Pass a GITHUB_TOKEN from Github actions to AWS Codebuild, in order to update checks from there

[atirabassi-eb]

Select Topic Area

Question

Body

I'm trying to integrate github actions and codebuild as automatically as possible. We're using OIDC to trigger codebuild and push code to an s3 bucket. Codebuild runs and executes tests, as expected, but when using the GITHUB_TOKEN provided by the action to update our check, we get an error:

{
  "message": "Bad credentials",
  "documentation_url": "https://docs.github.com/rest"
}

the command we're running is this:

[Container] 2024/01/24 16:17:08.941915 Running command curl -L -X POST -H "Accept: application/vnd.github+json" -H "Authorization: Bearer $GH_TOKEN" -H "X-GitHub-Api-Version: 2022-11-28" https://api.github.com/repos/REDACTED/REDACTED/statuses/$GITHUB_SHA -d '{"state":"success","target_url":"https://example.com/build/status","description":"The build succeeded!","context":"continuous-integration"}'

I added this to the action yaml:

permissions:
  id-token: write
  contents: read
  checks: write
  statuses: write

is it possible to use these tokens outside of github actions? should I use a github app for this purpose?
Thanks

[atirabassi-eb]

Thank you Hovhannes! Already got started with a Github app

[MacAndersonUche]

Hi @atirabassi-eb how did you manage to solve it? I am having secretOrPrivateKey must be an asymmetric key when using RS256