Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Create an automation GitHub App for actions #936

Open
legendecas opened this issue Dec 12, 2024 · 0 comments
Open

Create an automation GitHub App for actions #936

legendecas opened this issue Dec 12, 2024 · 0 comments

Comments

@legendecas
Copy link
Member

legendecas commented Dec 12, 2024

To automate common workflows like release-please and dependency updaters, a personal access token or a github app installation token is required to trigger subsequent GitHub Action workflows.

When you use the repository's GITHUB_TOKEN to perform tasks, events triggered by the GITHUB_TOKEN will not create a new workflow run. This prevents you from accidentally creating recursive workflow runs.
https://docs.github.com/en/actions/writing-workflows/choosing-when-your-workflow-runs/triggering-a-workflow#triggering-a-workflow-from-a-workflow

However, GitHub does not allow creating PAT via API. This makes it awkward to automate token creation.

I propose creating a GitHub App in the @nodejs organization with the following permissions:

  • contents: write and pull-requests: write (permissions to create tags and pull requests, requested by release-please and for dependency updaters),
  • This GitHub App needs explicit granting to specific repositories, via explicit requests in the admin repo,
  • Only allow this GitHub App to be installed on the @nodejs account.

With this new GitHub app, new github action workflows can follow https://docs.github.com/en/apps/creating-github-apps/authenticating-with-a-github-app/making-authenticated-api-requests-with-a-github-app-in-a-github-actions-workflow to automate the token authentication. (example)

Granting the app to a repository still needs registering in this admin repo for awareness.

This is only for common workflows. Requesting permissions for customized workflows that need additional permissions should still follow the steps in https://github.com/nodejs/admin/blob/main/request-an-access-token.md.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant