Agent skill
actions-integration
Integrate GitHub Core Apps with Actions workflows for org-scoped automation. Generate tokens, access APIs, and implement cross-repository operations patterns.
Install this agent skill to your Project
npx add-skill https://github.com/adaptive-enforcement-lab/claude-skills/tree/main/plugins/patterns/skills/actions-integration
SKILL.md
Actions Integration
When to Use This Skill
This guide explains how to integrate your GitHub Core App with GitHub Actions workflows for organization-level automation.
What You'll Learn
Generate short-lived tokens, use them with GitHub CLI and APIs, implement common workflow patterns, and handle errors gracefully.
Prerequisites
Before integrating, ensure you have:
- Core App created and installed - See GitHub App Setup
- Secrets configured -
CORE_APP_IDandCORE_APP_PRIVATE_KEYstored in GitHub - Required permissions - App has permissions for your automation tasks
Implementation
See the full implementation guide in the source documentation.
Techniques
Authentication Methods
GitHub Apps support three authentication methods, each serving different use cases:
| Method | Scope | Expiration | Primary Use Case |
|---|---|---|---|
| JWT | App-level | 10 minutes | Installation discovery, app metadata, bootstrapping |
| Installation Tokens | Repository/Org | 1 hour | Repository operations, API access, automation |
| OAuth | User context | Configurable | User-specific operations, web flows |
Which authentication method should I use?
- Most workflows → Installation Tokens (via
actions/create-github-app-token)- App management → JWT (list installations, app configuration)
- User operations → OAuth (actions on behalf of a user)
See the Authentication Decision Guide for detailed selection criteria.
References
Recommended Agent Skills
Expand your agent's capabilities with these related and highly-rated skills.
github-token-permissions-overview
Understanding GITHUB_TOKEN scope, default permissions, and implementing least-privilege principle for GitHub Actions workflows.
secure
Find and fix security issues before they become incidents. Vulnerability scanning, SBOM generation, supply chain security, and secure authentication workflows.
complete-workflow-examples
Copy-paste hardened CI/CD workflows with SHA-pinned actions, minimal GITHUB_TOKEN permissions, OIDC authentication, and comprehensive security scanning for GitHub Actions.
ephemeral-runner-patterns
Disposable runner patterns for GitHub Actions. Container-based, VM-based, and ARC deployment strategies with complete state isolation between jobs.
action-pinning-overview
Why pinning GitHub Actions to SHA-256 commits matters for supply chain security. Attack vectors from unpinned actions and comparison of tag vs SHA pinning.
github-actions-security-patterns-hub
Complete security patterns for GitHub Actions covering action pinning, GITHUB_TOKEN permissions, third-party action risks, secret management, and runner security.
Didn't find tool you were looking for?