How to add a "Manual Approval" step to GitHub Actions

Manual Approvals in GitHub Actions are available in the form of Reviewing Deployments for GitHub Pro, GitHub Team, or GitHub Enterprise. But what if you want to set it up on a private repo that is not using a paid plan? Here's what to do:

1. Make sure you are the admin of the GitHub account or know an Admin or owner
2. Use the GitHub market place action Manual Workflow Approval and add the following lines to your workflow yaml file in the steps section.

   - uses: trstringer/manual-approval@v1
       with:
         secret: ${{ github.TOKEN }}
         approvers: user1,user2
         minimum-approvals: 1
         issue-title: "Deploying v1.3.5 to prod from staging"

    

3. Commit, push and merge to whichever branch triggers this workflow.
4. An issue with be automatically created and the users specified in the approvers (user1, user2) will be notified.
   1. They can then reject or approve using any of the specified keywords.

But this means, every time you need to add a new approving user, you need to change the "approvers" section to add/remove a new user. This is a bad practice. You need to create a group of users, say "deployers", and notification should go to all the users in this group. But this is a more complex process, but doable if you follow the steps below.

1. Make sure you are an admin or know an admin/owner of the GitHub Account.
2. Use the GitHub market place actions Manual Workflow Approval and Generate Token and add the following lines to your workflow yaml file in the steps section.
        

         - name: Generate token
           id: generate_token
           uses: tibdex/github-app-token@v1
           with:
             app_id: ${{ secrets.APP_ID }}
             private_key: ${{ secrets.APP_KEY }}
         - name: Approve Production Deployment
           uses: trstringer/manual-approval@v1.7.0
           with:
             approvers: deployers
             secret: ${{ steps.generate_token.outputs.token }}
             issue-title: Approve Production Deployment

    

3. Create a GitHub app
   1. Go to your account settings > developer settings: https://github.com/settings/apps
   2. Click on New GitHub App, Fill in GitHub App Name and home page URL. You probably don't have one and do not need it. Just fill in https://github.com
   3. Uncheck Active in webhook section
   4. Give required permissions
      1. Repository permissions
         1. Actions: Read and Write
         2. Contents: Read Only
         3. Metadata: Read Only
         4. Issues: Read and Write
      2. Organization Permissions
         1. Members: Read Only
   5. Click the Create GitHub App button
   6. You will be on the App General page. Now scroll to the bottom of the page where you can generate your apps private keys in the "Generate a private key" section. This will trigger a download of your .pem key file.
4. Install the GitHub app in the organization and the repo. This is where you'll need the admin or account owners' approval. Go to the settings section of the GitHub repo and see if the app has appeared there.
5. Add the GitHub App ID and App secret key to the secrets section.
   1. Go to the settings section of your repo and click on the secrets > actions link in the sidebar.
   2. Add two repository secrets to be used in the actions yaml file (APP_ID and APP_SECRET).
      1. The App ID you can find from your App page in General section
      2. The App Secret should be all the contents of the .pem file that was downloaded earlier.
6. Commit the yaml file and trigger the workflow.

Fin.