actions/renovatebot-github
1
0
Fork 0
mirror of https://github.com/renovatebot/github-action.git synced 2025-12-16 17:02:36 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 5

docs: update github app token vending to non-archived action (#691)

Browse source
This commit is contained in:
Andrew McEdwards 2023-02-03 14:47:56 -05:00 committed by GitHub
parent 0a8bd9aa4a
commit f096e809c4
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 6 additions and 10 deletions
Download patch file Download diff file Expand all files Collapse all files

16
README.md
View file

@ -86,15 +86,11 @@ jobs:
Instead of using a Personal Access Token (PAT) that is tied to a particular user you can use a [GitHub App](https://docs.github.com/en/developers/apps/building-github-apps) where permissions can be even better tuned. [Create a new app](https://docs.github.com/en/developers/apps/creating-a-github-app) and configure the app permissions and your `config.js` as described in the [Renovate documentation](https://docs.renovatebot.com/modules/platform/github/#running-as-a-github-app). Instead of using a Personal Access Token (PAT) that is tied to a particular user you can use a [GitHub App](https://docs.github.com/en/developers/apps/building-github-apps) where permissions can be even better tuned. [Create a new app](https://docs.github.com/en/developers/apps/creating-a-github-app) and configure the app permissions and your `config.js` as described in the [Renovate documentation](https://docs.renovatebot.com/modules/platform/github/#running-as-a-github-app).
Store the app ID as a secret with name `APP_ID` and generate a new private key for the app and add it as a secret to the repository as `APP_PEM` in the repository where the action will run from. Note that `APP_PEM` needs to be base64 encoded. You can encode your private key file like this from the terminal on Linux (omit the `-w 0` if you're on a Mac): Generate and download a new private key for the app, adding the contents of the downloaded `.pem` file to _Secrets_ (repository settings) with the name `private_key` and app ID as a secret with name `app_id`.
```bash
cat your_app_key.pem | base64 -w 0
```
Adjust your Renovate configuration file to specify the username of your bot. Adjust your Renovate configuration file to specify the username of your bot.
Going forward we will be using the [machine-learning-apps/actions-app-token](https://github.com/machine-learning-apps/actions-app-token) action in order to exchange the GitHub App certificate for an access token that renovate can use. Going forward we will be using the [tibdex/github-app-token](https://github.com/tibdex/github-app-token) action in order to exchange the GitHub App certificate for an access token that renovate can use.
The final workflow will look like this: The final workflow will look like this:
@ -111,10 +107,10 @@ jobs:
steps: steps:
- name: Get token - name: Get token
id: get_token id: get_token
uses: machine-learning-apps/actions-app-token@master uses: tibdex/github-app-token@v1
with: with:
APP_PEM: ${{ secrets.APP_PEM }} private_key: ${{ secrets.private_key }}
APP_ID: ${{ secrets.APP_ID }} app_id: ${{ secrets.app_id }}
- name: Checkout - name: Checkout
uses: actions/checkout@v3.3.0 uses: actions/checkout@v3.3.0
@ -123,7 +119,7 @@ jobs:
uses: renovatebot/github-action@v34.82.0 uses: renovatebot/github-action@v34.82.0
with: with:
configurationFile: example/renovate-config.js configurationFile: example/renovate-config.js
token: 'x-access-token:${{ steps.get_token.outputs.app_token }}' token: '${{ steps.get_token.outputs.token }}'
``` ```
## Environment Variables ## Environment Variables