Authenticating as a GitHub App in a GitHub Actions workflow - Blogs
X
30Sep

Authenticating as a GitHub App in a GitHub Actions workflow

GitHub Apps:

GitHub Apps are first-class actors within GitHub. A GitHub App acts on its own behalf, taking actions via the API directly using its own identity, which means you don't need to maintain a bot or service account as a separate user. If you don’t need to perform actions on behalf of a user, a GitHub Apps might be the right choice for you. You can create and register a GitHub App under your personal account or under any organization you have administrative access.

Steps to create a GitHub Application:

  1. Navigate to the setting page, expand the Developer settings generally, in GitHub we can see two types to create an application GitHub Apps and OAuth apps, Make sure that you’re on the GitHub Apps page click on the New GitHub App.
  2. An application can be owned by an individual user account, or an organization. If you’re using this for work, I’d recommend creating the application under your org.
  3. Provide The GitHub App name and description as per your understanding.
  4. You’ll also need to provide a homepage URL, but this isn’t used by a call back workflow at all, so put in any URL you like.
  5. You don’t need to provide a Call-back URL or Setup URL, and you’ll want to make sure that webhooks are deactivated.
  6. Repository permissions, Organization permissions and/or User permissions should be set to allow the access required for the token that will be issued.
  7. Once Create your application and save your App ID and Private Key in a safe place as you’ll need them both in the configuration. You’ll also need to install it on your account or organization before using it to create authentication tokens.

          App-1

Authentication:

Once you have the GitHub Application created, you will need to install the application on the target organization level or repositories level that you want it to have access to. These will be any repositories that you want to gather information from or want the application to modify as per the scopes that were defined when the application was installed. To use the below workflow action you’ll need to create two secrets in your repository level or organization level APPLICATION_ID and APPLICATION_PRIVATE_KEY using the details you saved when creating an application.

          App-2

Add the below jobs in your workflow:

        App-3

Benefits of using GitHub Application:

  • Regarding security, they give you the time-limited tokens and granular privileges that GITHUB TOKEN gives, as well as the ability to avoid rotating credentials and more.
  • Application tokens are valid for a very short amount of time. By Using the above action, the token is valid for 60 seconds from the moment it’s created. This means that even if it’s leaked by an action, it will be useless almost immediately.
  • There’s no shared account for people to log in to, as this is an application and not an account

Limitations:

  • The user must be an organization owner to create and install a GitHub app in an organization.
  • Each organization can only own up to 100 GitHub Apps.

Conclusion:

Generate credentials with a GitHub App, you can perform actions as a user and mainly It solves the main problems with GITHUB_TOKEN like triggering new workflow runs, posting as an identity other than github [bot] without any of the issues that a PAT introduces.

Reference action repository url : https://github.com/ramesh2051/workflow-application-token-action

Related

Xamarin Forms- Dependency Service (Text To Speech)

Here I am going to explain you how we can use Text to Speech feature in Xamarin Forms without using ...

Read More >

Partnership Program

The Canarys Partner Program:Canarys is all set to expand its business reach across the Globe and is ...

Read More >

Introduction on SignalR

Introduction on SignalRReal–Time Web ApplicationThe real-time web is a set of technologies tha...

Read More >

Canarys has partnered with Openbravo a Spain based ERP solution provider

We are happy to announce our newly acquired partnership with Openbravo, Spain. Openbravo is the prov...

Read More >

Introduction to GitHub Package Registry

GitHub Packages is a software package hosting service that allows you to host your software packages...

Read More >

Locking VMs and Resources Groups with Azure Resource Manager using Azure PowerShell

Hello Folks!In this blog post we will be talking about locking down your Azure Resources with Azure ...

Read More >

T.F.S Webinars Registration

h2{ margin-bottom:10px;}#wrapper{ margin: -40px auto 0; }#wrapper h1{ color:#FFF; text-align:center...

Read More >

Animation with Xamarin Forms

In this Article I am going to show you how we can add animation in our Xamarin Forms Application.

Read More >

How to handle the exceptions using recovery scenario manager in QTP?

VB script Error HandlingDurning run time, if QTP encounters any erorr then it will display the error...

Read More >

Product Development

vinay.ramamurthy

Read More >

Share

Try DevOpSmartBoard Ultimate complete Azure DevOps End-to end reporting tool

Sign Up

  • Recent
  • Popular
  • Tag
Monthly Archive
Subscribe
Name

Text/HTML
Contact Us
  • *
  • *