Skip to content

Commit

Permalink
docs(readme): document how a Base64 private key could be decoded (#155)
Browse files Browse the repository at this point in the history
Addressing this comment
#42 (comment)

---------

Co-authored-by: Parker Brown <17183625+parkerbxyz@users.noreply.github.com>
  • Loading branch information
vleon1a and parkerbxyz authored Jul 11, 2024
1 parent d0ac2ad commit 000e2a0
Showing 1 changed file with 18 additions and 0 deletions.
18 changes: 18 additions & 0 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -278,6 +278,24 @@ jobs:

**Required:** GitHub App private key. Escaped newlines (`\\n`) will be automatically replaced with actual newlines.

Some other actions may require the private key to be Base64 encoded. To avoid recreating a new secret, it can be decoded on the fly, but it needs to be managed securely. Here is an example of how this can be achieved:

```yaml
steps:
- name: Decode the GitHub App Private Key
id: decode
run: |
private_key=$(echo "${{ secrets.PRIVATE_KEY }}" | base64 -d | awk 'BEGIN {ORS="\\n"} {print}' | head -c -2) &> /dev/null
echo "::add-mask::$private_key"
echo "private-key=$private_key" >> "$GITHUB_OUTPUT"
- name: Generate GitHub App Token
id: app-token
uses: actions/create-github-app-token@v1
with:
app-id: ${{ vars.APP_ID }}
private-key: ${{ steps.decode.outputs.private-key }}
```

### `owner`

**Optional:** The owner of the GitHub App installation. If empty, defaults to the current repository owner.
Expand Down

1 comment on commit 000e2a0

@Morteza-Abolhassani-Khajeh

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please sign in to comment.