Closed whilefoo closed 8 months ago
0x4007
commented
8 months ago It looks like you're talking about the "app private key" for the GitHub App.
I don't have any other ideas other than clear documentation and perhaps trying to abstract this behavior away with some helper/wrapper function anytime we need to manipulate the key in the code.
whilefoo
commented
8 months ago We will have to think how to make setting up the bot as easy as possible. Currently you have to do everything manually, probot has a nice setup where you open a website and it guides you to make a new Github App and then it will automatically fill all env variables.
It looks like they use Github App manifest which redirects user to Github App creation page with some pre-filled values and when user completes the procedure, it redirects back with a temporary code which you can use to get the app's ID, private key and webhook secret.
There is an issue regarding private key. Github generates a private key in PKCS#1 format but Octokit wants PKCS#8. It's possible to convert it to PKCS#8 using Node's crypto module but Cloudflare's crypto module is different and doesn't support PKCS#1.
Cloudflare has Node compatibility option but it looks like they don't have createPrivateKey implemented in the crypto module which we need for this conversion to work. Most third-party libraries rely on Node so it's not an option either.
We could put instructions in the README to convert it to PKCS#8 using
opensslbut I'd like to avoid that if possible because I think it's bad DX but maybe it's our only option. @pavlovcik what do you think?