Enterprise DevOps Control Plane - Governed Releases, Deployment Authorization & CI/CD Orchestration
π Quick Start β’ π Features β’ π οΈ Tech Stack β’ π Architecture β’ π§ Installation
Enterprise Github App is the core GitHub App that serves as the control plane for enterprise DevOps operations. A separate GitHub Action acts as a thin client calling this App's API, providing seamless integration with existing workflows.
- Enterprise-Ready Security - GitHub App authentication with JWT and installation tokens
- Governance First - Release validation and deployment authorization built-in
- Audit Trail - Complete logging and compliance for all operations
- Developer-Friendly - Clean API design with comprehensive documentation
- Scalable Architecture - Built for enterprise-scale deployments
- Security by Design - Webhook signature verification and least-privilege access
- GitHub App Authentication - JWT generation and installation token handling
- Public HTTP API - Health endpoint, release validation, deployment authorization
- GitHub Webhook Handling - Installation events, ping event, signature verification
- Audit Logging - Store basic events (release check, deployment check)
- Configuration Management - Environment-based configuration with no hardcoded secrets
- Database Integration - PostgreSQL with proper migrations and schema
- Containerized Deployment - Docker and docker-compose ready
- Webhook Signature Verification - SHA-256 HMAC verification for all webhooks
- JWT Authentication - GitHub App JWT with proper expiration handling
- Installation Access Tokens - Per-installation token management
- Least Privilege Design - Minimal required permissions and scopes
- Secure Configuration - Environment-based secrets management
- PostgreSQL Integration - Secure database with connection pooling
Go 1.23+ with Clean Architecture
βββ π Gin HTTP Framework (High Performance Router)
βββ ποΈ PostgreSQL (Enterprise Database)
βββ π JWT Authentication (GitHub App Integration)
βββ π Webhook Signature Verification (Security)
βββ π Audit Logging (Compliance)
βββ π³ Docker Support (Containerization)
βββ π Environment Configuration (12-Factor App)
Platform Layer (HTTP Server)
βββ GitHub Client (Authentication & API)
βββ API Handlers (Release Validation & Deployment Auth)
βββ Webhook Handlers (Event Processing)
βββ Audit Service (Event Logging)
βββ Storage Layer (Database Operations)
βββ Configuration (Environment Management)
github-enterprise/
βββ cmd/server/main.go # Application Entry Point
βββ app/
β βββ platform/ # HTTP Server & Routes
β β βββ server.go # Main HTTP server
β β βββ api.go # API handlers
β β βββ webhooks.go # Webhook handlers
β βββ github/ # GitHub Integration
β β βββ client.go # GitHub App client
β βββ api/ # API Layer
β β βββ handlers.go # API request handlers
β βββ releases/ # Release Management
β β βββ models.go # Release data structures
β βββ deployments/ # Deployment Management
β β βββ models.go # Deployment data structures
β βββ audit/ # Audit Logging
β β βββ service.go # Audit service
β βββ config/ # Configuration
β β βββ config.go # Environment config
β βββ storage/ # Database Layer
β βββ database.go # Database connection
β βββ migrations/ # Database migrations
βββ docs/ # Documentation
βββ .github/workflows/ # CI/CD workflows
βββ Dockerfile # Container definition
βββ docker-compose.yml # Development environment
βββ README.md # This file
GitHub Webhooks βββΊ Sky Genesis Enterprise βββΊ PostgreSQL Database
β² β β
β βΌ βΌ
GitHub Actions ββββββββ HTTP API βββββββ Audit Logs ββββββββ
(Future Client) (Release Validation) (Event Storage)
- Go 1.23 or higher
- PostgreSQL 14.0 or higher
- Docker and Docker Compose (optional, for containerized setup)
- GitHub App configured with required permissions
-
Clone the repository
git clone https://github.com/skygenesisenterprise/github-enterprise.git cd github-enterprise -
Configure environment variables
cp .env.example .env # Edit .env with your GitHub App credentials -
Start services
docker-compose up -d
-
Verify installation
curl http://localhost:8080/api/v1/health
-
Install dependencies
go mod download
-
Set up PostgreSQL database
# Create database createdb sky_genesis # Run migrations psql -d sky_genesis -f app/storage/migrations/001_initial_schema.sql
-
Configure environment variables
export GITHUB_APP_ID=your_app_id export GITHUB_PRIVATE_KEY="-----BEGIN RSA PRIVATE KEY-----\n..." export GITHUB_WEBHOOK_SECRET=your_webhook_secret export DB_HOST=localhost export DB_PORT=5432 export DB_USER=postgres export DB_PASSWORD=your_password export DB_NAME=sky_genesis
-
Run the application
go run cmd/server/main.go
Once running, the following endpoints are available:
- Health Check:
GET /api/v1/health - Release Validation:
POST /api/v1/releases/validate - Deployment Authorization:
POST /api/v1/deployments/authorize - GitHub Webhooks:
POST /webhook/github
| Variable | Required | Description | Default |
|---|---|---|---|
PORT |
No | HTTP server port | 8080 |
GITHUB_APP_ID |
Yes | GitHub App ID | - |
GITHUB_PRIVATE_KEY |
Yes | GitHub App private key (PEM format) | - |
GITHUB_WEBHOOK_SECRET |
Yes | GitHub webhook secret | - |
GITHUB_BASE_URL |
No | GitHub API base URL | https://api.github.com |
DB_HOST |
No | Database host | localhost |
DB_PORT |
No | Database port | 5432 |
DB_USER |
No | Database user | postgres |
DB_PASSWORD |
Yes | Database password | - |
DB_NAME |
No | Database name | sky_genesis |
DB_SSLMODE |
No | Database SSL mode | disable |
Configure your GitHub App with these permissions for V1 functionality:
- Read access to:
Metadata- Read repository metadataContents- Read repository contentsIssues- Read issues (for audit context)Pull requests- Read pull requests
