Skip to content

Commit 22d865b

Browse files
committed
Add a shell script to authenticate with gh as an App
In Git for Windows' automation, we do a lot with Javascript, but sometimes it is also convenient to use the GitHub CLI (`gh`) in a shell script. Sadly, the scope of the `GITHUB_TOKEN` provided in GitHub workflows is often too limited, and we'd like to authenticate as a GitHub App instead. Even more sadly, authenticating with `gh` this way is quite complicated and fraught with problems because the token _needs_ to be masked in the GitHub workflow logs. Rejoice! This patch brings a shell script that hides all that nasty complexity. All it needs are the environment variables: - GH_APP_ID - GH_APP_PRIVATE_KEY - GITHUB_REPOSITORY and of course `gh` on the `PATH`. That's it! Signed-off-by: Johannes Schindelin <[email protected]>
1 parent 7f0fe34 commit 22d865b

File tree

1 file changed

+25
-0
lines changed

1 file changed

+25
-0
lines changed

gh-cli-auth-as-app.sh

Lines changed: 25 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,25 @@
1+
#!/bin/sh
2+
3+
node -e '(async () => {
4+
const [owner, repo] = process.env.GITHUB_REPOSITORY.split("/")
5+
const getAppInstallationId = require("./get-app-installation-id")
6+
const installationId = await getAppInstallationId(
7+
console,
8+
process.env.GH_APP_ID,
9+
process.env.GH_APP_PRIVATE_KEY,
10+
owner,
11+
repo
12+
)
13+
const getInstallationAccessToken = require("./get-installation-access-token")
14+
const token = await getInstallationAccessToken(
15+
console,
16+
process.env.GH_APP_ID,
17+
process.env.GH_APP_PRIVATE_KEY,
18+
installationId
19+
)
20+
process.stderr.write(`::add-mask::${token.token}\n`)
21+
process.stdout.write(token.token)
22+
})().catch(e => {
23+
process.stderr.write(JSON.stringify(e, null, 2))
24+
process.exit(1)
25+
})' | gh auth login --with-token

0 commit comments

Comments
 (0)