{"id":22003006,"url":"https://github.com/rssnyder/drone-github-app","last_synced_at":"2026-04-15T15:46:00.198Z","repository":{"id":108372333,"uuid":"587755375","full_name":"rssnyder/drone-github-app","owner":"rssnyder","description":"drone plugin to authenticate a github app","archived":false,"fork":false,"pushed_at":"2023-06-08T15:03:24.000Z","size":24,"stargazers_count":1,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-01-28T12:39:53.479Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/rssnyder.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE.md","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2023-01-11T14:09:04.000Z","updated_at":"2024-06-24T20:19:58.000Z","dependencies_parsed_at":null,"dependency_job_id":"909b322c-ffbe-4150-9474-b3db0822f8b9","html_url":"https://github.com/rssnyder/drone-github-app","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rssnyder%2Fdrone-github-app","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rssnyder%2Fdrone-github-app/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rssnyder%2Fdrone-github-app/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rssnyder%2Fdrone-github-app/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/rssnyder","download_url":"https://codeload.github.com/rssnyder/drone-github-app/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":245061390,"owners_count":20554563,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-29T23:42:16.672Z","updated_at":"2026-04-15T15:46:00.190Z","avatar_url":"https://github.com/rssnyder.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"![Docker Pulls](https://img.shields.io/docker/pulls/rssnyder/drone-github-app)\n\nA plugin to get a jwt or installation token for a github app.\n\n# Usage\n\nThe following settings changes this plugin's behavior.\n\n## Authentication Parameters\n* APP_ID (optional) github app id (legacy, use CLIENT_ID instead).\n* CLIENT_ID (optional, recommended) github app client id string.\n* PEM (optional) rsa private key.\n* PEM_FILE (optional) local file path of rsa private key.\n* PEM_B64 (optional) base64 encoded rsa private key.\n\n## Installation \u0026 Repository Scoping\n* INSTALLATION (optional) installation id. required if wanting a token.\n* REPO_IDS (optional) comma-separated list of repository IDs to scope token to.\n* REPO_NAMES (optional) comma-separated list of repository names to scope token to.\n* REPO_IDS_FILE (optional) file containing repository IDs (newline or comma separated).\n* PERMISSIONS (optional) comma-separated permissions in format \"resource:permission\" (e.g., \"contents:read,issues:write\").\n\n## Output Options\n* JWT_FILE (optional) output file for jwt.\n* TOKEN_FILE (optional) output file for token.\n* JSON_FILE (optional) output file for both jwt and token with metadata.\n* JWT_SECRET (optional) harness secret id for setting jwt as a secret\n* TOKEN_SECRET (optional) harness secret id for setting token as a secret\n* JSON_SECRET (optional) harness secret id for setting json as a secret\n* SECRET_MANAGER (optional, defaults to harness secrets manager) harness secret manager to use\n\nIf setting harness secrets, you also need to set the follow in the environment for the step:\n\n- HARNESS_PLATFORM_API_KEY: harness nextgen api key\n- HARNESS_ACCOUNT_ID: harness account id\n- HARNESS_PLATFORM_ORGANIZATION: organization id\n- HARNESS_PLATFORM_PROJECT: project id\n\n## Requirements\n\n**Authentication**: Either `APP_ID` or `CLIENT_ID` is required (prefer `CLIENT_ID`).\n**Private Key**: One of `PEM`, `PEM_FILE`, or `PEM_B64` is required.\n**Repository Scoping**: Only one of `REPO_IDS`, `REPO_NAMES`, or `REPO_IDS_FILE` can be used to limit repo access.\n**Permission Scoping**: `PERMISSIONS` can be used to scope down token permissions.\n**Installation Token**: `INSTALLATION` is required when requesting tokens.