Skip to content

Add GitHub Apps documentation and stdin token example #467

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
josegonzalez merged 2 commits into from
Dec 12, 2025
Merged

Add GitHub Apps documentation and stdin token example #467

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
3a513b6
docs: add stdin token example to README
Iamrodos Dec 11, 2025
ef99048
Add GitHub Apps documentation and remove outdated header
Iamrodos Dec 11, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
34 changes: 34 additions & 0 deletions README.rst
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -174,6 +174,37 @@ Customise the permissions for your use case, but for a personal account full bac
**Repository permissions**: Read access to contents, issues, metadata, pull requests, and webhooks.


GitHub Apps
~~~~~~~~~~~

GitHub Apps are ideal for organization backups in CI/CD. Tokens are scoped to specific repositories and expire after 1 hour.

**One-time setup:**

1. Create a GitHub App at *Settings -> Developer Settings -> GitHub Apps -> New GitHub App*
2. Set a name and homepage URL (can be any URL)
3. Uncheck "Webhook > Active" (not needed for backups)
4. Set permissions (same as fine-grained tokens above)
5. Click "Create GitHub App", then note the **App ID** shown on the next page
6. Under "Private keys", click "Generate a private key" and save the downloaded file
7. Go to *Install App* in your app's settings
8. Select the account/organization and which repositories to back up

**CI/CD usage with GitHub Actions:**

Store the App ID as a repository variable and the private key contents as a secret, then use ``actions/create-github-app-token``::

- uses: actions/create-github-app-token@v1
id: app-token
with:
app-id: ${{ vars.APP_ID }}
private-key: ${{ secrets.APP_PRIVATE_KEY }}

- run: github-backup myorg -t ${{ steps.app-token.outputs.token }} --as-app -o ./backup --all

Note: Installation tokens expire after 1 hour. For long-running backups, use a fine-grained personal access token instead.


Prefer SSH
~~~~~~~~~~

Expand Down Expand Up @@ -359,6 +390,9 @@ Debug an error/block or incomplete backup into a temporary directory. Omit "incr

github-backup -f $FINE_ACCESS_TOKEN -o /tmp/github-backup/ -l debug -P --all-starred --starred --watched --followers --following --issues --issue-comments --issue-events --pulls --pull-comments --pull-commits --labels --milestones --repositories --wikis --releases --assets --pull-details --gists --starred-gists $GH_USER

Pipe a token from stdin to avoid storing it in environment variables or command history (Unix-like systems only)::

my-secret-manager get github-token | github-backup user -t file:///dev/stdin -o /backup --repositories


Development
Expand Down
3 changes: 0 additions & 3 deletions github_backup/github_backup.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -796,9 +796,6 @@ def _construct_request(
else:
auth = auth.encode("ascii")
request.add_header("Authorization", "token ".encode("ascii") + auth)
request.add_header(
"Accept", "application/vnd.github.machine-man-preview+json"
)

log_url = template if "?" not in template else template.split("?")[0]
if querystring:
Expand Down