Skip to main content
The GitHub integration connects Kestrel to your GitHub repositories, enabling GitOps deployments, Infrastructure-as-Code remediation, and causal PR detection during incident investigation.

Prerequisites

  • Organization Admin role in Kestrel
  • GitHub organization admin access

Setup

1

Install the GitHub App

  1. Navigate to Integrations → CI/CD in your Kestrel dashboard
  2. Click Connect GitHub
  3. Select your GitHub organization in the installation page
  4. Choose which repositories to grant access to (all or selected)
  5. Click Install & Authorize
2

Configure IaC repositories (optional)

To enable IaC remediation on a repository:
  1. Expand the GitHub card to view your repositories
  2. Click Configure IaC on the target repository
  3. Select the IaC type: Terraform, CloudFormation, or Pulumi
  4. Set the root path (e.g., / or /terraform)
  5. Optionally link a cloud account (AWS or OCI) to match resources to the correct repository
  6. Click Enable IaC

Managing Repository Access

Repository access is managed through your GitHub App installation settings:
  1. Go to your GitHub organization settings
  2. Navigate to Installed GitHub Apps → Kestrel AI
  3. Update the repository selection

How It’s Used

In Workflows

Action blocks:
  • Create Pull Request — open a pull request with specified branch, title, and body
  • Create Issue — create a GitHub issue with labels, assignees, and body content
  • Trigger GitHub Action — trigger a GitHub Actions workflow run on a specified branch
  • Wait for GitHub Action Run — block workflow execution until a GitHub Actions run completes
  • Get GitHub Action Status — retrieve the current status of a GitHub Actions workflow run
  • Read File — read a file from a repository at a specified ref
  • Search Code — search repository code for patterns or keywords
  • AI Code Investigation — run an AI-powered investigation across repository code
  • AI Code Fix — generate an AI-powered code fix and commit it to a branch
  • Wait for PR Approval — block workflow execution until a pull request is approved
  • Wait for PR Merge — block workflow execution until a pull request is merged
  • Investigate GitHub Action Failure — fetch failed job logs from a GitHub Actions run and use AI to analyze the root cause, providing a summary of what failed and suggested fixes
Example: A workflow triggered by a Kubernetes incident searches the repo for the affected service code, runs an AI investigation, creates a fix PR, and waits for approval before merging.

In Incident Response

  • Causal PR detection — during root cause analysis, Kestrel identifies recent PRs/deployments that may have caused the incident
  • YAML fix PRs — click Create Pull Request on any AI-generated Kubernetes fix to open a PR with the change
  • IaC remediation — when Kestrel detects a cloud misconfiguration, it identifies the Terraform file managing that resource and opens a PR with the fix
  • Knowledge source — repository content provides context during incident investigation

In Cloud AI Copilot

  • Deploy AI-generated configurations via pull request from the chat interface
  • Ask about recent deployments: What PRs were merged to production in the last 24 hours?
  • Browse repository contents for IaC and Kubernetes manifests

IaC Remediation Workflow

For cloud incidents with connected IaC repositories:
  1. Kestrel detects a cloud misconfiguration (e.g., S3 bucket with public access)
  2. Kestrel identifies the Terraform file managing that resource across all connected repositories
  3. Kestrel generates a Terraform fix
  4. Click Create Pull Request to open a PR with the remediation
  5. The PR includes the full diff, fix description, and a link back to the incident

Disconnecting

To modify or remove the integration, manage the GitHub App installation from your GitHub organization settings.