actions/create-github-app-token
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: actions:v1
Branches Tags
actions:main
actions:v3.1.1 actions:v3 actions:v3.1.0 actions:v3.0.0 actions:v3.0.0-beta.6 actions:v2.2.2 actions:v2 actions:v3.0.0-beta.5 actions:v3.0.0-beta.4 actions:v3.0.0-beta.3 actions:v2.2.1 actions:v2.2.0 actions:v2.1.4 actions:v2.1.3 actions:v2.1.2 actions:v3.0.0-beta.2 actions:v3.0.0-beta.1 actions:v2.1.1 actions:v2.1.0 actions:v2.0.6 actions:v2.0.5 actions:v2.0.4 actions:v2.0.3 actions:v2.0.2 actions:v2.0.1 actions:v2.0.0 actions:v1.12.0 actions:v1 actions:v1.11.7 actions:v1.11.6 actions:v1.11.5 actions:v1.11.4 actions:v1.11.3 actions:v1.11.2 actions:v1.11.1 actions:v1.11.0 actions:v1.10.4 actions:v1.10.3 actions:v1.10.2 actions:v1.10.1 actions:v1.10.0 actions:v1.9.3 actions:v1.9.2 actions:v1.9.1 actions:v1.9.0 actions:v1.8.2 actions:v1.8.1 actions:v1.8.0 actions:v1.7.0 actions:v1.6.4 actions:v1.6.3 actions:v1.6.2 actions:v1.6.1 actions:v1.6.0 actions:v1.5.1 actions:v1.5.0 actions:v1.4.0 actions:v1.3.0 actions:v1.2.2 actions:v1.2.1 actions:v1.2.0 actions:v1.1.5 actions:v1.1.4 actions:v1.1.3 actions:v1.1.2 actions:v1.1.1 actions:v1.1.0 actions:v1.0.5 actions:v1.0.4 actions:v1.0.3 actions:v1.0.2 actions:v1.0.1 actions:v1.0.0
..
compare: actions:v2.0.4
Branches Tags
actions:main
actions:v3.1.1 actions:v3 actions:v3.1.0 actions:v3.0.0 actions:v3.0.0-beta.6 actions:v2.2.2 actions:v2 actions:v3.0.0-beta.5 actions:v3.0.0-beta.4 actions:v3.0.0-beta.3 actions:v2.2.1 actions:v2.2.0 actions:v2.1.4 actions:v2.1.3 actions:v2.1.2 actions:v3.0.0-beta.2 actions:v3.0.0-beta.1 actions:v2.1.1 actions:v2.1.0 actions:v2.0.6 actions:v2.0.5 actions:v2.0.4 actions:v2.0.3 actions:v2.0.2 actions:v2.0.1 actions:v2.0.0 actions:v1.12.0 actions:v1 actions:v1.11.7 actions:v1.11.6 actions:v1.11.5 actions:v1.11.4 actions:v1.11.3 actions:v1.11.2 actions:v1.11.1 actions:v1.11.0 actions:v1.10.4 actions:v1.10.3 actions:v1.10.2 actions:v1.10.1 actions:v1.10.0 actions:v1.9.3 actions:v1.9.2 actions:v1.9.1 actions:v1.9.0 actions:v1.8.2 actions:v1.8.1 actions:v1.8.0 actions:v1.7.0 actions:v1.6.4 actions:v1.6.3 actions:v1.6.2 actions:v1.6.1 actions:v1.6.0 actions:v1.5.1 actions:v1.5.0 actions:v1.4.0 actions:v1.3.0 actions:v1.2.2 actions:v1.2.1 actions:v1.2.0 actions:v1.1.5 actions:v1.1.4 actions:v1.1.3 actions:v1.1.2 actions:v1.1.1 actions:v1.1.0 actions:v1.0.5 actions:v1.0.4 actions:v1.0.3 actions:v1.0.2 actions:v1.0.1 actions:v1.0.0

19 Commits
v1 ... v2.0.4

Author SHA1 Message Date
semantic-release-bot
4821f52fa7 build(release): 2.0.4 [skip ci] 
## [2.0.4](https://github.com/actions/create-github-app-token/compare/v2.0.3...v2.0.4) (2025-05-02)

### Bug Fixes

* permission input handling ([#243](https://github.com/actions/create-github-app-token/issues/243)) ([2950cbc](2950cbc446))
 2025-05-02 18:44:32 +00:00
Parker Brown
2950cbc446 fix: permission input handling (#243) 
This pull request fixes the handling of permissions inputs.

- Updated `getPermissionsFromInputs` in
`lib/get-permissions-from-inputs.js` to use hyphens
(`INPUT_PERMISSION-`) instead of underscores (`INPUT_PERMISSION_`) in
input keys, added a check to skip empty values, and clarified behavior
when no permissions are set.
- Added a `shouldRetry` function to retry requests when server errors
(HTTP status 500 or higher) occur in the `main` function in
`lib/main.js` to prevent unnecessary retries.
- Updated test cases in `tests/main-token-permissions-set.test.js` to
match the new input key format with hyphens.
- Added a default empty string for unset inputs (e.g.,
`INPUT_PERMISSION-ADMINISTRATION`) in `tests/main.js` to simulate the
behavior of the Actions runner.
- Updated snapshots in `tests/snapshots/index.js.md` to reflect the
updated hyphenated input keys in permissions.

---------

Co-authored-by: Gregor Martynus <39992+gr2m@users.noreply.github.com>
 2025-05-02 11:44:01 -07:00
semantic-release-bot
30bf6253fa build(release): 2.0.3 [skip ci] 
## [2.0.3](https://github.com/actions/create-github-app-token/compare/v2.0.2...v2.0.3) (2025-05-01)

### Bug Fixes

* **README:** use `v2` in examples ([#234](https://github.com/actions/create-github-app-token/issues/234)) ([9ba274d](9ba274d954)), closes [#232](https://github.com/actions/create-github-app-token/issues/232)
* use `core.getBooleanInput()` to retrieve boolean input values ([#223](https://github.com/actions/create-github-app-token/issues/223)) ([c3c17c7](c3c17c79cc))
 2025-05-01 15:34:52 +00:00
Yuta Kasai
c3c17c79cc fix: use core.getBooleanInput() to retrieve boolean input values (#223) 
This PR switches from evaluating values passed to `skip-token-revoke` as
true if they are truthy in JavaScript, to using `getBooleanInput`. This
change ensures that only proper YAML boolean values are recognized,
preventing unintended evaluations to true.
- The definition of `getBooleanInput` is here: definition of
`core#getBooealnInput` is here:
930c890727/packages/core/src/core.ts (L188-L208)

The documentation states, `"If truthy, the token will not be revoked
when the current job is complete"`, so this change could be considered a
breaking change. This means that if there are users who rely on `truthy`
and expect values like whitespace or `"false"` to be evaluated as true
(though this is likely rare), it would be a breaking change.
- `Boolean(" ")` and `Boolean("false")` are both evaluated as true.

Alternatively, it can simply be considered a fix. How to handle this is
up to the maintainer.

Resolves https://github.com/actions/create-github-app-token/issues/216
 2025-04-25 11:59:34 -07:00
CarolMebiom
9ba274d954 fix(README): use v2 in examples (#234) 
Fixes #232
 2025-04-25 11:32:06 -07:00
nakatani-yo
a3c826a204 docs: fix typo in CONTRIBUTING.md (#233) 2025-04-10 11:39:20 -07:00
semantic-release-bot
3ff1caaa28 build(release): 2.0.2 [skip ci] 
## [2.0.2](https://github.com/actions/create-github-app-token/compare/v2.0.1...v2.0.2) (2025-04-03)

### Bug Fixes

* improve log messages for token creation ([#226](https://github.com/actions/create-github-app-token/issues/226)) ([eaef294](eaef29498f))
 2025-04-03 22:54:20 +00:00
Parker Brown
eaef29498f fix: improve log messages for token creation (#226) 
Updated log messages to provide clearer and more consistent information.
 2025-04-03 15:53:46 -07:00
semantic-release-bot
86e24964d6 build(release): 2.0.1 [skip ci] 
## [2.0.1](https://github.com/actions/create-github-app-token/compare/v2.0.0...v2.0.1) (2025-04-03)

### Bug Fixes

* **deps:** bump the production-dependencies group across 1 directory with 2 updates ([#228](https://github.com/actions/create-github-app-token/issues/228)) ([2411bfc](2411bfc792))
 2025-04-03 22:43:44 +00:00
dependabot[bot]
2411bfc792 fix(deps): bump the production-dependencies group across 1 directory with 2 updates (#228) 
Bumps the production-dependencies group with 2 updates in the / directory: [@octokit/auth-app](https://github.com/octokit/auth-app.js) and [undici](https://github.com/nodejs/undici).
 2025-04-03 22:43:14 +00:00
dependabot[bot]
f17d09a7b5 build(deps-dev): bump the development-dependencies group with 3 updates (#225) 
Bumps the development-dependencies group with 3 updates: [@octokit/openapi](https://github.com/octokit/openapi),
[esbuild](https://github.com/evanw/esbuild), and [yaml](https://github.com/eemeli/yaml).
 2025-04-03 15:30:01 -07:00
Parker Brown
e250d17c7a ci(update-permission-inputs): add permissions (#230) 
Adds `contents: write` permissions to the update-permission-inputs.yml workflow file.
 2025-04-03 13:57:23 -07:00
Parker Brown
ed258b491a Rename workflow 2025-04-03 13:46:42 -07:00
Parker Brown
5c652ca715 Update update-inputs.yml 2025-04-03 13:46:11 -07:00
Parker Brown
60ee75db78 ci(update-inputs): create initial version (#229) 
Resolves #220.

Updates action.yml inputs after an update to the octokit/openapi dependency.
 2025-04-03 12:27:14 -07:00
semantic-release-bot
064492a9a1 build(release): 2.0.0 [skip ci] 
# [2.0.0](https://github.com/actions/create-github-app-token/compare/v1.12.0...v2.0.0) (2025-04-03)

* feat!: remove deprecated inputs ([#213](https://github.com/actions/create-github-app-token/issues/213)) ([5cc811b](5cc811bc40))

### BREAKING CHANGES

* Removed deprecated inputs (`app_id`, `private_key`, `skip_token_revoke`) and made `app-id` and `private-key` required in the action configuration.
 2025-04-03 19:10:30 +00:00
Parker Brown
5cc811bc40 feat!: remove deprecated inputs (#213) 
BREAKING CHANGE: Removed deprecated inputs (`app_id`, `private_key`, `skip_token_revoke`) and made `app-id` and `private-key` required in the action configuration.
 2025-04-03 12:09:57 -07:00
Parker Brown
23b44b2c8e build: update package-lock.json on release (#227) 
This pull request updates the release configuration to include
package-lock.json. This should ensure the action version is update in
package-lock.json when the release workflow runs.
 2025-04-03 12:08:57 -07:00
Yuta Kasai
6f3f59186f docs: delete unused badge (#222) 
It seems that there is an unused badge in this repository. This badge
was introduced in
https://github.com/actions/create-github-app-token/pull/70, but after
some trial and error, it was removed from the README
(f28f8958a7
in the PR). However, the badge itself was not deleted.

Therefore, this badge appears to be unnecessary. This patch removes it.
 2025-04-03 18:41:15 +00:00
24 changed files with 1120 additions and 927 deletions
Expand all files Collapse all files

33
.github/workflows/update-permission-inputs.yml vendored Normal file
View File

@@ -0,0 +1,33 @@
name: Update Permission Inputs
on:
pull_request:
paths:
- 'package.json'
- 'package-lock.json'
workflow_dispatch:
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
permissions:
contents: write
jobs:
update-permission-inputs:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
with:
node-version-file: .node-version
cache: 'npm'
- name: Install dependencies
run: npm ci
- name: Run permission inputs update script
run: node scripts/update-permission-inputs.js
- name: Commit changes
uses: stefanzweifel/git-auto-commit-action@e348103e9026cc0eee72ae06630dbe30c8bf7a79 # v5.1.0
with:
commit_message: 'feat: update permission inputs'

