Skip to content

v1.7.0
Compare
Choose a tag to compare
@github-actions github-actions released this 19 Jul 00:11
· 1 commit to main since this release
v1.7.0
d7819cb
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

🚀 Add KeyVaultKeyReference parameter for GitHub App authentication (#63)

This PR adds support for authenticating GitHub Apps using Azure KeyVault key references, enabling secure private key storage in Azure KeyVault instead of GitHub secrets.

Changes Made

🔧 Core Implementation

  • action.yml: Added new KeyVaultKeyReference input parameter with proper description and environment variable mapping
  • scripts/init.ps1:
    • Added validation logic ensuring mutual exclusion between PrivateKey and KeyVaultKeyReference
    • Added requirement validation that ClientID must be provided with exactly one key parameter
    • Implemented new authentication path: Connect-GitHub -ClientID <ClientID> -KeyVaultKeyReference <url>
    • Updated module status reporting to include KeyVault key reference status

📚 Documentation

  • README.md:
    • Added KeyVaultKeyReference to inputs documentation table
    • Added comprehensive Example 5 demonstrating Azure KeyVault authentication workflow
    • Updated example numbering consistently
    • Included note about required azure/login action for KeyVault authentication

Usage Example

jobs:
  Run-Script:
    runs-on: ubuntu-latest
    steps:
      - name: Login to Azure
        uses: azure/login@v1
        with:
          creds: ${{ secrets.AZURE_CREDENTIALS }}

      - name: Run script
        uses: PSModule/GitHub-Script@v1
        with:
          ClientID: ${{ secrets.CLIENT_ID }}
          KeyVaultKeyReference: ${{ secrets.KEYVAULT_KEY_REFERENCE }}
          Script: |
            LogGroup "Get-GitHubApp" {
              Get-GitHubApp
            }

Validation

The implementation includes comprehensive validation:

  • ✅ Mutual exclusion: Only one of PrivateKey or KeyVaultKeyReference can be provided
  • ✅ Requirement validation: ClientID must be provided with exactly one key parameter
  • ✅ Error handling for invalid input combinations
  • ✅ PowerShell and YAML syntax validation
  • ✅ Integration testing with 6/6 test scenarios passing

Authentication Flow

The action now supports three authentication methods:

  1. Token: Token parameter (existing)
  2. GitHub App with Private Key: ClientID + PrivateKey (existing)
  3. GitHub App with KeyVault: ClientID + KeyVaultKeyReference (new)

Fixes #62.

💬 Share your feedback on Copilot coding agent for the chance to win a $200 gift card! Click here to start the survey.

Assets 2
Loading