Skip to content

Commit

Permalink
docs(readme): document how a Base64 private key could be decoded
Browse files Browse the repository at this point in the history
  • Loading branch information
vleon1a committed Jul 11, 2024
1 parent d0ac2ad commit b636134
Showing 1 changed file with 18 additions and 0 deletions.
18 changes: 18 additions & 0 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -278,6 +278,24 @@ jobs:

**Required:** GitHub App private key. Escaped newlines (`\\n`) will be automatically replaced with actual newlines.

N.B.: Some other action may require the private key to be Base64 encoded. To avoid recreating a new secret, it can be decoded on the fly, but it needs to be managed securely. Here is an example of how this could be achieved:

```yaml
steps:
- name: Decode the GitHub App Private Key
id: decode
run: |
private_key=$(echo "${{ secrets.PRIVATE_KEY }}" | base64 -d | awk 'BEGIN {ORS="\\n"} {print}' | head -c -2) &> /dev/null
echo "::add-mask::$private_key"
echo "private-key=$private_key" >> "$GITHUB_OUTPUT"
- name: Generate GitHub App Token
id: app-token
uses: actions/create-github-app-token@v1
with:
app-id: ${{ vars.APP_ID }}
private-key: ${{ steps.decode.outputs.private-key }}
```

### `owner`

**Optional:** The owner of the GitHub App installation. If empty, defaults to the current repository owner.
Expand Down

0 comments on commit b636134

Please sign in to comment.