Recommend action that doesn't rely on node v20 for GHES < 12 (#43679)

Vavtr · Oct 3, 2023 · 6f2a6b3 · 6f2a6b3
1 parent 9440080
commit 6f2a6b3
Show file tree

Hide file tree

Showing 3 changed files with 37 additions and 8 deletions.
diff --git a/...ng-authenticated-api-requests-with-a-github-app-in-a-github-actions-workflow.md b/...ng-authenticated-api-requests-with-a-github-app-in-a-github-actions-workflow.md
@@ -29,13 +29,18 @@ In order to use a {% data variables.product.prodname_github_app %} to make authe
 1. Install the {% data variables.product.prodname_github_app %} on your user account or organization and grant it access to any repositories that you want your workflow to access. For more information, see "[AUTOTITLE](/apps/maintaining-github-apps/installing-github-apps#installing-your-private-github-app-on-your-repository)."
 1. In your {% data variables.product.prodname_actions %} workflow, create an installation access token, which you can use to make API requests.
 
-   To do this, you can use a {% data variables.product.company_short %}-owned action as demonstrated in the following example. If you prefer to not use this action, you can fork and modify the [`actions/create-github-app-token` action](https://github.com/actions/create-github-app-token), or you can write a script to make your workflow create an installation token manually. For more information, see "[AUTOTITLE](/apps/creating-github-apps/authenticating-with-a-github-app/authenticating-as-a-github-app-installation)."
+   {% ifversion ghes < 3.12 %}To do this, you can use a pre-made action as demonstrated in the following example. If you prefer to not use a third party action, you can fork and modify the `tibdex/github-app-token` action, or you can write a script to make your workflow create an installation token manually. For more information, see "[AUTOTITLE](/apps/creating-github-apps/authenticating-with-a-github-app/authenticating-as-a-github-app-installation)."{% else %}To do this, you can use a {% data variables.product.company_short %}-owned action as demonstrated in the following example. If you prefer to not use this action, you can fork and modify the [`actions/create-github-app-token` action](https://github.com/actions/create-github-app-token), or you can write a script to make your workflow create an installation token manually. For more information, see "[AUTOTITLE](/apps/creating-github-apps/authenticating-with-a-github-app/authenticating-as-a-github-app-installation)."{% endif %}
 
-   The following example workflow uses the `actions/create-github-app-token` action to generate an installation access token. Then, the workflow uses the token to make an API request via the {% data variables.product.prodname_cli %}.
+   The following example workflow uses the {% ifversion ghes < 3.12 %}`tibdex/github-app-token`{% else %}`actions/create-github-app-token`{% endif %} action to generate an installation access token. Then, the workflow uses the token to make an API request via the {% data variables.product.prodname_cli %}.
 
    In the following workflow, replace `APP_ID` with the name of the secret where you stored your app ID. Replace `APP_PRIVATE_KEY` with the name of the secret where you stored your app private key.
 
 ```yaml copy
+{% ifversion ghes < 3.12 %}
+{% data reusables.actions.actions-not-certified-by-github-comment %}
+
+{% data reusables.actions.actions-use-sha-pinning-comment %}
+{% endif %}
 on:
   workflow_dispatch:
 jobs:
@@ -44,7 +49,7 @@ jobs:
     steps:
       - name: Generate a token
         id: generate_token
-        uses: actions/create-github-app-token@v1
+        uses: {% ifversion ghes < 3.12 %}tibdex/github-app-token@b62528385c34dbc9f38e5f4225ac829252d1ea92{% else %}actions/create-github-app-token@v1{% endif %}
         with:
           app_id: {% raw %}${{ secrets.APP_ID }}{% endraw %}
           private_key: {% raw %}${{ secrets.APP_PRIVATE_KEY }}{% endraw %}

diff --git a/...king-with-projects/automating-your-project/automating-projects-using-actions.md b/...king-with-projects/automating-your-project/automating-projects-using-actions.md
@@ -52,6 +52,15 @@ For more information about authenticating in a {% data variables.product.prodnam
 1. Generate a private key for your app. Store the contents of the resulting file as a secret in your repository or organization. (Store the entire contents of the file, including `-----BEGIN RSA PRIVATE KEY-----` and `-----END RSA PRIVATE KEY-----`.) In the following workflow, replace `APP_PEM` with the name of the secret. For more information, see "[AUTOTITLE](/apps/creating-github-apps/authenticating-with-a-github-app/managing-private-keys-for-github-apps)."
 1. In the following workflow, replace `YOUR_ORGANIZATION` with the name of your organization. For example, `octo-org`. Replace `YOUR_PROJECT_NUMBER` with your project number. To find the project number, look at the project URL. For example, `https://github.com/orgs/octo-org/projects/5` has a project number of 1.  In order for this specific example to work, your project must also have a "Date posted" date field.
 
+   {% ifversion ghes < 3.12 %}{% note %}
+
+   **Notes:**
+
+   - {% data reusables.actions.actions-not-certified-by-github %}
+   - {% data reusables.actions.actions-use-sha-pinning %}
+
+   {% endnote %}{% endif %}
+
 ```yaml annotate copy
 #
 name: Add PR to project
@@ -64,14 +73,14 @@ jobs:
   track_pr:
     runs-on: ubuntu-latest
     steps:
-    # Uses the [actions/create-github-app-token](https://github.com/marketplace/actions/create-github-app-token) action to generate an installation access token for your app from the app ID and private key. The installation access token is accessed later in the workflow as `{% raw %}${{ steps.generate_token.outputs.token }}{% endraw %}`.
+    # Uses the {% ifversion ghes < 3.12 %}[tibdex/github-app-token](https://github.com/tibdex/github-app-token){% else %}[actions/create-github-app-token](https://github.com/marketplace/actions/create-github-app-token){% endif %} action to generate an installation access token for your app from the app ID and private key. The installation access token is accessed later in the workflow as `{% raw %}${{ steps.generate_token.outputs.token }}{% endraw %}`.
     #
     #Replace `APP_ID` with the name of the secret that contains your app ID.
     #
     #Replace `APP_PEM` with the name of the secret that contains your app private key.
       - name: Generate token
         id: generate_token
-        uses: actions/create-github-app-token@v1
+        uses: {% ifversion ghes < 3.12 %}tibdex/github-app-token@b62528385c34dbc9f38e5f4225ac829252d1ea92{% else %}actions/create-github-app-token@v1{% endif %}
         with:
           app_id: {% raw %}${{ secrets.APP_ID }}{% endraw %}
           private_key: {% raw %}${{ secrets.APP_PEM }}{% endraw %}

