Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/advanced-security/github-app-auth

Utility to generate tokens to interact with the GitHub API via GitHub App integration
https://github.com/advanced-security/github-app-auth

authentication ci-cd github github-api github-app

Last synced: 3 days ago
JSON representation

Utility to generate tokens to interact with the GitHub API via GitHub App integration

Host: GitHub
URL: https://github.com/advanced-security/github-app-auth
Owner: advanced-security
License: mit
Created: 2021-11-25T16:14:35.000Z (almost 3 years ago)
Default Branch: main
Last Pushed: 2024-04-19T12:29:00.000Z (7 months ago)
Last Synced: 2024-06-20T07:58:15.411Z (5 months ago)
Topics: authentication, ci-cd, github, github-api, github-app
Language: Go
Homepage:
Size: 32.2 KB
Stars: 5
Watchers: 1
Forks: 3
Open Issues: 1
Metadata Files:
- Readme: README.md
- License: LICENSE
- Codeowners: CODEOWNERS

Awesome Lists containing this project

README

# GitHub App Authentication for integration with GitHub

## Introduction

GitHub Apps are the officially recommended way to integrate with GitHub because of their support for granular permissions to access data. For more information see [About Apps](https://docs.github.com/en/developers/apps/getting-started-with-apps/about-apps)

The `github-app-auth` application is specifically designed to enable integration of third-party CI/CD systems with GitHub by generating a token that can be used to interact with the GitHub API available to GitHub Apps.
A list of endpoints available to GitHub Apps is documented [here](https://docs.github.com/en/rest/overview/endpoints-available-for-github-apps)

## Examples

### Retrieving a list of repositories with the GH CLI

The [GitHub CLI](https://cli.github.com/) allows for convenient access to GitHub from the command line.
We can retrieve a list of repositories the GitHub App has permission to access by invoking it with the `GITHUB_TOKEN` environment variable set to the installation token generated by `github-app-auth`.

```bash
GITHUB_TOKEN=$(github-app-auth ) gh repo list
```

- `` is the GitHub App ID
- `` is the path to the GitHub App PEM encoded private key

### Uploading a SARIF file

The GitHub [documentation](https://docs.github.com/en/code-security/code-scanning/using-codeql-code-scanning-with-your-existing-ci-system/configuring-codeql-cli-in-your-ci-system#uploading-results-to-github) for using CodeQL in a CI system provides the following example for uploading results.

```bash
echo "$UPLOAD_TOKEN" | codeql github upload-results --repository= \
--ref= --commit= --sarif= \
--github-auth-stdin
```

The `$UPLOAD_TOKEN` must be a token with the `security_events` scope as described in the CodeQL manual [here](https://codeql.github.com/docs/codeql-cli/manual/github-upload-results/).

With `github-app-auth` application that relies on a GitHub App to generate a token the example becomes.

```bash
github-app-auth | codeql github upload-results --repository= \
--ref= --commit= --sarif= \
--github-auth-stdin
```

- `` is the GitHub App ID
- `` is the path to the GitHub App PEM encoded private key