PowerShellForGitHub icon indicating copy to clipboard operation
PowerShellForGitHub copied to clipboard

Published 20 hours ago verified publisher icon microsoft

Position PowerShellForGitHub to be used in GitHub Actions?

Open TylerLeonhardt opened this issue 4 years ago • 12 comments

This module is by far the best PowerShell module out there for working with GitHub's API.

PowerShell is a fantastic language for CI/CD pipelines, automation pipelines, etc.

This makes PowerShell a great language to use in GitHub Actions.

My thinking is that PowerShellForGitHub could be leveraged as a GitHub Actions helper module that gives you PowerShell-y ways to interact with GitHub's APIs that are most likely touched in GitHub Actions:

  • Issues
  • Issue comments
  • PRs
  • PR comments
  • Releases

etc.

And most important is to have a seamless way to authenticate the module from a running Action.

With this, we can say that PowerShell can be used for creating Actions - which is the ultimate goal.

This issue is more of a meta-discussion issue than anything else as I think some issues in this repo already call out the parts that are GH API gaps.

TylerLeonhardt avatar Apr 21 '20 15:04 TylerLeonhardt

@TylerLeonhardt -- Sorry for the delayed response. I missed the notification when this came in.

Thanks for the kudos in the module. Glad you're liking it.

This idea certainly sounds intriguing. I'll admit that I have limited experience with GitHub Actions. I went through the training module they had when it was first released, but that was a while ago now.

What do you propose as the next steps here? What work would need to be done to enable this to be used within Actions?

HowardWolosky avatar May 12 '20 17:05 HowardWolosky

I think the next steps would be:

Improvements when running in Actions

  • ~Allow for auto-discovery of the GITHUB_TOKEN env var that's available in Actions: https://help.github.com/en/actions/configuring-and-managing-workflows/authenticating-with-the-github_token So that there's no rate-limiting.~

  • Support all common APIs as mentioned above in the issue (Issues, Issue comments, etc) - some of this is already supported.

Improvements for authoring Actions

  • PAT creation and Secret creation for GitHub Actions:

https://help.github.com/en/actions/configuring-and-managing-workflows/creating-and-storing-encrypted-secrets

  • Docs on how to use said secret to authenticate the GitHub PowerShell module while running in an Action.

What do you think @HowardWolosky?

TylerLeonhardt avatar May 19 '20 20:05 TylerLeonhardt

Interesting. In theory, all the support that is needed for that to happen already exists.

$cred = New-Object System.Management.Automation.PSCredential "anything", ${{ secrets.GITHUB_TOKEN }}
Set-GitHubAuthentication -Credential $cred

There's nothing that the module itself can do explicitly to better support this, because the user of the action still needs to expose ${{ secrets.GITHUB_TOKEN }} either directly (like above) or indirectly (via a new exposed variable like they do in the example with `repo-token: ${{ secrets.GITHUB_TOKEN }}')

HowardWolosky avatar May 19 '20 20:05 HowardWolosky

True. I missed over the detail of it not being an env var...

That'll be a bit more complicated with it needing to be a SecureString... so I wonder if a simple -Token would be nicer for this scenario:

Set-GitHubAuthentication -Token ${{ secrets.GITHUB_TOKEN }}

This would also work for PATs as well possibly...

TylerLeonhardt avatar May 19 '20 21:05 TylerLeonhardt

Whoops, you're right. I missed a step. Updated:

$tokenEncrypted = ConvertTo-SecureString -String ${{ secrets.GITHUB_TOKEN }} -AsPlainText -Force
$cred = New-Object System.Management.Automation.PSCredential "anything", $tokenEncrypted
Set-GitHubAuthentication -Credential $cred

Providing an authentication mechanism that works in plain text is generally frowned upon from a security standpoint. Every individual command in this module does let you explicitly pass in a plain text string for -AccessToken, but I feel like interacting with the main authentication method of the module should remain secure.

The second example in its usage was supposed to show how to do this very thing, but it had a mistake in it. I just submitted #173 to fix that example and add a reference to it in the documentation as well. Please, take a look.

HowardWolosky avatar May 19 '20 21:05 HowardWolosky 

$PSDefaultParameterValues["*-GitHub*:AccessToken"] = "${{ secrets.GITHUB_TOKEN }}"

That should do it too, I guess then.

TylerLeonhardt avatar May 19 '20 22:05 TylerLeonhardt

In any case I've updated https://github.com/microsoft/PowerShellForGitHub/issues/157#issuecomment-631061148

TylerLeonhardt avatar May 19 '20 22:05 TylerLeonhardt

That should do it too, I guess then.

Indeed it would. I've added that note to the README as well as part of #173.

HowardWolosky avatar May 20 '20 01:05 HowardWolosky

Regarding the missing API support. We have full support for Issues, I'm almost done locally with full support for PR's (including PR reviews/comments). Releases should be pretty easy to complete soon too.

Is there something within your list of action items that you're interested in working on?

HowardWolosky avatar May 20 '20 02:05 HowardWolosky

Maybe I'll try to work on:

PAT creation and Secret creation

I'll give it a go tomorrow. I might even try to hook in to Secret Management

TylerLeonhardt avatar May 22 '20 00:05 TylerLeonhardt

I have more clarity on this... really I want this ported to PowerShell: https://github.com/actions/toolkit

TylerLeonhardt avatar Jul 15 '20 03:07 TylerLeonhardt

I wrote an action that provides a hydrated context like actions/github-script does for JavaScript: https://github.com/Amadevus/pwsh-script

It also includes a module based on earlier versions of https://github.com/ebekker/pwsh-github-action-tools

Maybe this helps someone or I can help here more.

amis92 avatar Sep 14 '20 13:09 amis92