GitHub App auth broken since v2.0.0 #508
Description
Describe the bug
When running this action with a GitHub App for auth, we have been getting this error since v2.0.0
warning: Failed to hardlink files; falling back to full copy. This may lead to degraded performance.
If the cache and target directories are on different filesystems, hardlinking may not be supported.
If this is intentional, set export UV_LINK_MODE=copy or use --link-mode=copy to suppress this warning.
Installed 27 packages in 590ms
Traceback (most recent call last):
File "/action/workspace/evergreen.py", line 573, in <module>
main() # pragma: no cover
~~~~^^
File "/action/workspace/evergreen.py", line 54, in main
github_connection = auth.auth_to_github(
token,
...<4 lines>...
gh_app_enterprise_only,
)
File "/action/workspace/auth.py", line 34, in auth_to_github
gh.login_as_app_installation(
~~~~~~~~~~~~~~~~~~~~~~~~~~~~^
gh_app_private_key_bytes, gh_app_id, gh_app_installation_id
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
)
^
File "/action/workspace/.venv/lib/python3.14/site-packages/github3/github.py", line 1516, in login_as_app_installation
jwt_token = apps.create_token(
private_key_pem, app_id, expire_in=expire_in
)
File "/action/workspace/.venv/lib/python3.14/site-packages/github3/apps.py", line 175, in create_token
token = jwt.encode(
payload={"iat": now, "exp": now + expire_in, "iss": app_id},
key=private_key_pem,
algorithm="RS256",
)
File "/action/workspace/.venv/lib/python3.14/site-packages/jwt/api_jwt.py", line 145, in encode
raise TypeError("Issuer (iss) must be a string.")
TypeError: Issuer (iss) must be a string.
To Reproduce
Use this workflow:
name: Evergreen
on:
workflow_dispatch:
schedule:
- cron: "3 2 * * 6"
permissions:
contents: read
jobs:
evergreen:
name: "Create dependabot.yml"
runs-on: ubuntu-latest
steps:
- name: Run evergreen action for tools
uses: github-community-projects/evergreen@v2.1.1
env:
GH_APP_ID: ${{ secrets.GH_APP_ID }}
GH_APP_INSTALLATION_ID: ${{ secrets.GH_APP_INSTALLATION_ID }}
GH_APP_PRIVATE_KEY: ${{ secrets.GH_APP_PRIVATE_KEY }}
ORGANIZATION: your-org-name-here
DRY_RUN: True
UPDATE_EXISTING: True
BATCH_SIZE: 100
- name: Post evergreen job summary
run: cat summary.md >> $GITHUB_STEP_SUMMARY
Expected behavior
I expect it to work like it did in v1.24.9
Screenshots
No response
Additional context
My guess would be that we need to pass gh_app_id as a string when calling gh.login_as_app_installation as the function create_token in the github3 package expects it to be a string when it calls the jwt.encode function.
So maybe if we change these lines:
Lines 34 to 36 in d2af62b
To be:
gh.login_as_app_installation(
- gh_app_private_key_bytes, gh_app_id, gh_app_installation_id
+ gh_app_private_key_bytes, str(gh_app_id), gh_app_installation_id
)