Skip to content

Latest commit

 

History

History

generate-app-token

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
Dockerfile
Dockerfile
 
 
README.md
README.md
 
 
action.yml
action.yml
 
 
generate-app-token.py
generate-app-token.py
 
 

README.md

generate-app-token GitHub Action

This GitHub Actions generates an installation access token for a GitHub App that is installed for a repository. Using this token, an action can authenticate as the app and perform actions that are not permitted for the default GITHUB_TOKEN, such as creating PRs that trigger additional workflows.

See the action.yml for more information.

Creating an app

Before you can use this action, you must first create an app that will be used to issue tokens. The homepage URL can be set to anything. You should uncheck Active under Webhook, and there is no need to enter a webhook URL.

Keep a record of the app ID for later.

The app should be given whatever permissions are required to perform the action that the token is being used for. For instance, if you are using the token to create PRs, it will need the following permissions:

  • Repository permissions > Contents > Access: Read & write
  • Repository permissions > Pull requests > Access: Read & write

If you want to add teams as reviewers on PRs, you will also need to add:

  • Organization permissions > Members > Access: Read-only

You will then need to install the app on any repositories that need to make tokens.

The final step is to generate a private key for the app and save it somewhere safe.

The app ID and private key will need to be set as secrets on any repositories that need to generate tokens using the app.

Usage

The following job uses this action to create a token that is used to create a PR that triggers additional workflows:

build_push_chart:
  name: Build and push Helm chart
  runs-on: ubuntu-latest
  steps:
    - name: Check out the repository
      uses: actions/checkout@v3

    - name: Generate app token for PR
      uses: azimuth-cloud/github-actions/generate-app-token@master
      id: generate-app-token
      with:
        repository: ${{ github.repository }}
        app-id: ${{ secrets.APP_ID }}
        app-private-key: ${{ secrets.APP_PRIVATE_KEY }}

    - name: Propose changes via PR if required
      uses: peter-evans/create-pull-request@v5
      with:
        token: ${{ steps.generate-app-token.outputs.token }}
        commit-message: Some automated changes
        branch: update/automation
        delete-branch: true
        title: Proposing some automated changes
        labels: |
          automation