Connect Zeo to GitHub
Zeo's GitHub integration is configured through repository settings and local environment variables. This page does not require any hosted signup or secret exchange in the browser.
- Create a GitHub App and grant Checks (Read & write) and Pull requests (Read-only).
- Set GITHUB_APP_ID, GITHUB_PRIVATE_KEY, and GITHUB_WEBHOOK_SECRET in your local .env.
- Configure webhook delivery to /api/webhooks/github when running the web app locally or in deployment.
- Use repository-scoped tokens where possible and rotate secrets regularly.
OAuth environment variables
Configure these public variables to make OAuth consent routing explicit across preview and production deployments.
| Variable | Required | Default | Purpose |
|---|---|---|---|
| NEXT_PUBLIC_OAUTH_CONSENT_URL | Optional | /oauth/consent | Public route used by Sign In links before handing off to Supabase hosted OAuth. |
| NEXT_PUBLIC_OAUTH_PROVIDER | Optional | github | OAuth provider name passed to Supabase /auth/v1/authorize (for example: github, google). |
| NEXT_PUBLIC_OAUTH_REDIRECT_TO | Optional | /app | Post-auth redirect target sent with the Supabase authorize request. |
Security notes
- Use least-privilege permissions for GitHub Apps and personal tokens.
- Never commit credentials to source control; keep values in .env files only.
- Rotate credentials after team changes or suspected exposure.