Open moop-moop opened 11 months ago
Hi @moop-moop
Thanks for your request. Just double checking, as per this comment:
Nearly all GitHub actions should work with GitHub App authentication, if the correct permissions are assigned to the GitHub App.
you are saying the current GitHub app is not ideal to your case right? This is the current Pipedream app for GitHub> https://pipedream.com/apps/github
I-d appreciate your confirmation, just to see if I understand properly the request.
Hi @moop-moop
Thanks for your request. Just double checking, as per this comment:
you are saying the current GitHub app is not ideal to your case right? This is the current Pipedream app for GitHub> https://pipedream.com/apps/github
I-d appreciate your confirmation, just to see if I understand properly the request.
Yes. I want to authorize pipedream through my simple custom GitHub app. Using Pipedream's GitHub App still requires my account:
Using a simple custom GitHub App with defined permissions and repository access would not require an account.
noted. thanks for input! we'll keep you posted
@moop-moop to confirm, you'd expect to input your app's access token as the means of authorizing, is that correct?
Would using your own GitHub OAuth client be an acceptable solution as well, or does a GitHub app specifically better suit your needs?
I was thinking more of the this: Authenticating as a GitHub App installation https://docs.github.com/en/enterprise-cloud@latest/apps/creating-github-apps/authenticating-with-a-github-app/authenticating-as-a-github-app-installation
So the inputs would be:
This approach is arguably better for organizational level system to system interactions. https://docs.github.com/en/enterprise-cloud@latest/apps/oauth-apps/building-oauth-apps/differences-between-github-apps-and-oauth-apps
Using our own Github OAuth client would still essentially use the persmissions of a user.
Nathan -
That's a very strategically put approach to the authentication, so to speak.
One question, regarding GitHub App, do you see possible being able to invoke the GitHub workflow to get the access token externally from a Pipedream workflow?
Curious to read your answer, honestly, I'm not very familiar with GitHub workflows part.
I don't think it requires the use of any GitHub Workflow. It could should be all native to Pipedream. My original post just included examples of how to implement an approach:
And also the GitHub documentation includes examples using Ocktokit JS library: https://docs.github.com/en/apps/creating-github-apps/authenticating-with-a-github-app/authenticating-as-a-github-app-installation#using-octokitjs-to-authenticate-with-an-installation-id
I would glady implement it myself, I just don't have time right now. So I made a suggestion for enhancement.
It could should be all native to Pipedream.
I agree. Just checking possibilities. Thanks for clarifying!
Name of app / service GitHub App
Link to developer documentation
Here is how we do something similar with
bash
:Is lack of support preventing you from building workflows, or do you have a workaround? There are less ideal work-arounds. Authentication as a GitHub application would allow better security for organization level security. It is easier to maintain than personal account connections or machine accounts. We use this approach in our GitHub Actions. Someone even created a nice GitHub action for it specifically. See third link above: peter-murray/workflow-application-token-action
Are there specific actions, or triggers, you'd like to see for this app? Please let us know here or use the Action and Trigger issue templates to open requests for each! Nearly all GitHub actions should work with GitHub App authentication, if the correct permissions are assigned to the GitHub App. It's a little more complicated to set up overall, but independent of any individual accounts.