The GitHub integration connects your repositories to Tapioca, enabling automatic time tracking evidence from commits, pull requests, and code reviews.
Overview
When connected, Tapioca receives webhook events from GitHub and:
- Creates Evidence - Records commits, PRs, and reviews as work evidence
- Links to Tasks - Automatically connects activity to tasks via ID patterns
- Updates Status - Optionally moves tasks through workflow states
- Tracks Reviews - Records code review activity for reviewers
Prerequisites
Before setting up the GitHub integration, ensure you have:
- Admin access to your GitHub organization (or personal account)
- Admin access to your Tapioca organization
- A Tapioca project to link repositories to
Installation Methods
Tapioca supports two methods for GitHub integration:
Method 1: GitHub App (Recommended)
The GitHub App is the recommended approach as it provides:
- Fine-grained permissions
- Automatic webhook configuration
- Better security with short-lived tokens
- Easy installation across multiple repositories
Navigate to Settings
Go to Settings → Integrations → GitHub in Tapioca
Click Install GitHub App
This opens GitHub's app installation flow
Select Organization
Choose which GitHub organization to install the app on
Choose Repositories
Select all repositories or specific ones
Authorize
Grant the requested permissions and complete installation
Required Permissions:
| Permission | Access | Purpose |
|---|---|---|
| Repository contents | Read | View commits and files |
| Pull requests | Read | Track PR events |
| Issues | Read | Import issues (optional) |
| Webhooks | Read & Write | Receive event notifications |
| Metadata | Read | Basic repository info |
Method 2: Personal Access Token (PAT)
Use a PAT if you cannot install apps or need simpler setup for personal repositories.
Create a PAT in GitHub
Go to GitHub Settings → Developer settings → Personal access tokens → Tokens (classic)
Select Scopes
Grant repo, read:user, and admin:repo_hook scopes
Copy the Token
Save the token securely—you won't see it again
Add to Tapioca
Go to Settings → Integrations → GitHub and enter the token
Configure Webhooks
Manually add webhooks to each repository (see below)
Token Security
Webhook Configuration
If using a PAT, you must manually configure webhooks for each repository.
Adding a Webhook
- Go to your GitHub repository → Settings → Webhooks
- Click “Add webhook”
- Configure the webhook:
| Field | Value |
|---|---|
| Payload URL | https://your-tapioca.com/api/v1/webhooks/github/{org-id} |
| Content type | application/json |
| Secret | Your webhook secret from Tapioca Settings |
| SSL verification | Enable |
Select events to trigger the webhook:
- Pull requests
- Pull request reviews
- Pull request review comments
- Issue comments
- Pushes
Click “Add webhook”
Verifying Webhook Delivery
After adding a webhook:
- Go to the webhook settings in GitHub
- Click “Recent Deliveries”
- Look for successful (green) deliveries
- Check for any errors in failed deliveries
Testing Webhooks
Repository Mapping
Link GitHub repositories to Tapioca projects for automatic task association.
Setting Up Mappings
- Go to Tapioca Settings → Integrations → GitHub → Repository Mappings
- Click “Add Mapping”
- Select the GitHub repository
- Choose the Tapioca project
- Configure automation options:
| Option | Description | Default |
|---|---|---|
| Auto-create tasks | Create tasks from PR titles if no task ID found | Off |
| Auto-close on merge | Close linked tasks when PR is merged | Off |
| Default status on PR open | Task status when PR is opened | (none) |
| Default status on PR merge | Task status when PR is merged | (none) |
Multiple Mappings
You can map multiple repositories to a single project, or use different projects for different repositories within the same organization.
github.com/mycompany/frontend → Tapioca Project: "Web App"
github.com/mycompany/backend → Tapioca Project: "API"
github.com/mycompany/infra → Tapioca Project: "Infrastructure"Commit Linking
Tapioca automatically links commits to tasks when task IDs are included in commit messages.
Supported Patterns
| Pattern | Example | Task ID Extracted |
|---|---|---|
| Prefix | TAP-123 Fix login bug | TAP-123 |
| Suffix | Fix login bug TAP-123 | TAP-123 |
| Brackets | [TAP-123] Fix login bug | TAP-123 |
| Colon | TAP-123: Fix login bug | TAP-123 |
| Multiple | TAP-123, TAP-456: Fix bugs | TAP-123, TAP-456 |
Keywords for Actions
Certain keywords trigger automatic task status changes:
| Keywords | Action |
|---|---|
fixes, closes, resolves | Moves task to configured “Done” status |
refs, relates, see | Links without status change |
Examples:
# Links to task, no status change
git commit -m "refs TAP-123: Add unit tests"
# Links to task and moves to Done on merge
git commit -m "fixes TAP-123: Resolve memory leak"Merge vs. Commit
Pull Request Integration
PR to Task Linking
PRs are linked to tasks using the same patterns as commits, but Tapioca also checks:
- PR title
- PR description
- Branch name
- Commits in the PR
Branch naming conventions:
feature/TAP-123-add-login
bugfix/TAP-456-memory-leak
TAP-789/new-featureAutomatic Status Updates
Configure task status transitions based on PR events:
| PR Event | Example Status Change |
|---|---|
| PR Opened | “To Do” → “In Progress” |
| PR Marked Ready | “In Progress” → “In Review” |
| PR Approved | (no change) |
| PR Merged | “In Review” → “Done” |
| PR Closed (not merged) | “In Progress” → “To Do” |
Configure these in Settings → Integrations → GitHub → Automation Rules.
