Authentication via GitHub Apps #158
Comments
|
I also want to know what minimal permissions and scope we add to a GitHub App. |
|
@mattcosta7 running into this issue with a customer of mine. They're using a GitHub app to generate a token, but they're getting the following error when running this action: |
|
passing this on for triage |
|
I would also like to implement this in this way. |
|
👋 Thank you for reporting this issue! I wanted to post an update here to let you know that we are aware of this issue and have bumped it up in priority and are tracking it in our internal backlog. I'm sorry we don't have a resolution here yet (other than using a PAT), but we are looking into it, and we will post back when we have an update. |
|
FWIW I'm using this successfully with GitHub Apps using https://github.com/vidavidorra/github-app-token with following permissions. Example workflow: https://github.com/vidavidorra/roadmap/blob/main/.github/workflows/triage.yml.
workflow codename: Add issue to project
on:
issues:
types: opened
jobs:
add-issue-to-project:
name: Add issue to project
runs-on: ubuntu-latest
steps:
- name: Generate token
id: generate_token
uses: vidavidorra/github-app-token
with:
appId: ${{ secrets.TRIAGE_APP_ID }}
privateKey: ${{ secrets.TRIAGE_PRIVATE_KEY }}
- uses: actions/add-to-project@a9f041ddd462ed185893ea1024cec954f50dbe42 # renovate: tag=v0.3.0
with:
project-url: https://github.com/orgs/vidavidorra/projects/2
github-token: ${{ steps.generate_token.outputs.token }} |
|
I'm not sure what issues people are running into here, similar to @jdbruijn I was able to get this to work using tibdex/github-app-token that is in the example docs: https://docs.github.com/en/issues/planning-and-tracking-with-projects/automating-your-project/automating-projects-using-actions#github-actions-workflows Full workflow: |
|
Thanks for your patience with us everyone. I've deployed a fix to the GraphQL API for Projects which should allow private projects to be visible to GitHub Apps where they have been granted read or write permissions to the organization.
@peaceiris The GitHub app will need read and write access to the organization to be able to add items to the project:
@ssulei7 I'd recommend checking they gave the application write access to the organization projects (and also ensured the installation was updated if they changed settings) as this sounds like the GraphQL endpoint being called by the action blocked the app from adding an item to the project. I'll check back in after the weekend to see if anyone else is still encountering issues in this area. |
|
Hello! I was pointed here by support from a ticket. We are still encountering this issue when trying to send issues from a private repo to a private project. The GitHub App (which we're using to generate tokens) has been confirmed to have the correct permissions, but we're still getting the |
|
If the required usage with org level projects is to use a GitHub app rather than a PAT, can the README please be updated with that info? |
|
|
and others
I'm trying to set up automation for an organization project. Following this guidance, I would need to use a GitHub App for an organization project. Currently, this action's configuration requires a personal access token but I don't believe that will provide access to an organization project. Therefore, I'm requesting the capability of authenticating via a GitHub App.
Please let me know if I have any misunderstandings. Thanks!
The text was updated successfully, but these errors were encountered: