Support for GitHub Apps as an authentication method #345
Labels
enhancement
New feature or request
Comments
|
I just found that #265 considered using GitHub Apps (despite the title talking about $GITHUB_TOKEN) and it has the reason why it would need a refactor |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
TL;DR
Currently legitify requires a personal access token belonging to a user that has admin permissions over the repository. GitHub provides GitHub Apps as a way for automations to talk to the GitHub API, which provides the option to use fine grained permissions to only give the tool the access it needs. This would be a good fit for automated workflows (e.g. the GitHub Action).
Detailed design
Additional information
Once an app is installed on a repository, the https://github.com/actions/create-github-app-token action can be used to create a temporary GitHub token for it, and this token then can be used to interact with the GitHub API. However this token doesn't work with legitify right now, since legitify checks if the token belongs to a user that's admin of the repository here, and this won't be true, so legitify exits with
Error: repository <org>/<repo> insufficient permissions.I'm not sure which exact permissions legitify would need to work, however I know that GitHub Apps can create and manage repository settings (e.g. one can manage repositories with terraform using a GitHub App), so I'd expect most of the information to be accessible by GitHub Apps.
The text was updated successfully, but these errors were encountered: