Core Concepts
CodeCargo GitHub Integration
CodeCargo is deeply integrated with GitHub; it’s the foundation of how our platform works. We built CodeCargo to feel like a natural extension of your GitHub environment, using GitHub Apps, GitHub SSO, and GitHub Actions to deliver powerful, secure developer workflows.
GitHub App Installation
To use CodeCargo, you must install the CodeCargo GitHub App in your organization or personal account. This app allows CodeCargo to securely interact with your repositories, workflows, and environments.
GitHub App installation instructions
Required Permissions
When installing the CodeCargo GitHub App, you will be prompted to grant specific permissions. Here's what we request and why:
| Permission | Access Level | Why We Need It |
|---|---|---|
| Administration | Read | To view repository and organization settings. |
| Metadata | Read | To identify accessible repositories. |
| Organization Administration | Read | To view organization-level settings. |
| Organization Self Hosted Runners | Read | To view self-hosted runner configurations. |
| Actions | Read/Write | To dispatch workflows and monitor their status. |
| Actions Variables | Read/Write | To manage workflow variables. |
| Code | Read/Write | To access repository code and contents. |
| Deployments | Read/Write | To manage deployment environments. |
| Environments | Read/Write | To configure and manage environments. |
| Pull Requests | Read/Write. | To create and trigger jobs |
| Members | Read/Write | To manage organization membership. |
| Organization Actions Variables | Read/Write | To manage organization-level action variables. |
| Organization Secrets | Read/Write | To manage organization-level secrets. |
| Secrets | Read/Write | To manage repository secrets. |
| Workflows | Read/Write | To create, modify, and execute workflows. |
Repository Access
You can choose which repositories the app has access to — all repos or only selected ones.
GitHub-Based Sign In
All CodeCargo users sign in through GitHub SSO. This means:
- No passwords or secondary accounts
- Your GitHub identity is your CodeCargo identity
- Access and role mapping can align with your GitHub teams
To use CodeCargo, your users must have an active GitHub account.
GitHub Permissions and Access Control
CodeCargo respects GitHub permissions wherever possible. We do not override or bypass your GitHub org’s access model.
- If a user doesn't have access to a repository, they can't see or trigger workflows in it through CodeCargo.
- We only dispatch workflows using the GitHub App’s token and the current user’s session context.
- Read/write operations (e.g. triggering a workflow, viewing logs) are scoped to the exact repositories and permissions you've granted.
This ensures that:
- Only developers with the right access in GitHub can run critical workflows
- Audit trails remain consistent between GitHub and CodeCargo
- You never have to manage permissions in two places
Practical Examples
Here are a few examples of how CodeCargo directly integrates with GitHub:
- Import GitHub Actions Workflows as Buildling Blocks, and then create a Self-Service Workflow. When users run these, our application will trigger the workflow with your GitHub settings
- Directly edit Building Blocks using the AI Assistant and create a PR in GitHub with the changes
- Create a new GitHub repository and add it to a project in CodeCargo
- Provide a GitHub user with read permissions to a GitHub repository automatically gives them read access to any CodeCargo Projects that include that repository
Behind the Scenes
Under the hood:
- We use the GitHub REST API and GitHub Actions Workflow Dispatch API to trigger jobs.
- All workflow runs initiated by CodeCargo are visible in your GitHub Actions history.
- You maintain full control — we never take over your CI/CD system.
Need help installing the GitHub App or setting up your first workflow? Head over to the Quickstart Guide or contact our support team.