Files
shockbot/get-installation-token
Mateusz Burzyński c0f6f9ef2a Browser skill (#485)
* Add `BrowserTool`

* add some logging

* go with npm install -g

* remove dep changes since the switch to npm install -g

* tweak

* tweak

* tweak

* tweak

* tweak timeout

* tweak

* remove logs

* skill investigation doc

* wip

* wip

* tweak

* lock agent-browser version

* tweak

* logs

* logs

* more logs

* more debug stuff

* try this

* try this

* try this

* fix PATH

* try this

* tweak

* tweak

* tweak

* update wiki entries

* update wiki once again

* lint fix

---------

Co-authored-by: Colin McDonnell <colinmcd94@gmail.com>
2026-03-25 19:36:13 +00:00
..
2026-01-13 06:02:29 +00:00
2026-03-25 19:36:13 +00:00
2026-01-16 07:16:25 +00:00

pullfrog/get-installation-token

Get a GitHub App installation token in a workflow job. This convenience action makes it easier to integrate Pullfrog into existing CI workflows.

This action:

  • Provides a GitHub App installation token for later workflow steps.
  • Works for the current repository out of the box.
  • Can optionally include additional repositories.
  • Masks the token in logs.
  • Revokes the token automatically in the post step.

Requirements

  • Workflow or job permissions must include id-token: write.
  • The Pullfrog GitHub App must be installed on the target repositories.
  • If you pass repos, each repository must be installed for the same app installation.

Inputs

Name Required Description
repos no Comma-separated additional repo names to include, for example: repo1,repo2. The current repo is always included.

Outputs

Name Description
token GitHub App installation token

Usage

Basic (current repo only)

permissions:
  id-token: write
  contents: read

jobs:
  example:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4

      - name: Get installation token
        id: token
        uses: ./action/get-installation-token

      - name: Call GitHub API with token
        run: gh api repos/${{ github.repository }}
        env:
          GH_TOKEN: ${{ steps.token.outputs.token }}

Include extra repositories

permissions:
  id-token: write
  contents: read

jobs:
  example:
    runs-on: ubuntu-latest
    steps:
      - name: Get token for current repo plus extra repos
        id: token
        uses: ./action/get-installation-token
        with:
          repos: pullfrog,app

      - name: Checkout another repo with installation token
        uses: actions/checkout@v4
        with:
          repository: pullfrog/pullfrog
          token: ${{ steps.token.outputs.token }}
          path: action-repo

Notes

  • repos expects repository names, not owner/repo.
  • Token lifetime is managed by GitHub, but this action also revokes the token during post-run cleanup.
  • Prefer step output usage (${{ steps.<id>.outputs.token }}) rather than writing tokens to files.

Troubleshooting

  • Error: id-token permission is required: Add id-token: write in workflow or job permissions.
  • Token works for current repo but not an extra repo: Ensure that repository is listed in repos and the app installation has access to it.