Authenticating as a GitHub App in a GitHub Actions workflow - Blogs
X
30Sep

Authenticating as a GitHub App in a GitHub Actions workflow

GitHub Apps:

GitHub Apps are first-class actors within GitHub. A GitHub App acts on its own behalf, taking actions via the API directly using its own identity, which means you don't need to maintain a bot or service account as a separate user. If you don’t need to perform actions on behalf of a user, a GitHub Apps might be the right choice for you. You can create and register a GitHub App under your personal account or under any organization you have administrative access.

Steps to create a GitHub Application:

  1. Navigate to the setting page, expand the Developer settings generally, in GitHub we can see two types to create an application GitHub Apps and OAuth apps, Make sure that you’re on the GitHub Apps page click on the New GitHub App.
  2. An application can be owned by an individual user account, or an organization. If you’re using this for work, I’d recommend creating the application under your org.
  3. Provide The GitHub App name and description as per your understanding.
  4. You’ll also need to provide a homepage URL, but this isn’t used by a call back workflow at all, so put in any URL you like.
  5. You don’t need to provide a Call-back URL or Setup URL, and you’ll want to make sure that webhooks are deactivated.
  6. Repository permissions, Organization permissions and/or User permissions should be set to allow the access required for the token that will be issued.
  7. Once Create your application and save your App ID and Private Key in a safe place as you’ll need them both in the configuration. You’ll also need to install it on your account or organization before using it to create authentication tokens.

          App-1

Authentication:

Once you have the GitHub Application created, you will need to install the application on the target organization level or repositories level that you want it to have access to. These will be any repositories that you want to gather information from or want the application to modify as per the scopes that were defined when the application was installed. To use the below workflow action you’ll need to create two secrets in your repository level or organization level APPLICATION_ID and APPLICATION_PRIVATE_KEY using the details you saved when creating an application.

          App-2

Add the below jobs in your workflow:

        App-3

Benefits of using GitHub Application:

  • Regarding security, they give you the time-limited tokens and granular privileges that GITHUB TOKEN gives, as well as the ability to avoid rotating credentials and more.
  • Application tokens are valid for a very short amount of time. By Using the above action, the token is valid for 60 seconds from the moment it’s created. This means that even if it’s leaked by an action, it will be useless almost immediately.
  • There’s no shared account for people to log in to, as this is an application and not an account

Limitations:

  • The user must be an organization owner to create and install a GitHub app in an organization.
  • Each organization can only own up to 100 GitHub Apps.

Conclusion:

Generate credentials with a GitHub App, you can perform actions as a user and mainly It solves the main problems with GITHUB_TOKEN like triggering new workflow runs, posting as an identity other than github [bot] without any of the issues that a PAT introduces.

Reference action repository url : https://github.com/ramesh2051/workflow-application-token-action

Related

How to setup Module to Module communication in DotnetNuke

Are you building modules in DotnetNuke?Is one module depends on another module?Want to exchange data...

Read More >

Blog User Information

To ensure that your blogging experience is painless, we have put together a document detailing the p...

Read More >

Bugzilla to TFS Migrator (Part 4 of 4) - Migration

This is the final part of the Bugzilla to TFS Migrator blog series covering the actual steps of migr...

Read More >

DevOpSmartBoard - Org Level Reports Part 1

The Org Level Reports is one of the features in the DevOpSmartBoard which gives you an overview of a...

Read More >

Building an Outlook 2010 Add In Using C#.NET With Visual Studio 2010

How to build an outlook 2010 Add In using C#.Net and Visual Studio 2010?In this post, I’l...

Read More >

MIGRATION OF ACTIVE DIRECTORY USERS TO FORMS BASED AUTHENTICATION USERS

This document explains step by step information on configuring Form Based Authentication (FBA) in Sh...

Read More >

ViewData and ViewBag in MVC

ASP.NET MVC provides us two options ViewData and ViewBag for passing data from controller to view.Vi...

Read More >

Azure DevOps Server Backup and Restore

In this blog we will see how and why to Azure DevOps Server (earlier named as TFS) data backup. I wi...

Read More >

Create a Virtual Wi-Fi Hotspot for Windows 7 & 8

In this blog, I have added information on how to turn your windows 7 or 8 machine into a Wi-Fi Hotsp...

Read More >

Examples of Selenium Webdriver Scripts

Examples of Selenium Webdriver ScriptsNow its time to code and execute the selenium webdriver script...

Read More >

Share

Try DevOpSmartBoard Ultimate complete Azure DevOps End-to end reporting tool

Sign Up

  • Recent
  • Popular
  • Tag
Tags
Monthly Archive
Subscribe
Name

Text/HTML
Contact Us
  • *
  • *