Git
Last updated on May 21, 2026
You connect a repo to a Procedure once. From that point on, every push to a tracked branch produces a Deployment, and pushes to the production branch push to every Station bound to that branch.
Supported providers
TofuPilot integrates natively with the providers below. For everything else, deploy through the CLI or the REST API.
| Provider | Authentication | Webhook scope |
|---|---|---|
| GitHub (Free, Team, Enterprise Cloud) | GitHub App | App-level |
| GitLab (Free, Premium, Ultimate) | Group or project access token | Group or project |
| GitLab Self-Managed | Group or project access token | Group or project |
Connect a repository
Follow the steps below to wire a repository to a procedure.
Open the procedure and go to Settings > Repository.
Pick GitHub or GitLab. For GitHub, install the TofuPilot GitHub App on the account or organization. For GitLab, paste a group access token (preferred) or a personal access token with api and read_repository scopes.
Select the repository. TofuPilot registers the webhook automatically.
Pick the production branch. Pushes to this branch produce production deployments, and pushes to every other branch produce preview deployments.
Save. The next push to any tracked branch triggers a build.
Production branch
A production Deployment is created each time a commit lands on the production branch. The default is main, and you can change it under Settings > Repository > Production branch.
Switching the production branch only affects future pushes. Existing deployments keep their original environment label.
Preview branches
Every non-production branch is a preview branch. Pushes to these branches produce preview deployments with their own ID, and preview deployments do not auto-promote to production.
Private repositories
You can connect private repositories from either provider:
- GitHub: install the TofuPilot GitHub App with access to the repo. Authentication uses short-lived installation tokens.
- GitLab: generate a Group Access Token scoped to the group. The token is encrypted at rest.
When a commit arrives, the committer's TofuPilot identity is matched against the commit author's verified email. If no member matches, the deployment still builds, but it is not auto-promoted.
Forks of public repositories
Pushes to a fork do not deploy automatically. An Admin or Owner authorizes the deployment from the procedure's Deployments page, and authorization is per-PR. Once a PR is authorized, subsequent pushes to the same PR build automatically.
Re-running a failed deployment
When a build fails, open the failed deployment and click Rebuild. The deployment re-runs for the same commit against fresh infrastructure.
Detaching a repository
When you want to remove the integration, follow these steps:
- Open Settings > Repository.
- Click Disconnect repository.
The webhook is removed, while existing deployments are preserved and stay pinned to their stations.
How is this guide?
Deployments
Learn how TofuPilot deployments build a procedure version from Git and ship it to one or many factory stations with status, environment, and trigger metadata.
Environments
Learn how TofuPilot tags every deployment with production, preview, or development so you can ship safely from laptop to factory.