Skip to content

Fix GitHub App failures when connecting to GitHub Enterprise #4542

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
wants to merge 2 commits into
base: main
Choose a base branch
from
Draft

Fix GitHub App failures when connecting to GitHub Enterprise #4542

wants to merge 2 commits into from

Conversation

@shahzadhaider1
Copy link
Contributor

@shahzadhaider1 shahzadhaider1 commented Nov 5, 2025
edited
Loading

Fixes GitHub App authentication failures when connecting to GitHub Enterprise Server instances by ensuring the API endpoint includes the required /api/v3 path component.

Problem

Customers using GitHub Apps with GitHub Enterprise Server were encountering 406 Not Acceptable errors during token refresh:

Root Cause

GitHub Enterprise Server requires all API endpoints to include /api/v3 in the path (docs). The issue occurred because:

  1. The go-github client library automatically adds /api/v3 via WithEnterpriseURLs() for REST API calls
  2. The ghinstallation library uses a separate BaseURL field to construct token refresh URLs as {BaseURL}/app/installations/{id}/access_tokens
  3. When users provided endpoint: https://github.company.com (without /api/v3), the ghinstallation library constructed the incorrect URL. Reference: GitHub Enterprise Endpoint

Solution

Added normalizeGitHubEnterpriseEndpoint() function in pkg/sources/github/connector.go that:

  • Ensures GitHub Enterprise Server endpoints include /api/v3 before passing to connector implementations
  • Leaves GitHub.com endpoints (api.github.com) unchanged

Impact Analysis:

  • GitHub App connector: Fixed (needed for ghinstallation)
  • Token connector: Safe (WithEnterpriseURLs checks before adding)
  • BasicAuth connector: Safe (WithEnterpriseURLs checks before adding)
  • Unauthenticated connector: Safe (WithEnterpriseURLs checks before adding)
  • GraphQL client: Safe (strips /api/v3 before adding /api/graphql)

Testing

Unit Tests

  • Added comprehensive unit tests for normalizeGitHubEnterpriseEndpoint()
  • Covers GitHub.com, GitHub Enterprise and edge cases

Manual Testing (GitHub.com)

Verified all authentication methods work correctly with GitHub.com:

  • GitHub App: Successfully scanned private and public repos
  • Token: Successfully scanned private and public repos
  • Basic Auth (username + token): Successfully scanned private and public repos
  • Unauthenticated: Successfully scanned public repos

Expected Behavior for GitHub Enterprise Server

With this fix, users can now configure GitHub Enterprise endpoints in any of these formats:

endpoint: https://github.company.com          # Will be normalized to /api/v3
endpoint: https://github.company.com/api/v3   # Already correct, unchanged

Both formats will now work correctly for all authentication types, including GitHub Apps.

Checklist:

  • Tests passing (make test-community)?
  • Lint passing (make lint this requires golangci-lint)?

@shahzadhaider1 shahzadhaider1 changed the title append /api/v3 to the github enterprise base urls Fix GitHub App failures when connecting to GitHub Enterprise Nov 5, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@shahzadhaider1