New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[FEAT]: Switching Between PAT and GitHub App Authentication Without Modifying Terraform Code #1877
Comments
Hi! Unfortunately there is currently no way to do so. That would be an interesting feature to add! |
You can do this by using the GitHub CLI ( name: CI
on:
push:
branches: [main]
jobs:
apply:
name: TF Apply
runs-on: ubuntu-latest
steps:
- name: Checkout repo
uses: actions/checkout@v3
- name: Generate app token
id: generate-app-token
uses: tibdex/github-app-token@v1.9.0
with:
app_id: ${{ vars.YOUR_APP_ID }}
private_key: ${{ secrets.YOUR_APP_PRIVATE_KEY }}
- name: Terraform apply
env:
GITHUB_TOKEN: ${{ steps.generate-app-token.outputs.token }}
run: terraform apply -auto-approve |
Using the app installation token directly is a good workaround when you run Terraform from GitHub actions, but what about using it from Atlantis? Installation token is short-lived, so it can't be used in Atlantis as a static secret, but providing app credentials instead requires having A potential solution here without breaking the existing interface or adding new functionality might be to look for app env vars even when there is no empty provider "github" {}
I see the docs say
P.S. Also having empty
|
Hello, is there an update on this ? |
Hello, do you know there has been any progress made on this issue ? |
This resolves [FEAT]: Switching Between PAT and GitHub App Authentication Without Modifying Terraform Code integrations#1877 New parameters mirror those in the app_auth block and make it possible to switch between token-based and app-based authentication via environment variables without altering existing provider configuration code. This allows flexibility of using a GitHub app for provider authentication when running in CI or another automated environment, and using a personal access token when developing locally. Existing behavior is preserved and the only new case is when GITHUB_APP_* are set, GITHUB_TOKEN isn't set and there is no app_auth block: before it would be an error (app vars would be ignored), but now it works as an app-based configuration.
I took a stab at it in #2174 Any feedback and help are appreciated! |
Describe the need
Hello,
I'm trying to differentiate between authentication methods: using PAT (Personal Access Token) in my local environment and the GitHub App in the CI environment. However, after adding the app_auth block for the CI setup, I receive an error in the local environment indicating that id, installation_id, and pem_file are not set. Is there a way to toggle between authentication methods without changing the Terraform code?
Thank you for your assistance.
(Note: This message was translated with the assistance of a machine translation tool.)
SDK Version
No response
API Version
No response
Relevant log output
No response
Code of Conduct
The text was updated successfully, but these errors were encountered: