Skip to content

jwenz723/github-app-installation-token

Use this GitHub action with your project
Add this Action to an existing workflow or create a new one
View on Marketplace

Repository files navigation

GitHub App Installation Token

This JavaScript GitHub Action can be used to impersonate a GitHub App Installation when secrets.GITHUB_TOKEN's limitations are too restrictive and a personal access token is not suitable. This action is built with inspiration from tibdex/github-app-installation but with a slightly different authentication pattern. This action authenticates directly to an app installation, rather than impersonating a repository.

secrets.GITHUB_TOKEN has limitations such as not being able to triggering a new workflow from another workflow. A workaround is to use a personal access token from a personal user/bot account. However, for organizations, GitHub Apps are a more appropriate automation solution.

Example Workflow

jobs:
  job:
    runs-on: ubuntu
    steps:
      - name: Generate installation token
        id: generate_installation_token
        # You should use a released version number here rather than `main`
        uses: jwenz723/github-app-installation-token@main
        with:
          app_id: ${{ secrets.APP_ID }}
          client_id: ${{ secrets.CLIENT_ID }}
          client_secret: ${{ secrets.CLIENT_SECRET }}
          installation_id: ${{ secrets.INSTALLATION_ID }}
          private_key: ${{ secrets.PRIVATE_KEY }}
      - name: Use token
        env:
          TOKEN: ${{ steps.generate_installation_token.outputs.token }}
        run: |
          echo "The generated token is masked: ${TOKEN}"

About

Impersonate a GitHub App Installation in a GitHub Action

Resources

Stars

Watchers

Forks

Packages

No packages published