How to interact with a GitHub app from a CI service



I want to build a GitHub App, mainly because I want to use the checks API to display additional information on a Pull Request. As part of my CI pipeline I run a script which checks certain things across the whole git checkout.

I start building a first simple version with Probot which is working fine when using hard coded values within my GitHub app. However, I’m currently struggling how to make this working with the CI.

Imagine, I create a new PR, then the CI gets invoked and as soon as I receive the check_suite webhook I’m able to display a pending state for this check. After a few minutes the CI
invokes my script which runs at the very end of the pipeline. Here is where I got stuck.

The scripts create a json file which contains all the issues. Now I have to upload this file to the server where the GitHub app is running and find the related Pull Request so I can updated the checks according to this file. In order to do this I need some identifier. I was thinking about using the repo url + sha, but not sure if this is really a good idea since this can be easily faked. In addition to the url + sha a token could also help to authenticate a user.

I wonder how Travis and others are doing this. At least for public repos I don’t need such a token so there must be another way how to link a job and a PR.

Maybe the answer is obvious, but this is my first GitHub app so please bear with me.

Thanks for your help



When you start a build, you need to create a check run, it’ll be bound to your app (all check runs created by your app have names and they all are combined into a check suite on per app basis).
It will return run id, which you then must use to post additional updates to this check run.

I’ve created a small CLI for accessing Checks API from scripts. In your flow, you might want to just post updates from within CI jobs if applicable.

Some notes on how to use it: (no real docs, sorry)
Demo check: