Review comments are incorporated

Author: cbehera-newrelic

src/content/docs/service-architecture-intelligence/github-integrations/github-enterprise-integration.mdx

@@ -48,7 +48,7 @@ In your GHE instance, navigate to **Settings → Developer Settings → GitHub A
 
 Configure app permissions accurately to ensure seamless data fetching during the initial sync and efficient listening to webhook events thereafter. App permissions define the scope of access that the application has to various repository and organizational resources on GitHub. By tailoring these permissions, you can enhance security, ensuring that the application only accesses the necessary data while minimizing exposure. Proper configuration facilitates smooth initial data synchronization and reliable event handling, optimizing the application's integration with GitHub's ecosystem.
 
-For detailed guidance on GitHub App permissions, refer to the [GitHub documentation on setting permissions for GitHub Apps](https://docs.github.com/en/apps/creating-github-apps/setting-up-a-github-app/setting-permissions-for-github-apps).
+For detailed guidance on GitHub App permissions, refer to the [GitHub documentation on setting permissions for GitHub Apps](https://docs.github.com/en/apps/creating-github-apps/registering-a-github-app/choosing-permissions-for-a-github-app).
 
 #### Required repository permissions
 
@@ -64,59 +64,19 @@ Configure the following repository-level permissions exactly as shown to enable
 * **Pull requests**: Selected ✓
 * **Webhooks**: Read-only ✓
 
-**Leave these permissions as "No access":**
-* Actions
-* Attestations
-* Code scanning alerts
-* Codespaces
-* Codespaces lifecycle admin
-* Codespaces metadata
-* Codespaces secrets
-* Dependabot alerts
-* Dependabot secrets
-* Discussions
-* Environments
-* Issues
-* Merge queues
-* Packages
-* Pages
-* Projects
-* Repository security advisories
-* Secret scanning alert dismissal requests
-* Secret scanning alerts
-* Secret scanning push protection bypass requests
-* Secrets
-* Single file
-* Variables
-* Workflows
 
 #### Required organization permissions
 
 Configure the following organization-level permissions exactly as shown:
 
 * **Administration**: Read-only ✓
-* **Custom organization roles**: Selected ✓
-* **Custom properties**: Selected ✓
-* **Custom repository roles**: Selected ✓
-* **Events**: Selected ✓
-* **Members**: Selected ✓
-* **Webhooks**: Selected ✓
-
-**Leave these permissions as "No access":**
-* Blocking users
-* Organization announcement banners
-* Organization codespaces
-* Organization codespaces secrets
-* Organization codespaces settings
-* Organization dependabot secrets
-* Organization hooks
-* Organization packages
-* Organization plan
-* Organization projects
-* Organization secrets
-* Organization self hosted runners
-* Plan
-* Team discussions
+* **Custom organization roles**: Read-only ✓
+* **Custom properties**: Read-only ✓
+* **Custom repository roles**: Read-only ✓
+* **Events**: Read-only ✓
+* **Members**: Read-only ✓
+* **Webhooks**: Read-only ✓
+
 
 #### Webhook event subscriptions
 
@@ -130,7 +90,12 @@ Select the following webhook events exactly as shown for real-time synchronizati
 * `deployment` - Deployment activities
 * `deployment_review` - Deployment review processes
 * `deployment_status` - Deployment status updates
+* `discussion` - Discussion activities
+* `discussion_comment` - Comments on discussions
+* `installation` - GitHub App installation events
+* `installation_repositories` - Repository access changes for installations
 * `installation_target` - GitHub App installation changes
+* `issue_comment` - Comments on issues
 * `member` - Member profile changes
 * `membership` - Member additions and removals
 * `organization` - Organization-level changes
@@ -142,26 +107,6 @@ Select the following webhook events exactly as shown for real-time synchronizati
 * `team` - Team creation and modifications
 * `team_add` - Team member additions
 
