CodeCharter is the name of CodeCharter's GitHub App identity. If you search for it on GitHub, look for "CodeCharter" — that is the app, not a separate product.
The CodeCharter GitHub App is the recommended way to publish CodeCharter results on GitHub. With it installed, the action posts a branded CodeCharter check run and a pull request summary comment through the portal, under the app's own identity.
What you get over the bare action:
- A branded CodeCharter check (and a stable check name you can require in
branch protection) instead of a
github-actions[bot]comment. - No GitHub token on the runner and no
pull-requests: writein your workflow — the app carries the permissions.
The app does not remove every secret from the workflow: to publish results, the
action still needs your portal API key (the api-key input, stored as the
CODECHARTER_API_KEY secret) and an active subscription — only the GitHub token
becomes unnecessary. Because that key is a repository secret and GitHub withholds
secrets from workflows triggered by forked pull requests, publishing through the
app does not work on forked-PR builds. Also note that the check run shows at most
50 inline annotations per publish.
The app does not replace the action
CodeCharter still runs in your workflow — the action sends nothing of your code to our servers; the analysis happens on your runner as before. The app only changes how the results are published: instead of the workflow token, the action hands the result to the portal, which posts it as CodeCharter. If the app is not installed, the action falls back to the workflow-token comment, so nothing breaks. See GitHub Actions for the workflow setup.
The action is also not the only way to publish through the app: the underlying portal endpoint is a documented API you can call from any CI system — see Publish checks from any CI.
Install
- Open github.com/apps/codecharter
and install it on your organization (or selected repositories).
If GitHub does not show the install button, make sure you are logged in to GitHub with the account that owns the organization. If you have multiple GitHub accounts, switch to the correct one in the GitHub header before visiting the link.
- You are redirected back to the portal, which links the installation to your CodeCharter account automatically — this works only while you are signed in to the portal in the same browser. You can review the connection any time on the GitHub page in the portal sidebar. If the linking fails, the portal redirects you with an error message: sign in to the portal, open the GitHub page, and start the installation from there again.
- Keep using the action as usual. On the next pull
request you'll see the CodeCharter check and comment — and you can remove
pull-requests: writefrom the workflow.
Branch protection
Require the CodeCharter check in your branch protection rule (Settings → Branches → Require status checks). The check name is stable, so the gate keeps working across workflow renames.
Removing it
Uninstall the app from your GitHub organization's settings at any time. CodeCharter
then falls back to the workflow-token comment automatically. For the fallback comment
to work you need to add pull-requests: write back to the workflow permissions
(see Permissions).