actions/create-github-app-token
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: Add a skip_token_revoke input for configuring token revocation (#54)

Browse Source 
Fixes https://github.com/actions/create-github-app-token/issues/55

Currently, `actions/create-github-app-token` always/unconditionally
revokes the installation access token in a `post` step, at the
completion of the current job. This prevents tokens from being used in
other jobs.

This PR makes this behavior configurable:
- When the `skip-token-revoke` input is not specified (i.e. by default),
the token is revoked in a `post` step (i.e. the current behavior).
- When the `skip-token-revoke` input is set to a truthy value (e.g.
`"true"`[^1]), the token is not revoked in a `post` step.

This PR adds a test for the `skip-token-revoke: "true"` case.

This is configurable in other app token actions, e.g.
[tibdex/github-app-token](3eb77c7243/README.md (L46-L47))
and
[wow-actions/use-app-token](cd772994fc/README.md (L132)).

[^1]: Note that `"false"` is also truthy: `Boolean("false")` is `true`.
If we think that’ll potentially confuse folks, I can require
`skip-token-revoke` to be set explicitly to `"true"`.
This commit is contained in:
Clay Miller
2023-10-06 12:10:49 -04:00
committed by GitHub
parent d400084c45
commit 9ec88c41ee
11 changed files with 77 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
dist/main.cjs vendored
View File

@@ -10006,7 +10006,7 @@ var import_core = __toESM(require_core(), 1);
var import_auth_app = __toESM(require_dist_node12(), 1);
// lib/main.js
async function main(appId2, privateKey2, owner2, repositories2, core2, createAppAuth2, request2) {
async function main(appId2, privateKey2, owner2, repositories2, core2, createAppAuth2, request2, skipTokenRevoke2) {
let parsedOwner = "";
let parsedRepositoryNames = "";
if (!owner2 && !repositories2) {
@@ -10082,7 +10082,9 @@ async function main(appId2, privateKey2, owner2, repositories2, core2, createApp
}
core2.setSecret(authentication.token);
core2.setOutput("token", authentication.token);
core2.saveState("token", authentication.token);
if (!skipTokenRevoke2) {
core2.saveState("token", authentication.token);
}
}
// lib/request.js
@@ -10105,6 +10107,7 @@ var appId = import_core.default.getInput("app_id");
var privateKey = import_core.default.getInput("private_key");
var owner = import_core.default.getInput("owner");
var repositories = import_core.default.getInput("repositories");
var skipTokenRevoke = Boolean(import_core.default.getInput("skip_token_revoke"));
main(
appId,
privateKey,
@@ -10114,7 +10117,8 @@ main(
import_auth_app.createAppAuth,
request_default.defaults({
baseUrl: process.env["GITHUB_API_URL"]
})
}),
skipTokenRevoke
).catch((error) => {
console.error(error);
import_core.default.setFailed(error.message);

5
dist/post.cjs vendored
View File

@@ -2973,6 +2973,11 @@ var import_core = __toESM(require_core(), 1);
// lib/post.js
async function post(core2, request2) {
const skipTokenRevoke = Boolean(core2.getInput("skip_token_revoke"));
if (skipTokenRevoke) {
core2.info("Token revocation was skipped");
return;
}
const token = core2.getState("token");
if (!token) {
core2.info("Token is not set");