GitHub Service Account

GitHub Service Account a regular GitHub user account that is used to perform automated tasks in GitHub repositories. It is a best practice to use a service account for automation tasks instead of using personal accounts.

Create a New GitHub User

1. Go to GitHub → Sign up.
2. Choose a username as <organization-name>-devops and use email address as [email protected] which is ideally a distribution list.
3. Set a strong password and enable 2FA.
4. Click on Create account and verify your email address.

Protect Account With 2FA

1. Go to Settings → Password and authentication → Two-factor authentication.
2. Setup Authenticator app and SMS as backup between two persons.
3. Keep Recovery codes in a secure vault.

Create Personal Access Token

1. Go to Settings → Developer settings → Personal access tokens → Fine-grained tokens.
2. Click on Generate new token.
3. Give a descriptive name i.e Commit ECR Image Tags PAT.
4. Select the service account user as Resource Owner.
5. Set No expiration.
6. In the Description, add the purpose of the token i.e "Once container image is built and pushed to ECR from Application repository, commit new image tag in IaC repository".
7. Under Respositories, select All repositories.
8. Under Permissions, set Read and write for Contents.
9. Click on Generate token and copy the token to a secure vault.

Add Service Account User to The Repository

In the repository where you want to commit the image tag

1. Go to Settings → Collaborators and teams → Add people.
2. Add the service account user.
3. Choose Write role.
4. Click add.

Accept Invite

1. Login to the service account user.
2. Click on Notification icon. You will see an invite for repository access.
3. Click on the invite and accept it.