-
Notifications
You must be signed in to change notification settings - Fork 3
Lab 4.1 ‐ Setting up GitHub Secrets
In this Hands-On Lab, you will create a GitHub Personal Access Token to use the GitHub API and enable the triggering of other workflows as part of the action. You will also set up a secret to authenticate against Azure so we can deploy our application.
In order to access the API of GitHub you need to have access rights. You can grant your workflow rights by passing in a Personal Access Token and adding this to the GitHub Secrets
Generating a Personal Access Token (PAT) with the right permissions in GitHub is a common task to enable actions like accessing repositories, creating releases, or performing other tasks programmatically. Here are the steps to generate a PAT with the necessary permissions:
- Log in to your GitHub account if you haven't already.
- Click on your profile picture in the top right corner of the GitHub page.
- From the dropdown menu, select "Settings".
- In the left sidebar, under the "Settings" tab, scroll down and find "Developer settings". Click on it.
- In the "Developer settings" page, find and click on "Personal access tokens" in the left sidebar. Click the "Fine-grained tokens"
- On the "Personal access tokens" page, click the "Generate new token" button. Log in if asked.
Every token can have fine-grained permissions associated to them. The more fine-grained you make them, the more secure it is.
-
Fill in the following information:
- Token name: Enter a name for your token to help you identify its purpose.
- Expiration: You can set an expiration date for added security, or you can leave it empty for no expiration (use this option carefully).
- Repository Access: Only select repositories (pick your repository from the drop down)
- Select scopes: Here's where you grant permissions to the token. You can select the specific permissions that match your needs. Select "Actions", "Contents" and "Deployments". All should have "Read and write" permission.
-
After configuring the token, scroll down to the bottom of the page and click the "Generate token" or "Create token" button.
-
Once the token is generated, you will see a long string of characters. This is your PAT, and it's crucial to keep it secure.
-
Copy the token to your clipboard. You won't be able to see it again after you close the page.
-
Store the token in a secure location. Do not share it openly or commit it to version control systems.
You can now use the PAT in your application or GitHub Actions workflow by including it as a secret or environment variable, depending on your use case. Remember to follow best practices for securely managing secrets in your projects. Hardcoding the secret in your files is not a good idea. You can use GitHub Secrets for that.
- In your repository, find the "Settings" tab, typically located on the right-hand side, below the repository's name.
- Within the "Settings" tab, you'll see a sidebar on the left. Scroll down and find the "Secrets & Variables" option. Click on Actions to manage the secrets used in actions.
- On the "Secrets" tab, you'll see a list of existing secrets, if any. To add a new secret, click on the "New repository secret" or similar button.
- A dialog or form will appear for you to define the secret:
-
Name: Enter the name of your secret. In this case, it should be
EXTENDED_ACCESSTOKEN(or any name you want to use). - Value: Enter the Personal Access Token you generated in the previous steps and add the value.
-
Name: Enter the name of your secret. In this case, it should be
- After entering the secret name and value, click the "Add secret" or "Save secret" button to save the secret to your repository.
You can use this secret in your workflows by referencing ${{secrets.EXTENDED_ACCESSTOKEN}}.