Closed Afoucaul closed 3 months ago
That seems to start happening after exactly 1h.
That is by design. Installation access tokens expire after 1h, there is no way to extend it, I'm afraid. We should probably document that in the README for folks who don't know. We could even log out a message for folks to see when they investigate problems. We could also export the expiration time as an additional output 🤔
Thanks for the insight! Now I know it's expected, I'll look for a workaround 🙂
For long-running processes, I usually write my actions to accept the app ID and private key. If you build your action in JS/TS, you can use the App
constructor which provides lots of helpful APIs: https://github.com/octokit/octokit.js?tab=readme-ov-file#app-client. If you use the app.getInstallationOctokit(installationId)
API, the returned octokit
instance will auto-renew the installation access token.
If you want something lower-level, you can use @octokit/auth-app
: https://github.com/octokit/auth-app.js?tab=readme-ov-file#authenticate-as-installation. When you use the authentication strategy with an Octokit
constructor, it will auto-renew the installation access token as well.
That is by design. Installation access tokens expire after 1h, there is no way to extend it, I'm afraid. We should probably document that in the README for folks who don't know.
Please do! I wasn't aware of this limitation and started relying on the app in my workflows. I would have re-evaluated if this limitation was documented. I suggest also mentioning the auto-renewal options you listed.
Please do!
can you have a look and tell if it is clear? https://github.com/actions/create-github-app-token/pull/141
Perfect
I'm running a workflow (
target-workflow.yml
) in another repository (target-repo
) of my organization using https://github.com/aurelien-baudet/workflow-dispatch (v2). To that end I'm generating an app token withactions/create-github-app-token@v1
. I can generate the token with no issues, andaurelien-baudet/workflow-dispatch@v2
manages to triggertarget-workflow.yml
all right as well. However, after some time, fetching the status oftarget-workflow
starts to fail withWarning: Failed to get workflow status: Bad credentials
. This causes my parent job to fail. That seems to start happening after exactly 1h.Am I correct that the token expires after 1h? Is it documented somewhere? Also, is there a way to extend the lifetime of this token? Otherwise, do you suggest a workaround?
My workflow:
The output of
aurelien-baudet/workflow-dispatch@v2
step: