doc: updated github action docs

2026-01-09 15:38:03 -05:00 · 2024-10-15 21:01:37 +08:00
parent 192d1b0be3
commit cf092d8b4f
15 changed files with 112 additions and 4 deletions
--- a/docs/integrations/cicd/githubactions.mdx
+++ b/docs/integrations/cicd/githubactions.mdx
@@ -10,6 +10,113 @@ description: "How to sync secrets from Infisical to GitHub Actions"

 Infisical lets you sync secrets to GitHub at the organization-level, repository-level, and repository environment-level.

+## Connecting with Github App (Recommended)
+
+<Tabs>
+  <Tab title="Usage">
+    <Steps>
+      <Step title="Authorize Github Infisical App">
+        Navigate to your project's integrations tab in Infisical and press on the GitHub tile.
+
+        ![integrations](../../images/integrations/github/app/integration-overview.png)
+
+        Select Github App as the authentication method and click **Connect to Github**.
+
+        ![integrations github app auth selection](../../images/integrations/github/app/github-app-method-selection.png)
+
+        You will then be redirected to the Github app installation page.
+
+        ![integrations github app installation](../../images/integrations/github/app/github-app-installation.png)
+
+        Install and authorize the Github application. This will redirect you back to the Infisical integration page.
+
+      </Step>
+      <Step title="Configure Infisical GitHub integration">
+        Select which Infisical environment secrets you want to sync to which GitHub organization, repository, or repository environment.
+
+        <Tabs>
+          <Tab title="Repository">
+            ![integrations github](../../images/integrations/github/integrations-github-scope-repo.png)
+          </Tab>
+          <Tab title="Organization">
+            ![integrations github](../../images/integrations/github/integrations-github-scope-org.png)
+
+            When using the organization scope, your secrets will be saved in the top-level of your Github Organization.
+
+            You can choose the visibility, which defines which repositories can access the secrets. The options are:
+            - **All public repositories**: All public repositories in the organization can access the secrets.
+            - **All private repositories**: All private repositories in the organization can access the secrets.
+            - **Selected repositories**: Only the selected repositories can access the secrets. This gives a more fine-grained control over which repositories can access the secrets. You can select _both_ private and public repositories with this option.
+          </Tab>
+          <Tab title="Repository Environment">
+          ![integrations github](../../images/integrations/github/integrations-github-scope-env.png)
+          </Tab>
+        </Tabs>
+
+        Finally, press create integration to start syncing secrets to GitHub.
+
+        ![integrations github](../../images/integrations/github/integrations-github.png)
+      </Step>
+    </Steps>
+
+  </Tab>
+  <Tab title="Self-Hosted Setup">
+    Using the GitHub integration with app authentication on a self-hosted instance of Infisical requires configuring an application on GitHub
+    and registering your instance with it.
+    <Steps>
+      <Step title="Create an application on GitHub">
+        Navigate to the Github app settings [here](https://github.com/settings/apps). Click **New Github App**.
+        
+        ![integrations github app create](../../images/integrations/github/app/self-hosted-github-app-create.png)
+
+        Give the application a name, a homepage URL (your self-hosted domain i.e. `https://your-domain.com`), and a callback URL (i.e. `https://your-domain.com/integrations/github/oauth2/callback`).
+
+        ![integrations github app basic details](../../images/integrations/github/app/self-hosted-github-app-basic-details.png)
+
+        Disable webhook by unchecking the Active checkbox.
+        ![integrations github app webhook](../../images/integrations/github/app/self-hosted-github-app-webhook.png)
+
+        Set the repository permissions as follows: Metadata: Read-only, Secrets: Read and write.
+        ![integrations github app repository](../../images/integrations/github/app/self-hosted-github-app-repository.png)
+
+        Similarly, set the organization permissions as follows: Secrets: Read and write.
+        ![integrations github app organization](../../images/integrations/github/app/self-hosted-github-app-organization.png)
+
+        Create the Github application.
+        ![integrations github app create confirm](../../images/integrations/github/app/self-hosted-github-app-create-confirm.png)
+
+        <Note>
+          If you have a GitHub organization, you can create an application under it
+          in your organization Settings > Developer settings > Github Apps > New Github App.
+        </Note>
+      </Step>
+      <Step title="Add your application credentials to Infisical">
+        Generate a new **Client Secret** for your GitHub application.
+        ![integrations github app create secret](../../images/integrations/github/app/self-hosted-github-app-secret.png)
+
+        Generate a new **Private Key** for your Github application.
+        ![integrations github app create private key](../../images/integrations/github/app/self-hosted-github-app-private-key.png)
+
+        Obtain the necessary Github application credentials. This would be the application slug, client ID, app ID, client secret, and private key.
+        ![integrations github app credentials](../../images/integrations/github/app/self-hosted-github-app-credentials.png)
+
+        Back in your Infisical instance, add the five new environment variables for the credentials of your GitHub application:
+
+        - `CLIENT_ID_GITHUB_APP`: The **Client ID** of your GitHub application.
+        - `CLIENT_SECRET_GITHUB_APP`: The **Client Secret** of your GitHub application.
+        - `CLIENT_SLUG_GITHUB_APP`: The **Slug** of your Github application. This is the one found in the URL.
+        - `CLIENT_APP_ID_GITHUB_APP`: The **App ID** of your Github application.
+        - `CLIENT_PRIVATE_KEY_GITHUB_APP`: The **Private Key** of your Github application.
+
+        Once added, restart your Infisical instance and use the GitHub integration via app authentication.
+      </Step>
+    </Steps>
+
+  </Tab>
+</Tabs>
+
+## Connecting with Github OAuth
+
 Prerequisites:

 - Set up and add envars to [Infisical Cloud](https://app.infisical.com)
@@ -19,12 +126,13 @@ Prerequisites:
  <Tab title="Usage">
    <Steps>
      <Step title="Authorize Infisical for GitHub">
-        Navigate to your project's integrations tab in Infisical.
+        Navigate to your project's integrations tab in Infisical and press on the Github tile.
+        ![integrations](../../images/integrations/github/integration-overview.png)

-        ![integrations](../../images/integrations.png)
-
-        Press on the GitHub tile and grant Infisical access to your GitHub account (repo privileges only).
+        Select OAuth as the authentication method and click **Connect to Github**.
+        ![integrations github oauth auth selection](../../images/integrations/github/github-oauth-method-selection.png)

+        Grant Infisical access to your GitHub account (organization and repo privileges).
        ![integrations github authorization](../../images/integrations/github/integrations-github-auth.png)

      </Step>