Adapter to run a Probot application function in GitHub Actions
Create your Probot Application as always
// app.js
export default (app) => {
app.on("issues.opened", async (context) => {
const params = context.issue({ body: "Hello World!" });
await context.octokit.issues.createComment(params);
});
};
Then in the entrypoint of your GitHub Action, require @probot/adapter-github-actions
instead of probot
// index.js
import { run } from "@probot/adapter-github-actions";
import app from "./app.js";
run(app).catch((error) => {
console.error(error);
process.exit(1);
});
Then use index.js
as your entrypoint in the action.yml
file
name: "Probot app name"
description: "Probot app description."
runs:
using: "node20"
main: "index.js"
Important: Your external dependencies will not be installed, you have to either vendor them in by committing the contents of the node_modules
folder, or compile the code to a single executable script (recommended). See GitHub's documentation
For an example Probot App that is continuously published as GitHub Action, see https://github.com/probot/example-github-action#readme
Probot is a framework for building GitHub Apps, which is different to creating GitHub Actions in many ways, but the functionality is the same:
Both get notified about events on GitHub, which you can act on. While a GitHub App gets notified about a GitHub event via a webhook request sent by GitHub, a GitHub Action can receive the event payload by reading a JSON file from the file system. We can abstract away the differences, so the same hello world example app shown above works in both environments.
Relevant differences for Probot applications:
- You cannot authenticate as the app. The
probot
instance you receive is authenticated using a GitHub token. In most cases the token will be set tosecrets.GITHUB_TOKEN
, which is an installation access token. The providedGITHUB_TOKEN
expires when the job is done or after 6 hours, whichever comes first. You do not have access to anAPP_ID
orPRIVATE_KEY
, you cannot create new tokens or renew the provided one. secrets.GITHUB_TOKEN
is scoped to the current repository. You cannot read data from other repositories unless they are public, you cannot update any other repositories, or access organization-level APIs.- You could provide a personal access token instead of
secrets.GITHUB_TOKEN
to workaround the limits of a repository-scoped token, but be sure you know what you are doing. - You don't need to configure
WEBHOOK_SECRET
, because no webhook request gets sent, the event information can directly be retrieved from environment variables and the local file system.
For a more thorough comparison, see @jasonetco's posts: