We'll have to create a Github App AND use Github OAuth for our apps flow [read about both here], similar to the flow of Travis CI.
We will use the OAuth for the user to sign into the app, providing a simple 1-step "Sign in with Github" process for user acquisition. We will request minimal permissions at this stage, for instance not being able to see repository code, but we will be able to list all the repositories of a user and allow them to sign up those repositories for the Github App if they have admin access over that repository. I will likely have the github-app - which in our case uses probot which is a platform for making github apps - interact with the server by storing things directly in the server database.
Github offers a GraphQL api and even an interactive Graphiql explorer here but it appears that you cannot currently get the commit diffs ("patch") through the graphQL API so we will have to use the RESTful API for Github apps which can be found here.