- Set a name for the Github App
- Set a homepage (the org url is fine for our use case)
- Disable Webhooks
- Set permissions ("zero-trust/least privilege" principle) depending on the level of the Self-hosted sharing desired:
- Repository :
- Actions > Read-Only
- Administration > Read & Write
- Metadata > Read-Only
- Organization :
- Repository > Actions > Read-Only
- Metadata > Read-only
- Self-hosted Runners > Read & write
- Repository :
- Leave other options as default
Once created :
- Copy the App ID somewhere you will recall
- Install the GH App on the organization that will need to authenticate the self-hosted runners
- Select the level of consent your wishing to give to this GHApp to authenticate self-hosted runners : At a selected repository or the entire org level :
- Here's what you should have if everything went well :
- Copy the IntallationID from the Installed GHApp details url (https://github.com/organizations/*your-organization*/settings/installations):
Then select App Settings from the GH App page to export the private key used to generate access token later on :
- Select
App Settings
on your GH App details page - Head to the bottom of
your Ghapp
> General page to generate a private key - Save the
.pem
file generated