2
CONTRIBUTING.md
View File

@@ -12,4 +12,4 @@ Run tests locally
npm test
```
Learn more about how the tests work in [test/README.md](test/README.md).
Learn more about how the tests work in [tests/README.md](tests/README.md).

26
README.md
View File

@@ -28,7 +28,7 @@ jobs:
hello-world:
runs-on: ubuntu-latest
steps:
- uses: actions/create-github-app-token@v1
- uses: actions/create-github-app-token@v2
id: app-token
with:
app-id: ${{ vars.APP_ID }}
@@ -47,7 +47,7 @@ jobs:
auto-format:
runs-on: ubuntu-latest
steps:
- uses: actions/create-github-app-token@v1
- uses: actions/create-github-app-token@v2
id: app-token
with:
# required
@@ -73,7 +73,7 @@ jobs:
auto-format:
runs-on: ubuntu-latest
steps:
- uses: actions/create-github-app-token@v1
- uses: actions/create-github-app-token@v2
id: app-token
with:
# required
@@ -98,7 +98,7 @@ jobs:
auto-format:
runs-on: ubuntu-latest
steps:
- uses: actions/create-github-app-token@v1
- uses: actions/create-github-app-token@v2
id: app-token
with:
# required
@@ -135,7 +135,7 @@ jobs:
hello-world:
runs-on: ubuntu-latest
steps:
- uses: actions/create-github-app-token@v1
- uses: actions/create-github-app-token@v2
id: app-token
with:
app-id: ${{ vars.APP_ID }}
@@ -157,7 +157,7 @@ jobs:
hello-world:
runs-on: ubuntu-latest
steps:
- uses: actions/create-github-app-token@v1
- uses: actions/create-github-app-token@v2
id: app-token
with:
app-id: ${{ vars.APP_ID }}
@@ -182,7 +182,7 @@ jobs:
hello-world:
runs-on: ubuntu-latest
steps:
- uses: actions/create-github-app-token@v1
- uses: actions/create-github-app-token@v2
id: app-token
with:
app-id: ${{ vars.APP_ID }}
@@ -207,7 +207,7 @@ jobs:
hello-world:
runs-on: ubuntu-latest
steps:
- uses: actions/create-github-app-token@v1
- uses: actions/create-github-app-token@v2
id: app-token
with:
app-id: ${{ vars.APP_ID }}
@@ -249,7 +249,7 @@ jobs:
owners-and-repos: ${{ fromJson(needs.set-matrix.outputs.matrix) }}
steps:
- uses: actions/create-github-app-token@v1
- uses: actions/create-github-app-token@v2
id: app-token
with:
app-id: ${{ vars.APP_ID }}
@@ -279,7 +279,7 @@ jobs:
steps:
- name: Create GitHub App token
id: create_token
uses: actions/create-github-app-token@v1
uses: actions/create-github-app-token@v2
with:
app-id: ${{ vars.GHES_APP_ID }}
private-key: ${{ secrets.GHES_APP_PRIVATE_KEY }}
@@ -318,7 +318,7 @@ steps:
echo "private-key=$private_key" >> "$GITHUB_OUTPUT"
- name: Generate GitHub App Token
id: app-token
uses: actions/create-github-app-token@v1
uses: actions/create-github-app-token@v2
with:
app-id: ${{ vars.APP_ID }}
private-key: ${{ steps.decode.outputs.private-key }}
@@ -343,7 +343,7 @@ The reason we define one `permision-<permission name>` input per permission is t
### `skip-token-revoke`
**Optional:** If truthy, the token will not be revoked when the current job is complete.
**Optional:** If true, the token will not be revoked when the current job is complete.
### `github-api-url`
@@ -370,7 +370,7 @@ The action creates an installation access token using [the `POST /app/installati
1. The token is scoped to the current repository or `repositories` if set.
2. The token inherits all the installation's permissions.
3. The token is set as output `token` which can be used in subsequent steps.
4. Unless the `skip-token-revoke` input is set to a truthy value, the token is revoked in the `post` step of the action, which means it cannot be passed to another job.
4. Unless the `skip-token-revoke` input is set to true, the token is revoked in the `post` step of the action, which means it cannot be passed to another job.
5. The token is masked, it cannot be logged accidentally.
> [!NOTE]

21
action.yml
View File

@@ -7,18 +7,10 @@ branding:
inputs:
app-id:
description: "GitHub App ID"
required: false # TODO: When 'app_id' is removed, make 'app-id' required
app_id:
description: "GitHub App ID"
required: false
deprecationMessage: "'app_id' is deprecated and will be removed in a future version. Use 'app-id' instead."
required: true
private-key:
description: "GitHub App private key"
required: false # TODO: When 'private_key' is removed, make 'private-key' required
private_key:
description: "GitHub App private key"
required: false
deprecationMessage: "'private_key' is deprecated and will be removed in a future version. Use 'private-key' instead."
required: true
owner:
description: "The owner of the GitHub App installation (defaults to current repository owner)"
required: false
@@ -26,12 +18,9 @@ inputs:
description: "Comma or newline-separated list of repositories to install the GitHub App on (defaults to current repository if owner is unset)"
required: false
skip-token-revoke:
description: "If truthy, the token will not be revoked when the current job is complete"
description: "If true, the token will not be revoked when the current job is complete"
required: false
skip_token_revoke:
description: "If truthy, the token will not be revoked when the current job is complete"
required: false
deprecationMessage: "'skip_token_revoke' is deprecated and will be removed in a future version. Use 'skip-token-revoke' instead."
default: "false"
# Make GitHub API configurable to support non-GitHub Cloud use cases
# see https://github.com/actions/create-github-app-token/issues/77
github-api-url:
@@ -49,7 +38,7 @@ inputs:
permission-contents:
description: "The level of permission to grant the access token for repository contents, commits, branches, downloads, releases, and merges. Can be set to 'read' or 'write'."
permission-dependabot-secrets:
description: "The leve of permission to grant the access token to manage Dependabot secrets. Can be set to 'read' or 'write'."
description: "The level of permission to grant the access token to manage Dependabot secrets. Can be set to 'read' or 'write'."
permission-deployments:
description: "The level of permission to grant the access token for deployments and deployment statuses. Can be set to 'read' or 'write'."
permission-email-addresses:

25
badges/coverage.svg
View File

@@ -1,25 +0,0 @@
<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" width="106"
height="20" role="img" aria-label="Coverage: 100%">
<title>Coverage: 100%</title>
<linearGradient id="s" x2="0" y2="100%">
<stop offset="0" stop-color="#bbb" stop-opacity=".1" />
<stop offset="1" stop-opacity=".1" />
</linearGradient>
<clipPath id="r">
<rect width="106" height="20" rx="3" fill="#fff" />
</clipPath>
<g clip-path="url(#r)">
<rect width="63" height="20" fill="#555" />
<rect x="63" width="43" height="20" fill="#4c1" />
<rect width="106" height="20" fill="url(#s)" />
</g>
<g fill="#fff" text-anchor="middle" font-family="Verdana,Geneva,DejaVu Sans,sans-serif"
text-rendering="geometricPrecision" font-size="110">
<text aria-hidden="true" x="325" y="150" fill="#010101" fill-opacity=".3"
transform="scale(.1)" textLength="530">Coverage</text>
<text x="325" y="140" transform="scale(.1)" fill="#fff" textLength="530">Coverage</text>
<text aria-hidden="true" x="835" y="150" fill="#010101" fill-opacity=".3"
transform="scale(.1)" textLength="330">100%</text>
<text x="835" y="140" transform="scale(.1)" fill="#fff" textLength="330">100%</text>
</g>
</svg>
Side by Side

Before

Width:  |  Height:  |  Size: 1.3 KiB

801
dist/main.cjs vendored
View File

File diff suppressed because it is too large Load Diff

706
dist/post.cjs vendored
View File

@@ -19963,6 +19963,237 @@ var require_symbols6 = __commonJS({
}
});
// node_modules/undici/lib/util/timers.js
var require_timers2 = __commonJS({
"node_modules/undici/lib/util/timers.js"(exports2, module2) {
"use strict";
var fastNow = 0;
var RESOLUTION_MS = 1e3;
var TICK_MS = (RESOLUTION_MS >> 1) - 1;
var fastNowTimeout;
var kFastTimer = Symbol("kFastTimer");
var fastTimers = [];
var NOT_IN_LIST = -2;
var TO_BE_CLEARED = -1;
var PENDING = 0;
var ACTIVE = 1;
function onTick() {
fastNow += TICK_MS;
let idx = 0;
let len = fastTimers.length;
while (idx < len) {
const timer = fastTimers[idx];
if (timer._state === PENDING) {
timer._idleStart = fastNow - TICK_MS;
timer._state = ACTIVE;
} else if (timer._state === ACTIVE && fastNow >= timer._idleStart + timer._idleTimeout) {