Draft PRs
Draft PRs are tracked but don’t trigger “PR Opened” status changes until marked ready for review. This prevents premature status updates while work is still in progress.
Code Review Tracking
Tapioca creates evidence for code review activity:
Review Evidence
When someone submits a PR review, Tapioca records:
- Reviewer username (linked to Tapioca user if connected)
- Review type (approved, changes requested, commented)
- Time of review
- PR information
This allows tracking time spent on code reviews even when reviewers aren’t explicitly logging time.
Review Comments
PR comments and review comments are also captured as evidence, enabling:
- Tracking discussion/collaboration time
- Linking code review feedback to tasks
- Auditing code review activity
Evidence Events
Every GitHub interaction creates an evidence event in Tapioca:
Evidence Types
| Source | Event Type | Description |
|---|---|---|
github_pr | pr_opened | Pull request created |
github_pr | pr_merged | Pull request merged |
github_pr | pr_closed | Pull request closed without merge |
github_commit | commit | Commit pushed |
github_comment | comment | Comment on PR or issue |
github_review | approved | PR approved |
github_review | changes_requested | Changes requested on PR |
github_review | commented | Review submitted as comment only |
Viewing Evidence
- Go to any task in Tapioca
- Click the “Evidence” tab
- View all linked GitHub activity with timestamps
Evidence can also be viewed:
- On user timesheets (shows evidence alongside time entries)
- In reports (filter by evidence source)
- Via API (for custom integrations)
User Mapping
Link GitHub users to Tapioca users for proper attribution:
Automatic Mapping
Tapioca attempts to match users by:
- Email address (if GitHub email matches Tapioca email)
- Previously linked accounts
Manual Mapping
For users that can’t be auto-matched:
- Go to Settings → Integrations → GitHub → User Mappings
- Click “Add Mapping”
- Enter the GitHub username
- Select the Tapioca user
- Save
Multiple GitHub Accounts
Troubleshooting
Commits Not Linking
Check task ID format:
- Ensure task ID matches your project prefix (e.g.,
TAP-123) - Task ID must be uppercase
- Include separator (e.g.,
TAP-123:notTAP123)
Check repository mapping:
- Verify the repository is mapped to the correct project
- Confirm auto-linking is enabled
Webhooks Not Received
Verify webhook configuration:
- Check the payload URL matches your Tapioca instance
- Verify the secret token is correct
- Check GitHub webhook delivery history for errors
Check Tapioca logs:
- Look for webhook errors in Settings → System → Logs
- Common issues: signature mismatch, invalid JSON, missing org
PR Status Updates Not Working
Verify automation rules:
- Check Settings → Integrations → GitHub → Automation Rules
- Ensure the status transition is configured
- Verify the target status exists in your project workflow
Check task state:
- Automation only works if the task is in the expected source state
- Tasks in unexpected states won’t transition
GitHub App Installation Failed
Common causes:
- Insufficient permissions on GitHub organization
- Browser blocking popup windows
- OAuth flow interrupted
Solutions:
- Ensure you’re an admin of the GitHub organization
- Disable popup blockers temporarily
- Try a different browser
- Check browser developer console for errors
Advanced Configuration
Environment Variables
For self-hosted Tapioca instances:
integrations:
github:
webhook_secret: "your-secure-secret"
app_id: "12345"
app_private_key: |
-----BEGIN RSA PRIVATE KEY-----
...
-----END RSA PRIVATE KEY-----
default_base_url: "https://api.github.com" # or GitHub Enterprise URLGitHub Enterprise
For GitHub Enterprise Server:
- Use the same installation methods above
- Configure the base URL in Tapioca settings
- Ensure network connectivity between Tapioca and your GHE instance
- For self-signed certificates, configure trusted CAs
Rate Limiting
Tapioca respects GitHub’s API rate limits:
- Uses authenticated requests (5,000/hour)
- Implements exponential backoff
- Caches responses where appropriate
If you hit rate limits, consider:
- Using GitHub App auth (higher limits)
- Reducing polling frequency
- Enabling only needed webhook events
API Reference
Webhook Endpoint
POST /api/v1/webhooks/github/{org-id}
Headers:
X-GitHub-Event: pull_request
X-Hub-Signature-256: sha256=...
X-GitHub-Delivery: {uuid}Integration Settings API
GET /api/v1/organizations/{org-id}/integrations/github
PUT /api/v1/organizations/{org-id}/integrations/githubSee the API Documentation for full details.