|
| 1 | +--- |
| 2 | +title: 'GitHub Apps: Configuring the Git Email for Commits' |
| 3 | +author: Josh Johanning |
| 4 | +date: 2024-11-22 12:00:00 -0600 |
| 5 | +description: A guide on how to set up the proper Git email address for commits made by your GitHub App to ensure proper commit attribution |
| 6 | +categories: [GitHub, Apps] |
| 7 | +tags: [GitHub, GitHub Actions, GitHub Apps, GitHub Issues, Git] |
| 8 | +media_subpath: /assets/screenshots/2024-11-22-github-apps-commit-email |
| 9 | +image: |
| 10 | + path: github-app-commit-light.png |
| 11 | + width: 100% |
| 12 | + height: 100% |
| 13 | + alt: A commit from a GitHub app in a GitHub repository with the commit being attributed to the app |
| 14 | +--- |
| 15 | + |
| 16 | +## Overview |
| 17 | + |
| 18 | +I recently was working with a customer who had just discovered [GitHub Apps](/posts/github-apps/) as a replacement to a service account user created in GitHub. Using a GitHub App has a few benefits: |
| 19 | + |
| 20 | +1. You don't have to manage a separate user account, including username, password, MFA settings, etc. |
| 21 | +2. A GitHub App doesn't consume a GitHub license |
| 22 | +3. A GitHub App has a higher rate-limit |
| 23 | +4. A GitHub App's token that's generated expires after a maximum of 1 hour, so it's more secure than a user's long-lived token |
| 24 | + |
| 25 | +The customer was using this [Action](https://github.com/stefanzweifel/git-auto-commit-action) to auto commit changes made in the workflow back to the repository. When using a GitHub user account, they were simply using the email address (or in this case, the noreply email address) associated with the GitHub account. With a GitHub app, we have to configure the emails in a slightly different format that's not easily documented or readily available. So this is where this post comes in! |
| 26 | + |
| 27 | +You can technically commit using any email address when committing to GitHub (assuming you don't have verified commits required). However, if the committing email address isn't associated directly with a GitHub user's (or app's) email address, the profile picture/author's icon will just be a gray GitHub logo. You also can't filter commits by that user/app in the UI. So, if you are committing with an app, you might as well make the author look like the app in GitHub. 🤖 |
| 28 | + |
| 29 | +> If you are new to GitHub Apps, check out my [other post on getting started](/posts/github-apps/)! It's really much easier than you think. 🚀 |
| 30 | +{: .prompt-info } |
| 31 | + |
| 32 | +## Email Format |
| 33 | + |
| 34 | +If you use the [API to commit as a GitHub App](https://github.com/orgs/community/discussions/50055), you will see the following commit email address format used: |
| 35 | + |
| 36 | +```text |
| 37 | +149130343+josh-issueops-bot[bot]@users.noreply.github.com |
| 38 | +``` |
| 39 | + |
| 40 | +Where does that `149130343` come from? You might think it's the GitHub App ID, made readily available in the app's management page. But, sadly, you would be incorrect. 🤦♂️ |
| 41 | + |
| 42 | +The ID field here is actually the *user ID* of the GitHub App. |
| 43 | + |
| 44 | +We can retrieve this in one of two ways: |
| 45 | + |
| 46 | +1. Open up the REST API endpoint in your browser and grab the ID field. The format of the URL will be: |
| 47 | + |
| 48 | + ```text |
| 49 | + https://api.github.com/users/josh-issueops-bot[bot] |
| 50 | + ``` |
| 51 | +
|
| 52 | +2. Use the GitHub CLI and `--jq` to grab the ID field: |
| 53 | +
|
| 54 | + ```bash |
| 55 | + gh api '/users/josh-issueops-bot[bot]' --jq .id |
| 56 | + ``` |
| 57 | +
|
| 58 | +Once you have that, you can plug in the email address and you're good to go! 🚀 |
| 59 | +
|
| 60 | +## Committing via Git Command Line in Actions |
| 61 | +
|