timer._state = TO_BE_CLEARED;
timer._idleStart = -1;
timer._onTimeout(timer._timerArg);
}
if (timer._state === TO_BE_CLEARED) {
timer._state = NOT_IN_LIST;
if (--len !== 0) {
fastTimers[idx] = fastTimers[len];
}
} else {
++idx;
}
}
fastTimers.length = len;
if (fastTimers.length !== 0) {
refreshTimeout();
}
}
function refreshTimeout() {
if (fastNowTimeout) {
fastNowTimeout.refresh();
} else {
clearTimeout(fastNowTimeout);
fastNowTimeout = setTimeout(onTick, TICK_MS);
if (fastNowTimeout.unref) {
fastNowTimeout.unref();
}
}
}
var FastTimer = class {
[kFastTimer] = true;
/**
* The state of the timer, which can be one of the following:
* - NOT_IN_LIST (-2)
* - TO_BE_CLEARED (-1)
* - PENDING (0)
* - ACTIVE (1)
*
* @type {-2|-1|0|1}
* @private
*/
_state = NOT_IN_LIST;
/**
* The number of milliseconds to wait before calling the callback.
*
* @type {number}
* @private
*/
_idleTimeout = -1;
/**
* The time in milliseconds when the timer was started. This value is used to
* calculate when the timer should expire.
*
* @type {number}
* @default -1
* @private
*/
_idleStart = -1;
/**
* The function to be executed when the timer expires.
* @type {Function}
* @private
*/
_onTimeout;
/**
* The argument to be passed to the callback when the timer expires.
*
* @type {*}
* @private
*/
_timerArg;
/**
* @constructor
* @param {Function} callback A function to be executed after the timer
* expires.
* @param {number} delay The time, in milliseconds that the timer should wait
* before the specified function or code is executed.
* @param {*} arg
*/
constructor(callback, delay, arg) {
this._onTimeout = callback;
this._idleTimeout = delay;
this._timerArg = arg;
this.refresh();
}
/**
* Sets the timer's start time to the current time, and reschedules the timer
* to call its callback at the previously specified duration adjusted to the
* current time.
* Using this on a timer that has already called its callback will reactivate
* the timer.
*
* @returns {void}
*/
refresh() {
if (this._state === NOT_IN_LIST) {
fastTimers.push(this);
}
if (!fastNowTimeout || fastTimers.length === 1) {
refreshTimeout();
}
this._state = PENDING;
}
/**
* The `clear` method cancels the timer, preventing it from executing.
*
* @returns {void}
* @private
*/
clear() {
this._state = TO_BE_CLEARED;
this._idleStart = -1;
}
};
module2.exports = {
/**
* The setTimeout() method sets a timer which executes a function once the
* timer expires.
* @param {Function} callback A function to be executed after the timer
* expires.
* @param {number} delay The time, in milliseconds that the timer should
* wait before the specified function or code is executed.
* @param {*} [arg] An optional argument to be passed to the callback function
* when the timer expires.
* @returns {NodeJS.Timeout|FastTimer}
*/
setTimeout(callback, delay, arg) {
return delay <= RESOLUTION_MS ? setTimeout(callback, delay, arg) : new FastTimer(callback, delay, arg);
},
/**
* The clearTimeout method cancels an instantiated Timer previously created
* by calling setTimeout.
*
* @param {NodeJS.Timeout|FastTimer} timeout
*/
clearTimeout(timeout) {
if (timeout[kFastTimer]) {
timeout.clear();
} else {
clearTimeout(timeout);
}
},
/**
* The setFastTimeout() method sets a fastTimer which executes a function once
* the timer expires.
* @param {Function} callback A function to be executed after the timer
* expires.
* @param {number} delay The time, in milliseconds that the timer should
* wait before the specified function or code is executed.
* @param {*} [arg] An optional argument to be passed to the callback function
* when the timer expires.
* @returns {FastTimer}
*/
setFastTimeout(callback, delay, arg) {
return new FastTimer(callback, delay, arg);
},
/**
* The clearTimeout method cancels an instantiated FastTimer previously
* created by calling setFastTimeout.
*
* @param {FastTimer} timeout
*/
clearFastTimeout(timeout) {
timeout.clear();
},
/**
* The now method returns the value of the internal fast timer clock.
*
* @returns {number}
*/
now() {
return fastNow;
},
/**
* Trigger the onTick function to process the fastTimers array.
* Exported for testing purposes only.
* Marking as deprecated to discourage any use outside of testing.
* @deprecated
* @param {number} [delay=0] The delay in milliseconds to add to the now value.
*/
tick(delay = 0) {
fastNow += delay - RESOLUTION_MS + 1;
onTick();
onTick();
},
/**
* Reset FastTimers.
* Exported for testing purposes only.
* Marking as deprecated to discourage any use outside of testing.
* @deprecated
*/
reset() {
fastNow = 0;
fastTimers.length = 0;
clearTimeout(fastNowTimeout);
fastNowTimeout = null;
},
/**
* Exporting for testing purposes only.
* Marking as deprecated to discourage any use outside of testing.
* @deprecated
*/
kFastTimer
};
}
});
// node_modules/undici/lib/core/errors.js
var require_errors2 = __commonJS({
"node_modules/undici/lib/core/errors.js"(exports2, module2) {
@@ -20472,10 +20703,11 @@ var require_util8 = __commonJS({
var nodeUtil = require("node:util");
var { stringify } = require("node:querystring");
var { EventEmitter: EE } = require("node:events");
var { InvalidArgumentError } = require_errors2();
var timers = require_timers2();
var { InvalidArgumentError, ConnectTimeoutError } = require_errors2();
var { headerNameLowerCasedRecord } = require_constants6();
var { tree } = require_tree();
var [nodeMajor, nodeMinor] = process.versions.node.split(".").map((v) => Number(v));
var [nodeMajor, nodeMinor] = process.versions.node.split(".", 2).map((v) => Number(v));
var BodyAsyncIterable = class {
constructor(body) {
this[kBody] = body;
@@ -20487,6 +20719,8 @@ var require_util8 = __commonJS({
yield* this[kBody];
}
};
function noop() {
}
function wrapRequestBody(body) {
if (isStream(body)) {
if (bodyLength(body) === 0) {
@@ -20907,6 +21141,50 @@ var require_util8 = __commonJS({
client.emit("error", err2);
}
}
var setupConnectTimeout = process.platform === "win32" ? (socketWeakRef, opts) => {
if (!opts.timeout) {
return noop;
}
let s1 = null;
let s2 = null;
const fastTimer = timers.setFastTimeout(() => {
s1 = setImmediate(() => {
s2 = setImmediate(() => onConnectTimeout(socketWeakRef.deref(), opts));
});
}, opts.timeout);
return () => {
timers.clearFastTimeout(fastTimer);
clearImmediate(s1);
clearImmediate(s2);
};
} : (socketWeakRef, opts) => {
if (!opts.timeout) {
return noop;
}
let s1 = null;
const fastTimer = timers.setFastTimeout(() => {
s1 = setImmediate(() => {
onConnectTimeout(socketWeakRef.deref(), opts);
});
}, opts.timeout);
return () => {
timers.clearFastTimeout(fastTimer);
clearImmediate(s1);
};
};
function onConnectTimeout(socket, opts) {
if (socket == null) {
return;
}
let message = "Connect Timeout Error";
if (Array.isArray(socket.autoSelectFamilyAttemptedAddresses)) {
message += ` (attempted addresses: ${socket.autoSelectFamilyAttemptedAddresses.join(", ")},`;
} else {
message += ` (attempted address: ${opts.hostname}:${opts.port},`;
}
message += ` timeout: ${opts.timeout}ms)`;
destroy(socket, new ConnectTimeoutError(message));
}
var kEnumerableProperty = /* @__PURE__ */ Object.create(null);
kEnumerableProperty.enumerable = true;
var normalizedMethodRecordsBase = {
@@ -20973,7 +21251,8 @@ var require_util8 = __commonJS({
nodeMajor,
nodeMinor,
safeHTTPMethods: Object.freeze(["GET", "HEAD", "OPTIONS", "TRACE"]),
wrapRequestBody
wrapRequestBody,
setupConnectTimeout
};
}
});
@@ -21839,237 +22118,6 @@ var require_dispatcher_base2 = __commonJS({
}
});
// node_modules/undici/lib/util/timers.js
var require_timers2 = __commonJS({
"node_modules/undici/lib/util/timers.js"(exports2, module2) {
"use strict";
var fastNow = 0;
var RESOLUTION_MS = 1e3;
var TICK_MS = (RESOLUTION_MS >> 1) - 1;
var fastNowTimeout;
var kFastTimer = Symbol("kFastTimer");
var fastTimers = [];
var NOT_IN_LIST = -2;
var TO_BE_CLEARED = -1;
var PENDING = 0;
var ACTIVE = 1;
function onTick() {
fastNow += TICK_MS;
let idx = 0;
let len = fastTimers.length;
while (idx < len) {
const timer = fastTimers[idx];
if (timer._state === PENDING) {
timer._idleStart = fastNow - TICK_MS;
timer._state = ACTIVE;
} else if (timer._state === ACTIVE && fastNow >= timer._idleStart + timer._idleTimeout) {
