How to make a single-click installable bot (?)

I have a github bot that users can install by just going to and clicking “install”. The end result is:

  1. Webhooks are implicitly added to every repository, existing and future, for particular events.
  2. The bot’s existing auth info suffices for posting comments
  3. The bot’s existing auth info suffices for authenticating messages from github.

How can I do this with GitLab? I have made a gitlab version that has a standard user account, must be manually added to the list of webhooks for every project, and is unable to authenticate message from gitlab unless a per-repository token is included in this manual webhook step.

If the response is integrations: The Integrations path is unclear to me, there are rather few of them, and it appears to require upstreaming. Upstreaming requires time for the acceptance and rollout with no straight-forward solution for EE or updates.

I imagine one solution could be if gitlab sent webhooks to the user when added to a repository or a team then the bot installation is just adding the bot to the team. The bot would have to then generate a token and add the per-repo webhook but there is at least an automated path this way. That would be neat but not such webhook exists in the API.