我们经常发布文档更新,此页面的翻译可能仍在进行中。有关最新信息,请访问英文文档。如果此页面上的翻译有问题,请告诉我们

关于应用程序

You can build integrations with the GitHub APIs to add flexibility and reduce friction in your own workflow. You can also share integrations with others on GitHub Marketplace.

本文内容

此文档对您有帮助吗?

帮助我们创建出色的文档!

所有 GitHub 文档都是开源的。看到错误或不清楚的内容了吗?提交拉取请求。

做出贡献

或, 了解如何参与。

Apps on GitHub allow you to automate and improve your workflow. You can build apps to improve your workflow. You can also share or sell apps in GitHub Marketplace. To learn how to list an app on GitHub Marketplace, see "Getting started with GitHub Marketplace."

GitHub 应用程序是官方推荐的与 GitHub 集成的方式,因为它们提供更精细的数据访问权限, but GitHub supports both OAuth 应用程序s and GitHub 应用程序. For information on choosing a type of app, see "About apps" and "Differences between apps."

If you are using your app with GitHub Actions and want to modify workflow files, you must authenticate on behalf of the user with an OAuth token that includes the workflow scope. 用户必须具有包含工作流程文件的仓库的管理员或写入权限。 更多信息请参阅“了解 OAuth 应用程序的作用域”。

For a walkthrough of the process of building a GitHub 应用程序, see "Building Your First GitHub 应用程序."

关于 GitHub 应用程序

GitHub 应用程序 are first-class actors within GitHub. A GitHub 应用程序 acts on its own behalf, taking actions via the API directly using its own identity, which means you don't need to maintain a bot or service account as a separate user.

GitHub 应用程序 can be installed directly on organizations and user accounts and granted access to specific repositories. 它们拥有内置 web 挂钩和狭窄的特定权限。 When you set up your GitHub 应用程序, you can select the repositories you want it to access. 例如,您可以设置一个名为 MyGitHub 的应用程序,允许它在 octocat 仓库且octocat 仓库写入议题。 To install a GitHub 应用程序, you must be an organization owner or have admin permissions in a repository.

默认情况下,只有组织所有者才可管理组织中 GitHub 的设置。 要允许其他用户管理组织中的 GitHub 应用程序,所有者可以向他们授予 GitHub 应用程序管理员权限。 请参阅“GitHub 应用程序”,了解如何在组织中添加和删除 GitHub 应用程序管理员。

GitHub 应用程序 are applications that need to be hosted somewhere. For step-by-step instructions that cover servers and hosting, see "Building Your First GitHub 应用程序."

To improve your workflow, you can create a GitHub 应用程序 that contains multiple scripts or an entire application, and then connect that app to many other tools. For example, you can connect GitHub 应用程序 to GitHub, Slack, other in-house apps you may have, email programs, or other APIs.

Keep these ideas in mind when creating GitHub 应用程序:

  • A user or organization can own up to 100 GitHub Apps.

  • A GitHub 应用程序 should take actions independent of a user (unless the app is using a user-to-server token). 为使用户到服务器的访问令牌更安全,您可以使用将在 8 小时后过期的访问令牌,以及可交换新访问令牌的刷新令牌。 For more information, see "Refreshing user-to-server access tokens."

  • Make sure the GitHub 应用程序 integrates with specific repositories.

  • The GitHub 应用程序 should connect to a personal account or an organization.

  • Don't expect the GitHub 应用程序 to know and do everything a user can.

  • Don't use a GitHub 应用程序 if you just need a "Login with GitHub" service. But a GitHub 应用程序 can use a user identification flow to log users in and do other things.

  • Don't build a GitHub 应用程序 if you only want to act as a GitHub user and do everything that user can do.

  • If you are using your app with GitHub Actions and want to modify workflow files, you must authenticate on behalf of the user with an OAuth token that includes the workflow scope. 用户必须具有包含工作流程文件的仓库的管理员或写入权限。 更多信息请参阅“了解 OAuth 应用程序的作用域”。

To begin developing GitHub 应用程序, start with "Creating a GitHub 应用程序." To learn how to use GitHub 应用程序 Manifests, which allow people to create preconfigured GitHub 应用程序, see "Creating GitHub 应用程序 from a manifest."