timer._state = TO_BE_CLEARED;
timer._idleStart = -1;
timer._onTimeout(timer._timerArg);
}
if (timer._state === TO_BE_CLEARED) {
timer._state = NOT_IN_LIST;
if (--len !== 0) {
fastTimers[idx] = fastTimers[len];
}
} else {
++idx;
}
}
fastTimers.length = len;
if (fastTimers.length !== 0) {
refreshTimeout();
}
}
function refreshTimeout() {
if (fastNowTimeout) {
fastNowTimeout.refresh();
} else {
clearTimeout(fastNowTimeout);
fastNowTimeout = setTimeout(onTick, TICK_MS);
if (fastNowTimeout.unref) {
fastNowTimeout.unref();
}
}
}
var FastTimer = class {
[kFastTimer] = true;
/**
* The state of the timer, which can be one of the following:
* - NOT_IN_LIST (-2)
* - TO_BE_CLEARED (-1)
* - PENDING (0)
* - ACTIVE (1)
*
* @type {-2|-1|0|1}
* @private
*/
_state = NOT_IN_LIST;
/**
* The number of milliseconds to wait before calling the callback.
*
* @type {number}
* @private
*/
_idleTimeout = -1;
/**
* The time in milliseconds when the timer was started. This value is used to
* calculate when the timer should expire.
*
* @type {number}
* @default -1
* @private
*/
_idleStart = -1;
/**
* The function to be executed when the timer expires.
* @type {Function}
* @private
*/
_onTimeout;
/**
* The argument to be passed to the callback when the timer expires.
*
* @type {*}
* @private
*/
_timerArg;
/**
* @constructor
* @param {Function} callback A function to be executed after the timer
* expires.
* @param {number} delay The time, in milliseconds that the timer should wait
* before the specified function or code is executed.
* @param {*} arg
*/
constructor(callback, delay, arg) {
this._onTimeout = callback;
this._idleTimeout = delay;
this._timerArg = arg;
this.refresh();
}
/**
* Sets the timer's start time to the current time, and reschedules the timer
* to call its callback at the previously specified duration adjusted to the
* current time.
* Using this on a timer that has already called its callback will reactivate
* the timer.
*
* @returns {void}
*/
refresh() {
if (this._state === NOT_IN_LIST) {
fastTimers.push(this);
}
if (!fastNowTimeout || fastTimers.length === 1) {
refreshTimeout();
}
this._state = PENDING;
}
/**
* The `clear` method cancels the timer, preventing it from executing.
*
* @returns {void}
* @private
*/
clear() {
this._state = TO_BE_CLEARED;
this._idleStart = -1;
}
};
module2.exports = {
/**
* The setTimeout() method sets a timer which executes a function once the
* timer expires.
* @param {Function} callback A function to be executed after the timer
* expires.
* @param {number} delay The time, in milliseconds that the timer should
* wait before the specified function or code is executed.
* @param {*} [arg] An optional argument to be passed to the callback function
* when the timer expires.
* @returns {NodeJS.Timeout|FastTimer}
*/
setTimeout(callback, delay, arg) {
return delay <= RESOLUTION_MS ? setTimeout(callback, delay, arg) : new FastTimer(callback, delay, arg);
},
/**
* The clearTimeout method cancels an instantiated Timer previously created
* by calling setTimeout.
*
* @param {NodeJS.Timeout|FastTimer} timeout
*/
clearTimeout(timeout) {
if (timeout[kFastTimer]) {
timeout.clear();
} else {
clearTimeout(timeout);
}
},
/**
* The setFastTimeout() method sets a fastTimer which executes a function once
* the timer expires.
* @param {Function} callback A function to be executed after the timer
* expires.
* @param {number} delay The time, in milliseconds that the timer should
* wait before the specified function or code is executed.
* @param {*} [arg] An optional argument to be passed to the callback function
* when the timer expires.
* @returns {FastTimer}
*/
setFastTimeout(callback, delay, arg) {
return new FastTimer(callback, delay, arg);
},
/**
* The clearTimeout method cancels an instantiated FastTimer previously
* created by calling setFastTimeout.
*
* @param {FastTimer} timeout
*/
clearFastTimeout(timeout) {
timeout.clear();
},
/**
* The now method returns the value of the internal fast timer clock.
*
* @returns {number}
*/
now() {
return fastNow;
},
/**
* Trigger the onTick function to process the fastTimers array.
* Exported for testing purposes only.
* Marking as deprecated to discourage any use outside of testing.
* @deprecated
* @param {number} [delay=0] The delay in milliseconds to add to the now value.
*/
tick(delay = 0) {
fastNow += delay - RESOLUTION_MS + 1;
onTick();
onTick();
},
/**
* Reset FastTimers.
* Exported for testing purposes only.
* Marking as deprecated to discourage any use outside of testing.
* @deprecated
*/
reset() {
fastNow = 0;
fastTimers.length = 0;
clearTimeout(fastNowTimeout);
fastNowTimeout = null;
},
/**
* Exporting for testing purposes only.
* Marking as deprecated to discourage any use outside of testing.
* @deprecated
*/
kFastTimer
};
}
});
// node_modules/undici/lib/core/connect.js
var require_connect2 = __commonJS({
"node_modules/undici/lib/core/connect.js"(exports2, module2) {
@@ -22077,10 +22125,7 @@ var require_connect2 = __commonJS({
var net = require("node:net");
var assert = require("node:assert");
var util = require_util8();
var { InvalidArgumentError, ConnectTimeoutError } = require_errors2();
var timers = require_timers2();
function noop() {
}
var { InvalidArgumentError } = require_errors2();
var tls;
var SessionCache;
if (global.FinalizationRegistry && !(process.env.NODE_V8_COVERAGE || process.env.UNDICI_NO_FG)) {
@@ -22157,7 +22202,6 @@ var require_connect2 = __commonJS({
servername,
session,
localAddress,
// TODO(HTTP/2): Add support for h2c
ALPNProtocols: allowH2 ? ["http/1.1", "h2"] : ["http/1.1"],
socket: httpSocket,
// upgrade socket connection
@@ -22183,7 +22227,7 @@ var require_connect2 = __commonJS({
const keepAliveInitialDelay = options.keepAliveInitialDelay === void 0 ? 6e4 : options.keepAliveInitialDelay;
socket.setKeepAlive(true, keepAliveInitialDelay);
}
const clearConnectTimeout = setupConnectTimeout(new WeakRef(socket), { timeout, hostname, port });
const clearConnectTimeout = util.setupConnectTimeout(new WeakRef(socket), { timeout, hostname, port });
socket.setNoDelay(true).once(protocol === "https:" ? "secureConnect" : "connect", function() {
queueMicrotask(clearConnectTimeout);
if (callback) {
@@ -22202,50 +22246,6 @@ var require_connect2 = __commonJS({
return socket;
};
}
var setupConnectTimeout = process.platform === "win32" ? (socketWeakRef, opts) => {
if (!opts.timeout) {
return noop;
}
let s1 = null;
let s2 = null;
const fastTimer = timers.setFastTimeout(() => {
s1 = setImmediate(() => {
s2 = setImmediate(() => onConnectTimeout(socketWeakRef.deref(), opts));
});
}, opts.timeout);
return () => {
timers.clearFastTimeout(fastTimer);
clearImmediate(s1);
clearImmediate(s2);
};
} : (socketWeakRef, opts) => {
if (!opts.timeout) {
return noop;
}
let s1 = null;
const fastTimer = timers.setFastTimeout(() => {
s1 = setImmediate(() => {
onConnectTimeout(socketWeakRef.deref(), opts);
});
}, opts.timeout);
return () => {
timers.clearFastTimeout(fastTimer);
clearImmediate(s1);
};
};
function onConnectTimeout(socket, opts) {
if (socket == null) {
return;
}
let message = "Connect Timeout Error";
if (Array.isArray(socket.autoSelectFamilyAttemptedAddresses)) {
message += ` (attempted addresses: ${socket.autoSelectFamilyAttemptedAddresses.join(", ")},`;
} else {
message += ` (attempted address: ${opts.hostname}:${opts.port},`;
}
message += ` timeout: ${opts.timeout}ms)`;
util.destroy(socket, new ConnectTimeoutError(message));
}
module2.exports = buildConnector;
}
});
@@ -26929,6 +26929,7 @@ var require_client_h2 = __commonJS({
}
assert(client[kRunning] === 0);
client.emit("disconnect", client[kUrl], [client], err);
client.emit("connectionError", client[kUrl], [client], err);
client[kResume]();
}
function onHttp2SessionClose() {
@@ -29013,6 +29014,101 @@ var require_retry_agent = __commonJS({
}
});
// node_modules/undici/lib/dispatcher/h2c-client.js
var require_h2c_client = __commonJS({
"node_modules/undici/lib/dispatcher/h2c-client.js"(exports2, module2) {
"use strict";
var { connect } = require("node:net");
var { kClose, kDestroy } = require_symbols6();
