{"id":38232537,"url":"https://github.com/kattecon/gh-app-access-token-gen","last_synced_at":"2026-01-17T01:01:29.037Z","repository":{"id":157808406,"uuid":"616194314","full_name":"kattecon/gh-app-access-token-gen","owner":"kattecon","description":"Generate a temporary access token for a github app using app id and its private key and either installtation id or installation repository name.","archived":false,"fork":false,"pushed_at":"2026-01-10T02:11:20.000Z","size":1703,"stargazers_count":2,"open_issues_count":1,"forks_count":1,"subscribers_count":0,"default_branch":"master","last_synced_at":"2026-01-11T00:16:33.011Z","etag":null,"topics":["access","gh","security","token"],"latest_commit_sha":null,"homepage":"","language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/kattecon.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":".github/CODEOWNERS","security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2023-03-19T21:42:58.000Z","updated_at":"2026-01-10T02:11:23.000Z","dependencies_parsed_at":"2026-01-03T16:05:05.351Z","dependency_job_id":null,"html_url":"https://github.com/kattecon/gh-app-access-token-gen","commit_stats":null,"previous_names":[],"tags_count":6,"template":false,"template_full_name":null,"purl":"pkg:github/kattecon/gh-app-access-token-gen","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kattecon%2Fgh-app-access-token-gen","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kattecon%2Fgh-app-access-token-gen/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kattecon%2Fgh-app-access-token-gen/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kattecon%2Fgh-app-access-token-gen/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/kattecon","download_url":"https://codeload.github.com/kattecon/gh-app-access-token-gen/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kattecon%2Fgh-app-access-token-gen/sbom","scorecard":{"id":224383,"data":{"date":"2025-08-11","repo":{"name":"github.com/kattecon/gh-app-access-token-gen","commit":"d0e3bbc44d61762abc630a64cb44c89e0538a3d6"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":6.2,"checks":[{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Maintained","score":10,"reason":"30 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Code-Review","score":0,"reason":"Found 0/27 approved changesets -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Warn: no topLevel permission defined: .github/workflows/build.yaml:1","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Pinned-Dependencies","score":10,"reason":"all dependencies are pinned","details":["Info:   3 out of   3 GitHub-owned GitHubAction dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: MIT License: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":-1,"reason":"internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration","details":null,"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"Vulnerabilities","score":10,"reason":"0 existing vulnerabilities detected","details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}},{"name":"SAST","score":10,"reason":"SAST tool is run on all commits","details":["Info: all commits (30) are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}}]},"last_synced_at":"2025-08-17T03:21:38.761Z","repository_id":157808406,"created_at":"2025-08-17T03:21:38.761Z","updated_at":"2025-08-17T03:21:38.761Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28490900,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-17T00:50:05.742Z","status":"ssl_error","status_checked_at":"2026-01-17T00:43:11.982Z","response_time":107,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.5:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["access","gh","security","token"],"created_at":"2026-01-17T01:01:25.556Z","updated_at":"2026-01-17T01:01:27.871Z","avatar_url":"https://github.com/kattecon.png","language":"JavaScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Github App Access Token Generator\n\n[![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT)\n\nThis Git repository contains a simple GitHub Action that generates\na GitHub Access Token based upon specific inputs.\n\nAccess tokens are necessary in GitHub Actions when the built-in GITHUB_TOKEN\ndoes not provide the required permissions to perform certain actions.\nThe GITHUB_TOKEN in GitHub Actions, when used to perform\ntasks, [will not trigger new workflow runs](https://docs.github.com/en/actions/using-workflows/triggering-a-workflow#triggering-a-workflow-from-a-workflow).