Pass GithubToken as option when building probot serverless app

[oscard0m]

https://github.com/probot/serverless-lambda/blob/a4688897217d206f0397d81dc4b457123fc302b9/index.js#L8-L13

Problem:

Right now is not possible to create a serverless probot app with a githubToken as option so we obtain an authenticated Github App installation.

Context:

Trying to create a serverless probot authenticated with Github App Installation but not possible on creation with the constructor parameters offered right now.

A workaround is a wrapper appFn used as callback for the .on() where we do the authentication:

	withWebHookContext(app: Application, next: Function): (ctx: Context) => Promise<void> {
		return async(context: Context): Promise<void> => {
			let webhookContext = context as WebhookContext;
                         
                          const github = await app.auth();

		        const { data } = await github.apps.createInstallationToken({
			     installation_id: context.payload.installation.id
		        });

		       webhookContext.gitHubToken = data.token;

		       await next(webhookContext);
		};
	}

app.on(PUSH, decorator.withWebHookContext(app,
		mergeHandler.handle.bind(mergeHandler)));

Solution proposal:

To support process.env.GITHUB_TOKEN environment variable and call createProbot(Options) with githubToken in the Options

• If there is an agreement on the issue and proposal solution I will be happy to draft a PR on it.

[gr2m]

Could you elaborate in which case you would want a serverless lambda function to run with a static token? Is this for async event handling? The problem is that tokens can expire. Would it make more sense to use a Redis cache for the tokens that can be access across all your functions?

[oscard0m]

Could you elaborate in which case you would want a serverless lambda function to run with a static token? Is this for async event handling? The problem is that tokens can expire. Would it make more sense to use a Redis cache for the tokens that can be access across all your functions?

As far as I understand the token generated is not static right? On each webhook triggered, withWebHookContext function will be executed so, a new invocation to createInstallationToken() will be executed.

We were getting authentication issues when running the app without this createInstallationToken workaround.

⚠️ Important to mention: we are using a very old version of Probot right now (I'm pushing the team to get room to upgrade to the latest):

• probot: 7.5.3
• @probot/serverless-lambda: 0.5.0

Let's do something, if you agree on that. Once we migrate to latest version of probot and @probot/serverless-lambda I keep on my plate this authentication issue and I will re-check if still is an issue. Maybe the installation token refresh was something introduced in latest versions of the library.

Sounds good to you @gr2m ?

[gr2m]

Sounds good, yes! The way tokens are generated changed with the adoption of @octokit/auth-app, which we I think we adopted as part of Probot v9. Before, an installation token was created for each webhook event that was received. Now the token is created when the first request is sent that requires it. And if it expires because the process is running too long, it will be re-created automatically.

[gr2m]

This will be possible via #59

const { createLambdaFunction, createProbot } = require("@probot/adapter-aws-lambda-serverless");
const appFn = require("./");

module.exports.webhooks = createLambdaFunction(appFn, {
  probot: createProbot({
    defaults: { 
      githubToken: process.env.GITHUB_TOKEN 
    }
  })
});

[github-actions]

🎉 This issue has been resolved in version 2.0.0 🎉

The release is available on:

• npm package (@latest dist-tag)
• GitHub release

Your semantic-release bot 📦🚀