GitHub’s REST API is less about "automating GitHub" and more about treating GitHub’s Git repository and social coding features as programmable building blocks for complex workflows.
Let’s say you want to automatically create a release branch every time a new tag is pushed. This isn’t something GitHub does out-of-the-box, but it’s trivial with the API.
First, we need to detect the tag push. Webhooks are the standard way to do this. You configure a webhook in your repository’s settings (Settings > Webhooks) that points to an endpoint you control. When a tag is pushed, GitHub sends a POST request to this endpoint with a JSON payload describing the event.
Here’s a snippet of what that payload might look like for a tag push:
{
"ref": "refs/tags/v1.2.3",
"before": "a1b2c3d4e5f67890abcdef1234567890abcdef12",
"after": "f0e9d8c7b6a54321fedcba9876543210fedcba98",
"ref_type": "tag",
"pusher": {
"name": "octocat",
"email": "octocat@example.com",
"username": "octocat"
},
"repository": {
"id": 12345,
"name": "Spoon-Knife",
"full_name": "octocat/Spoon-Knife",
"private": false,
// ... other repo details
},
"sender": {
"login": "octocat",
// ... other sender details
}
}
Your webhook receiver will parse this JSON. The key fields are ref (which will start with refs/tags/) and repository.full_name. From ref, you can extract the tag name (e.g., v1.2.3).
Once you have the tag name and repository, you can use the API to create a new branch. You’ll need a Personal Access Token (PAT) from GitHub with repo scope. You can generate one at github.com/settings/tokens.
The API endpoint for creating a reference (which includes branches and tags) is:
POST /repos/{owner}/{repo}/git/refs
The request body would look like this:
{
"ref": "refs/heads/release/v1.2.3",
"sha": "f0e9d8c7b6a54321fedcba9876543210fedcba98"
}
Here, ref specifies the new branch name (prefixed with refs/heads/), and sha is the commit SHA that this new branch should point to. You can get this sha from the after field in the webhook payload.
So, your webhook receiver would:
- Parse the incoming JSON payload.
- Check if
ref_typeistag. - Extract the tag name from
ref(e.g.,v1.2.3). - Extract the commit SHA from
after. - Extract the repository owner and name from
repository.full_name. - Make a
POSTrequest tohttps://api.github.com/repos/{owner}/{repo}/git/refswith a JSON body containing{"ref": "refs/heads/release/<tag_name>", "sha": "<commit_sha>"}. - Include an
Authorization: token <YOUR_PAT>header in your request.
This process effectively mirrors the tag push by creating a new branch pointing to the same commit. You can extend this by, for example, automatically creating an issue or an entry in a project board associated with that release.
The API isn’t just for creating things; it’s also for querying and updating. You can fetch repository contents, list commits, manage pull requests, add comments, and much more. The key is understanding the resource paths and the expected request/response formats. For example, to get repository details:
GET /repos/{owner}/{repo}
To get a list of branches:
GET /repos/{owner}/{repo}/branches
To get a list of tags:
GET /repos/{owner}/{repo}/tags
The GitHub API documentation is your best friend here. It details every endpoint, its parameters, and example responses.
One of the most powerful, yet often overlooked, aspects of the REST API is its ability to manage repository permissions and collaborators programmatically. You can add or remove users as collaborators, grant specific team permissions to repositories, and even manage organization-level settings if your token has the appropriate scope. This is crucial for automated onboarding or offboarding processes in larger teams.
The next logical step after automating branch creation based on tags is to automate the CI/CD pipeline trigger, or even better, use the API to manage the pipeline configurations themselves.