Last active
October 24, 2024 07:06
-
-
Save renan-alm/81f8767f9bbc58d5da6197e3a20f779d to your computer and use it in GitHub Desktop.
Bash script to create a short lived token from a GitHub App PEM file
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # What happens here? | |
| # Build the JWT structure | |
| # Call GH API using the JWT returning the token | |
| # get a temporary jwt token from the key file and app id (hardcoded in the file:) | |
| generated_jwt=$(./github-app-jwt.sh) | |
| github_api_url="https://api.github.com/app" | |
| installation_id=12345678 # CHANGE | |
| org="DEMO-ORG" # CHANGE | |
| # show the jwt during testing | |
| echo "Generated jwt:" | |
| echo "${generated_jwt}" | |
| echo "" | |
| # call the urls with it | |
| echo "Calling [${github_api_url}], result:" | |
| curl -s \ | |
| -H "Authorization: Bearer ${generated_jwt}" \ | |
| -H "Accept: application/vnd.github.machine-man-preview+json" \ | |
| "${github_api_url}" | |
| github_api_url="https://api.github.com/app/installations" | |
| echo "Calling [${github_api_url}], result:" | |
| curl -s \ | |
| -H "Authorization: Bearer ${generated_jwt}" \ | |
| -H "Accept: application/vnd.github.v3+json" \ | |
| "${github_api_url}" | |
| # get the token by POSTING to the url: | |
| github_api_url="https://api.github.com/app/installations/$installation_id/access_tokens" | |
| echo "Calling [${github_api_url}], result:" | |
| tokens=$(curl -s -X POST \ | |
| -H "Authorization: Bearer ${generated_jwt}" \ | |
| -H "Accept: application/vnd.github.v3+json" \ | |
| "${github_api_url}" ) | |
| echo "Token info: $tokens" | |
| # extract the token, more information about expiry for example is present as well: | |
| token=$(echo "$tokens" | jq -r '.token') | |
| echo "Token: $token" | |
| # from now until the token expires, you can use the token to make authenticated requests to the GitHub API: | |
| # get the repositories this token has access to | |
| github_api_url="https://api.github.com/installation/repositories" | |
| echo "Calling [${github_api_url}], result:" | |
| curl -s GET \ | |
| -H "Authorization: Bearer ${token}" \ | |
| -H "Accept: application/vnd.github.v3+json" \ | |
| "${github_api_url}" | |
| # get the runner information for a repo | |
| github_api_url="https://api.github.com/repos/rajbos/dotnetcore-webapp/actions/runners" | |
| echo "Calling [${github_api_url}], result:" | |
| curl -s \ | |
| -H "Authorization: Bearer ${token}" \ | |
| -H "Accept: application/vnd.github.machine-man-preview+json" \ | |
| "${github_api_url}" | |
| # load the files in a directory | |
| github_api_url="https://api.github.com/repos/rajbos/dotnetcore-webapp/contents/.github/workflows" | |
| echo "Calling [${github_api_url}], result:" | |
| curl -s \ | |
| -H "Authorization: Bearer ${token}" \ | |
| -H "Accept: application/vnd.github.v3+json" \ | |
| "${github_api_url}" | |
| # load a file in a directory | |
| github_api_url="https://api.github.com/repos/rajbos/dotnetcore-webapp/contents/README.md" | |
| echo "Calling [${github_api_url}], result:" | |
| curl -i -X GET \ | |
| -H "Authorization: Bearer ${token}" \ | |
| -H "Accept: application/vnd.github.v3+json" \ | |
| "${github_api_url}" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment