From 000e2a0d29976e250bb49dade8bddb037c5187c5 Mon Sep 17 00:00:00 2001 From: vleon1a <145581438+vleon1a@users.noreply.github.com> Date: Fri, 12 Jul 2024 00:09:08 +0200 Subject: [PATCH] docs(readme): document how a Base64 private key could be decoded (#155) Addressing this comment https://github.com/actions/create-github-app-token/issues/42#issuecomment-2214599409 --------- Co-authored-by: Parker Brown <17183625+parkerbxyz@users.noreply.github.com> --- README.md | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/README.md b/README.md index 4e6e9ba..9637ad3 100644 --- a/README.md +++ b/README.md @@ -278,6 +278,24 @@ jobs: **Required:** GitHub App private key. Escaped newlines (`\\n`) will be automatically replaced with actual newlines. +Some other actions may require the private key to be Base64 encoded. To avoid recreating a new secret, it can be decoded on the fly, but it needs to be managed securely. Here is an example of how this can be achieved: + +```yaml +steps: + - name: Decode the GitHub App Private Key + id: decode + run: | + private_key=$(echo "${{ secrets.PRIVATE_KEY }}" | base64 -d | awk 'BEGIN {ORS="\\n"} {print}' | head -c -2) &> /dev/null + echo "::add-mask::$private_key" + echo "private-key=$private_key" >> "$GITHUB_OUTPUT" + - name: Generate GitHub App Token + id: app-token + uses: actions/create-github-app-token@v1 + with: + app-id: ${{ vars.APP_ID }} + private-key: ${{ steps.decode.outputs.private-key }} +``` + ### `owner` **Optional:** The owner of the GitHub App installation. If empty, defaults to the current repository owner.