| 62 | +Here's a simple example of how you could commit changes back to the repository using the `git` command line in a GitHub Actions workflow and have the commit attributed to the GitHub App: |
| 63 | +
|
| 64 | +```yml |
| 65 | +jobs: |
| 66 | + generate-changelog: |
| 67 | + runs-on: ubuntu-latest |
| 68 | + permissions: |
| 69 | + contents: write # this allows you to write back to repo |
| 70 | + steps: |
| 71 | + - uses: actions/checkout@v4 |
| 72 | + # - do stuff - |
| 73 | + - name: push to git repo |
| 74 | + run: | |
| 75 | + git config --global user.name 'josh-issueops-bot[bot]' |
| 76 | + git config --global user.email '149130343+josh-issueops-bot[bot]@users.noreply.github.com' |
| 77 | + git add . |
| 78 | + git commit -m "ci: updating changelog" |
| 79 | + git push |
| 80 | +``` |
| 81 | +{: file='.github/workflows/commit-with-github-app.yml'} |
| 82 | + |
| 83 | +{% raw %} |
| 84 | +This still uses the `${{ github.token }}` (the Actions user) to authenticate, but the commit / commit author is being attributed to the app. |
| 85 | + |
| 86 | +If you wanted to use the GitHub App's token for authentication, you could do something like this instead: |
| 87 | + |
| 88 | +```yml |
| 89 | +jobs: |
| 90 | + generate-changelog: |
| 91 | + runs-on: ubuntu-latest |
| 92 | + permissions: |
| 93 | + contents: none # technically no permissions required since we are using the App's auth token here |
| 94 | + steps: |
| 95 | + - uses: actions/create-github-app-token@v1 |
| 96 | + id: app-token |
| 97 | + with: |
| 98 | + app-id: ${{ vars.APP_ID }} |
| 99 | + private-key: ${{ secrets.APP_PRIVATE_KEY }} |
| 100 | + owner: ${{ github.repository_owner }} |
| 101 | + - uses: actions/checkout@v4 |
| 102 | + with: |
| 103 | + token: ${{ steps.app-token.outputs.token }} # using the app's token to establish auth |
| 104 | + repository: ${{ github.repository }} # default is to checkout repo of the workflow |
| 105 | + - name: push to git repo |
| 106 | + run: | |
| 107 | + git config --global user.name 'josh-issueops-bot[bot]' |
| 108 | + git config --global user.email '149130343+josh-issueops-bot[bot]@users.noreply.github.com' |
| 109 | + git add . |
| 110 | + git commit -m "ci: updating changelog" |
| 111 | + git push |
| 112 | +``` |
| 113 | +{: file='.github/workflows/commit-with-github-app.yml'} |
| 114 | +
|
| 115 | +{% endraw %} |
| 116 | +
|
| 117 | +## Using the Git Auto Commit Action |
| 118 | +
|
| 119 | +Since I mentioned [this action](https://github.com/stefanzweifel/git-auto-commit-action) earlier, here's what an example workflow would look like using it: |
| 120 | +
|
| 121 | +```yml |
| 122 | +jobs: |
| 123 | + generate-changelog: |
| 124 | + runs-on: ubuntu-latest |
| 125 | + permissions: |
| 126 | + contents: write # this allows you to write back to repo |
| 127 | + steps: |
| 128 | + - uses: actions/checkout@v4 |
| 129 | + # - do stuff - |
| 130 | + - uses: stefanzweifel/git-auto-commit-action@v5 |
| 131 | + with: |
| 132 | + commit_user_name: josh-issueops-bot[bot] |
| 133 | + commit_user_email: 149130343+josh-issueops-bot[bot]@users.noreply.github.com |
| 134 | + commit_message: "ci: updating changelog" |
| 135 | + # use this input if you don't want it to default the author to the user triggering the workflow |
| 136 | + commit_author: josh-issueops-bot[bot] <149130343+josh-issueops-bot[bot]@users.noreply.github.com> |
| 137 | +``` |
| 138 | +{: file='.github/workflows/commit-with-github-app.yml'} |
| 139 | +
|
| 140 | +## Summary |
| 141 | +
|
| 142 | +In summary, if you are using a GitHub App to commit changes back to the repository, you will need to use the email address format of `<userID>+<app-name>[bot]@users.noreply.github.com`. This will allow the commit to be attributed to the GitHub App, and the author's icon to be the App's icon. 🤖 |
0 commit comments