\n\n## Examples\n\n### Basic JWT Generation\n\n```yaml\nkind: pipeline\nname: default\n\nsteps:\n- name: generate github app jwt\n  image: rssnyder/drone-github-app\n  pull: if-not-exists\n  settings:\n    CLIENT_ID: \"Iv1.a629723bfa6c7c08\"\n    PEM_B64:\n      from_secret: github_app_b64\n    JWT_FILE: app.jwt\n```\n\n### Installation Token with Repository Scoping\n\n```yaml\nkind: pipeline\nname: default\n\nsteps:\n- name: run rssnyder/drone-github-app plugin\n  image: rssnyder/drone-github-app\n  pull: if-not-exists\n  settings:\n    CLIENT_ID: \"Iv1.a629723bfa6c7c08\"\n    INSTALLATION: \"31437931\"\n    REPO_IDS: \"1001,1002,1003\"\n    PERMISSIONS: \"contents:read,issues:write,pull_requests:read\"\n    PEM_B64:\n      from_secret: github_app_b64\n    JSON_FILE: output.json\n```\n\n### Repository Names with Custom Permissions\n\n```yaml\nkind: pipeline\nname: default\n\nsteps:\n- name: get token for specific repos\n  image: rssnyder/drone-github-app\n  pull: if-not-exists\n  settings:\n    CLIENT_ID: \"Iv1.a629723bfa6c7c08\"\n    INSTALLATION: \"31437931\"\n    REPO_NAMES: \"hello-world,my-awesome-repo\"\n    PERMISSIONS: \"contents:write,actions:read\"\n    PEM_FILE: /secrets/github-app.pem\n    TOKEN_FILE: github_token.txt\n```\n\n### Harness CI Example\n\n```yaml\n- step:\n    type: Plugin\n    name: get token\n    identifier: get_token\n    spec:\n      connectorRef: dockerhub\n      image: rssnyder/drone-github-app\n      settings:\n        CLIENT_ID: \"Iv1.a629723bfa6c7c08\"\n        INSTALLATION: \"31437931\"\n        REPO_IDS: \"1001,1002\"\n        PERMISSIONS: \"contents:read,metadata:read\"\n        PEM_B64: \u003c+secrets.getValue(\"github_app_b64\")\u003e\n        JSON_FILE: output.json\n```\n\n### Using Repository IDs from File\n\n```yaml\nkind: pipeline\nname: default\n\nsteps:\n- name: get token from repo file\n  image: rssnyder/drone-github-app\n  pull: if-not-exists\n  settings:\n    CLIENT_ID: \"Iv1.a629723bfa6c7c08\"\n    INSTALLATION: \"31437931\"\n    REPO_IDS_FILE: ./repo_list.txt\n    PERMISSIONS: \"issues:write,pull_requests:write\"\n    PEM_B64:\n      from_secret: github_app_b64\n    TOKEN_SECRET: github_installation_token\n```\n\n## JSON Output Format\n\nWhen using `JSON_FILE` or `JSON_SECRET`, the output includes token information:\n\n```json\n{\n  \"token\": {\n    \"token\": \"ghs_12345ABCDE98765\",\n    \"expires_at\": \"2016-07-11T22:14:10Z\",\n    \"permissions\": {\n      \"contents\": \"read\",\n      \"issues\": \"write\"\n    },\n    \"repository_selection\": \"selected\",\n    \"repositories\": [\n      {\n        \"id\": 1296269,\n        \"name\": \"Hello-World\"\n      }\n    ]\n  },\n  \"jwt\": \"eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9...\",\n  \"repository_count\": 1,\n  \"permissions\": {\n    \"contents\": \"read\",\n    \"issues\": \"write\"\n  }\n}\n```\n\n## Repository ID File Format\n\nWhen using `REPO_IDS_FILE`, the file can contain repository IDs in various formats:\n\n```text\n# One per line\n1001\n1002\n1003\n\n# Comma-separated on same line\n1004,1005,1006\n\n# Mixed format\n1007\n1008,1009\n1010\n```\n\n# Building\n\nBuild the plugin binary:\n\n```text\nscripts/build.sh\n```\n\nBuild the plugin image:\n\n```text\ndocker build -t rssnyder/drone-github-app -f docker/Dockerfile.linux.amd64 .\n```\n\n# Testing\n\nExecute the plugin from your current working directory:\n\n```text\ndocker run --rm -e PLUGIN_PARAM1=foo -e PLUGIN_PARAM2=bar \\\n  -e DRONE_COMMIT_SHA=8f51ad7884c5eb69c11d260a31da7a745e6b78e2 \\\n  -e DRONE_COMMIT_BRANCH=master \\\n  -e DRONE_BUILD_NUMBER=43 \\\n  -e DRONE_BUILD_STATUS=success \\\n  -w /drone/src \\\n  -v $(pwd):/drone/src \\\n  rssnyder/drone-github-app\n```\n\n## Installations\n\nIf you need to view the installations for your app, use the plugin to get a JWT and make the following HTTP call:\n\n```shell\ncurl \\\n  -H \"X-GitHub-Api-Version: 2022-11-28\" \\\n  -H \"Accept: application/vnd.github+json\" \\\n  -H \"Authorization: Bearer $JWT\"\\\n  https://api.github.com/app/installations\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Frssnyder%2Fdrone-github-app","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Frssnyder%2Fdrone-github-app","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Frssnyder%2Fdrone-github-app/lists"}