Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/joshjohanning/enforce-github-pat-expiration
GitHub action to check to see if PATs are conforming to a specific expiration policy
https://github.com/joshjohanning/enforce-github-pat-expiration
actions administration automation github personal-access-tokens
Last synced: 16 days ago
JSON representation
GitHub action to check to see if PATs are conforming to a specific expiration policy
- Host: GitHub
- URL: https://github.com/joshjohanning/enforce-github-pat-expiration
- Owner: joshjohanning
- License: mit
- Created: 2023-08-30T20:18:48.000Z (over 1 year ago)
- Default Branch: main
- Last Pushed: 2024-02-21T19:45:57.000Z (11 months ago)
- Last Synced: 2024-12-02T08:44:54.016Z (about 1 month ago)
- Topics: actions, administration, automation, github, personal-access-tokens
- Homepage:
- Size: 18.6 KB
- Stars: 3
- Watchers: 1
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# enforce-github-pat-expiration
Revokes the SSO authorization for classic Personal Access Tokens (PATs) that don't meet the maximum expiration policy defined in the action (i.e.: those over 90 days or those with no expiration).
> [!IMPORTANT]
> This action will only work in organizations that have configured SAML SSO.
> [!IMPORTANT]
> This action only works with classic PATs.
## Sample Usage
```yml
name: 🔎 Enforce PAT expiration policy
on:
schedule:
- cron: 0,30 * * * * # runs every 30 mins
workflow_dispatch:
jobs:
check-pats:
runs-on: ubuntu-latest
steps:
- uses: actions/create-github-app-token@v1
id: app-token
with:
app-id: ${{ vars.APP_ID }} # use an app with `organization: admin write` permissions
private-key: ${{ secrets.PRIVATE_KEY }}
owner: ${{ github.repository_owner }}
- name: Check and Revoke PATs
uses: joshjohanning/enforce-github-pat-expiration@v1
with:
organization: ${{ github.repository_owner }}
policy-in-days: 90
github-token: ${{ steps.app-token.outputs.token }} # use a PAT with `admin:org` permissions or a GitHub app token with org admin write permissions
dry-run: false # change to true to not revoke any PATs
create-issue: false # change to true to create an issue and assign to the user whose PAT is being revoked (can't be used with dry-run)
issue-repo: ${{ github.repository }} # if create-issue is true, repo to create the issue in
```