GitHub APP Token

This page explains how to use the temporary GitHub App installation token that Pipelines-as-Code generates, so you can interact with the GitHub API from your PipelineRuns. Use this when your pipeline needs to post comments, update statuses, or call other GitHub endpoints.

Accessing the token

Pipelines-as-Code generates a temporary installation token from the GitHub App for each PipelineRun. You can use this token to access the GitHub API. The token value is stored in the temporary git-auth secret that Pipelines-as-Code generates for private repositories, under the key git-provider-token.

Adding a comment to a pull request

To add a comment to a pull request, use the github-add-comment task from Artifact Hub (a public registry for discovering Tekton tasks and other cloud-native artifacts) with a Pipelines-as-Code annotation:

pipelinesascode.tekton.dev/task: "github-add-comment"

Then add the task to your tasks section (or finally tasks) of your PipelineRun:

[...]
tasks:
  - name:
      taskRef:
        name: github-add-comment
      params:
        - name: REQUEST_URL
          value: "{{ repo_url }}/pull/{{ pull_request_number }}"
        - name: COMMENT_OR_FILE
          value: "Pipelines-as-Code IS GREAT!"
        - name: GITHUB_TOKEN_SECRET_NAME
          value: "{{ git_auth_secret }}"
        - name: GITHUB_TOKEN_SECRET_KEY
          value: "git-provider-token"

Because this configuration uses dynamic variables, it works for any pull request across any repository without modification.

Setting GITHUB_TOKEN as an environment variable

You can also set the GITHUB_TOKEN environment variable directly on a task step. This approach is useful when you want to call the GitHub API from a custom script rather than a dedicated task:

env:
  - name: GITHUB_TOKEN
    valueFrom:
      secretKeyRef:
        name: "{{ git_auth_secret }}"
        key: "git-provider-token"