Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Support Request (Maybe Feature): How do we use ephemeral Github tokens with this? #124

Open
crouth-redge opened this issue Aug 15, 2023 · 0 comments

Comments

@crouth-redge
Copy link

Is your feature request related to a problem? Please describe.

I'm trying to use this in tandem with https://github.com/tenjaa/concourse-github-app-token which uses an App ID and priv key to request an ephemeral token rather than relying on an individuals personal access token, however since this requires the token be defined at the resource level, I'm not sure how to get the token passed to the in: stage on a get task.

We're doing enough requests that we must have a token to query for releases or else we hit the API limit.

Describe the solution you'd like

I should be able to pass a github access token in at the in: stage so I can do the following with the two resources:

  - name: github-token
    type: github-token-resource
    source:
      appId: 123456 # can be looked up on the overview page of your app
      privateKey: ((pem_private_key_secret)) # https://docs.github.com/en/developers/apps/authenticating-with-github-apps#generating-a-private-key
      org: OurTeamsOrg # get a token for an app installed to an org account

  - name: gh-goss-release
    type: github-release
    check_every: never
    source:
      owner: aelsabbahy
      repository: goss
      tag_filter: "^v([^-]|-[^r]|-r[^c].)*$"

jobs:
 - name: get-3rd-party-packages-and-sync-to-internal-repo
    plan:
       - put: github-token # put forces to get a new token, even when rerunning a build (https://concourse-ci.org/builds.html#build-rerunning)
      - load_var: token
        file: github-token/token
        
      - get: gh-goss-release
        params:
          access_token: ((token))

Describe alternatives you've considered

Not sure there's another way to properly do this auth without creating accounts for bots which is against Githubs current policies/best practices.

Additional context

I may have missed something, if this is possible already please educate.

@crouth-redge crouth-redge changed the title Support Request (Maybe Feature): How do we use ephermeral Github tokens with this? Support Request (Maybe Feature): How do we use ephemeral Github tokens with this? Aug 15, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

1 participant