#!/bin/bash # Purpose: # grab the jwt token # get a normal token from it # git clone with that token # use git config globally to always use this token, even instead of ssh # git clone sshRepo with git config setting # get a temporary jwt token from the key file and app id (hardcoded in the file:) generated_jwt=$(./github-app-jwt.sh) github_api_url="https://api.github.com/app" installation_id=21043970 owner="devops-actions" repo="load-used-actions" sshRepo="load-available-actions" # show the jwt during testing echo "Generated jwt:" echo "${generated_jwt}" echo "" # call the urls with it echo "Calling [${github_api_url}], result:" curl -s \ -H "Authorization: Bearer ${generated_jwt}" \ -H "Accept: application/vnd.github.machine-man-preview+json" \ "${github_api_url}" github_api_url="https://api.github.com/app/installations" echo "Calling [${github_api_url}], result:" curl -s \ -H "Authorization: Bearer ${generated_jwt}" \ -H "Accept: application/vnd.github.v3+json" \ "${github_api_url}" # get the token by POSTING to the url: github_api_url="https://api.github.com/app/installations/$installation_id/access_tokens" echo "Calling [${github_api_url}], result:" tokens=$(curl -s -X POST \ -H "Authorization: Bearer ${generated_jwt}" \ -H "Accept: application/vnd.github.v3+json" \ "${github_api_url}" ) echo "Token info: $tokens" # extract the token, more information about expiry for example is present as well: token=$(echo "$tokens" | jq -r '.token') echo "Token: $token" # this token can be used to call the API's or used in a Git clone call using https # clone with https: rm -rf tempGitClone mkdir tempGitClone cd tempGitClone git clone "https://x-access-token:$token@github.com/$owner/$repo.git" cd $repo ls -la echo "setting up git config" git config --global url."https://x-access-token:$token@github.com/".insteadOf "git@github.com:" # clone different repo by using ssh call git clone "git@github.com:$owner/$sshRepo.git" cd $sshRepo ls -la echo "Cleanup folders" cd ../../../ rm -rf tempGitClone # clean up global configuration so we don't leave the token around git config --global --remove-section url."https://x-access-token:$token@github.com/" exit 0