var { InvalidArgumentError } = require_errors2();
var util = require_util8();
var Client = require_client2();
var DispatcherBase = require_dispatcher_base2();
var H2CClient = class extends DispatcherBase {
#client = null;
constructor(origin, clientOpts) {
super();
if (typeof origin === "string") {
origin = new URL(origin);
}
if (origin.protocol !== "http:") {
throw new InvalidArgumentError(
"h2c-client: Only h2c protocol is supported"
);
}
const { connect: connect2, maxConcurrentStreams, pipelining, ...opts } = clientOpts ?? {};
let defaultMaxConcurrentStreams = 100;
let defaultPipelining = 100;
if (maxConcurrentStreams != null && Number.isInteger(maxConcurrentStreams) && maxConcurrentStreams > 0) {
defaultMaxConcurrentStreams = maxConcurrentStreams;
}
if (pipelining != null && Number.isInteger(pipelining) && pipelining > 0) {
defaultPipelining = pipelining;
}
if (defaultPipelining > defaultMaxConcurrentStreams) {
throw new InvalidArgumentError(
"h2c-client: pipelining cannot be greater than maxConcurrentStreams"
);
}
this.#client = new Client(origin, {
...opts,
connect: this.#buildConnector(connect2),
maxConcurrentStreams: defaultMaxConcurrentStreams,
pipelining: defaultPipelining,
allowH2: true
});
}
#buildConnector(connectOpts) {
return (opts, callback) => {
const timeout = connectOpts?.connectOpts ?? 1e4;
const { hostname, port, pathname } = opts;
const socket = connect({
...opts,
host: hostname,
port,
pathname
});
if (opts.keepAlive == null || opts.keepAlive) {
const keepAliveInitialDelay = opts.keepAliveInitialDelay == null ? 6e4 : opts.keepAliveInitialDelay;
socket.setKeepAlive(true, keepAliveInitialDelay);
}
socket.alpnProtocol = "h2";
const clearConnectTimeout = util.setupConnectTimeout(
new WeakRef(socket),
{ timeout, hostname, port }
);
socket.setNoDelay(true).once("connect", function() {
queueMicrotask(clearConnectTimeout);
if (callback) {
const cb = callback;
callback = null;
cb(null, this);
}
}).on("error", function(err) {
queueMicrotask(clearConnectTimeout);
if (callback) {
const cb = callback;
callback = null;
cb(err);
}
});
return socket;
};
}
dispatch(opts, handler) {
return this.#client.dispatch(opts, handler);
}
async [kClose]() {
await this.#client.close();
}
async [kDestroy]() {
await this.#client.destroy();
}
};
module2.exports = H2CClient;
}
});
// node_modules/undici/lib/api/readable.js
var require_readable2 = __commonJS({
"node_modules/undici/lib/api/readable.js"(exports2, module2) {
@@ -30334,7 +30430,7 @@ var require_mock_utils2 = __commonJS({
if (typeof path !== "string") {
return path;
}
const pathSegments = path.split("?");
const pathSegments = path.split("?", 3);
if (pathSegments.length !== 2) {
return path;
}
@@ -32054,6 +32150,15 @@ var require_cache2 = __commonJS({
if (!opts.origin) {
throw new Error("opts.origin is undefined");
}
const headers = normaliseHeaders(opts);
return {
origin: opts.origin.toString(),
method: opts.method,
path: opts.path,
headers
};
}
function normaliseHeaders(opts) {
let headers;
if (opts.headers == null) {
headers = {};
@@ -32077,12 +32182,7 @@ var require_cache2 = __commonJS({
} else {
throw new Error("opts.headers is not an object");
}
return {
origin: opts.origin.toString(),
method: opts.method,
path: opts.path,
headers
};
return headers;
}
function assertCacheKey(key) {
if (typeof key !== "object") {
@@ -32275,6 +32375,7 @@ var require_cache2 = __commonJS({
}
module2.exports = {
makeCacheKey,
normaliseHeaders,
assertCacheKey,
assertCacheValue,
parseCacheControlHeader,
@@ -32999,7 +33100,7 @@ var require_cache3 = __commonJS({
var CacheHandler = require_cache_handler();
var MemoryCacheStore = require_memory_cache_store();
var CacheRevalidationHandler = require_cache_revalidation_handler();
var { assertCacheStore, assertCacheMethods, makeCacheKey, parseCacheControlHeader } = require_cache2();
var { assertCacheStore, assertCacheMethods, makeCacheKey, normaliseHeaders, parseCacheControlHeader } = require_cache2();
var { AbortError } = require_errors2();
function needsRevalidation(result, cacheControlDirectives) {
if (cacheControlDirectives?.["no-cache"]) {
@@ -33127,7 +33228,7 @@ var require_cache3 = __commonJS({
withinStaleIfErrorThreshold = now < result.staleAt + staleIfErrorExpiry * 1e3;
}
let headers = {
...opts.headers,
...normaliseHeaders(opts),
"if-modified-since": new Date(result.cachedAt).toUTCString()
};
if (result.etag) {
@@ -35445,7 +35546,10 @@ var require_fetch2 = __commonJS({
originalURL.href,
initiatorType,
globalThis,
cacheState
cacheState,
"",
// bodyType
response.status
);
}
var markResourceTiming = performance.markResourceTiming;
@@ -35739,7 +35843,7 @@ var require_fetch2 = __commonJS({
fetchParams.controller.fullTimingInfo = timingInfo;
}
fetchParams.controller.reportTimingSteps = () => {
if (fetchParams.request.url.protocol !== "https:") {
if (!urlIsHttpHttpsScheme(fetchParams.request.url)) {
return;
}
timingInfo.endTime = unsafeEndTime;
@@ -37874,7 +37978,7 @@ var require_util12 = __commonJS({
const extensionList = /* @__PURE__ */ new Map();
while (position.position < extensions.length) {
const pair = collectASequenceOfCodePointsFast(";", extensions, position);
const [name, value = ""] = pair.split("=");
const [name, value = ""] = pair.split("=", 2);
extensionList.set(
removeHTTPWhitespace(name, true, false),
removeHTTPWhitespace(value, false, true)
@@ -40058,6 +40162,7 @@ var require_undici2 = __commonJS({
var ProxyAgent2 = require_proxy_agent2();
var EnvHttpProxyAgent = require_env_http_proxy_agent();
var RetryAgent = require_retry_agent();
var H2CClient = require_h2c_client();
var errors = require_errors2();
var util = require_util8();
var { InvalidArgumentError } = errors;
@@ -40081,6 +40186,7 @@ var require_undici2 = __commonJS({
module2.exports.ProxyAgent = ProxyAgent2;
module2.exports.EnvHttpProxyAgent = EnvHttpProxyAgent;
module2.exports.RetryAgent = RetryAgent;
module2.exports.H2CClient = H2CClient;
module2.exports.RetryHandler = RetryHandler;
module2.exports.DecoratorHandler = DecoratorHandler;
module2.exports.RedirectHandler = RedirectHandler;
@@ -40202,9 +40308,7 @@ var import_core2 = __toESM(require_core(), 1);
// lib/post.js
async function post(core3, request2) {
const skipTokenRevoke = Boolean(
core3.getInput("skip-token-revoke") || core3.getInput("skip_token_revoke")
);
const skipTokenRevoke = core3.getBooleanInput("skip-token-revoke");
if (skipTokenRevoke) {
core3.info("Token revocation was skipped");
return;
@@ -40227,9 +40331,7 @@ async function post(core3, request2) {
});
core3.info("Token revoked");
} catch (error) {
core3.warning(
`Token revocation failed: ${error.message}`
);
core3.warning(`Token revocation failed: ${error.message}`);
}
}
function tokenExpiresIn(expiresAt) {

7
lib/get-permissions-from-inputs.js
View File

@@ -7,9 +7,12 @@
*/
export function getPermissionsFromInputs(env) {
return Object.entries(env).reduce((permissions, [key, value]) => {
if (!key.startsWith("INPUT_PERMISSION_")) return permissions;
if (!key.startsWith("INPUT_PERMISSION-")) return permissions;
if (!value) return permissions;
const permission = key.slice("INPUT_PERMISSION_".length).toLowerCase();
const permission = key.slice("INPUT_PERMISSION-".length).toLowerCase();
// Inherit app permissions if no permissions inputs are set
if (permissions === undefined) {
return { [permission]: value };
}

32
lib/main.js
View File

@@ -21,7 +21,7 @@ export async function main(
core,
createAppAuth,
request,
skipTokenRevoke,
skipTokenRevoke
) {
let parsedOwner = "";
let parsedRepositoryNames = [];
@@ -33,7 +33,7 @@ export async function main(
parsedRepositoryNames = [repo];
core.info(
`owner and repositories not set, creating token for the current repository ("${repo}")`,
`Inputs 'owner' and 'repositories' are not set. Creating token for this repository (${owner}/${repo}).`
);
}
@@ -42,7 +42,7 @@ export async function main(
parsedOwner = owner;
core.info(
`repositories not set, creating token for all repositories for given owner "${owner}"`,
`Input 'repositories' is not set. Creating token for all repositories owned by ${owner}.`
);
}
@@ -52,9 +52,9 @@ export async function main(
parsedRepositoryNames = repositories;
