GitHub Organization Setup

Use this when you want one org-level setup that covers many repositories. The pattern is: set credentials once at the organization level, then run Warden from your shared .github workflow conventions.

1. Set Organization Secrets

Go to Organization Settings → Secrets and variables → Actions, then add:

WARDEN_ANTHROPIC_API_KEY
Required. API key used by the action runtime.
WARDEN_MODEL (optional)
Model override for all repos using the shared workflow.
WARDEN_SENTRY_DSN (optional)
Telemetry DSN. When unset, telemetry is a no-op.

2. Create and Install a GitHub App (Optional, Recommended)

For branded comments and org-wide repository access:

npx warden setup-app --org your-org

The generated app uses these permissions:

Add these org secrets after app creation:

WARDEN_APP_ID
GitHub App ID.
WARDEN_PRIVATE_KEY
Full PEM private key contents.

3. Use the Org .github Workflow Pattern

Keep a canonical workflow in your org .github repository and have repos consume that convention.

name: Warden

on:
  pull_request:
    types: [opened, synchronize, reopened]

jobs:
  warden:
    runs-on: ubuntu-latest
    permissions:
      contents: read
    env:
      WARDEN_ANTHROPIC_API_KEY: ${{ secrets.WARDEN_ANTHROPIC_API_KEY }}
      WARDEN_MODEL: ${{ secrets.WARDEN_MODEL }}
      WARDEN_SENTRY_DSN: ${{ secrets.WARDEN_SENTRY_DSN }}
    steps:
      - uses: actions/checkout@v4

      - uses: actions/create-github-app-token@v2
        id: app-token
        with:
          app-id: ${{ secrets.WARDEN_APP_ID }}
          private-key: ${{ secrets.WARDEN_PRIVATE_KEY }}
          owner: ${{ github.repository_owner }}

      - uses: getsentry/warden@v0
        with:
          github-token: ${{ steps.app-token.outputs.token }}

4. Roll Out Safely Across Repositories

Not every repository needs to opt in on day one.

5. Failure Behavior

Org-wide workflows still fail for real errors: