⌘K
v2026.1 Open Portal ↗
On this page

GitHub Sync

GitHub Sync Overview

The StackFlow GitHub Sync integration provides bidirectional synchronization between GitHub and StackFlow. The StackFlowGitHubSync Lambda function handles inbound events from GitHub webhooks (push, pull request, deployment) and outbound sync of StackFlow workflow and configuration definitions to a designated GitHub repository.

⚙️ Minimum Requirements
  • GitHub App: StackFlow GitHub App installed on the target organization with contents:read, deployments:read, pull_requests:read permissions
  • Secrets Manager: GitHub App private key at stackflow/integrations/github/private-key
  • Lambda: StackFlowGitHubSync deployed with API Gateway webhook endpoint for GitHub push events
  • DynamoDB: StackFlow_GitHubSync table for tracking sync state and deployment records

Webhook Configuration

Configure the GitHub webhook in your repository settings to point to the StackFlow GitHub inbound webhook endpoint. The endpoint URL is available in Integrations → GitHub → Webhook Setup. The webhook must be configured with the following events: push, pull_request, deployment, deployment_status, and release.

gh api repos/{owner}/{repo}/hooks -X POST   -f name="web"   -f config.url="https://your-instance.stackflow-tech.com/prod/api/integrations/github/webhook"   -f config.content_type="json"   -f config.secret="$WEBHOOK_SECRET"   -f events='["push","pull_request","deployment","deployment_status","release"]'   -f active="true"
Webhook Secret: The webhook secret is used to verify HMAC-SHA256 signatures on incoming payloads. Generate a strong random secret and store it in AWS Secrets Manager. Configure the same value in both GitHub and the StackFlow GitHub integration settings.

Workflow-as-Code

StackFlow workflow definitions can be stored and versioned in a GitHub repository. When workflow JSON files are merged to the main branch, the GitHub Sync Lambda automatically imports them into StackFlow. This enables GitOps-style workflow management with peer review, version history, and rollback via git revert.

# Repository structure for workflow-as-code
stackflow-config/
├── workflows/
│   ├── incident-auto-triage.json
│   ├── change-risk-assessment.json
│   └── sla-escalation.json
├── catalog-items/
│   └── new-laptop-request.json
└── prompt-templates/
    └── copilot-system.md

Change Tracking

GitHub pull requests merged to the main branch can automatically create Change records in StackFlow. Configure the mapping in Integrations → GitHub → Change Tracking: specify which branches trigger change creation, the default change type, and how PR labels map to change attributes.

Deployment Tracking

GitHub deployment events automatically update the corresponding StackFlow Change record status. A successful deployment transitions the Change to "Implemented". A failed deployment triggers the change rollback workflow and creates a linked P1 incident. This provides complete deployment visibility from code merge to production deployment in the StackFlow Change timeline.

← Previous
AppFlow
AWS AppFlow data pipelines
AWS Infrastructure
Lambda, Aurora, Neptune, Redis, S3