Releasebot

GitHub Integration

Learn how Releasebot integrates with GitHub, including permissions, webhooks, and app installation.

Releasebot integrates deeply with GitHub to automatically generate changelogs when you merge pull requests. This page explains how the integration works.

GitHub App

Releasebot uses a GitHub App to integrate with your repositories. This provides several benefits:

  • Fine-grained permissions - We only request the permissions we need
  • Webhook delivery - GitHub notifies us instantly when PRs are merged
  • Secure authentication - No personal access tokens required

Required Permissions

When you install the Releasebot GitHub App, we request the following permissions:

PermissionAccessPurpose
Pull requestsReadAccess PR titles, descriptions, and metadata
ContentsReadRead commit messages and changed files
MetadataReadRepository name, owner, and visibility

We never request write access to your code or repository settings.

Webhook Events

Releasebot subscribes to the following webhook events:

  • pull_request - Triggered when PRs are opened, closed, or merged
  • push - Triggered when commits are pushed (for branch tracking)

When a PR is merged to a tracked branch, we:

  1. Receive the webhook event from GitHub
  2. Verify the webhook signature for security
  3. Fetch additional PR details via the GitHub API
  4. Queue the changelog generation job

Installation

Installing on Your Account

  1. Go to Settings → Installations in Releasebot
  2. Click "Add repositories"
  3. Select your GitHub account or organization
  4. Choose which repositories to enable

Installing on an Organization

If you're installing on a GitHub organization:

  1. You need admin access to the organization
  2. After installation, organization members can access the dashboard
  3. Repository access follows your GitHub team permissions

Security

Webhook Verification

All incoming webhooks are verified using the X-Hub-Signature-256 header. We reject any requests with invalid or missing signatures.

Data Access

  • We only access data necessary for changelog generation
  • PR content is processed but not permanently stored
  • Generated changelogs are stored in our database

Revoking Access

You can revoke Releasebot's access at any time:

  1. Go to GitHub → Settings → Applications → Installed GitHub Apps
  2. Find Releasebot and click "Configure"
  3. Click "Uninstall" to remove all access

This will immediately stop changelog generation for all your repositories.

Troubleshooting

Webhooks Not Arriving

If changelogs aren't being generated:

  1. Check that the repository has the Releasebot app installed
  2. Verify the branch is being tracked in your settings
  3. Check the webhook delivery status in GitHub (Repository → Settings → Webhooks)

Permission Errors

If you see permission errors:

  1. Re-install the GitHub App
  2. Ensure you have admin access to the repository
  3. Check that the app has the required permissions