OpenAB Review Council (GitHub App)
GitHub App webhook install for a self-hosted, CodeRabbit-style PR-review council: a control plane + 3 stock OpenAB Claude pods deliberate on a PR and post one verdict as your GitHub App bot. After deploy, point the App webhook at /api/v1/github_webhooks and provision the chair volume with the App private key. Do not also install the copied Action on the same repo.
GitHub App webhook install for a self-hosted, CodeRabbit-style PR-review council: a control plane + 3 stock OpenAB Claude pods deliberate on a PR and post one verdict as your GitHub App bot. After deploy, point the App webhook at /api/v1/github_webhooks and provision the chair volume with the App private key. Do not also install the copied Action on the same repo.
Zeabur
Zeabur
OpenAB Review Council (GitHub App)
Use this template when you want a webhook trigger with no copied workflow file in each target repo. PR events arrive through a GitHub App webhook, and the chair posts the verdict as your GitHub App bot after you provision its persistent volume.
It deploys a control plane plus 3 stock OpenAB Claude pods (1 chair + 2 reviewers). No per-bot setup is needed; every pod uses the same Claude Code OAuth token.
Required variables
PUBLIC_DOMAIN: the control-plane domain, for examplemy-council.CLAUDE_CODE_OAUTH_TOKEN: fromclaude setup-token.GITHUB_WEBHOOK_SECRET: random HMAC secret, for example fromopenssl rand -hex 32.
GitHub App setup
- Create a GitHub App with:
- Permissions:
Pull requests: Read and write,Contents: Read-only. - Events: Pull requests and Issue comments.
- Webhook URL:
https://my-council.zeabur.app/api/v1/github_webhooks. - Webhook secret: the same
GITHUB_WEBHOOK_SECRETvalue.
- Permissions:
- Install the App on the target repo.
- Generate a private key (
.pem) and note the App ID and installation ID.
Chair App identity
-
Copy
scripts/get-gh-app-token.shfrom the source repo and set itsAPP_IDandINSTALLATION_ID:https://github.com/canyugs/openab-control-plane/blob/main/scripts/get-gh-app-token.sh -
Upload the private key to the chair service at
/home/node/.github-app.pem. -
Upload the edited token-minter to
/home/node/bin/get-gh-app-token.sh. -
Set permissions in the chair service:
chmod 600 /home/node/.github-app.pem chmod +x /home/node/bin/get-gh-app-token.sh chown node:node /home/node/.github-app.pem /home/node/bin/get-gh-app-token.sh -
Restart the chair service.
-
Verify in the chair service that
HOME=/home/node gh auth statusshows the App bot account.
Triggers
- Automatic: PR opened, reopened, or marked ready for review.
- Manual review: an OWNER / MEMBER / COLLABORATOR comments
/reviewon the PR. - Follow-up questions:
/ask <question>works through the webhook path.@mentionalso works after settingOABCP_BOT_HANDLEon the control-plane.
Use this GitHub App template or the PAT template, not both on one repo, or one
PR event can convene two councils. The control plane does not need
GITHUB_APP_ID, GITHUB_APP_INSTALLATION_ID, or GITHUB_APP_PRIVATE_KEY for
this pod-local posting path.
For private repos, reviewer pods also need GitHub read access to self-fetch the PR diff. Public repos work anonymously; private repos should add read-only reviewer credentials or use the separate per-role App token path.
Full guide:
https://github.com/canyugs/openab-control-plane/blob/main/docs/template.md