Skip to content

GitHub integration

Connect GitHub once and Pipemason can push branches and open pull requests on private repositories for you — without you managing tokens on your machine.

Connect once

Go to pipemason.com/settings and click Connect GitHub. You'll authorize the OAuth app for the repo and read:user scopes. The cloud control plane stores an encrypted access token and uses it to list your accessible repos and to hand the runner credentials when it needs them.

How it works during a run

The runner doesn't hold a long-lived GitHub token. Instead, it requests a fresh token before each git operation, so commands like git push and gh pr create work against private repositories automatically:

pipemason start "add a /healthz endpoint that returns 200" --pr

With a connected repository and the --pr flag, the run pushes its branch and opens a pull request at the finalize phase, capturing the PR URL in the run summary. Program runs use the same mechanism to manage stacked branches and PRs.

Note

Without --pr, the finished branch is still pushed — only the pull request creation is opt-in.

When you can skip it

Connecting GitHub is optional. If you only ever push over SSH and don't want Pipemason auto-creating pull requests, you can skip this step entirely — the runner falls back to your existing local git authentication.

  • Connect GitHub if you want automated branch/PR management on private repos and HTTPS pushes.
  • Skip it if your push path is already SSH and you prefer to open PRs yourself.

Revoke access anytime

You stay in control of the connection. Disconnect whenever you like:

  1. From pipemason.com/settings, click Disconnect; or
  2. From GitHub's Authorized OAuth Apps page, revoke the Pipemason app.

Tip

If you ever see a token error, disconnect and reconnect from pipemason.com/settings to mint a fresh authorization.