NAIS team app
GitHub App
NAIS team app
GitHub App
NAIS team app provides a way to push to remote repositories without personal access tokens.
This application has access to push to certain repositories through short lived tokens that are generated on demand.
The specific permissions the app requires are:
- Read access to metadata
- Read and write access to code
Installation
In order to authorize this application to write to a specific repository, a few things need to be sorted out.
- The application gets installed to the specific repository (repo A).
- If the application is intended to write to a protected branch, the application must have permissions to bypass it (
Settings -> Branches -> Branch protection rules
)
- If the application is intended to write to a protected branch, the application must have permissions to bypass it (
- In repo B, the repository that wants to push to repo A, an application manager must provide the App ID and a private key as a Secret.
With this in place, a GitHub Action in repo B can generate an installation access token that is valid for pushing to repo A.
name: Push a useless file to my-org/repo-A
on: push
jobs:
push-to-remote:
steps:
- uses: navikt/github-app-token-generator@v1
id: get-token
with:
private-key: ${{ secrets.NAIS_APP_PRIVATE_KEY }} # Private key from NAIS team app
app-id: ${{ secrets.NAIS_APP_ID }} # App ID from NAIS team app
repo: my-org/repo-A # a repository that NAIS team app is installed on
- uses: actions/checkout@v2
with:
repository: my-org/repo-A
token: ${{ steps.get-token.outputs.token }} # installation access token from the previous step
path: repo-A
- name: Commit useless file in repo-A
run: |
cd repo-A
git config user.name "$GITHUB_ACTOR" # act on behalf of the user who triggered this action
git config user.email "$GITHUB_ACTOR@users.noreply.github.com"
touch useless-file
git add .
git --no-pager diff --cached
git commit --no-verify -a -m "Add useless-file"
git push
Developer
NAIS team app is provided by a third-party and is governed by separate terms of service, privacy policy, and support documentation.
Report abuse