Skip to content

Add GitHub App auth #263

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
ollytheninja wants to merge 2 commits into from
+33,387 −4,141
Closed

Add GitHub App auth #263

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
4cefdba
Add GitHub App auth
ollytheninja Aug 16, 2023
c6d6514
Merge branch 'main' into app_auth
ollytheninja Aug 30, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
14 changes: 13 additions & 1 deletion README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -71,7 +71,7 @@ This action also features [advanced configuration](docs/advanced-configuration.m

| Input | Description | Default |
| --- | --- | --- |
| `token` | (**required**) A `repo` scoped [Personal Access Token (PAT)](https://docs.github.com/en/github/authenticating-to-github/creating-a-personal-access-token). Note: `GITHUB_TOKEN` *does not* work here. See [token](#token) for further details. | |
| `token` | (**required**) A `repo` scoped [Personal Access Token (PAT)](https://docs.github.com/en/github/authenticating-to-github/creating-a-personal-access-token) or GitHub App config (see [app auth](#app-auth)). Note: `GITHUB_TOKEN` *does not* work here. See [token](#token) for further details. | |
| `reaction-token` | `GITHUB_TOKEN` or a `repo` scoped [Personal Access Token (PAT)](https://docs.github.com/en/github/authenticating-to-github/creating-a-personal-access-token). See [reaction-token](#reaction-token) for further details. | `GITHUB_TOKEN` |
| `reactions` | Add reactions. :eyes: = seen, :rocket: = dispatched | `true` |
| `commands` | (**required**) A comma or newline separated list of commands. | |
Expand All @@ -94,6 +94,18 @@ If you will be dispatching commands to public repositories *only* then you can u
When using the action in a GitHub organization, the user the PAT is created on must be a member of the organization.
Additionally, the PAT should be given the `org:read` scope.

#### `App auth`

In order to not rely on a GitHub user's PAT, we can use a [GitHub App](https://docs.github.com/apps) instead.

Create a GitHub App, it requires `actions: read and write`, `pr: read` and `contents: read and write` permissions for the repository(s) that the slash commands will trigger. It will also need `org:read` permission.

Generate a private key for the App, convert new lines to `\n` and set it as a secret. Then configure the following as the token value;

```yml
token: '{ "appId": 1234567, "installationId": 987654321, "privateKey": "${{ secrets.SLASH_ACTION_APP_KEY }}" }'
```

#### `reaction-token`

If you don't specify a token for `reaction-token` it will use the default `GITHUB_TOKEN`.
Expand Down
Loading