core.info(
`owner not set, creating owner for given repositories "${repositories.join(
",",
)}" in current owner ("${parsedOwner}")`,
`No 'owner' input provided. Using default owner '${parsedOwner}' to create token for the following repositories:${repositories
.map((repo) => `\n- ${parsedOwner}/${repo}`)
.join("")}`
);
}
@@ -64,9 +64,8 @@ export async function main(
parsedRepositoryNames = repositories;
core.info(
`owner and repositories set, creating token for repositories "${repositories.join(
",",
)}" owned by "${owner}"`,
`Inputs 'owner' and 'repositories' are set. Creating token for the following repositories:
${repositories.map((repo) => `\n- ${parsedOwner}/${repo}`).join("")}`
);
}
@@ -87,18 +86,19 @@ export async function main(
auth,
parsedOwner,
parsedRepositoryNames,
permissions,
permissions
),
{
shouldRetry: (error) => error.status >= 500,
onFailedAttempt: (error) => {
core.info(
`Failed to create token for "${parsedRepositoryNames.join(
",",
)}" (attempt ${error.attemptNumber}): ${error.message}`,
","
)}" (attempt ${error.attemptNumber}): ${error.message}`
);
},
retries: 3,
},
}
));
} else {
// Otherwise get the installation for the owner, which can either be an organization or a user account
@@ -107,11 +107,11 @@ export async function main(
{
onFailedAttempt: (error) => {
core.info(
`Failed to create token for "${parsedOwner}" (attempt ${error.attemptNumber}): ${error.message}`,
`Failed to create token for "${parsedOwner}" (attempt ${error.attemptNumber}): ${error.message}`
);
},
retries: 3,
},
}
));
}
@@ -157,7 +157,7 @@ async function getTokenFromRepository(
auth,
parsedOwner,
parsedRepositoryNames,
permissions,
permissions
) {
// https://docs.github.com/rest/apps/apps?apiVersion=2022-11-28#get-a-repository-installation-for-the-authenticated-app
const response = await request("GET /repos/{owner}/{repo}/installation", {

7
lib/post.js
View File

@@ -5,9 +5,7 @@
* @param {import("@octokit/request").request} request
*/
export async function post(core, request) {
const skipTokenRevoke = Boolean(
core.getInput("skip-token-revoke") || core.getInput("skip_token_revoke")
);
const skipTokenRevoke = core.getBooleanInput("skip-token-revoke");
if (skipTokenRevoke) {
core.info("Token revocation was skipped");
@@ -35,8 +33,7 @@ export async function post(core, request) {
});
core.info("Token revoked");
} catch (error) {
core.warning(
`Token revocation failed: ${error.message}`)
core.warning(`Token revocation failed: ${error.message}`);
}
}

18
main.js
View File

@@ -3,9 +3,9 @@
import core from "@actions/core";
import { createAppAuth } from "@octokit/auth-app";
import { getPermissionsFromInputs } from "./lib/get-permissions-from-inputs.js";
import { main } from "./lib/main.js";
import request from "./lib/request.js";
import { getPermissionsFromInputs } from "./lib/get-permissions-from-inputs.js";
if (!process.env.GITHUB_REPOSITORY) {
throw new Error("GITHUB_REPOSITORY missing, must be set to '<owner>/<repo>'");
@@ -15,16 +15,8 @@ if (!process.env.GITHUB_REPOSITORY_OWNER) {
throw new Error("GITHUB_REPOSITORY_OWNER missing, must be set to '<owner>'");
}
const appId = core.getInput("app-id") || core.getInput("app_id");
if (!appId) {
// The 'app_id' input was previously required, but it and 'app-id' are both optional now, until the former is removed. Still, we want to ensure that at least one of them is set.
throw new Error("Input required and not supplied: app-id");
}
const privateKey = core.getInput("private-key") || core.getInput("private_key");
if (!privateKey) {
// The 'private_key' input was previously required, but it and 'private-key' are both optional now, until the former is removed. Still, we want to ensure that at least one of them is set.
throw new Error("Input required and not supplied: private-key");
}
const appId = core.getInput("app-id");
const privateKey = core.getInput("private-key");
const owner = core.getInput("owner");
const repositories = core
.getInput("repositories")
@@ -32,9 +24,7 @@ const repositories = core
.map((s) => s.trim())
.filter((x) => x !== "");
const skipTokenRevoke = Boolean(
core.getInput("skip-token-revoke") || core.getInput("skip_token_revoke"),
);
const skipTokenRevoke = core.getBooleanInput("skip-token-revoke");
const permissions = getPermissionsFromInputs(process.env);

245
package-lock.json generated
View File

@@ -1,30 +1,30 @@
{
"name": "create-github-app-token",
"version": "1.11.6",
"version": "2.0.4",
"lockfileVersion": 3,
"requires": true,
"packages": {
"": {
"name": "create-github-app-token",
"version": "1.11.6",
"version": "2.0.4",
"license": "MIT",
"dependencies": {
"@actions/core": "^1.11.1",
"@octokit/auth-app": "^7.1.5",
"@octokit/auth-app": "^7.2.0",
"@octokit/request": "^9.2.2",
"p-retry": "^6.2.1",
"undici": "^7.5.0"
"undici": "^7.7.0"
},
"devDependencies": {
"@octokit/openapi": "^18.0.0",
"@octokit/openapi": "^18.2.0",
"@sinonjs/fake-timers": "^14.0.0",
"ava": "^6.2.0",
"c8": "^10.1.3",
"dotenv": "^16.4.7",
"esbuild": "^0.25.0",
"esbuild": "^0.25.2",
"execa": "^9.5.2",
"open-cli": "^8.0.0",
"yaml": "^2.7.0"
"yaml": "^2.7.1"
}
},
"node_modules/@actions/core": {
@@ -80,9 +80,9 @@
}
},
"node_modules/@esbuild/aix-ppc64": {
"version": "0.25.0",
"resolved": "https://registry.npmjs.org/@esbuild/aix-ppc64/-/aix-ppc64-0.25.0.tgz",
"integrity": "sha512-O7vun9Sf8DFjH2UtqK8Ku3LkquL9SZL8OLY1T5NZkA34+wG3OQF7cl4Ql8vdNzM6fzBbYfLaiRLIOZ+2FOCgBQ==",
"version": "0.25.2",
"resolved": "https://registry.npmjs.org/@esbuild/aix-ppc64/-/aix-ppc64-0.25.2.tgz",
"integrity": "sha512-wCIboOL2yXZym2cgm6mlA742s9QeJ8DjGVaL39dLN4rRwrOgOyYSnOaFPhKZGLb2ngj4EyfAFjsNJwPXZvseag==",
"cpu": [
"ppc64"
],
@@ -97,9 +97,9 @@
}
},
"node_modules/@esbuild/android-arm": {
"version": "0.25.0",
"resolved": "https://registry.npmjs.org/@esbuild/android-arm/-/android-arm-0.25.0.tgz",
"integrity": "sha512-PTyWCYYiU0+1eJKmw21lWtC+d08JDZPQ5g+kFyxP0V+es6VPPSUhM6zk8iImp2jbV6GwjX4pap0JFbUQN65X1g==",
"version": "0.25.2",
"resolved": "https://registry.npmjs.org/@esbuild/android-arm/-/android-arm-0.25.2.tgz",
"integrity": "sha512-NQhH7jFstVY5x8CKbcfa166GoV0EFkaPkCKBQkdPJFvo5u+nGXLEH/ooniLb3QI8Fk58YAx7nsPLozUWfCBOJA==",
"cpu": [
"arm"
],
@@ -114,9 +114,9 @@
}
},
"node_modules/@esbuild/android-arm64": {
"version": "0.25.0",
"resolved": "https://registry.npmjs.org/@esbuild/android-arm64/-/android-arm64-0.25.0.tgz",
"integrity": "sha512-grvv8WncGjDSyUBjN9yHXNt+cq0snxXbDxy5pJtzMKGmmpPxeAmAhWxXI+01lU5rwZomDgD3kJwulEnhTRUd6g==",
"version": "0.25.2",
"resolved": "https://registry.npmjs.org/@esbuild/android-arm64/-/android-arm64-0.25.2.tgz",
"integrity": "sha512-5ZAX5xOmTligeBaeNEPnPaeEuah53Id2tX4c2CVP3JaROTH+j4fnfHCkr1PjXMd78hMst+TlkfKcW/DlTq0i4w==",
"cpu": [
"arm64"
],
@@ -131,9 +131,9 @@
}
},
"node_modules/@esbuild/android-x64": {
"version": "0.25.0",
"resolved": "https://registry.npmjs.org/@esbuild/android-x64/-/android-x64-0.25.0.tgz",
"integrity": "sha512-m/ix7SfKG5buCnxasr52+LI78SQ+wgdENi9CqyCXwjVR2X4Jkz+BpC3le3AoBPYTC9NHklwngVXvbJ9/Akhrfg==",
"version": "0.25.2",
"resolved": "https://registry.npmjs.org/@esbuild/android-x64/-/android-x64-0.25.2.tgz",
"integrity": "sha512-Ffcx+nnma8Sge4jzddPHCZVRvIfQ0kMsUsCMcJRHkGJ1cDmhe4SsrYIjLUKn1xpHZybmOqCWwB0zQvsjdEHtkg==",
"cpu": [
"x64"
],
@@ -148,9 +148,9 @@
}
},
"node_modules/@esbuild/darwin-arm64": {
"version": "0.25.0",
"resolved": "https://registry.npmjs.org/@esbuild/darwin-arm64/-/darwin-arm64-0.25.0.tgz",
"integrity": "sha512-mVwdUb5SRkPayVadIOI78K7aAnPamoeFR2bT5nszFUZ9P8UpK4ratOdYbZZXYSqPKMHfS1wdHCJk1P1EZpRdvw==",
"version": "0.25.2",
"resolved": "https://registry.npmjs.org/@esbuild/darwin-arm64/-/darwin-arm64-0.25.2.tgz",
"integrity": "sha512-MpM6LUVTXAzOvN4KbjzU/q5smzryuoNjlriAIx+06RpecwCkL9JpenNzpKd2YMzLJFOdPqBpuub6eVRP5IgiSA==",
"cpu": [
"arm64"
],
@@ -165,9 +165,9 @@
}
},
"node_modules/@esbuild/darwin-x64": {
"version": "0.25.0",
"resolved": "https://registry.npmjs.org/@esbuild/darwin-x64/-/darwin-x64-0.25.0.tgz",
"integrity": "sha512-DgDaYsPWFTS4S3nWpFcMn/33ZZwAAeAFKNHNa1QN0rI4pUjgqf0f7ONmXf6d22tqTY+H9FNdgeaAa+YIFUn2Rg==",
"version": "0.25.2",
"resolved": "https://registry.npmjs.org/@esbuild/darwin-x64/-/darwin-x64-0.25.2.tgz",
