Data

Tools

Indexes

Applications

Experiments

Awesome

An open API service indexing awesome lists of open source software.

https://github.com/kattecon/gh-app-access-token-gen

Generate a temporary access token for a github app using app id and its private key and either installtation id or installation repository name.
https://github.com/kattecon/gh-app-access-token-gen

access gh security token

Last synced: 5 months ago
JSON representation

Generate a temporary access token for a github app using app id and its private key and either installtation id or installation repository name.

Awesome Lists containing this project

README 

          
# Github App Access Token Generator



[![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT)



This Git repository contains a simple GitHub Action that generates

a GitHub Access Token based upon specific inputs.



Access tokens are necessary in GitHub Actions when the built-in GITHUB_TOKEN

does not provide the required permissions to perform certain actions.

The GITHUB_TOKEN in GitHub Actions, when used to perform

tasks, [will not trigger new workflow runs](https://docs.github.com/en/actions/using-workflows/triggering-a-workflow#triggering-a-workflow-from-a-workflow).

Because the GITHUB_TOKEN has limitations and cannot trigger new workflow runs

in certain cases, actions that want to perform actions that trigger a workflow

need to use a different token. An access token with the necessary permissions

can be used for this purpose, and this action can be used to generate such a token.



The action takes in some inputs and uses them to create a token that can be

used to interact with the GitHub API.



## Rationale



The rationale behind this repository is to maintain simplicity and security

at the forefront. It should be noted that the token generator may not be

entirely suitable for all potential use cases due to limited flexibility.

As a deliberate measure, customization options such as the utilization of custom

GitHub URLs have been intentionally excluded. This decision was made based on

the principle that less functionality translates to reduced testing and

maintenance efforts, fewer bugs, easier code review, and less susceptibility

to security vulnerabilities. The code base consist of a single short

typescript source code [file](./src/index.ts).



## Inputs



-   **app_id**: Required. Number. Github App Id - found in the app settings.

-   **private_key**: Required. String. The private key of the GitHub App in

    PEM format.

    This includes -----BEGIN RSA PRIVATE KEY----- and -----END RSA PRIVATE KEY-----

    markers.

-   **installation_id**: Optional. Number. The ID of the app

    installation - found in url of the installation. If not provided, the

    default is the ID of an installation found using the repository input for

    the action.

-   **repository**: Optional. String. Repository name in the format owner/repo.

    Default value is the name of the current repository. The value is only used

    if **installation_id** is not provided. The repository is used to get the

    installation id for the app. It's expected the app is installed in the

    provided repository.



## Outputs



-   **token**: The generated GitHub Access Token.



## Examples



### With app_id, primary key, repository name



View some other repository **that-org/that-repo** from this one without

specifying installation id. Note that the app with the given primary key must

actually be installed in the **that-org/that-repo**, but not required

in the current repository:



```yaml

- name: Generate an access token using app_id, pk and repo-name

  id: gen_token

  uses: kattecon/gh-app-access-token-gen@v1

  with:

      app_id: 12345 # Or rather use a value from secrets/vars.

      private_key: ${{ secrets.MY_APP_PK }}

      repository: that-org/that-repo



- name: Perform an action on behalf of the app

  env:

      GH_TOKEN: ${{ steps.gen_token.outputs.token }}

  run: gh repo view that-org/that-repo

```



### With app_id, primary key, installation_id



View some other repository **that-org/that-repo** using an explicitly

given installation id. The given installation is the one that gives

access to that-org/that-repo in the example:



```yaml

- name: Generate an access token using app_id, pk and installation id

  id: gen_token

  uses: kattecon/gh-app-access-token-gen@v1

  with:

      app_id: 12345 # Or rather use a value from secrets/vars.

      private_key: ${{ secrets.MY_APP_PK }}

      installation_id: 54321 # Or rather use a value from secrets/vars.



- name: Perform an action on behalf of the app

  env:

      GH_TOKEN: ${{ steps.gen_token.outputs.token }}

  run: gh repo view that-org/that-repo

```



### With app_id, primary key



View some other repository **that-org/that-repo** assuming that the repository

of the running workflow and the **that-org/that-repo** are included into the

same installation of the app with the given private key:



```yaml

- name: Generate an access token using app_id, pk

  id: gen_token

  uses: kattecon/gh-app-access-token-gen@v1

  with:

      app_id: 12345 # Or rather use a value from secrets/vars.

      private_key: ${{ secrets.MY_APP_PK }}



- name: Perform an action on behalf of the app

  env:

      GH_TOKEN: ${{ steps.gen_token.outputs.token }}

  run: gh repo view that-org/that-repo

```