas Feb 26, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should this be an error?

alecthomas
alecthomas approved these changes Feb 26, 2026
View reviewed changes
internal/githubapp/config.go

// Config represents the configuration for a single GitHub App.
type Config struct {
Name string `hcl:"name,label" help:"Name for this GitHub App configuration."`
Copy link
Collaborator

@alecthomas alecthomas Feb 26, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do we actually need a name? If we don't need this the config will be completely backwards compatible.

I don't really mind either way.

Copy link
Collaborator Author

@js-murph js-murph Feb 26, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We don't in retrospect, initially I thought it would be useful for helping identify the app, but the org is in the map... so it's probably unnecessary.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@alecthomas alecthomas alecthomas approved these changes

@nssherpa nssherpa Awaiting requested review from nssherpa nssherpa is a code owner automatically assigned from block/cachew-team

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@js-murph @alecthomas