diff --git a/content/rest/quickstart.md b/content/rest/quickstart.md
@@ -82,6 +82,11 @@ If you are authenticating with a {% data variables.product.prodname_github_app %
 1. Add a step to generate a token, and use that token instead of `GITHUB_TOKEN`. Note that this token will expire after 60 minutes. For example:
 
    ```yaml
+   {% ifversion ghes < 3.12 %}
+   {% data reusables.actions.actions-not-certified-by-github-comment %}
+   
+   {% data reusables.actions.actions-use-sha-pinning-comment %}
+   {% endif %}
    on:
      workflow_dispatch:
    jobs:
@@ -90,7 +95,7 @@ If you are authenticating with a {% data variables.product.prodname_github_app %
        steps:
          - name: Generate token
            id: generate_token
-           uses: actions/create-github-app-token@v1
+           uses: {% ifversion ghes < 3.12 %}tibdex/github-app-token@b62528385c34dbc9f38e5f4225ac829252d1ea92{% else %}actions/create-github-app-token@v1{% endif %}
            with:
              app_id: {% raw %}${{ secrets.APP_ID }}{% endraw %}
              private_key: {% raw %}${{ secrets.APP_PEM }}{% endraw %}
@@ -224,6 +229,11 @@ If you are authenticating with a {% data variables.product.prodname_github_app %
 1. Add a step to generate a token, and use that token instead of `GITHUB_TOKEN`. Note that this token will expire after 60 minutes. For example:
 
    ```yaml
+   {% ifversion ghes < 3.12 %}
+   {% data reusables.actions.actions-not-certified-by-github-comment %}
+
+   {% data reusables.actions.actions-use-sha-pinning-comment %}
+   {% endif %}
    on:
      workflow_dispatch:
    jobs:
@@ -244,7 +254,7 @@ If you are authenticating with a {% data variables.product.prodname_github_app %
 
          - name: Generate token
            id: generate_token
-           uses: actions/create-github-app-token@v1
+           uses: {% ifversion ghes < 3.12 %}tibdex/github-app-token@b62528385c34dbc9f38e5f4225ac829252d1ea92{% else %}actions/create-github-app-token@v1{% endif %}
            with:
              app_id: {% raw %}${{ secrets.APP_ID }}{% endraw %}
              private_key: {% raw %}${{ secrets.APP_PEM }}{% endraw %}
@@ -350,6 +360,11 @@ If you are authenticating with a {% data variables.product.prodname_github_app %
 1. Add a step to generate a token, and use that token instead of `GITHUB_TOKEN`. Note that this token will expire after 60 minutes. For example:
 
    ```yaml
+   {% ifversion ghes < 3.12 %}
+   {% data reusables.actions.actions-not-certified-by-github-comment %}
+
+   {% data reusables.actions.actions-use-sha-pinning-comment %}
+   {% endif %}
    on:
      workflow_dispatch:
    jobs:
@@ -358,7 +373,7 @@ If you are authenticating with a {% data variables.product.prodname_github_app %
        steps:
          - name: Generate token
            id: generate_token
-           uses: actions/create-github-app-token@v1
+           uses: {% ifversion ghes < 3.12 %}tibdex/github-app-token@b62528385c34dbc9f38e5f4225ac829252d1ea92{% else %}actions/create-github-app-token@v1{% endif %}
            with:
              app_id: {% raw %}${{ secrets.APP_ID }}{% endraw %}
              private_key: {% raw %}${{ secrets.APP_PEM }}{% endraw %}