With GitHub actions, it’s relatively simple to do something like this to get a disposable Github token from a GitHub “App”.
I found a third party orb (that doesn’t look well-maintained) that seems to try to do this, but does anyone have a good, simple, example of doing the equivalent from within CircleCI?
High level context: need to do something that requires GitHub write access. Currently using a deploy key, but would love to move away from either a deploy key or a static token.
- name: Generate a token
id: generate-token
uses: actions/create-github-app-token@v1
with:
# Set at org level
app-id: ${{ vars.FOO_APP_ID }}
# Set at repo level
private-key: ${{ secrets.FOO_PRIVATE_KEY }}
# Fancier vs. hard-coding
# https://github.com/actions/create-github-app-token?tab=readme-ov-file#configure-git-cli-for-an-apps-bot-user
- name: Get GitHub App User ID
id: get-user-id
run: echo "user-id=$(gh api "/users/${{ steps.generate-token.outputs.app-slug }}[bot]" --jq .id)" >> "$GITHUB_OUTPUT"
env:
GH_TOKEN: ${{ steps.generate-token.outputs.token }}