From 0080eef4e7aec784491803d766a77a220be78bd3 Mon Sep 17 00:00:00 2001 From: Marius Storhaug Date: Sun, 10 Nov 2024 01:08:22 +0100 Subject: [PATCH 1/8] Add ability to log on with GitHub App --- .github/workflows/Action-Test.yml | 31 +++++++---------- README.md | 55 +++++++++++++++++++++++++++---- action.yml | 10 +++++- scripts/main.ps1 | 16 ++++----- 4 files changed, 77 insertions(+), 35 deletions(-) diff --git a/.github/workflows/Action-Test.yml b/.github/workflows/Action-Test.yml index bab8397..9e90c1e 100644 --- a/.github/workflows/Action-Test.yml +++ b/.github/workflows/Action-Test.yml @@ -44,8 +44,8 @@ jobs: "This is a group" } - ActionTestWithVersion: - name: Action-Test - [WithVersion] + ActionTestWithoutToken: + name: Action-Test - [WithoutToken] runs-on: ubuntu-latest steps: # Need to check out as part of the test, as its a local action @@ -55,8 +55,7 @@ jobs: - name: Action-Test uses: ./ with: - Verbose: true - Version: 0.8.4 + Token: '' Script: | LogGroup "Get-GitHubZen" { Get-GitHubZen @@ -66,34 +65,28 @@ jobs: Get-GitHubOctocat } - ActionTestConsecutive: - name: Action-Test - [Consecutive] + ActionTestWithGitHubApp: + name: Action-Test - [GitHubApp] runs-on: ubuntu-latest steps: # Need to check out as part of the test, as its a local action - name: Checkout repo uses: actions/checkout@v4 - - name: Action-Test 1 + - name: Action-Test uses: ./ with: + ClientID: ${{ secrets.TEST_APP_CLIENT_ID }} + PrivateKey: ${{ secrets.TEST_APP_PRIVATE_KEY }} Script: | + LogGroup "Get-GitHubApp" { + Get-GitHubApp + } + LogGroup "Get-GitHubZen" { Get-GitHubZen } - - name: Action-Test 2 - uses: ./ - with: - Script: | LogGroup "Get-GitHubOctocat" { Get-GitHubOctocat } - - - name: Action-Test 3 - uses: ./ - with: - Script: | - LogGroup "Get-GitHubRateLimit" { - Get-GitHubRateLimit - } diff --git a/README.md b/README.md index df6f9c9..b9b653a 100644 --- a/README.md +++ b/README.md @@ -11,7 +11,9 @@ For more information on the available functions and automatic loaded variables, | Name | Description | Required | Default | | - | - | - | - | | `Script` | The script to run | false | | -| `Token` | The GitHub token to use. This will override the default behavior of using the `GITHUB_TOKEN` environment variable. | false | `${{ github.token }}` | +| `Token` | Log in using an Installation Access Token (IAT) | false | `${{ github.token }}` | +| `ClientID` | Log in using a GitHub App, using the App's Client ID and Private Key | false | | +| `PrivateKey` | Log in using a GitHub App, using the App's Client ID and Private Key | false | | | `Debug` | Enable debug output | false | `'false'` | | `Verbose` | Enable verbose output | false | `'false'` | | `Version` | Specifies the version of the GitHub module to be installed. The value must be an exact version. | false | | @@ -20,7 +22,26 @@ For more information on the available functions and automatic loaded variables, ### Examples -#### Example 1: Run a script that uses the GitHub PowerShell module +#### Example 1: Run a GitHub PowerShell script + +Run a script that uses the GitHub PowerShell module. +This example runs an authenticated script using the `GITHUB_TOKEN` and gets the GitHub Zen message. + +```yaml +jobs: + Run-Script: + runs-on: ubuntu-latest + steps: + - name: Run script + uses: PSModule/GitHub-Script@v1 + with: + Script: | + LogGroup "Get-GitHubZen" { + Get-GitHubZen + } +``` + +#### Example 2: Run a GitHub PowerShell script without a token Run a script that uses the GitHub PowerShell module. This example runs a non-authenticated script that gets the GitHub Zen message. @@ -33,16 +54,17 @@ jobs: - name: Run script uses: PSModule/GitHub-Script@v1 with: + Token: '' Script: | LogGroup "Get-GitHubZen" { Get-GitHubZen } ``` -#### Example 2: Run a script that uses the GitHub PowerShell module with a token +#### Example 3: Run a GitHub PowerShell script with a custom token -Run a script that uses the GitHub PowerShell module with a token. -This example runs an authenticated script that gets the GitHub Zen message. +Run a script that uses the GitHub PowerShell module with a token. The token can be both a personal access token (PAT) or +an installation access token (IAT). This example runs an authenticated script that gets the GitHub Zen message. ```yaml jobs: @@ -52,13 +74,34 @@ jobs: - name: Run script uses: PSModule/GitHub-Script@v1 with: - Token: ${{ github.token }} + Token: ${{ secrets.Token }} Script: | LogGroup "Get-GitHubZen" { Get-GitHubZen } ``` +#### Example 4: Run a GitHub PowerShell script with a GitHub App using a Client ID and Private Key + +Run a script that uses the GitHub PowerShell module with a GitHub App. +This example runs an authenticated script that gets the GitHub App. + +```yaml +jobs: + Run-Script: + runs-on: ubuntu-latest + steps: + - name: Run script + uses: PSModule/GitHub-Script@v1 + with: + ClientID: ${{ secrets.CLIENT_ID }} + PrivateKey: ${{ secrets.PRIVATE_KEY }} + Script: | + LogGroup "Get-GitHubApp" { + Get-GitHubApp + } +``` + ## Related projects - [actions/create-github-app-token](https://github.com/actions/create-github-app-token) -> Functionality will be brought into GitHub PowerShell module. diff --git a/action.yml b/action.yml index d7a6a8f..7f517c7 100644 --- a/action.yml +++ b/action.yml @@ -10,9 +10,15 @@ inputs: description: The script to run. required: false Token: - description: The access token to use. + description: Log in using an Installation Access Token (IAT). required: false default: ${{ github.token }} + ClientID: + description: Log in using a GitHub App, using the App's Client ID and Private Key. + required: false + PrivateKey: + description: Log in using a GitHub App, using the App's Client ID and Private Key. + required: false Debug: description: Enable debug output. required: false @@ -41,6 +47,8 @@ runs: working-directory: ${{ inputs.WorkingDirectory }} env: GITHUB_ACTION_INPUT_Token: ${{ inputs.Token }} + GITHUB_ACTION_INPUT_ClientID: ${{ inputs.ClientID }} + GITHUB_ACTION_INPUT_PrivateKey: ${{ inputs.PrivateKey }} GITHUB_ACTION_INPUT_Debug: ${{ inputs.Debug }} GITHUB_ACTION_INPUT_Verbose: ${{ inputs.Verbose }} GITHUB_ACTION_INPUT_Version: ${{ inputs.Version }} diff --git a/scripts/main.ps1 b/scripts/main.ps1 index 11e5abf..fb362bd 100644 --- a/scripts/main.ps1 +++ b/scripts/main.ps1 @@ -48,15 +48,13 @@ if (-not $alreadyImported) { } '::endgroup::' -LogGroup 'Connect-Github' { - if (-not [string]::IsNullOrEmpty($env:GITHUB_ACTION_INPUT_Token)) { - Write-Verbose "Setting GITHUB_TOKEN to provided input 'Token'" - Connect-Github -Token $env:GITHUB_ACTION_INPUT_Token - } elseif (-not [string]::IsNullOrEmpty($env:GITHUB_ACTION_INPUT_ClientID) -and -not [string]::IsNullOrEmpty($env:GITHUB_ACTION_INPUT_PrivateKey)) { - Write-Verbose "Setting ClientID and PEM to provided inputs 'ClientID' and 'PEM'" + +if (-not [string]::IsNullOrEmpty($env:GITHUB_ACTION_INPUT_ClientID) -and -not [string]::IsNullOrEmpty($env:GITHUB_ACTION_INPUT_PrivateKey)) { + LogGroup 'Connect-Github - GitHub App' { Connect-Github -ClientID $env:GITHUB_ACTION_INPUT_ClientID -PrivateKey $env:GITHUB_ACTION_INPUT_PrivateKey - } elseif (-not [string]::IsNullOrEmpty($env:GITHUB_ACTION_INPUT_JWT)) { - Write-Verbose "Setting JWT to provided input 'JWT'" - Connect-Github -JWT $env:GITHUB_ACTION_INPUT_JWT + } +} elseif (-not [string]::IsNullOrEmpty($env:GITHUB_ACTION_INPUT_Token)) { + LogGroup 'Connect-Github - Token' { + Connect-Github -Token $env:GITHUB_ACTION_INPUT_Token } } From 7f0796affb65dea4bea83e869b34532730fb4c13 Mon Sep 17 00:00:00 2001 From: Marius Storhaug Date: Sun, 10 Nov 2024 01:16:40 +0100 Subject: [PATCH 2/8] test --- scripts/main.ps1 | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/scripts/main.ps1 b/scripts/main.ps1 index fb362bd..516043a 100644 --- a/scripts/main.ps1 +++ b/scripts/main.ps1 @@ -48,12 +48,19 @@ if (-not $alreadyImported) { } '::endgroup::' +$providedToken = -not [string]::IsNullOrEmpty($env:GITHUB_ACTION_INPUT_Token) +$providedClientID = -not [string]::IsNullOrEmpty($env:GITHUB_ACTION_INPUT_ClientID) +$providedPrivateKey = -not [string]::IsNullOrEmpty($env:GITHUB_ACTION_INPUT_PrivateKey) +Write-Verbose "Provided authentication info:" +Write-Verbose "Token: [$providedToken]" +Write-Verbose "ClientID: [$providedClientID]" +Write-Verbose "PrivateKey: [$providedPrivateKey]" -if (-not [string]::IsNullOrEmpty($env:GITHUB_ACTION_INPUT_ClientID) -and -not [string]::IsNullOrEmpty($env:GITHUB_ACTION_INPUT_PrivateKey)) { +if ($providedClientID -and $providedPrivateKey) { LogGroup 'Connect-Github - GitHub App' { Connect-Github -ClientID $env:GITHUB_ACTION_INPUT_ClientID -PrivateKey $env:GITHUB_ACTION_INPUT_PrivateKey } -} elseif (-not [string]::IsNullOrEmpty($env:GITHUB_ACTION_INPUT_Token)) { +} elseif ($providedToken) { LogGroup 'Connect-Github - Token' { Connect-Github -Token $env:GITHUB_ACTION_INPUT_Token } From 661be1e2acaf6bcfb4591534e69c72a4ef647eca Mon Sep 17 00:00:00 2001 From: Marius Storhaug Date: Sun, 10 Nov 2024 01:27:58 +0100 Subject: [PATCH 3/8] Test with PAT --- .github/workflows/Action-Test.yml | 25 +++++++++++++++++++------ 1 file changed, 19 insertions(+), 6 deletions(-) diff --git a/.github/workflows/Action-Test.yml b/.github/workflows/Action-Test.yml index 9e90c1e..9823a37 100644 --- a/.github/workflows/Action-Test.yml +++ b/.github/workflows/Action-Test.yml @@ -40,8 +40,8 @@ jobs: uses: ./ with: Script: | - LogGroup "My group" { - "This is a group" + LogGroup "Get-GitHubZen" { + Get-GitHubZen } ActionTestWithoutToken: @@ -57,12 +57,25 @@ jobs: with: Token: '' Script: | - LogGroup "Get-GitHubZen" { - Get-GitHubZen + LogGroup "My group" { + "This is a group" } - LogGroup "Get-GitHubOctocat" { - Get-GitHubOctocat + ActionTestWithPAT: + name: Action-Test - [WithPAT] + runs-on: ubuntu-latest + steps: + # Need to check out as part of the test, as its a local action + - name: Checkout repo + uses: actions/checkout@v4 + + - name: Action-Test + uses: ./ + with: + Token: ${{ secrets.TEST_PAT }} + Script: | + LogGroup "Get-GitHubUser" { + Get-GitHubUser } ActionTestWithGitHubApp: From 3bbe80877e1ab6380358a09c8023b836b221b3d3 Mon Sep 17 00:00:00 2001 From: Marius Storhaug Date: Sun, 10 Nov 2024 01:31:26 +0100 Subject: [PATCH 4/8] test --- .github/workflows/Action-Test.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/Action-Test.yml b/.github/workflows/Action-Test.yml index 9823a37..ca5a3e8 100644 --- a/.github/workflows/Action-Test.yml +++ b/.github/workflows/Action-Test.yml @@ -73,6 +73,7 @@ jobs: uses: ./ with: Token: ${{ secrets.TEST_PAT }} + Verbose: true Script: | LogGroup "Get-GitHubUser" { Get-GitHubUser @@ -91,6 +92,7 @@ jobs: with: ClientID: ${{ secrets.TEST_APP_CLIENT_ID }} PrivateKey: ${{ secrets.TEST_APP_PRIVATE_KEY }} + Verbose: true Script: | LogGroup "Get-GitHubApp" { Get-GitHubApp From d610b57159d0846a5dd4c7233ca2cab124d0cb54 Mon Sep 17 00:00:00 2001 From: Marius Storhaug Date: Sun, 10 Nov 2024 01:31:53 +0100 Subject: [PATCH 5/8] test --- .github/workflows/Action-Test.