@@ -79,11 +79,53 @@ jobs:
7979 # required
8080 app-id: ${{ vars.APP_ID }}
8181 private-key: ${{ secrets.PRIVATE_KEY }}
82+ - name: Get GitHub App User ID
83+ id: get-user-id
84+ run: echo "user-id=$(gh api "/users/${{ steps.app-token.outputs.app-slug }}[bot]" --jq .id)" >> "$GITHUB_OUTPUT"
85+ env:
86+ GH_TOKEN: ${{ steps.app-token.outputs.token }}
8287 - id: committer
83- run: echo "string=${{steps.app-auth .outputs.app-slug}}[bot] <${{ steps.app-auth .outputs.installation -id }}+${{ steps.app-auth .outputs.app-slug }}[bot]@users.noreply.github.com>" >> "$GITHUB_OUTPUT"
84- - run: echo "committer string is ${{steps.committer.outputs.string}}"
88+ run: echo "string=${{ steps.app-token .outputs.app-slug }}[bot] <${{ steps.get-user-id .outputs.user -id }}+${{ steps.app-token .outputs.app-slug }}[bot]@users.noreply.github.com>" >> "$GITHUB_OUTPUT"
89+ - run: echo "committer string is ${ {steps.committer.outputs.string }}"
8590` ` `
8691
92+ # ## Configure git CLI for an app's bot user
93+
94+ ` ` ` yaml
95+ on: [pull_request]
96+
97+ jobs:
98+ auto-format:
99+ runs-on: ubuntu-latest
100+ steps:
101+ - uses: actions/create-github-app-token@v1
102+ id: app-token
103+ with:
104+ # required
105+ app-id: ${{ vars.APP_ID }}
106+ private-key: ${{ secrets.PRIVATE_KEY }}
107+ - name: Get GitHub App User ID
108+ id: get-user-id
109+ run: echo "user-id=$(gh api "/users/${{ steps.app-token.outputs.app-slug }}[bot]" --jq .id)" >> "$GITHUB_OUTPUT"
110+ env:
111+ GH_TOKEN: ${{ steps.app-token.outputs.token }}
112+ - run: |
113+ git config --global user.name '${{ steps.app-token.outputs.app-slug }}[bot]'
114+ git config --global user.email '${{ steps.get-user-id.outputs.user-id }}+${{ steps.app-token.outputs.app-slug }}[bot]@users.noreply.github.com>'
115+ # git commands like commit work using the bot user
116+ - run: |
117+ git add .
118+ git commit -m "Auto-generated changes"
119+ git push
120+ ` ` `
121+
122+ > [!TIP]
123+ > The `<BOT USER ID>` is the numeric user ID of the app's bot user, which can be found under `https://api.github.com/users/<app-slug>%5Bbot%5D`.
124+ >
125+ > For example, we can check at `https://api.github.com/users/dependabot[bot]` to see the user ID of Dependabot is 49699333.
126+ >
127+ > Alternatively, you can use the [octokit/request-action](https://github.com/octokit/request-action) to get the ID.
128+
87129# ## Create a token for all repositories in the current owner's installation
88130
89131` ` ` yaml
@@ -165,7 +207,7 @@ jobs:
165207 set-matrix:
166208 runs-on: ubuntu-latest
167209 outputs:
168- matrix: ${{steps.set.outputs.matrix }}
210+ matrix: ${{ steps.set.outputs.matrix }}
169211 steps:
170212 - id: set
171213 run: echo 'matrix=[{"owner":"owner1"},{"owner":"owner2","repos":["repo1"]}]' >>"$GITHUB_OUTPUT"
@@ -236,6 +278,24 @@ jobs:
236278
237279**Required:** GitHub App private key. Escaped newlines (`\\n`) will be automatically replaced with actual newlines.
238280
281+ Some other actions may require the private key to be Base64 encoded. To avoid recreating a new secret, it can be decoded on the fly, but it needs to be managed securely. Here is an example of how this can be achieved :
282+
283+ ` ` ` yaml
284+ steps:
285+ - name: Decode the GitHub App Private Key
286+ id: decode
287+ run: |
288+ private_key=$(echo "${{ secrets.PRIVATE_KEY }}" | base64 -d | awk 'BEGIN {ORS="\\ n"} {print}' | head -c -2) &> /dev/null
289+ echo "::add-mask::$private_key"
290+ echo "private-key=$private_key" >> "$GITHUB_OUTPUT"
291+ - name: Generate GitHub App Token
292+ id: app-token
293+ uses: actions/create-github-app-token@v1
294+ with:
295+ app-id: ${{ vars.APP_ID }}
296+ private-key: ${{ steps.decode.outputs.private-key }}
297+ ` ` `
298+
239299# ## `owner`
240300
241301**Optional:** The owner of the GitHub App installation. If empty, defaults to the current repository owner.
0 commit comments