- Go to your GitHub company's profile settings: https://github.com/organizations/{company name}/settings/profile
- Under developer settings on the left side menu, click on
GitHub Apps. - Click on
New GitHub Appbuttton. - Enter the application name, homepage url, disable webhook unless you need it.
- Set up repository access permissions. For e.g., read only access to
Content,PackagesandMetadata. - Set up organization access permissions. For e.g., read only access to
Members. - Set up the rest of the options depending on your needs.
- Click on the
Create GitHub Appbutton. - Take note of the
ApplicationandClientIDs for future usage.
- Back in the application's settings, click on the
Generate a New Client Secretbutton. - Copy it into a secure place.
- Again, in the application's settings, click on the
Generate a Privte Key buttonat the bottom of the page. - The browser will ask to download the privte key file. Store it on a safe place.
- On the left side menu of the application's settings, click on
Install App option. Your company will be listed. - Click on the install button and select the repositories you will allow access. You will be redirected to an URL like this:
https://github.com/organizations/{company name}/settings/installations/{id} - Store the ID number as the application installation ID for future usage.
Assuming you save both the application ID and private key in two different organization secrets named APP_ID and PRIVATE_KEY, below an example workflow:
jobs:
sample-job:
runs-on: ubuntu-latest
steps:
- uses: actions/create-github-app-token@v1
id: app-token
with:
app-id: ${{ secrets.APP_ID }}
private-key: ${{ secrets.PRIVATE_KEY }}
owner: ${{ github.repository_owner }}
repositories: "repo1"
- uses: actions/checkout@v4
with:
repository: ${{ github.repository_owner }}/repo1
token: ${{ steps.app-token.outputs.token }}