This connector triggers the SDLC pipeline from GitHub Issues and authenticates with the GitHub API via a GitHub App.
-
Go to GitHub > Settings > Developer settings > GitHub Apps > New GitHub App
-
Configure:
Field Value App name agentcore-sdlc(or your choice)Homepage URL https://github.com/your-orgCallback URL Leave blank (not needed) Webhook Uncheck "Active" -
Set Repository Permissions:
Permission Access Used by Contents Read & Write git clone,push_files,create_branchPull requests Read & Write create_pull_request,update_pull_requestIssues Read & Write issue_read,add_issue_comment, set labelsMetadata Read-only Required by GitHub -
Click Create GitHub App
-
Note the Client ID (starts with
Iv...) -
Generate a Private Key (Settings > Private keys > Generate). Download the
.pemfile and place it in the project root.
- Go to your GitHub App's page > Install App
- Select your personal account or organization
- Choose "Only select repositories" and pick the repos the agent should access
- Note the Installation ID: find it at
https://github.com/settings/installations(click the app, the ID is in the URL:/installations/<ID>)
Private Repositories: The GitHub App automatically has access to private repos you select during installation. No additional config needed.
Branch Protection: To prevent the agent from pushing directly to
main, add a branch protection rule:
- Repository > Settings > Branches > Add rule
- Branch name pattern:
main- Enable: Require a pull request, Require approvals (at least 1), Do not allow bypassing
Edit sdlc-config.yaml:
sourceControl:
type: github
github:
appClientId: "Iv23li..." # Client ID from Step 1
installationId: "134697255" # Installation ID from Step 2
privateKeyPath: "./my-app.pem" # Path to .pem file from Step 1npx cdk deployThe CDK stack will:
- Store the private key in AWS Secrets Manager
- Deploy the GitHub MCP servers (source control + project management)
- Register them as gateway targets
- Create the Step Functions pipeline
- Create a GitHub Actions OIDC role
After deploy, add the following secrets to your target repo (Settings > Secrets and variables > Actions):
| Secret | Value (from CDK output) |
|---|---|
SDLC_PIPELINE_ROLE_ARN |
GitHubActionsRoleArn output |
SDLC_PIPELINE_STATE_MACHINE_ARN |
StateMachineArn output |
Then copy the workflow:
cp project-management/github/connector/workflow/agent-start.yml \
/path/to/your-repo/.github/workflows/agent-start.yml