- Read access to:
Members- Read organization membersAdministration- Read organization settings
Installation- Installation/uninstallation eventsInstallation repositories- Repository added/removed from installationPing- GitHub ping eventsRelease- Release events (for future V2 features)Deployment- Deployment events (for future V2 features)
- Webhook URL:
https://your-domain.com/webhook/github - Content type:
application/json - Secret: Use a strong, randomly generated secret
- SSL verification: Enabled (recommended for production)
- Webhook Signature Verification - All webhooks verified using SHA-256 HMAC
- JWT Authentication - GitHub App JWT with 10-minute expiration
- Installation Token Management - Secure token handling with proper expiration
- Environment-Based Configuration - No hardcoded secrets or credentials
- Least Privilege Access - Minimal required permissions and scopes
- Secure Database Connections - SSL/TLS support with connection pooling
- Environment Variables - All secrets managed via environment variables
- Token Rotation - JWT tokens expire in 10 minutes, installation tokens in 1 hour
- Input Validation - All API inputs validated and sanitized
- Error Handling - Sensitive information never leaked in error messages
- Audit Logging - All security events logged for compliance
- CORS Configuration - Proper cross-origin resource sharing settings
GET /api/v1/healthResponse:
{
"status": "ok",
"timestamp": "2025-01-15T10:30:00Z",
"service": "skygenesisenterprise"
}POST /api/v1/releases/validate
Content-Type: application/json
{
"repository_id": 123456789,
"repository_name": "my-repo",
"owner_login": "my-org",
"tag_name": "v1.0.0",
"target_commitish": "main",
"installation_id": 987654321
}Response:
{
"release_id": "uuid-string",
"validation_status": "approved",
"validation_message": "Release validated successfully"
}POST /api/v1/deployments/authorize
Content-Type: application/json
{
"repository_id": 123456789,
"repository_name": "my-repo",
"owner_login": "my-org",
"ref": "main",
"sha": "abc123def456",
"environment": "production",
"installation_id": 987654321
}Response:
{
"deployment_id": "uuid-string",
"authorization_status": "approved",
"authorization_message": "Deployment authorized successfully"
}- β GitHub App Authentication - JWT and installation token handling
- β HTTP API Server - Core endpoints with Gin framework
- β Webhook Processing - Signature verification and event handling
- β Database Integration - PostgreSQL with migrations
- β Audit Logging - Basic event storage and retrieval
- β Containerization - Docker and docker-compose support
- π Advanced Validation Rules - Custom release validation policies
- π Deployment Approval Workflows - Multi-level authorization
- π Enhanced Audit System - Detailed event correlation and reporting
- π Admin Dashboard - Web-based configuration interface
- π Metrics & Monitoring - Prometheus integration and health checks
- π Multi-Environment Support - Staging, production, custom environments
- π Policy Engine - Advanced governance rules engine
- π Integration Marketplace - Third-party tool integrations
- π Advanced Security - SAML/OIDC integration, RBAC
- π Analytics & Reporting - Comprehensive DevOps insights
We welcome contributions to Sky Genesis Enterprise! Whether you're experienced with Go, GitHub Apps, or enterprise DevOps, there's a place for you.
- Fork the repository and create a feature branch
- Check the issues for tasks that need help
- Review the architecture and code patterns
- Start small - Documentation, tests, or minor features
- Follow our coding standards and commit guidelines
- Backend Development - Go services, API endpoints, business logic
- Security Experts - Authentication, authorization, vulnerability assessment
- DevOps Engineers - Deployment, monitoring, CI/CD optimization
- Database Specialists - Schema design, query optimization, migrations
- Documentation - API docs, user guides, technical writing
- Testing - Unit tests, integration tests, security testing
- Clean Architecture - Follow established patterns and separation of concerns
- Idiomatic Go - Use standard Go conventions and best practices
- Security First - All code reviewed for security implications
- Comprehensive Testing - Unit tests for all business logic
- Documentation - Clear, concise documentation for all APIs
- π Documentation - Comprehensive guides and API documentation
- π GitHub Issues - Bug reports and feature requests
- π‘ GitHub Discussions - General questions and ideas
- π§ Email - support@skygenesisenterprise.com
When reporting bugs, please include:
- Clear description of the problem
- Steps to reproduce the issue
- Environment information (Go version, PostgreSQL version, etc.)
- Error logs or screenshots
- Expected vs actual behavior
This project is licensed under the MIT License - see the LICENSE file for details.
MIT License
Copyright (c) 2025 Sky Genesis Enterprise
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
- Sky Genesis Enterprise - Project leadership and development
- Go Team - Excellent programming language and ecosystem
- Gin Framework - High-performance HTTP web framework
- GitHub - Platform and excellent developer tools
- PostgreSQL - Powerful, reliable database system
- Docker - Container platform simplifying deployment
- Open Source Community - Tools, libraries, and inspiration
β Star This Repo β’ π Report Issues β’ π‘ Start a Discussion
π§ V1 Foundation Complete - Ready for Enterprise Deployment!
Made with β€οΈ by the Sky Genesis Enterprise team
Building enterprise DevOps governance with security-first design and scalable architecture
