From 22569b0e120be58349de06a2f63227912dfc02bb Mon Sep 17 00:00:00 2001 From: Dan Raviv Date: Thu, 23 May 2024 20:26:17 -0700 Subject: [PATCH 1/2] Modify example to demonstrate support for checking out private submodules --- README.md | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 57c20217..6f1bd8ad 100644 --- a/README.md +++ b/README.md @@ -99,11 +99,14 @@ jobs: app-id: ${{ vars.APP_ID }} private-key: ${{ secrets.PRIVATE_KEY }} owner: ${{ github.repository_owner }} - - uses: peter-evans/create-or-update-comment@v3 + - uses: actions/checkout@v4 with: token: ${{ steps.app-token.outputs.token }} - issue-number: ${{ github.event.issue.number }} - body: "Hello, World!" + ref: ${{ github.head_ref }} + # Access allowed to private submodules in the current owner's installation + submodules: recursive + # Make sure the value of GITHUB_TOKEN will not be persisted in repo's config + persist-credentials: false ``` ### Create a token for multiple repositories in the current owner's installation From 0547a1be29f3127662a6c6731faa77584d56d911 Mon Sep 17 00:00:00 2001 From: Dan Raviv Date: Thu, 23 May 2024 19:57:51 -0700 Subject: [PATCH 2/2] Add basic auth support --- README.md | 23 +++++++++++++++++++++++ action.yml | 2 ++ dist/main.cjs | 3 +++ lib/main.js | 4 ++++ 4 files changed, 32 insertions(+) diff --git a/README.md b/README.md index 6f1bd8ad..65c63f01 100644 --- a/README.md +++ b/README.md @@ -109,6 +109,29 @@ jobs: persist-credentials: false ``` +### Use token for all repositories in the current owner's installation, encoded for http basic auth + +```yaml +on: [pull_request] + +jobs: + auto-format: + runs-on: ubuntu-latest + steps: + - uses: actions/create-github-app-token@v1 + id: app-token + with: + app-id: ${{ vars.APP_ID }} + private-key: ${{ secrets.PRIVATE_KEY }} + owner: ${{ github.repository_owner }} + - env: + GIT_CONFIG_COUNT: 1 + GIT_CONFIG_KEY_0: http.https://github.com/.extraheader + GIT_CONFIG_VALUE_0: "AUTHORIZATION: basic ${{ steps.app-token.outputs.basic-auth-credentials }}" + # Access allowed to private submodules in the current owner's installation + run: git clone --recurse-submodules --shallow-submodules https://github.com/${{ github.repository }} +``` + ### Create a token for multiple repositories in the current owner's installation ```yaml diff --git a/action.yml b/action.yml index 09cc8fad..72b9b5ea 100644 --- a/action.yml +++ b/action.yml @@ -40,6 +40,8 @@ inputs: outputs: token: description: "GitHub installation access token" + basic-auth-credentials: + description: "HTTP basic auth credentials using the access token" installation-id: description: "GitHub App installation ID" app-slug: diff --git a/dist/main.cjs b/dist/main.cjs index a96b5c02..4a6897d1 100644 --- a/dist/main.cjs +++ b/dist/main.cjs @@ -39747,8 +39747,11 @@ async function main(appId2, privateKey2, owner2, repositories2, core3, createApp retries: 3 })); } + let basicAuthCredentials = btoa("x-access-token:" + authentication.token); core3.setSecret(authentication.token); + core3.setSecret(basicAuthCredentials); core3.setOutput("token", authentication.token); + core3.setOutput("basic-auth-credentials", basicAuthCredentials); core3.setOutput("installation-id", installationId); core3.setOutput("app-slug", appSlug); if (!skipTokenRevoke2) { diff --git a/lib/main.js b/lib/main.js index d6852778..50d77ac0 100644 --- a/lib/main.js +++ b/lib/main.js @@ -94,10 +94,14 @@ export async function main( })); } + let basicAuthCredentials = btoa("x-access-token:" + authentication.token) + // Register the token with the runner as a secret to ensure it is masked in logs core.setSecret(authentication.token); + core.setSecret(basicAuthCredentials); core.setOutput("token", authentication.token); + core.setOutput("basic-auth-credentials", basicAuthCredentials); core.setOutput("installation-id", installationId); core.setOutput("app-slug", appSlug);