Use GitHub App manifests to symplify your GitHub App registration flow
Clicking through the GitHub UI interface to register a GitHub App with the correct permissions and settings is tedious, and error-prone.
I recently discovered that you can automate all this with GitHub App manifests ↗, which contain all the required details about your app. You can then submit it to GitHub and dynamically exchange the manifest with the App ID, Webhook Secret, and Private key.
On the client front, you simply need a way to POST the manifest to GitHub, using a state
parameter that you generate:
Upon submission, GitHub will redirect back to your site with a temporary code
, that you can then exchange for the app secrets.
For RunsOn GitHub Action runners, I am using this feature so that you only need 2 clicks after installation to get your private RunsOn app registered into your own GitHub organization with all the correct settings.
With Probot, you can describe your GitHub App manifest in YAML, so this would look like:
For more details, you can have a look at the Probot doc ↗ about this.