Files
shockbot/get-installation-token/README.md
T
Colin McDonnell 3bf2f8596f add operational alerting and harden account creation flows
Introduce email alerts for new installations/account creation/repo promotion, restore atomic DB writes for account-related creation paths, and update docs references after removing the MCP README.

Co-authored-by: Cursor <cursoragent@cursor.com>
2026-02-18 15:57:44 +00:00

93 lines
2.4 KiB
Markdown

# `pullfrog/get-installation-token`
Get a GitHub App installation token in a workflow job. This convenience action makes it easier to integrate Pullfrog into existing CI workflows.
This action:
- Provides a GitHub App installation token for later workflow steps.
- Works for the current repository out of the box.
- Can optionally include additional repositories.
- Masks the token in logs.
- Revokes the token automatically in the post step.
## Requirements
- Workflow or job permissions must include `id-token: write`.
- The Pullfrog GitHub App must be installed on the target repositories.
- If you pass `repos`, each repository must be installed for the same app installation.
## Inputs
| Name | Required | Description |
| --- | --- | --- |
| `repos` | no | Comma-separated additional repo names to include, for example: `repo1,repo2`. The current repo is always included. |
## Outputs
| Name | Description |
| --- | --- |
| `token` | GitHub App installation token |
## Usage
### Basic (current repo only)
```yaml
permissions:
id-token: write
contents: read
jobs:
example:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Get installation token
id: token
uses: ./action/get-installation-token
- name: Call GitHub API with token
run: gh api repos/${{ github.repository }}
env:
GH_TOKEN: ${{ steps.token.outputs.token }}
```
### Include extra repositories
```yaml
permissions:
id-token: write
contents: read
jobs:
example:
runs-on: ubuntu-latest
steps:
- name: Get token for current repo plus extra repos
id: token
uses: ./action/get-installation-token
with:
repos: pullfrog,app
- name: Checkout another repo with installation token
uses: actions/checkout@v4
with:
repository: pullfrog/pullfrog
token: ${{ steps.token.outputs.token }}
path: action-repo
```
## Notes
- `repos` expects repository names, not `owner/repo`.
- Token lifetime is managed by GitHub, but this action also revokes the token during post-run cleanup.
- Prefer step output usage (`${{ steps.<id>.outputs.token }}`) rather than writing tokens to files.
## Troubleshooting
- `Error: id-token permission is required`:
Add `id-token: write` in workflow or job permissions.
- Token works for current repo but not an extra repo:
Ensure that repository is listed in `repos` and the app installation has access to it.