actions/create-github-app-token
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: use core.getBooleanInput() to retrieve boolean input values (#223)

Browse Source 
This PR switches from evaluating values passed to `skip-token-revoke` as
true if they are truthy in JavaScript, to using `getBooleanInput`. This
change ensures that only proper YAML boolean values are recognized,
preventing unintended evaluations to true.
- The definition of `getBooleanInput` is here: definition of
`core#getBooealnInput` is here:
930c890727/packages/core/src/core.ts (L188-L208)

The documentation states, `"If truthy, the token will not be revoked
when the current job is complete"`, so this change could be considered a
breaking change. This means that if there are users who rely on `truthy`
and expect values like whitespace or `"false"` to be evaluated as true
(though this is likely rare), it would be a breaking change.
- `Boolean(" ")` and `Boolean("false")` are both evaluated as true.

Alternatively, it can simply be considered a fix. How to handle this is
up to the maintainer.

Resolves https://github.com/actions/create-github-app-token/issues/216
This commit is contained in:
Yuta Kasai
2025-04-26 03:59:34 +09:00
committed by GitHub
parent 9ba274d954
commit c3c17c79cc
9 changed files with 17 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
lib/post.js
View File

@@ -5,7 +5,7 @@
* @param {import("@octokit/request").request} request
*/
export async function post(core, request) {
const skipTokenRevoke = Boolean(core.getInput("skip-token-revoke"));
const skipTokenRevoke = core.getBooleanInput("skip-token-revoke");
if (skipTokenRevoke) {
core.info("Token revocation was skipped");