GitHub Actions Integration with Core App¶

This guide explains how to integrate your GitHub Core App with GitHub Actions workflows for organization-level automation.

What You'll Learn

Generate short-lived tokens, use them with GitHub CLI and APIs, implement common workflow patterns, and handle errors gracefully.

Prerequisites¶

Before integrating, ensure you have:

Core App created and installed - See GitHub App Setup
Secrets configured - CORE_APP_ID and CORE_APP_PRIVATE_KEY stored in GitHub
Required permissions - App has permissions for your automation tasks

GitHub Apps support three authentication methods, each serving different use cases:

Method	Scope	Expiration	Primary Use Case
JWT	App-level	10 minutes	Installation discovery, app metadata, bootstrapping
Installation Tokens	Repository/Org	1 hour	Repository operations, API access, automation
OAuth	User context	Configurable	User-specific operations, web flows

Which authentication method should I use?

Most workflows → Installation Tokens (via actions/create-github-app-token)
App management → JWT (list installations, app configuration)
User operations → OAuth (actions on behalf of a user)

See the Authentication Decision Guide for detailed selection criteria.

This section walks through the complete integration lifecycle:

Authentication Methods:

JWT Authentication - App-level authentication for installation discovery and management
Installation Tokens - Generate short-lived tokens from Core App credentials
OAuth Authentication - User-context authentication for web and device flows
Token Lifecycle - Token expiration, refresh strategies, and caching patterns

Integration Patterns:

Operations: