feat(create-github-app-token): adding create-github-app-token action #1144
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
eloymg
changed the title
eloymg
force-pushed
the
create-github-app-token
branch
from
ef3513d to
6fba5d5
Compare
zerok
reviewed
Jul 18, 2025
| VAULT_URL="https://vault-github-actions.grafana-${VAULT_INSTANCE}.net" | ||
| curl --fail -H "X-Vault-Token: ${{ steps.auth-vault.outputs.vault_token }}" \ | ||
| -H "Proxy-Authorization-Token: Bearer ${{ steps.get-github-jwt-token.outputs.github-jwt }}" \ | ||
| "{$VAULT_URL}/v1/github-app-${GITHUB_APP}/token/${REPOSITORY_NAME}-${{ steps.normalize-workflow-name.outputs.ref_sha }}-${PERMISSION_SET}" | jq -r '.data.token' > github_token.txt |
There was a problem hiding this comment.
The github_token.txt file can be deleted after this step, right?
| REPOSITORY_NAME: ${{ github.event.repository.name }} | ||
| PERMISSION_SET: ${{ inputs.permission_set}} | ||
| run: | | ||
| VAULT_URL="https://vault-github-actions.grafana-${VAULT_INSTANCE}.net" |
There was a problem hiding this comment.
Since you're using this URL in multiple places, please move that into an environment variable for the whole job or use a step to set it 🙂
| - id: get-github-token | ||
| uses: grafana/shared-workflows/actions/create-github-app-token@create-github-app-token/v0.1.0 | ||
| with: | ||
| github_app: github-app-name |
There was a problem hiding this comment.
Could you please add also a set of permissions here to that the format is clear to users? 🙂
Comment on lines
1
to
2
| name: Create Github App Token | ||
| description: Composite action (step) to get create github app token using vault. |
There was a problem hiding this comment.
Suggested change
| name: Create Github App Token | |
| description: Composite action (step) to get create github app token using vault. | |
| name: Create GitHub App Token | |
| description: Composite action (step) to get create GitHub app token using Vault. |
| | jq -r '.auth.client_token' > vault_token.txt | ||
| echo "vault_token=$(cat vault_token.txt)" >> $GITHUB_OUTPUT | ||
|
|
||
| - name: Get Github Token |
There was a problem hiding this comment.
Suggested change
| - name: Get Github Token | |
| - name: Get GitHub Token |
Co-Authored-By: Horst <[email protected]>
|
@zerok Thank you for the review! :D I added some of the suggestions and other little improvements |
zerok
approved these changes
Jul 21, 2025
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Adding github actions to use vault Github app token broker