Within a GitHub Actions workflow in repository A we are trying to download release assets from another private repository B. Therefore the runner (running in a workflow in repo A) needs to authenticate against repository B.
There seem to be 2 possible solutions for that:
Create a private access token (PAT)
Create a GitHub application and use that for authenticating
Since we do not want this setup to be dependent on individual users, option 1) seems like the wrong approach. But we somehow got stuck with option 2). What we did so far:
Create a GitHub application (not oauth, since it should be independent of the user)
Grant all permissions for repositories to this app
Install the app in our organisation
Generate an app private key and create a JWT token following the documentation here
Sending a curl request with this generated JWT token, like
curl -i -X POST \
-H "Authorization: Bearer YOUR_JWT" \
-H "Accept: application/vnd.github+json" \
https://api.github.com/app/installations/:installation_id/access_tokens
But this request always gives us a 401.
So first question is: are we on the right track here? Second question would be: how can we make this work?
It also puzzles us that we would have to re-create the JWT token with every workflow run (since we cannot use a long enough expiration time), and would rather like to have something that can be put into the secrets store of the workflow.
I'm trying to update the permission of collaborators across all repos in a Github Organisation. The collaborators are also Organisation members. I want to change permisssion from admin to pull (read). Unable to do so using the github api (v3). Tried with the go package github.com/google/go-github/v28/github and also CURL like mentioned in the doc . Got 204 No Content Response but the changes did not happen.
curl -H "Authorization: token $TOKEN" https://github.com/api/v3/repos/$ORG/$REPO/collaborators/$USER -X PUT -d '{"permission":"pull"}'
Is there any other better way to change the collaborator permissions from admin to pull ?
Please note: the same api allows to change the permission if they are Outside Collaborators (non organisation members)
I need to know which team and child team does this repository belong to using github api
I can get repos under organization
GET /orgs/:org/repos
the format of the url when I clone is:
https://github.com/organization/repo-name.git
I need create directory by team name for repository management,
but I don't know that getting parent team and child team by repository name
For example: I have a repository
https://github.com/organization/repo-name.git
the repository belong to following team:
IT_department/web/Java
You can get the child teams using the below curl :
curl -H "Authorization: token personal_access_token" -X GET https://api.github.com/teams/:team_id/teams
Then go to the respective team and get the team_id.
pass this team_id to list the Repos under the child team.
curl:
curl -H "Authorization: token personal_access_token" -X GET https://api.github.com/teams/:team_id/repos
the above curl will list all the Repos under the child team.
If you want to check if the Repository exists in the team then you can use the below curl:
curl -H "Authorization: token personal_access_token" -X GET https://api.github.com/teams/:team_id/repos/:owner/:repo
I am looking for some ways to create a github issue from travis.
I am calling some scripts in travis.yaml file and I need to create a github issue when travis is executed. I came across documents on calling github APIS using curl command.
Eg: curl -u $username -i -H "Content-Type: application/json" -X POST --data '{"title":"'$title'", "body":"'$body'"}' https://api.github.com/repos/$username/$repo_name/issues
Instead of username , since the build is triggered via travis, should I use github tokens? Is there any environment variable available which represents github token.
Found the answer myself. Create a github token using the github API and add that as ENV variable to your Travis CI settings.
This token can be used to perform the curl operation in travis shell script.
Helpful link : https://blogs.infosupport.com/accessing-githubs-rest-api-with-curl/
I’m trying to use the Github v3 API - I already implemented the required OAuth flow and it works well.
Now I’m trying some of the Repos API endpoints (http://developer.github.com/v3/repos/).
So far, I’m able to get a List of my repos using: GET /user/repos
However, when I try to create a repo using POST /user/repos, I get a 404.
Any thoughts what I might be doing wrong?
Joubert
Can you please tell us how exactly you did the HTTP request? The 404 sounds like you were using a wrong path, probably. But to give a reliable answer instead a wild guess, we need to see your request, including how you are sending your token, just mask it with 'xxx' or something.
I'll show you in the meantime an example request, that is working:
curl -XPOST -H 'Authorization: token S3CR3T' https://api.github.com/user/repos -d '{"name":"my-new-repo","description":"my new repo description"}'
You would need to replace the OAuth token of course: S3CR3T
I had the same issue. The reason why you are getting a 404 with your oauth access token is that when you authorize to github you need to also additionally pass the scopes you want. For example, in the header you should see "X-OAuth-Scopes: repo, user", which means this user has read/write access to his profile and repositories. Once you have set the correct scopes you should be able to do POST/PUT requests just fine.
To see whether or not you have the correct permissions. You can do something like the following. Substitute the XXXXXXX with your access token.
curl -I https://api.github.com/user?access_token=XXXXXXXX
For creating repositories as a user you can use an personal access token and basic auth, which can be much simpler when you are fluffing around on the command line and have 2FA enabled.
curl -d '{"name":"test"}' -u githubuser:personaccesstoken https://api.github.com/user/repos
Create a personal access token here https://github.com/settings/tokens and make sure it has the 'repo' scope.
This script lets you read in in the token and project name as variables so you can use it in a script
#!/usr/bin/env bash -u
#
TOKEN=`cat token_file`
PROJECT=myproject
curl -X POST -H 'Content-Type: application/x-www-form-urlencoded' -d '{"name": "'"$PROJECT"'"}' https://api.github.com/user/repos?access_token=$TOKEN