Create a github token from circle-ci github apps


#1

Hello,

I planned to use circle ci and push a release to github.

Good news, there is a doc for that: https://circleci.com/blog/publishing-to-github-releases-via-circleci/
But for that, you need to put a private token as environment variable. It means that I need to put my private token on my build. I’m not found of that, as someone could get it one way or the other.

As my account in linked to circle-ci with the circle-ci github app, it is possible for circleci to generate a token and that I use it to push release to my repository. It is much cleaner for me

Is it possible to have an option / a specific command on the circleci DSL to inject this kind of token in our build ?

Like an option to inject “CIRCLE_GITHUB_TOKEN” or a DSL like

publish-github-release:
    docker:
      - image: circleci/golang:1.8
    steps:
      - attach_workspace:
          at: ./artifacts
      - generate_github_token:
          env: GITHUB_TOKEN
      - run:
          name: "Publish Release on GitHub"
          command: ... ghr -t ${GITHUB_TOKEN} ....

What I think:

PROS: no need to have personal token in the build.
A guy modifying the build job cannot make too much damage in my name

CONS: Token are generated per installation, (so at organization level) not at repo level.
A guy modifying the build can do some strange stuff in the name of circle-ci.