404 when attempting to get a token for an organisation scoped app installation

[ctcampbell]

I have an app installation set up on an organisation, having followed the docs on this repo. It appears the lookup is being done against the /users/... endpoint which doesn't seem correct for an organisation?

Run actions/create-github-app-token@v1
  with:
    app-id: ***
    private-key: ***
    owner: pre-quantum-research
repositories not set, creating token for all repositories for given owner "pre-quantum-research"
RequestError [HttpError]: Not Found
    at /home/runner/work/_actions/actions/create-github-app-token/v1/dist/main.cjs:2890:25
    at process.processTicksAndRejections (node:internal/process/task_queues:95:5)
    at async main (/home/runner/work/_actions/actions/create-github-app-token/v1/dist/main.cjs:10071:22) {
  status: 404,
  response: {
    url: 'https://api.github.com/users/pre-quantum-research/installation',
    status: 404,
    headers: {
      'access-control-allow-origin': '*',
      'access-control-expose-headers': 'ETag, Link, Location, Retry-After, X-GitHub-OTP, X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Used, X-RateLimit-Resource, X-RateLimit-Reset, X-OAuth-Scopes, X-Accepted-OAuth-Scopes, X-Poll-Interval, X-GitHub-Media-Type, X-GitHub-SSO, X-GitHub-Request-Id, Deprecation, Sunset',
      'content-encoding': 'gzip',
      'content-security-policy': "default-src 'none'",
      'content-type': 'application/json; charset=utf-8',
      date: 'Mon, 06 Nov 2023 16:52:05 GMT',
      'referrer-policy': 'origin-when-cross-origin, strict-origin-when-cross-origin',
      server: 'GitHub.com',
      'strict-transport-security': 'max-age=3[15](https://github.com/pre-quantum-research/pqc-data/actions/runs/6773907521/job/18409828846#step:2:16)36000; includeSubdomains; preload',
      'transfer-encoding': 'chunked',
      vary: 'Accept-Encoding, Accept, X-Requested-With',
      'x-content-type-options': 'nosniff',
      'x-frame-options': 'deny',
      'x-github-api-version-selected': '2022-11-28',
      'x-github-media-type': 'github.v3; format=json',
      'x-github-request-id': '4820:56A0:49A3574:96BB6B3:6549[19](https://github.com/pre-quantum-research/pqc-data/actions/runs/6773907521/job/18409828846#step:2:21)B5',
      'x-xss-protection': '0'
    },
    data: {
      message: 'Not Found',
      documentation_url: 'https://docs.github.com/rest/apps/apps#get-a-user-installation-for-the-authenticated-app'
    }
  },
  request: {
    method: 'GET',
    url: 'https://api.github.com/users/pre-quantum-research/installation',
    headers: {
      accept: 'application/vnd.github.v3+json',
      'user-agent': 'actions/create-github-app-token',
      authorization: 'bearer [REDACTED]'
    }
  }
}

[gr2m]

It appears the lookup is being done against the /users/... endpoint which doesn't seem correct for an organisation?

We do both. There is no unified REST API endpoint, so we try the org lookup first, and then do the user lookup:

create-github-app-token/lib/main.js

Lines 95 to 112 in bb368d6

	// Otherwise get the installation for the owner, which can either be an organization or a user account
	// https://docs.github.com/rest/apps/apps?apiVersion=2022-11-28#get-a-repository-installation-for-the-authenticated-app
	const response = await request("GET /orgs/{org}/installation", {
	org: parsedOwner,
	headers: {
	authorization: `bearer ${appAuthentication.token}`,
	},
	}).catch((error) => {
	/* c8 ignore next */
	if (error.status !== 404) throw error;
	// https://docs.github.com/rest/apps/apps?apiVersion=2022-11-28#get-a-user-installation-for-the-authenticated-app
	return request("GET /users/{username}/installation", {
	username: parsedOwner,
	headers: {
	authorization: `bearer ${appAuthentication.token}`,
	},
	});

I agree the error we through could be more helpful though. We should make clear that an installation was not found for pre-quantum-research and do not share the details about the final failed request to the /users/{org}/installation endpoint.

In your case, it looks like the app is not installed on @pre-quantum-research. If you register a GitHub app, you still need to install it, even if it's an app private to your organization.

[ctcampbell]

In your case, it looks like the app is not installed on @pre-quantum-research. If you register a GitHub app, you still need to install it, even if it's an app private to your organization.

You are absolutely correct, silly me 😅

[gr2m]

No worries, I've been there countless times myself 😁