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/Action-Test.yml b/.github/workflows/Action-Test.yml index ca5a3e8..4028b6a 100644 --- a/.github/workflows/Action-Test.yml +++ b/.github/workflows/Action-Test.yml @@ -39,6 +39,7 @@ jobs: - name: Action-Test uses: ./ with: + Verbose: true Script: | LogGroup "Get-GitHubZen" { Get-GitHubZen @@ -56,6 +57,7 @@ jobs: uses: ./ with: Token: '' + Verbose: true Script: | LogGroup "My group" { "This is a group" From 13a64e5fb139b8a87b1c12356fc3106ffeba14b5 Mon Sep 17 00:00:00 2001 From: Marius Storhaug Date: Sun, 10 Nov 2024 01:58:31 +0100 Subject: [PATCH 6/8] FIx --- .github/workflows/Action-Test.yml | 4 ---- 1 file changed, 4 deletions(-) diff --git a/.github/workflows/Action-Test.yml b/.github/workflows/Action-Test.yml index 4028b6a..9823a37 100644 --- a/.github/workflows/Action-Test.yml +++ b/.github/workflows/Action-Test.yml @@ -39,7 +39,6 @@ jobs: - name: Action-Test uses: ./ with: - Verbose: true Script: | LogGroup "Get-GitHubZen" { Get-GitHubZen @@ -57,7 +56,6 @@ jobs: uses: ./ with: Token: '' - Verbose: true Script: | LogGroup "My group" { "This is a group" @@ -75,7 +73,6 @@ jobs: uses: ./ with: Token: ${{ secrets.TEST_PAT }} - Verbose: true Script: | LogGroup "Get-GitHubUser" { Get-GitHubUser @@ -94,7 +91,6 @@ jobs: with: ClientID: ${{ secrets.TEST_APP_CLIENT_ID }} PrivateKey: ${{ secrets.TEST_APP_PRIVATE_KEY }} - Verbose: true Script: | LogGroup "Get-GitHubApp" { Get-GitHubApp From d72e2ea82f8365671d7949492871a81de4fbbfd6 Mon Sep 17 00:00:00 2001 From: Marius Storhaug Date: Sun, 10 Nov 2024 03:52:57 +0100 Subject: [PATCH 7/8] Test --- .github/workflows/Action-Test.yml | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) diff --git a/.github/workflows/Action-Test.yml b/.github/workflows/Action-Test.yml index 9823a37..0d6caa8 100644 --- a/.github/workflows/Action-Test.yml +++ b/.github/workflows/Action-Test.yml @@ -96,10 +96,6 @@ jobs: Get-GitHubApp } - LogGroup "Get-GitHubZen" { - Get-GitHubZen - } - - LogGroup "Get-GitHubOctocat" { - Get-GitHubOctocat + LogGroup "Get-GitHubAppInstallation" { + Get-GitHubAppInstallation } From 78b1749cd3da1284882b1e229268fc80f60dbd1e Mon Sep 17 00:00:00 2001 From: Marius Storhaug Date: Sun, 10 Nov 2024 05:36:41 +0100 Subject: [PATCH 8/8] GetContext --- .github/workflows/Action-Test.yml | 28 ++++++++++++++++++++++------ 1 file changed, 22 insertions(+), 6 deletions(-) diff --git a/.github/workflows/Action-Test.yml b/.github/workflows/Action-Test.yml index 0d6caa8..ba233e2 100644 --- a/.github/workflows/Action-Test.yml +++ b/.github/workflows/Action-Test.yml @@ -40,7 +40,11 @@ jobs: uses: ./ with: Script: | - LogGroup "Get-GitHubZen" { + LogGroup 'Get-GitHubContext' { + Get-GitHubContext + } + + LogGroup 'Get-GitHubZen' { Get-GitHubZen } @@ -57,8 +61,12 @@ jobs: with: Token: '' Script: | - LogGroup "My group" { - "This is a group" + LogGroup 'Get-GitHubContext' { + Get-GitHubContext + } + + LogGroup 'My group' { + 'This is a group' } ActionTestWithPAT: @@ -74,7 +82,11 @@ jobs: with: Token: ${{ secrets.TEST_PAT }} Script: | - LogGroup "Get-GitHubUser" { + LogGroup 'Get-GitHubContext' { + Get-GitHubContext + } + + LogGroup 'Get-GitHubUser' { Get-GitHubUser } @@ -92,10 +104,14 @@ jobs: ClientID: ${{ secrets.TEST_APP_CLIENT_ID }} PrivateKey: ${{ secrets.TEST_APP_PRIVATE_KEY }} Script: | - LogGroup "Get-GitHubApp" { + LogGroup 'Get-GitHubContext' { + Get-GitHubContext + } + + LogGroup 'Get-GitHubApp' { Get-GitHubApp } - LogGroup "Get-GitHubAppInstallation" { + LogGroup 'Get-GitHubAppInstallation' { Get-GitHubAppInstallation }