GitHub App
Install the Upshift GitHub App to run a dependency scan on every push to main and on every pull request. Optionally, the App posts a comment on PRs with outdated and vulnerability counts.
Install the App
Choose the account or org, then select which repositories can use the App. After you install, you’ll be sent to the next steps page (or set your App’s Setup URL to https://upshiftai.dev/github-app-installed so users land there).
After you install
For each repo where you installed the App:
- Add the workflow file. Copy .github/workflows/upshift-app-scan.yml from the Upshift repo into your repo’s
.github/workflows/(create the folder if needed). - Add repository secrets. In the repo: Settings → Secrets and variables → Actions. Create:
- APP_ID — Your GitHub App’s App ID (GitHub → Settings → Developer settings → GitHub Apps → your App).
- APP_PRIVATE_KEY — The full contents of the
.pemfile you downloaded when creating the App (include the BEGIN/END lines).
- Commit and push. The next push to
mainor the next PR will trigger the scan. On PRs, the App will post or update a comment with the results.
Detailed page: Upshift installed — next steps.
Creating your own App (self-host)
If you want to run your own GitHub App (e.g. for a private backend), use the ship checklist in the repo: create the App, set webhook URL and secret, deploy the Edge Function, then use the same workflow file and secrets (APP_ID, APP_PRIVATE_KEY) for your App’s values.
What the workflow does
- Triggers on push to
main, pull_request (opened/synchronize), and workflow_dispatch. - Installs dependencies (
npm cior equivalent), then runsupshift scan --json. - On PRs, posts a comment with outdated and vulnerability counts (or updates the existing comment).