farhoodlabs/skills
8
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
8efb3313344fd63cc5f5a43f6832bf4e75d5c273
skills/github-app-token/SKILL.md
T
Goose 8efb331334 refactor: apply FAR-95 skills review follow-ups 
- Remove `playwright-ephemeral/` and `shannon/` entirely per board direction
- Fix `minimax-image-generation/SKILL.md` so YAML frontmatter is at line 1
- Add `minimax-image-generation/scripts/generate.sh` (argparse, error-checked, executable) and document invoking it via `bash scripts/generate.sh ...`
- Deduplicate `minimax-image-generation/CLAUDE.md` against SKILL.md
- `github-app-token`: write token to `$GH_CONFIG_DIR/.gh-token` (preferred) or `$AGENT_HOME/.gh-token` (fallback), fail loudly if neither is set instead of leaking to `mktemp`
- Refresh root `CLAUDE.md` to match actual directory contents and patterns
- Add root `README.md` with human-facing skills index

Co-Authored-By: Paperclip <noreply@paperclip.ing>
2026-04-17 01:34:22 +00:00

1.6 KiB
Raw Blame History

name, description
name description
github-app-token Generate a GitHub installation access token from a GitHub App PEM key, App ID, and Installation ID, write it to a per-agent file, then authenticate the gh CLI with it.

GitHub App Token Skill

Generate a short-lived GitHub App installation token and authenticate gh.

Required Environment Variables

Variable Description
GITHUB_APP_ID Numeric App ID from GitHub App settings
GITHUB_APP_INSTALLATION_ID Numeric Installation ID for the target org/user
GITHUB_APP_PEM_FILE Absolute path to the App's PEM private key file (one of GITHUB_APP_PEM or GITHUB_APP_PEM_FILE required)
GITHUB_APP_PEM Raw PEM private key content as an env var (one of GITHUB_APP_PEM or GITHUB_APP_PEM_FILE required)

GITHUB_APP_PEM takes precedence over GITHUB_APP_PEM_FILE when both are set. Using GITHUB_APP_PEM avoids the need to write the key to disk ahead of time — it is written to a temp file with chmod 600 and deleted after token generation.

Usage

bash github-app-token/scripts/generate-token.sh

The script validates env vars, generates a JWT, exchanges it for an installation token, writes the token to .gh-token inside $GH_CONFIG_DIR (preferred) or $AGENT_HOME (fallback), and runs gh auth login. If neither GH_CONFIG_DIR nor AGENT_HOME is set the script exits non-zero rather than silently writing the token to a default location. On success it prints a confirmation line. On failure it exits non-zero with a descriptive error.

Requires openssl, curl, jq, and gh.

Reference in New Issue View Git Blame Copy Permalink