\nBecause the GITHUB_TOKEN has limitations and cannot trigger new workflow runs\nin certain cases, actions that want to perform actions that trigger a workflow\nneed to use a different token. An access token with the necessary permissions\ncan be used for this purpose, and this action can be used to generate such a token.\n\nThe action takes in some inputs and uses them to create a token that can be\nused to interact with the GitHub API.\n\n## Rationale\n\nThe rationale behind this repository is to maintain simplicity and security\nat the forefront. It should be noted that the token generator may not be\nentirely suitable for all potential use cases due to limited flexibility.\nAs a deliberate measure, customization options such as the utilization of custom\nGitHub URLs have been intentionally excluded. This decision was made based on\nthe principle that less functionality translates to reduced testing and\nmaintenance efforts, fewer bugs, easier code review, and less susceptibility\nto security vulnerabilities. The code base consist of a single short\ntypescript source code [file](./src/index.ts).\n\n## Inputs\n\n-   **app_id**: Required. Number. Github App Id - found in the app settings.\n-   **private_key**: Required. String. The private key of the GitHub App in\n    PEM format.\n    This includes -----BEGIN RSA PRIVATE KEY----- and -----END RSA PRIVATE KEY-----\n    markers.\n-   **installation_id**: Optional. Number. The ID of the app\n    installation - found in url of the installation. If not provided, the\n    default is the ID of an installation found using the repository input for\n    the action.\n-   **repository**: Optional. String. Repository name in the format owner/repo.\n    Default value is the name of the current repository. The value is only used\n    if **installation_id** is not provided. The repository is used to get the\n    installation id for the app. It's expected the app is installed in the\n    provided repository.\n\n## Outputs\n\n-   **token**: The generated GitHub Access Token.\n\n## Examples\n\n### With app_id, primary key, repository name\n\nView some other repository **that-org/that-repo** from this one without\nspecifying installation id. Note that the app with the given primary key must\nactually be installed in the **that-org/that-repo**, but not required\nin the current repository:\n\n```yaml\n- name: Generate an access token using app_id, pk and repo-name\n  id: gen_token\n  uses: kattecon/gh-app-access-token-gen@v1\n  with:\n      app_id: 12345 # Or rather use a value from secrets/vars.\n      private_key: ${{ secrets.MY_APP_PK }}\n      repository: that-org/that-repo\n\n- name: Perform an action on behalf of the app\n  env:\n      GH_TOKEN: ${{ steps.gen_token.outputs.token }}\n  run: gh repo view that-org/that-repo\n```\n\n### With app_id, primary key, installation_id\n\nView some other repository **that-org/that-repo** using an explicitly\ngiven installation id. The given installation is the one that gives\naccess to that-org/that-repo in the example:\n\n```yaml\n- name: Generate an access token using app_id, pk and installation id\n  id: gen_token\n  uses: kattecon/gh-app-access-token-gen@v1\n  with:\n      app_id: 12345 # Or rather use a value from secrets/vars.\n      private_key: ${{ secrets.MY_APP_PK }}\n      installation_id: 54321 # Or rather use a value from secrets/vars.\n\n- name: Perform an action on behalf of the app\n  env:\n      GH_TOKEN: ${{ steps.gen_token.outputs.token }}\n  run: gh repo view that-org/that-repo\n```\n\n### With app_id, primary key\n\nView some other repository **that-org/that-repo** assuming that the repository\nof the running workflow and the **that-org/that-repo** are included into the\nsame installation of the app with the given private key:\n\n```yaml\n- name: Generate an access token using app_id, pk\n  id: gen_token\n  uses: kattecon/gh-app-access-token-gen@v1\n  with:\n      app_id: 12345 # Or rather use a value from secrets/vars.\n      private_key: ${{ secrets.MY_APP_PK }}\n\n- name: Perform an action on behalf of the app\n  env:\n      GH_TOKEN: ${{ steps.gen_token.outputs.token }}\n  run: gh repo view that-org/that-repo\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fkattecon%2Fgh-app-access-token-gen","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fkattecon%2Fgh-app-access-token-gen","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fkattecon%2Fgh-app-access-token-gen/lists"}