Open
Description
When using actions/create-github-app-token@v1 on a self-hosted runner on github enterprise, the action fails to get the installation id. Doing the manual steps with curl works, following the docs here.
Do you know if there is a difference between the manual way and the one using this action? The github enterprise server is running version v3.14.2.
on:
pull_request:
branches:
- main
workflow_dispatch: {}
jobs:
get-app-token-with-action:
runs-on: self-hosted
steps:
- uses: actions/create-github-app-token@v1
with:
app-id: ${{ secrets.DEBUG_APP_ID }}
private-key: ${{ secrets.DEBUG_APP_PRIVATE_KEY }}
owner: myorg
get-app-token-manually:
runs-on: self-hosted
steps:
- run: |
# https://docs.github.com/en/apps/creating-github-apps/authenticating-with-a-github-app/generating-a-json-web-token-jwt-for-a-github-app#example-using-bash-to-generate-a-jwt
set -o pipefail
app_id="${{ secrets.DEBUG_APP_ID }}"
pem="${{ secrets.DEBUG_APP_PRIVATE_KEY }}"
now=$(date +%s)
iat=$((${now} - 60)) # Issues 60 seconds in the past
exp=$((${now} + 600)) # Expires 10 minutes in the future
b64enc() { openssl base64 | tr -d '=' | tr '/+' '_-' | tr -d '\n'; }
header_json='{
"typ":"JWT",
"alg":"RS256"
}'
header=$(echo -n "${header_json}" | b64enc)
payload_json="{
\"iat\":${iat},
\"exp\":${exp},
\"iss\":\"${app_id}\"
}"
payload=$(echo -n "${payload_json}" | b64enc)
header_payload="${header}"."${payload}"
signature=$(
openssl dgst -sha256 -sign <(echo -n "${pem}") \
<(echo -n "${header_payload}") | b64enc
)
jwt="${header_payload}"."${signature}"
# https://docs.github.com/en/apps/creating-github-apps/authenticating-with-a-github-app/generating-an-installation-access-token-for-a-github-app#generating-an-installation-access-token
installation_id="$(curl https://github.myorg.com/api/v3/orgs/myorg/installation --oauth2-bearer "$jwt" | jq -r .id)"
curl --request POST \
--url "https://github.myorg.com/api/v3/app/installations/${installation_id}/access_tokens" \
--oauth2-bearer "$jwt" \
--header "Accept: application/vnd.github+json" \
--header "X-GitHub-Api-Version: 2022-11-28" Output of get-app-token-with-action:
repositories not set, creating token for all repositories for given owner "myorg"
Failed to create token for "myorg" (attempt 1): Request was cancelled.
Failed to create token for "myorg" (attempt 2): Request was cancelled.
Failed to create token for "myorg" (attempt 3): Request was cancelled.
Failed to create token for "myorg" (attempt 4): Request was cancelled.
RequestError [HttpError]: Request was cancelled.
at fetchWrapper (/runner/_work/_actions/actions/create-github-app-token/v1/dist/main.cjs:37063:26)
at process.processTicksAndRejections (node:internal/process/task_queues:95:5)
at async hook4 (/runner/_work/_actions/actions/create-github-app-token/v1/dist/main.cjs:39476:18)
at async getTokenFromOwner (/runner/_work/_actions/actions/create-github-app-token/v1/dist/main.cjs:39769:20)
at async RetryOperation._fn (/runner/_work/_actions/actions/create-github-app-token/v1/dist/main.cjs:39667:24) {
status: 500,
request: {
method: 'GET',
url: 'https://github.myorg.com/api/v3/orgs/myorg/installation',
headers: {
accept: 'application/vnd.github.v3+json',
'user-agent': 'actions/create-github-app-token',
authorization: 'bearer [REDACTED]'
},
request: {
fetch: [Function: proxyFetch],
hook: [Function: bound hook4] AsyncFunction
}
},
response: undefined,
cause: TypeError: fetch failed
at fetch (/runner/_work/_actions/actions/create-github-app-token/v1/dist/main.cjs:36589:17)
at process.processTicksAndRejections (node:internal/process/task_queues:95:5)
at async fetchWrapper (/runner/_work/_actions/actions/create-github-app-token/v1/dist/main.cjs:37037:21)
at async hook4 (/runner/_work/_actions/actions/create-github-app-token/v1/dist/main.cjs:39476:18)
at async getTokenFromOwner (/runner/_work/_actions/actions/create-github-app-token/v1/dist/main.cjs:39769:20)
at async RetryOperation._fn (/runner/_work/_actions/actions/create-github-app-token/v1/dist/main.cjs:39667:24) {
Error: use]: DOMException [Error]: Request was cancelled.
at new DOMException (node:internal/per_context/domexception:53:5)
at makeAppropriateNetworkError (/runner/_work/_actions/actions/create-github-app-token/v1/dist/main.cjs:30488:182)
at httpNetworkFetch (/runner/_work/_actions/actions/create-github-app-token/v1/dist/main.cjs:32166:18)
at process.processTicksAndRejections (node:internal/process/task_queues:95:5)
at async httpNetworkOrCacheFetch (/runner/_work/_actions/actions/create-github-app-token/v1/dist/main.cjs:32042:33)
at async httpFetch (/runner/_work/_actions/actions/create-github-app-token/v1/dist/main.cjs:31877:37)
at async /runner/_work/_actions/actions/create-github-app-token/v1/dist/main.cjs:31643:20
at async mainFetch (/runner/_work/_actions/actions/create-github-app-token/v1/dist/main.cjs:31633:20) {
cause: [RequestAbortedError]
}
},
attemptNumber: 4,
retriesLeft: 0
}
Output of get-app-token-manually:
Run # https://docs.github.com/en/apps/creating-github-apps/authenticating-with-a-github-app/generating-a-json-web-token-jwt-for-a-github-app#example-using-bash-to-generate-a-jwt
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
100 1862 100 1862 0 0 20688 0 --:--:-- --:--:-- --:--:-- 20688
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
100 207 100 207 0 0 2029 0 --:--:-- --:--:-- --:--:-- 2009
100 207 100 207 0 0 2009 0 --:--:-- --:--:-- --:--:-- 2009
{
"token": "***",
"expires_at": "2024-***-04T13:50:37Z",
"permissions": {
"contents": "read",
"metadata": "read"
},
"repository_selection": "selected"
}
Metadata
Metadata
Assignees
Labels
No labels