GitHub integration
Automate GitHub issues, pull requests, and repository events across your clients' repositories from any TaskJuice workflow.
What it does
The GitHub integration lets you run developer-workflow automations on behalf of any repository you have access to. Connect a Personal Access Token once, then open issues, trigger GitHub Actions workflows, and list pull requests from any workflow step. Four real-time triggers let you react the moment an issue changes, a pull request moves through review, commits land, or a release is published.
GitHub lives under the Developer Tools category. You can also find it by searching for git.
This integration uses a GitHub Personal Access Token (PAT), not OAuth. There is no "Sign in to GitHub" button and no consent screen. The connection is a single field where you paste a token.
Connect a GitHub account
The connection holds one credential: a Personal Access Token. The webhook signing secret for triggers is configured separately, per trigger, when you publish a workflow. For the general connect flow across all apps, see Connect an account.
Generate a token in GitHub
Create a fine-grained PAT at
https://github.com/settings/personal-access-tokens, or a classic PAT athttps://github.com/settings/tokens. Scope it to the minimum permissions your workflows need, for example read and write on Issues, Pull requests, and Contents for the target repositories.Paste it into the connection
In TaskJuice, open the GitHub connection and paste the token into the Personal Access Token field.
Save the connection
TaskJuice stores the token encrypted. It is never shown again after you save, so keep a copy in GitHub if you need to reference it later.
To revoke access, delete the PAT from https://github.com/settings/tokens. Because access is scoped to the token, switching the acting account means generating a new PAT and rotating it into the connection. For credential lifecycle details, see Connections.
Do not put a webhook secret in the connection. When you publish a trigger, TaskJuice gives you a signing secret to paste into the GitHub webhook's Secret field. See the Triggers section below.
Triggers
Every trigger is a real-time webhook. Each inbound delivery is one event and produces one activation. There is no polling and no batch or digest collapse.
Issue, pull request, and release events each fire across many sub-actions. The specific lifecycle transition arrives in the action field of the output, so add a Branch or Switch node downstream and filter on it, for example action == "opened". See Triggers and actions.
| Trigger | Key | Fires on |
|---|---|---|
| Issue Event | github/issue-event | A GitHub issue is opened, edited, closed, assigned, labeled, or otherwise changed. Filter downstream by action. |
| Pull Request Event | github/pull-request-event | A pull request is opened, synchronized, reviewed, merged, or closed. |
| Push Event | github/push-event | Commits are pushed to a repository branch or tag. |
| Release Event | github/release-event | A release is published, edited, or deleted. |
Output keys per trigger
| Trigger | Top-level keys | Always present |
|---|---|---|
github/issue-event | action, issue, repository, sender, installation | action, issue, repository, sender |
github/pull-request-event | action, number, pull_request, repository, sender | action, number, pull_request, repository, sender |
github/push-event | ref, before, after, repository, pusher, commits, head_commit | ref, before, after, repository, pusher |
github/release-event | action, release, repository, sender | action, release, repository, sender |
For Issue Event, installation can be null. For Push Event, commits is an array and head_commit can be null.
Verifying inbound deliveries
Each GitHub trigger verifies every delivery against an HMAC-SHA256 signature in the X-Hub-Signature-256 header. When you publish a trigger, TaskJuice gives you a signing secret. Paste it into the GitHub webhook's configuration under Secret. GitHub signs the request body with HMAC-SHA256 and sends the digest in X-Hub-Signature-256. Deliveries whose signature does not match are rejected.
Actions
All three actions send authenticated HTTP requests using the token from your connection. The owner and repo fields are free text: type them directly or map them from an upstream step. There is no repository or owner dropdown.
| Action | Key | What it does |
|---|---|---|
| Create Issue | github/create-issue | Create a new issue in a repository. |
| Create Repository Dispatch | github/create-repository-dispatch | Trigger a GitHub Actions workflow via a repository_dispatch event. |
| List Pull Requests | github/list-pull-requests | List pull requests for a repository. |
Create Issue
Creates a new issue. Requires owner, repo, and title.
| Field | Type | Required | Default | Description |
|---|---|---|---|---|
owner | string | Yes | None | Repository owner (user or organization). |
repo | string | Yes | None | Repository name. |
title | string | Yes | None | Issue title. |
body | string | No | None | Issue body in Markdown. |
labels | array of strings | No | None | Labels to apply. |
assignees | array of strings | No | None | Usernames to assign. |
Output keys: id, number, url, html_url, state, title, body.
Create Repository Dispatch
Sends a repository_dispatch event that GitHub Actions workflows can listen for. Requires owner, repo, and event_type.
| Field | Type | Required | Default | Description |
|---|---|---|---|---|
owner | string | Yes | None | Repository owner (user or organization). |
repo | string | Yes | None | Repository name. |
event_type | string | Yes | None | Custom event name GitHub Actions workflows can filter on. |
client_payload | object | No | None | Arbitrary JSON passed through to the workflow as github.event.client_payload. |
A successful dispatch returns no body. There is no output to map downstream.
List Pull Requests
Lists pull requests for a repository. Requires owner and repo. Returns an array, not a single pull request.
| Field | Type | Required | Default | Description |
|---|---|---|---|---|
owner | string | Yes | None | Repository owner (user or organization). |
repo | string | Yes | None | Repository name. |
state | string | No | open | Filter by state: open (Open), closed (Closed), or all (All). |
per_page | integer | No | 30 | Results per page. Minimum 1, maximum 100. |
Each item in the returned array has these keys: id, number, state, title, url, html_url.
Errors
When a GitHub request fails, the step's top-level error code is UPSTREAM_REQUEST_FAILED. The provider's HTTP status maps to a specific TaskJuice error code:
| HTTP | TaskJuice error code | Retryable | What it means |
|---|---|---|---|
| 401 | AUTH_EXPIRED | No | The PAT was revoked or expired. Rotate the token to restore the connection. |
| 403 | FORBIDDEN | No | The token lacks permission for this operation. |
| 404 | NOT_FOUND | No | The repository or owner was not found, or the PAT cannot see it. |
| 422 | VALIDATION_ERROR | No | Invalid input, for example a label that does not exist. Returned by Create Issue and Create Repository Dispatch. |
| 429 | RATE_LIMITED | Yes | GitHub's rate limit was hit. TaskJuice retries with backoff. |
| 500 | PROVIDER_ERROR | Yes | GitHub returned a server error. TaskJuice retries. |
For how a paused or failed run recovers, see Run and step statuses and Reconnect an integration.
Known limitations
- Authentication is a Personal Access Token, not OAuth. Access is limited to the scopes and permissions you granted the token. A
404on a repository that exists usually means the PAT cannot see it. Switching the acting account means generating a new PAT and rotating the connection. - PATs expire. Fine-grained and classic tokens can carry an expiry. When one lapses, requests return
401, surfaced as auth expired. Rotate the token to restore the connection. - Provider rate limits apply per token. GitHub publishes its own per-token quotas for authenticated REST requests on github.com. On a
429, TaskJuice surfaces a retryable rate-limit error and respects the backoff. - A webhook signing secret is required for every trigger. Deliveries without a valid
X-Hub-Signature-256signature are rejected. - github.com only. The connection targets
api.github.com. There is no host or instance field, so GitHub Enterprise Server (self-managed) is not supported by this integration. If you manage GitLab projects on a self-managed host, see the GitLab integration. - Triggers are real-time and single-event. Each webhook POST is one activation. There is no polling, batching, or digest mode.
- Issue, pull request, and release events are broad. A single trigger fires across many sub-actions. Filter on the
actionfield downstream to scope to a specific lifecycle transition.