Support Request (Maybe Feature): How do we use ephemeral Github tokens with this? #124
Description
Is your feature request related to a problem? Please describe.
I'm trying to use this in tandem with https://github.com/tenjaa/concourse-github-app-token which uses an App ID and priv key to request an ephemeral token rather than relying on an individuals personal access token, however since this requires the token be defined at the resource level, I'm not sure how to get the token passed to the in: stage on a get task.
We're doing enough requests that we must have a token to query for releases or else we hit the API limit.
Describe the solution you'd like
I should be able to pass a github access token in at the in: stage so I can do the following with the two resources:
- name: github-token
type: github-token-resource
source:
appId: 123456 # can be looked up on the overview page of your app
privateKey: ((pem_private_key_secret)) # https://docs.github.com/en/developers/apps/authenticating-with-github-apps#generating-a-private-key
org: OurTeamsOrg # get a token for an app installed to an org account
- name: gh-goss-release
type: github-release
check_every: never
source:
owner: aelsabbahy
repository: goss
tag_filter: "^v([^-]|-[^r]|-r[^c].)*$"
jobs:
- name: get-3rd-party-packages-and-sync-to-internal-repo
plan:
- put: github-token # put forces to get a new token, even when rerunning a build (https://concourse-ci.org/builds.html#build-rerunning)
- load_var: token
file: github-token/token
- get: gh-goss-release
params:
access_token: ((token))Describe alternatives you've considered
Not sure there's another way to properly do this auth without creating accounts for bots which is against Githubs current policies/best practices.
Additional context
I may have missed something, if this is possible already please educate.