Update a GitHub (via OAuth app) source action to a GitHub (via GitHub App) source action - AWS CodePipeline

Update a GitHub (via OAuth app) source action to a GitHub (via GitHub App) source action

In AWS CodePipeline, there are two supported versions of the GitHub source action:

Note

Connections are not available in the Asia Pacific (Hong Kong), Asia Pacific (Hyderabad), Asia Pacific (Jakarta), Asia Pacific (Melbourne), Asia Pacific (Osaka), Africa (Cape Town), Middle East (Bahrain), Middle East (UAE), Europe (Spain), Europe (Zurich), Israel (Tel Aviv), or AWS GovCloud (US-West) Regions. To reference other available actions, see Product and service integrations with CodePipeline. For considerations with this action in the Europe (Milan) Region, see the note in CodeStarSourceConnection for Bitbucket Cloud, GitHub, GitHub Enterprise Server, GitLab.com, and GitLab self-managed actions.

There are some important advantages to using the GitHub (via GitHub App) action instead of the GitHub (via OAuth app) action:

  • With connections, CodePipeline no longer requires OAuth apps or personal access tokens to access your repository. When you create a connection, you install a GitHub App that manages authentication to your GitHub repository and allows permissions at the organization level. You must authorize OAuth tokens as a user to access the repository. For more information about OAuth-based GitHub access in contrast to App-based GitHub access, see https://docs.github.com/en/developers/apps/differences-between-github-apps-and-oauth-apps.

  • When you manage GitHub (via GitHub App) actions in the CLI or CloudFormation, you no longer have to store your personal access token as a secret in Secrets Manager. You no longer have to dynamically reference the stored secret in your CodePipeline action configuration. You instead add the connection ARN to your action configuration. For an example action configuration, see CodeStarSourceConnection for Bitbucket Cloud, GitHub, GitHub Enterprise Server, GitLab.com, and GitLab self-managed actions.

  • When you create a connection resource to use with your GitHub (via GitHub App) action in CodePipeline, you can use the same connection resource to associate other supported services, such as CodeGuru Reviewer, with your repository.

  • In Github (via GitHub App), you can clone repositories to access git metadata in subsequent CodeBuild actions, while in Github (via OAuth app) you can only download the source.

  • An administrator installs the app for your organization's repositories. You no longer have to track OAuth tokens that depend on the individual who created the token.

All apps installed to an organization have access to the same set of repositories. To change who can access each repository, modify the IAM policy for each connection. For an example, see Example: A scoped-down policy for using connections with a specified repository.

You can use the steps in this topic to delete your GitHub (via OAuth app) source action and add a GitHub (via GitHub App) source action from the CodePipeline console.

Step 1: Replace your (via OAuth app) GitHub action

Use the pipeline edit page to replace your (via OAuth app) GitHub action with a GitHub (via GitHub App) action.

To replace your (via OAuth app) GitHub action
  1. Sign in to the CodePipeline console.

  2. Choose your pipeline, and choose Edit. Choose Edit stage on your source stage. A message displays that recommends you update your action.

  3. In Action provider, choose GitHub (via GitHub App).

  4. Do one of the following:

    • Under Connection, if you have not already created a connection to your provider, choose Connect to GitHub. Proceed to Step 2: Create a connection to GitHub.

    • Under Connection, if you have already created a connection to your provider, choose the connection. Proceed to Step 3: Save the Source Action for Your Connection.

Step 2: Create a connection to GitHub

After you choose to create the connection, the Connect to GitHub page is shown.

To create a connection to GitHub
  1. Under GitHub connection settings, your connection name is shown in Connection name.

    Under GitHub Apps, choose an app installation or choose Install a new app to create one.

    Note

    You install one app for all of your connections to a particular provider. If you have already installed the GitHub app, choose it and skip this step.

  2. If the authorization page for GitHub displays, log in with your credentials and then choose to continue.

  3. On the app installation page, a message shows that the AWS CodeStar app is trying to connect to your GitHub account.

    Note

    You only install the app once for each GitHub account. If you previously installed the app, you can choose Configure to proceed to a modification page for your app installation, or you can use the back button to return to the console.

  4. On the Install AWS CodeStar page, choose Install.

  5. On the Connect to GitHub page, the connection ID for your new installation is displayed. Choose Connect.

Step 3: Save your GitHub source action

Complete your updates on the Edit action page to save your new source action.

To save your GitHub source action
  1. In Repository, enter the name of your third-party repository. In Branch, enter the branch where you want your pipeline to detect source changes.

    Note

    In Repository, type owner-name/repository-name as shown in this example:

    my-account/my-repository
  2. In Output artifact format, choose the format for your artifacts.

  3. In Output artifacts, you can retain the name of the output artifact for this action, such as SourceArtifact. Choose Done to close the Edit action page.

  4. Choose Done to close the stage editing page. Choose Save to close the pipeline editing page.