Skip to content

Latest commit

 

History

History
44 lines (31 loc) · 2.64 KB

README.md

File metadata and controls

44 lines (31 loc) · 2.64 KB

Save App Token to Secrets

A GitHub App to save or update it's installation token into the secrets of current repo, then we can use the token to replace `secrets.GITHUB_TOKEN` in our workflows.

Motivation

The app's installation token can be used to impersonate a GitHub App when secrets.GITHUB_TOKEN's limitations are too restrictive and a personal access token is not suitable. secrets.GITHUB_TOKEN has limitations such as not being able to triggering a new workflow from another workflow. A workaround is to use a personal access token from a personal user/bot account. However, for organizations, GitHub Apps are a more appropriate automation solution.

Usage

Visit the installation page and install the GitHub App on your repositories. That's all there is to it ❤️

Two secrets with name APP_NAME and APP_TOKEN will be created or updated before any workflow run, so we can use the secrets in our workflow.

- name: Semantic Release
  uses: cycjimmy/semantic-release-action@v2
  with:
    extra_plugins: |
      @semantic-release/changelog
      @semantic-release/git
  env:
    NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
    # use `secrets.APP_TOKEN` to replace `secrets.GITHUB_TOKEN`
    GITHUB_TOKEN: ${{ secrets.APP_TOKEN }}
    # use `${{ secrets.APP_NAME }}` as needed
    GIT_AUTHOR_NAME: ${{ secrets.APP_NAME }}[bot]
    GIT_AUTHOR_EMAIL: ${{ secrets.APP_NAME }}[bot]@users.noreply.github.com
    GIT_COMMITTER_NAME: ${{ secrets.APP_NAME }}[bot]
    GIT_COMMITTER_EMAIL: ${{ secrets.APP_NAME }}[bot]@users.noreply.github.com

Deploy

This app only be used for demonstration which was deployed on Netlify. Fork the source code and follow the tutorial to deploy your own app with custom permissions, bot name, avatar, etc.

License

The scripts and documentation in this project are released under the MIT License