About OAuth 应用程序s

OAuth2 is a protocol that lets external applications request authorization to private details in a user's GitHub account without accessing their password. 此协议优先于基本验证,因为令牌可能仅限于特定类型的数据,用户可以随时撤销。

警告: 从 OAuth 应用程序 撤销所有权限将会删除应用程序代表用户生成的 SSH 密钥,包括部署密钥

An OAuth 应用程序 uses GitHub as an identity provider to authenticate as the user who grants access to the app. This means when a user grants an OAuth 应用程序 access, they grant permissions to all repositories they have access to in their account, and also to any organizations they belong to that haven't blocked third-party access.

Building an OAuth 应用程序 is a good option if you are creating more complex processes than a simple script can handle. Note that OAuth 应用程序s are applications that need to be hosted somewhere.

Keep these ideas in mind when creating OAuth 应用程序s:

  • A user or organization can own up to 100 OAuth apps.
  • An OAuth 应用程序 should always act as the authenticated GitHub user across all of GitHub (for example, when providing user notifications).
  • An OAuth 应用程序 can be used as an identity provider by enabling a "Login with GitHub" for the authenticated user.
  • Don't build an OAuth 应用程序 if you want your application to act on a single repository. With the repo OAuth scope, OAuth 应用程序s can act on all of the authenticated user's repositories.
  • Don't build an OAuth 应用程序 to act as an application for your team or company. OAuth 应用程序s authenticate as a single user, so if one person creates an OAuth 应用程序 for a company to use, and then they leave the company, no one else will have access to it.
  • If you are using your OAuth App with GitHub Actions and want to modify workflow files, your OAuth token must have the workflow scope and the user must have owner or write permission to the repository that contains the workflow file. 更多信息请参阅“了解 OAuth 应用程序的作用域”。

For more on OAuth 应用程序s, see "Creating an OAuth 应用程序" and "Registering your app."

个人访问令牌

个人访问令牌是一个字符串,与 OAuth 令牌功能相似,您可以通过作用域指定其权限。 个人访问令牌还与密码类似,但您能拥有很多令牌,而且可以随时撤销对每个令牌的访问权限。

例如,您可以启用个人访问令牌,以写入仓库。 然后,如果您运行 cURL 命令或编写脚本,在仓库中创建议题,需要传递个人访问令牌进行验证。 您可以将个人访问令牌存储为环境变量,以免每次使用时都要输入。

使用个人访问令牌时,请牢记以下几点:

  • 记得只能用此令牌代表您自己。
  • 您可以执行一次性 cURL 请求。
  • 您可以运行个人脚本。
  • 不要为整个团队或公司设置脚本。
  • 不要设置共享用户账户以用作自动程序用户。

确定要构建的集成

Before you get started creating integrations, you need to determine the best way to access, authenticate, and interact with the GitHub APIs. The following image offers some questions to ask yourself when deciding whether to use personal access tokens, GitHub 应用程序, or OAuth 应用程序s for your integration.

应用程序问题流程简介

请考虑关于您的集成需要如何操作及它需要访问什么等问题:

  • 我的集成是只像我一样,还是更像一个应用程序?
  • 我是否希望它作为单独的实体独立于我运行?
  • 它是否能访问我可以访问的一切,或者说我想限制它的访问权限?
  • 它是简单还是复杂? For example, personal access tokens are good for simple scripts and cURLs, whereas an OAuth 应用程序 can handle more complex scripting.

请求支持

有关 GitHub 应用程序、OAuth 应用程序 和 API 开发的问题、漏洞报告和讨论,请访问 GitHub API 开发和支持论坛。 该论坛由 GitHub 工作人员管理和维护,但不能保证发布到论坛的问题都会得到 GitHub 工作人员的回复。

对于以下问题,请考虑使用联系表直接联系 GitHub Support

  • 要保证得到 GitHub 工作人员的回应
  • 涉及敏感数据或私人问题的支持请求
  • 功能请求
  • 关于 GitHub 产品的反馈

此文档对您有帮助吗?

帮助我们创建出色的文档!

所有 GitHub 文档都是开源的。看到错误或不清楚的内容了吗?提交拉取请求。

做出贡献

或, 了解如何参与。