-**Leave these events unselected:**
-* `branch_protection_configuration`
-* `check_run`
-* `fork`
-* `gollum`
-* `issues`
-* `label`
-* `merge_queue_entry`
-* `meta`
-* `milestone`
-* `public`
-* `release`
-* `repository_dispatch`
-* `repository_ruleset`
-* `security_and_analysis`
-* `star`
-* `status`
-* `watch`
-* `workflow_dispatch`
-* `workflow_job`
 
 <Callout variant="tip">
 **Security best practice**: Only enable the minimum permissions required for your integration needs. This reduces security exposure and follows the principle of least privilege access.
@@ -172,17 +117,17 @@ Select the following webhook events exactly as shown for real-time synchronizati
 Configure the Webhook URL and create a custom Event Secret for secure communication:
 
 * **Webhook URL**: Use the following format based on your collector service deployment:
-  * For HTTP: `http://your-collector-host:8080/webhook`
-  * For HTTPS: `https://your-collector-host:8443/webhook`
+  * For HTTP: `http://your-domain-name/github/sync/webhook`
+  * For HTTPS: `https://your-domain-name/github/sync/webhook`
 
   **Example**: If your collector service is deployed at `collector.yourcompany.com`, the webhook URL would be:
-  `https://collector.yourcompany.com:8443/webhook`
+  `https://collector.yourcompany.com/github/sync/webhook`
 
 * **Event Secret**: Generate a secure random string (32+ characters) for webhook authentication. Save this value as you'll need it for the `GITHUB_APP_WEBHOOK_SECRET` environment variable.
 
 ### Generate and convert keys
 
-1. Upon creation, the app will generate a unique App ID and a Private Key file (.pem format). Save these securely as they will be needed for the collector service configuration.
+1. Upon creation, the app will generate a unique App ID and a Private Key file (.pem format). Save these securely as they will be needed for the collector service configuration. Note that the customer needs to create a private key for the app, which will be generated automatically during this process.
 
 2. Convert your downloaded private key file to DER format and then encode it in Base64:
 
@@ -207,7 +152,7 @@ Configure the Webhook URL and create a custom Event Secret for secure communicat
    Copy the resulting Base64 string and use it as the value for `GITHUB_APP_PRIVATE_KEY` environment variable in your collector configuration.
 
 **✓ Success indicators:**
-* GitHub App shows "Installed" status in your GitHub Enterprise instance
+* Github app is created successfully
 * App ID and private key are securely saved
 * Webhook URL is configured and accessible
 
@@ -388,7 +333,7 @@ Never commit environment files containing secrets to version control. Use secure
 
 ### Option B: Direct Docker image run
 
-You can download the Docker image directly from our [Docker Hub registry](https://hub.docker.com/repository/docker/newrelic/nr-ghe-collector/general) and run it using your organization's preferred CI/CD pipeline or deployment method.
+You can download the Docker image directly from our [Docker Hub registry](https://hub.docker.com/repository/docker/newrelic/nr-ghe-collector/general) and run it using your organization's preferred CI/CD pipeline or deployment method. Note that the customer needs to pass all the environment variables listed above while starting the collector service.
 
 **✓ Success indicators:**
 * Collector service is running and accessible on the configured port
@@ -432,6 +377,8 @@ Once the collector service is running and the GitHub App is installed on your GH
 
 4. After you view the Sync started message, click **Continue**. The **GitHub Enterprise Integration** screen displays the count of teams and repositories, refreshing every 5 seconds. Allow 15-30 minutes for the complete import of all data (timing depends on repository count).
 
+{/* TODO: Add screenshot of the New Relic Dashboard UI showing the GitHub Enterprise Integration screen */}
+
 ### Viewing your data
 
 On the **GitHub Enterprise integration** screen:
@@ -464,7 +411,6 @@ For more information on creating custom properties, refer to the [GitHub documen
 **Webhook delivery failures:**
 * Verify the collector service is running and accessible from GitHub Enterprise
 * Check firewall settings and network connectivity
-* Confirm webhook URL uses the correct port (8080 for HTTP, 8443 for HTTPS)
 
 **Authentication errors:**
 * Verify the GitHub App ID and private key are correctly configured