14

I am trying to add a custom code check for a PR. After doing some research I found out that it can be done using the API mentioned below.

POST /repos/{owner}/{repo}/check-runs

Initially, it was giving me this error:

{
    "message": "You must authenticate via a GitHub App.",
    "documentation_url": "https://docs.github.com/rest/reference/checks#create-a-check-run"
}

I followed the guideline provided in this link.

  1. I created a GitHub app.
  2. Gave it required permission.
  3. Generated a private key.
  4. Generated a JWT token using the private key.
  5. Installed the Github app in the repo too

I created a curl request:

curl --location --request POST 'https://api.github.com/repos/X/X-app/check-runs' \
--header 'Accept: application/vnd.github.v3+json' \
--header 'Authorization: Bearer eyJhbGciOiJSUzI1NiJ9.X.X-X-SAFvDnSkaJDjMI2T_BAC2iLlRZ7uNyFSe-X-UgFBFjoFrwsbcYFKfDM8f3FNPYpA6afhr18DLZ6rzu35klA' \
--header 'Content-Type: application/json' \
--data-raw '{
    "name": "loremipsum"
}'

But, now I am getting this error

{
    "message": "Bad credentials",
    "documentation_url": "https://docs.github.com/rest"
}

I am not sure what I am missing here.

Improve this question
0

1 Answer 1

Reset to default
26

I figured this out. The GitHub documentation is a bit unclear/misleading.

You don't pass the app's JWT bearer token directly to the "Create a check run" API; instead, you use that bearer token to get an access token for a specific installation, and then you pass that token to the "Create a check run" API.

To get that access token, you need the installation-ID; if you don't already have it, you can use the app's JWT bearer token to list your installations:

curl -i \
  -H "Authorization: Bearer YOUR_JWT" \
  -H "Accept: application/vnd.github.v3+json" \
  https://api.github.com/app/installations

Once you know the installation-ID, you can use the app's JWT bearer token to get an access token for the installation:

curl -i -X POST \
  -H "Authorization: Bearer YOUR_JWT" \
  -H "Accept: application/vnd.github.v3+json" \
  https://api.github.com/app/installations/THE_INSTALLATION_ID/access_tokens

You can then use that access token to call GitHub APIs on that repo:

curl -i \
  -H "Authorization: token YOUR_INSTALLATION_ACCESS_TOKEN" \
  ...

(Note that for this one you write token instead of Bearer.)

Improve this answer
Sign up to request clarification or add additional context in comments.

5 Comments

I believe the /app/installations call needs to be a GET, not a POST. I get a 404 on POST but GET works fine.
you're right, the first one is a GET. Thanks!
Np! Great answer btw; just upvoted
Worked for me. Been struggling for a while to get an access token for testing behavior of a GitHub App. GitHub's documentation is indeed missing this crucial part.
omg thank you for this! Github's documentation seems great at first but clearly doesn't outline everything you need to do to auth properly. This post was VERY helpful. Thank you!

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.