actions/renovatebot-github
1
0
Fork 0
mirror of https://github.com/renovatebot/github-action.git synced 2025-12-16 08:52:35 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 6

docs: update github app token vending to non-archived action (#691)

Browse source
This commit is contained in:
Andrew McEdwards 2023-02-03 14:47:56 -05:00 committed by GitHub
parent 0a8bd9aa4a
commit f096e809c4
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 6 additions and 10 deletions
Download patch file Download diff file Expand all files Collapse all files

16
README.md
View file

@ -86,15 +86,11 @@ jobs:
Instead of using a Personal Access Token (PAT) that is tied to a particular user you can use a [GitHub App](https://docs.github.com/en/developers/apps/building-github-apps) where permissions can be even better tuned. [Create a new app](https://docs.github.com/en/developers/apps/creating-a-github-app) and configure the app permissions and your `config.js` as described in the [Renovate documentation](https://docs.renovatebot.com/modules/platform/github/#running-as-a-github-app).
Store the app ID as a secret with name `APP_ID` and generate a new private key for the app and add it as a secret to the repository as `APP_PEM` in the repository where the action will run from. Note that `APP_PEM` needs to be base64 encoded. You can encode your private key file like this from the terminal on Linux (omit the `-w 0` if you're on a Mac):
```bash
cat your_app_key.pem | base64 -w 0
```
Generate and download a new private key for the app, adding the contents of the downloaded `.pem` file to _Secrets_ (repository settings) with the name `private_key` and app ID as a secret with name `app_id`.
Adjust your Renovate configuration file to specify the username of your bot.
Going forward we will be using the [machine-learning-apps/actions-app-token](https://github.com/machine-learning-apps/actions-app-token) action in order to exchange the GitHub App certificate for an access token that renovate can use.
Going forward we will be using the [tibdex/github-app-token](https://github.com/tibdex/github-app-token) action in order to exchange the GitHub App certificate for an access token that renovate can use.
The final workflow will look like this:
@ -111,10 +107,10 @@ jobs:
steps:
- name: Get token
id: get_token
uses: machine-learning-apps/actions-app-token@master
uses: tibdex/github-app-token@v1
with:
APP_PEM: ${{ secrets.APP_PEM }}
APP_ID: ${{ secrets.APP_ID }}
private_key: ${{ secrets.private_key }}
app_id: ${{ secrets.app_id }}
- name: Checkout
uses: actions/checkout@v3.3.0
@ -123,7 +119,7 @@ jobs:
uses: renovatebot/github-action@v34.82.0
with:
configurationFile: example/renovate-config.js
token: 'x-access-token:${{ steps.get_token.outputs.app_token }}'
token: '${{ steps.get_token.outputs.token }}'
```
## Environment Variables