{"id":26179071,"url":"https://github.com/plumber-cd/github-apps-trampoline","last_synced_at":"2026-02-04T02:16:08.792Z","repository":{"id":46984100,"uuid":"407731383","full_name":"plumber-cd/github-apps-trampoline","owner":"plumber-cd","description":"A cross-platform no-dependency GIT_ASKPASS trampoline for GitHub Apps, written in Go","archived":false,"fork":false,"pushed_at":"2024-08-26T23:43:41.000Z","size":171,"stargazers_count":1,"open_issues_count":0,"forks_count":0,"subscribers_count":2,"default_branch":"main","last_synced_at":"2024-08-27T02:13:02.481Z","etag":null,"topics":["askpass","github","github-app","github-apps","trampoline"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/plumber-cd.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2021-09-18T02:15:39.000Z","updated_at":"2024-08-26T23:43:44.000Z","dependencies_parsed_at":"2024-08-27T02:09:35.296Z","dependency_job_id":null,"html_url":"https://github.com/plumber-cd/github-apps-trampoline","commit_stats":{"total_commits":19,"total_committers":2,"mean_commits":9.5,"dds":0.1578947368421053,"last_synced_commit":"fc1b469d02d4635c4f02dd751385e4f209696b21"},"previous_names":[],"tags_count":4,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/plumber-cd%2Fgithub-apps-trampoline","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/plumber-cd%2Fgithub-apps-trampoline/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/plumber-cd%2Fgithub-apps-trampoline/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/plumber-cd%2Fgithub-apps-trampoline/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/plumber-cd","download_url":"https://codeload.github.com/plumber-cd/github-apps-trampoline/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":243119625,"owners_count":20239320,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["askpass","github","github-app","github-apps","trampoline"],"created_at":"2025-03-11T21:48:49.875Z","updated_at":"2026-02-04T02:16:08.776Z","avatar_url":"https://github.com/plumber-cd.png","language":"Go","readme":"# github-apps-trampoline\n\nA cross-platform no-dependency GIT_ASKPASS trampoline for GitHub Apps, written in Go.\n\n## Purpose\n\nThis is inspired by https://github.com/desktop/askpass-trampoline project.\n\nIf you already know what [GitHub Apps](https://docs.github.com/en/developers/apps/getting-started-with-apps/about-apps#about-github-apps) is - you probably also know common challenges to work with them, namely - it's a bit of work to convert app credentials into a username+token pair that could be used by a regular Git clients such as Git CLI and various Git SDKs.\n\nIf you also know about [Git AskPass Credentials Helpers](https://git-scm.com/docs/gitcredentials) -  your already know that there is actually an easy solution to these challenges. You can do something like `git config --global credential.helper \"/usr/bin/my-helper\"` and that way you can easily delegate to external program the process to generate JWT and request a temporary token with it. With a slight problem - you have to create that external program.\n\nYeah, that was a bit of a bummer. Almighty GitHub did not provide us with and \"official\" one, but oh well - that is not a rocket science and we can do it ourselves. This project is exactly that - an open source community-maintained configurable helper that can use your SSH Private Key to generate JWT and then request a temporary token with it. You don't have to create it - just configure it and make your Git client to use it.\n\nIt can also be used as a standalone CLI app so it can be embedded into workflows as a little helper to request temp credentials.\n\nIf you happen to write your workflows in Go - you could also use packages from this repository as dependencies to build your own.\n\n## Installation\n\nTBD\n\n## Usage\n\nTBD\n\n```bash\n# To use as a helper, configure your Git Client as follows\ngit config --global credential.useHttpPath true\ngit config --global credential.helper \"/path/to/github-apps-trampoline -c /path/to/config.json\"\n\n# Configurable via JSON as AskPass Helper\n# Using full JSON config will always supersede any CLI arguments\ncat \u003c\u003c EOF \u003e config.json\n{\n    \"github\\\\.com/foo/bar\": {\n        \"key\": \"private.key\",\n        \"app\": 1,\n        \"permissions\": {\"contents\": \"write\"},\n        \"current_repo\": true\n    },\n    \"github\\\\.com/foo/.*\": {\n        \"key\": \"private.key\",\n        \"app\": 1,\n        \"permissions\": {\"contents\": \"read\"}\n    },\n    \".*\": {\n        \"key\": \"private.key\",\n        \"app\": 1,\n        \"installation_id\": \"\u003cnumeric ID of the installation - if no provided will automatically infer from the current repo\u003e\",\n        \"installation\": \"\u003calternatively - installation path such as github.com/foo\u003e\",\n        \"repository_ids\": \"\u003coptional XXX,YYY\u003e\",\n        \"repositories\": \"\u003coptional foo,bar\u003e\",\n        \"permissions\": {\"contents\": \"read\"}\n    }\n}\nEOF\ngithub-apps-trampoline -c config.json\nGITHUB_APPS_TRAMPOLINE=\"$(cat config.json)\" github-apps-trampoline\nGITHUB_APPS_TRAMPOLINE_CONFIG=\"config.json\" github-apps-trampoline\n\n# Somewhat configurable via CLI as AskPass Helper\n# This will generate config.json in-memory with a single key\n# Some of these examples are not secure to use:\n#   missing --permissions will assume all permissions from the app scope\n#   missing --repository-ids, --repositories and --current-repo will assume access to all repositories in the current installation\ngithub-apps-trampoline --key private.key --app 1 --filter 'github\\.com/foo/bar' --current-repo=true --permissions '{\"contents\": \"write\"}'\ngithub-apps-trampoline --key private.key --app 1 --filter 'github\\.com/foo/.*' --permissions '{\"contents\": \"read\"}'\ngithub-apps-trampoline --key private.key --app 1 # using no --filter is the same as using --filter '.*'\ngithub-apps-trampoline --key private.key --app 1 --permissions '{\"contents\": \"read\"}'\ngithub-apps-trampoline --key private.key --app 1 --repository-ids 'XXX,YYY'\ngithub-apps-trampoline --key private.key --app 1 --repositories 'bar,baz'\ngithub-apps-trampoline --key private.key --app 1 --installation-id 'XXX'\ngithub-apps-trampoline --key private.key --app 1 --installation 'github.com/foo'\n\n# As a standalone CLI\n# It will spit out JSON in STDOUT\n# It will not read STDIN and will not use config.json - it will only use the CLI input\ngithub-apps-trampoline --cli --key private.key --app 1 --installation 'github.com/foo' --repositories 'bar,baz' --permissions '{\"contents\": \"read\"}'\n```\n\nEnabling verbose mode will print credentials in STDERR - use with caution.\n\n### Logging options\n\nYou can route logs to a file and optionally tee to stderr:\n\n```bash\ngithub-apps-trampoline --log-file /tmp/trampoline.log --log-tee-stderr --verbose\n```\n\nEnvironment variables (prefixed with `GITHUB_APPS_TRAMPOLINE_`) are supported:\n\n```bash\nexport GITHUB_APPS_TRAMPOLINE_LOG_FILE=/tmp/trampoline.log\nexport GITHUB_APPS_TRAMPOLINE_LOG_TEE_STDERR=true\nexport GITHUB_APPS_TRAMPOLINE_TOKEN_FINGERPRINT=true\n```\n\nWhen `token-fingerprint` is enabled, the helper logs a correlation line with a timestamp, repo path, and a short token fingerprint prefix to aid troubleshooting without printing full secrets.\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fplumber-cd%2Fgithub-apps-trampoline","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fplumber-cd%2Fgithub-apps-trampoline","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fplumber-cd%2Fgithub-apps-trampoline/lists"}