A RetroSearch Logo

Home - News ( United States | United Kingdom | Italy | Germany ) - Football scores

Search Query:

Showing content from http://stackoverflow.com/questions/79272519/github-access-token-for-apps below:

git - Github access token for Apps

I have a GitHub App configured with a Webhook that listens to Github events. The App is installed on a private repo and has both read and write permissions. git clone https://x-access-token:<TOKEN>@github.com/owner/repo_name.git results in a fatal error that the repository is not found. I've seen the question Authentication issue on SO, but it applies to a client-to-server request and not a server-to-server request as I have.

Based on the references: Server-to-server request, JWT generation,App Authentication, I've written the following functions

def generate_jwt(app_id=APP_ID, private_key_path=APP_PRIVATE_KEY_PATH):
    """
    This function generates a JWT token for the GitHub App.

    Args:
        app_id (str): The GitHub App ID.
        private_key_path (pathlib.Path): The path to the private key file.

    Returns:
        str: The JWT token.
    """
    with open(private_key_path, 'r', encoding='utf-8') as key_file:
        private_key = key_file.read()

    payload = {
        'iat': datetime.now(),
        'exp': datetime.now() + timedelta(minutes=10),
        'iss': app_id
    }
    return jwt.encode(payload, private_key, algorithm='RS256')

Then I get my installation access token:

def get_installation_access_token(installation_id) -> str:
    """
    Get the installation access token for the GitHub App.

    Args:
        installation_id (str): The installation id access token.
    Returns:
        str: The installation access token.
    """
    if installation_id is None:
        return "No Installation ID"

    url = f"https://api.github.com/app/installations/{installation_id}/access_tokens"
    app_jwt = generate_jwt()

    # Make the API request
    headers = {
        "Authorization": f"Bearer {app_jwt}",
        "Accept": "application/vnd.github+json",
        "X-Github-Api-Version": "2022-11-28",
    }
    response = requests.post(url, headers=headers, timeout=10)

    # Extract the installation access token
    response.raise_for_status()
    installation_access_token = response.json()["token"]

    return installation_access_token

I convert my clone URL to authenticated URL with this function:

def convert_clone_url_to_autenticated_url(clone_url: str, installation_access_token: str) -> str:
    """
    Convert the clone URL to an authenticated URL.

    Args:
        clone_url (str): The clone URL.
        installation_access_token (str): The installation access token.

    Returns:
        str: The authenticated URL.
    """
    # Parse the clone URL
    if not clone_url.startswith("https://github.com/"):
        raise ValueError("Invalid clone URL. It must start with 'https://github.com/'.")
    
    return clone_url.replace(
        "https://github.com/",
        f"https://x-access-token:{installation_access_token}@github.com/"
    )

And finally I try to clone with GitPython:

# Clone the repository
repo = None
if not repo_dir.exists():
    repo = git.Repo.clone_from(authenticated_url, repo_dir)
else:
    repo = git.Repo(repo_dir)

What could I do differently to resolve this error?

RetroSearch is an open source project built by @garambo | Open a GitHub Issue

Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo

HTML: 3.2 | Encoding: UTF-8 | Version: 0.7.4