"integrity": "sha512-5eRPrTX7wFyuWe8FqEFPG2cU0+butQQVNcT4sVipqjLYQjjh8a8+vUTfgBKM88ObB85ahsnTwF7PSIt6PG+QkA==",
"cpu": [
"x64"
],
@@ -182,9 +182,9 @@
}
},
"node_modules/@esbuild/freebsd-arm64": {
"version": "0.25.0",
"resolved": "https://registry.npmjs.org/@esbuild/freebsd-arm64/-/freebsd-arm64-0.25.0.tgz",
"integrity": "sha512-VN4ocxy6dxefN1MepBx/iD1dH5K8qNtNe227I0mnTRjry8tj5MRk4zprLEdG8WPyAPb93/e4pSgi1SoHdgOa4w==",
"version": "0.25.2",
"resolved": "https://registry.npmjs.org/@esbuild/freebsd-arm64/-/freebsd-arm64-0.25.2.tgz",
"integrity": "sha512-mLwm4vXKiQ2UTSX4+ImyiPdiHjiZhIaE9QvC7sw0tZ6HoNMjYAqQpGyui5VRIi5sGd+uWq940gdCbY3VLvsO1w==",
"cpu": [
"arm64"
],
@@ -199,9 +199,9 @@
}
},
"node_modules/@esbuild/freebsd-x64": {
"version": "0.25.0",
"resolved": "https://registry.npmjs.org/@esbuild/freebsd-x64/-/freebsd-x64-0.25.0.tgz",
"integrity": "sha512-mrSgt7lCh07FY+hDD1TxiTyIHyttn6vnjesnPoVDNmDfOmggTLXRv8Id5fNZey1gl/V2dyVK1VXXqVsQIiAk+A==",
"version": "0.25.2",
"resolved": "https://registry.npmjs.org/@esbuild/freebsd-x64/-/freebsd-x64-0.25.2.tgz",
"integrity": "sha512-6qyyn6TjayJSwGpm8J9QYYGQcRgc90nmfdUb0O7pp1s4lTY+9D0H9O02v5JqGApUyiHOtkz6+1hZNvNtEhbwRQ==",
"cpu": [
"x64"
],
@@ -216,9 +216,9 @@
}
},
"node_modules/@esbuild/linux-arm": {
"version": "0.25.0",
"resolved": "https://registry.npmjs.org/@esbuild/linux-arm/-/linux-arm-0.25.0.tgz",
"integrity": "sha512-vkB3IYj2IDo3g9xX7HqhPYxVkNQe8qTK55fraQyTzTX/fxaDtXiEnavv9geOsonh2Fd2RMB+i5cbhu2zMNWJwg==",
"version": "0.25.2",
"resolved": "https://registry.npmjs.org/@esbuild/linux-arm/-/linux-arm-0.25.2.tgz",
"integrity": "sha512-UHBRgJcmjJv5oeQF8EpTRZs/1knq6loLxTsjc3nxO9eXAPDLcWW55flrMVc97qFPbmZP31ta1AZVUKQzKTzb0g==",
"cpu": [
"arm"
],
@@ -233,9 +233,9 @@
}
},
"node_modules/@esbuild/linux-arm64": {
"version": "0.25.0",
"resolved": "https://registry.npmjs.org/@esbuild/linux-arm64/-/linux-arm64-0.25.0.tgz",
"integrity": "sha512-9QAQjTWNDM/Vk2bgBl17yWuZxZNQIF0OUUuPZRKoDtqF2k4EtYbpyiG5/Dk7nqeK6kIJWPYldkOcBqjXjrUlmg==",
"version": "0.25.2",
"resolved": "https://registry.npmjs.org/@esbuild/linux-arm64/-/linux-arm64-0.25.2.tgz",
"integrity": "sha512-gq/sjLsOyMT19I8obBISvhoYiZIAaGF8JpeXu1u8yPv8BE5HlWYobmlsfijFIZ9hIVGYkbdFhEqC0NvM4kNO0g==",
"cpu": [
"arm64"
],
@@ -250,9 +250,9 @@
}
},
"node_modules/@esbuild/linux-ia32": {
"version": "0.25.0",
"resolved": "https://registry.npmjs.org/@esbuild/linux-ia32/-/linux-ia32-0.25.0.tgz",
"integrity": "sha512-43ET5bHbphBegyeqLb7I1eYn2P/JYGNmzzdidq/w0T8E2SsYL1U6un2NFROFRg1JZLTzdCoRomg8Rvf9M6W6Gg==",
"version": "0.25.2",
"resolved": "https://registry.npmjs.org/@esbuild/linux-ia32/-/linux-ia32-0.25.2.tgz",
"integrity": "sha512-bBYCv9obgW2cBP+2ZWfjYTU+f5cxRoGGQ5SeDbYdFCAZpYWrfjjfYwvUpP8MlKbP0nwZ5gyOU/0aUzZ5HWPuvQ==",
"cpu": [
"ia32"
],
@@ -267,9 +267,9 @@
}
},
"node_modules/@esbuild/linux-loong64": {
"version": "0.25.0",
"resolved": "https://registry.npmjs.org/@esbuild/linux-loong64/-/linux-loong64-0.25.0.tgz",
"integrity": "sha512-fC95c/xyNFueMhClxJmeRIj2yrSMdDfmqJnyOY4ZqsALkDrrKJfIg5NTMSzVBr5YW1jf+l7/cndBfP3MSDpoHw==",
"version": "0.25.2",
"resolved": "https://registry.npmjs.org/@esbuild/linux-loong64/-/linux-loong64-0.25.2.tgz",
"integrity": "sha512-SHNGiKtvnU2dBlM5D8CXRFdd+6etgZ9dXfaPCeJtz+37PIUlixvlIhI23L5khKXs3DIzAn9V8v+qb1TRKrgT5w==",
"cpu": [
"loong64"
],
@@ -284,9 +284,9 @@
}
},
"node_modules/@esbuild/linux-mips64el": {
"version": "0.25.0",
"resolved": "https://registry.npmjs.org/@esbuild/linux-mips64el/-/linux-mips64el-0.25.0.tgz",
"integrity": "sha512-nkAMFju7KDW73T1DdH7glcyIptm95a7Le8irTQNO/qtkoyypZAnjchQgooFUDQhNAy4iu08N79W4T4pMBwhPwQ==",
"version": "0.25.2",
"resolved": "https://registry.npmjs.org/@esbuild/linux-mips64el/-/linux-mips64el-0.25.2.tgz",
"integrity": "sha512-hDDRlzE6rPeoj+5fsADqdUZl1OzqDYow4TB4Y/3PlKBD0ph1e6uPHzIQcv2Z65u2K0kpeByIyAjCmjn1hJgG0Q==",
"cpu": [
"mips64el"
],
@@ -301,9 +301,9 @@
}
},
"node_modules/@esbuild/linux-ppc64": {
"version": "0.25.0",
"resolved": "https://registry.npmjs.org/@esbuild/linux-ppc64/-/linux-ppc64-0.25.0.tgz",
"integrity": "sha512-NhyOejdhRGS8Iwv+KKR2zTq2PpysF9XqY+Zk77vQHqNbo/PwZCzB5/h7VGuREZm1fixhs4Q/qWRSi5zmAiO4Fw==",
"version": "0.25.2",
"resolved": "https://registry.npmjs.org/@esbuild/linux-ppc64/-/linux-ppc64-0.25.2.tgz",
"integrity": "sha512-tsHu2RRSWzipmUi9UBDEzc0nLc4HtpZEI5Ba+Omms5456x5WaNuiG3u7xh5AO6sipnJ9r4cRWQB2tUjPyIkc6g==",
"cpu": [
"ppc64"
],
@@ -318,9 +318,9 @@
}
},
"node_modules/@esbuild/linux-riscv64": {
"version": "0.25.0",
"resolved": "https://registry.npmjs.org/@esbuild/linux-riscv64/-/linux-riscv64-0.25.0.tgz",
"integrity": "sha512-5S/rbP5OY+GHLC5qXp1y/Mx//e92L1YDqkiBbO9TQOvuFXM+iDqUNG5XopAnXoRH3FjIUDkeGcY1cgNvnXp/kA==",
"version": "0.25.2",
"resolved": "https://registry.npmjs.org/@esbuild/linux-riscv64/-/linux-riscv64-0.25.2.tgz",
"integrity": "sha512-k4LtpgV7NJQOml/10uPU0s4SAXGnowi5qBSjaLWMojNCUICNu7TshqHLAEbkBdAszL5TabfvQ48kK84hyFzjnw==",
"cpu": [
"riscv64"
],
@@ -335,9 +335,9 @@
}
},
"node_modules/@esbuild/linux-s390x": {
"version": "0.25.0",
"resolved": "https://registry.npmjs.org/@esbuild/linux-s390x/-/linux-s390x-0.25.0.tgz",
"integrity": "sha512-XM2BFsEBz0Fw37V0zU4CXfcfuACMrppsMFKdYY2WuTS3yi8O1nFOhil/xhKTmE1nPmVyvQJjJivgDT+xh8pXJA==",
"version": "0.25.2",
"resolved": "https://registry.npmjs.org/@esbuild/linux-s390x/-/linux-s390x-0.25.2.tgz",
"integrity": "sha512-GRa4IshOdvKY7M/rDpRR3gkiTNp34M0eLTaC1a08gNrh4u488aPhuZOCpkF6+2wl3zAN7L7XIpOFBhnaE3/Q8Q==",
"cpu": [
"s390x"
],
@@ -352,9 +352,9 @@
}
},
"node_modules/@esbuild/linux-x64": {
"version": "0.25.0",
"resolved": "https://registry.npmjs.org/@esbuild/linux-x64/-/linux-x64-0.25.0.tgz",
"integrity": "sha512-9yl91rHw/cpwMCNytUDxwj2XjFpxML0y9HAOH9pNVQDpQrBxHy01Dx+vaMu0N1CKa/RzBD2hB4u//nfc+Sd3Cw==",
"version": "0.25.2",
"resolved": "https://registry.npmjs.org/@esbuild/linux-x64/-/linux-x64-0.25.2.tgz",
"integrity": "sha512-QInHERlqpTTZ4FRB0fROQWXcYRD64lAoiegezDunLpalZMjcUcld3YzZmVJ2H/Cp0wJRZ8Xtjtj0cEHhYc/uUg==",
"cpu": [
"x64"
],
@@ -369,9 +369,9 @@
}
},
"node_modules/@esbuild/netbsd-arm64": {
"version": "0.25.0",
"resolved": "https://registry.npmjs.org/@esbuild/netbsd-arm64/-/netbsd-arm64-0.25.0.tgz",
"integrity": "sha512-RuG4PSMPFfrkH6UwCAqBzauBWTygTvb1nxWasEJooGSJ/NwRw7b2HOwyRTQIU97Hq37l3npXoZGYMy3b3xYvPw==",
"version": "0.25.2",
"resolved": "https://registry.npmjs.org/@esbuild/netbsd-arm64/-/netbsd-arm64-0.25.2.tgz",
"integrity": "sha512-talAIBoY5M8vHc6EeI2WW9d/CkiO9MQJ0IOWX8hrLhxGbro/vBXJvaQXefW2cP0z0nQVTdQ/eNyGFV1GSKrxfw==",
"cpu": [
"arm64"
],
@@ -386,9 +386,9 @@
}
},
"node_modules/@esbuild/netbsd-x64": {
"version": "0.25.0",
"resolved": "https://registry.npmjs.org/@esbuild/netbsd-x64/-/netbsd-x64-0.25.0.tgz",
"integrity": "sha512-jl+qisSB5jk01N5f7sPCsBENCOlPiS/xptD5yxOx2oqQfyourJwIKLRA2yqWdifj3owQZCL2sn6o08dBzZGQzA==",
"version": "0.25.2",
"resolved": "https://registry.npmjs.org/@esbuild/netbsd-x64/-/netbsd-x64-0.25.2.tgz",
"integrity": "sha512-voZT9Z+tpOxrvfKFyfDYPc4DO4rk06qamv1a/fkuzHpiVBMOhpjK+vBmWM8J1eiB3OLSMFYNaOaBNLXGChf5tg==",
"cpu": [
"x64"
],
@@ -403,9 +403,9 @@
}
},
"node_modules/@esbuild/openbsd-arm64": {
"version": "0.25.0",
"resolved": "https://registry.npmjs.org/@esbuild/openbsd-arm64/-/openbsd-arm64-0.25.0.tgz",
"integrity": "sha512-21sUNbq2r84YE+SJDfaQRvdgznTD8Xc0oc3p3iW/a1EVWeNj/SdUCbm5U0itZPQYRuRTW20fPMWMpcrciH2EJw==",
"version": "0.25.2",
"resolved": "https://registry.npmjs.org/@esbuild/openbsd-arm64/-/openbsd-arm64-0.25.2.tgz",
"integrity": "sha512-dcXYOC6NXOqcykeDlwId9kB6OkPUxOEqU+rkrYVqJbK2hagWOMrsTGsMr8+rW02M+d5Op5NNlgMmjzecaRf7Tg==",
"cpu": [
"arm64"
],
@@ -420,9 +420,9 @@
}
},
"node_modules/@esbuild/openbsd-x64": {
"version": "0.25.0",
"resolved": "https://registry.npmjs.org/@esbuild/openbsd-x64/-/openbsd-x64-0.25.0.tgz",
"integrity": "sha512-2gwwriSMPcCFRlPlKx3zLQhfN/2WjJ2NSlg5TKLQOJdV0mSxIcYNTMhk3H3ulL/cak+Xj0lY1Ym9ysDV1igceg==",
"version": "0.25.2",
"resolved": "https://registry.npmjs.org/@esbuild/openbsd-x64/-/openbsd-x64-0.25.2.tgz",
"integrity": "sha512-t/TkWwahkH0Tsgoq1Ju7QfgGhArkGLkF1uYz8nQS/PPFlXbP5YgRpqQR3ARRiC2iXoLTWFxc6DJMSK10dVXluw==",
"cpu": [
"x64"
],
@@ -437,9 +437,9 @@
}
},
"node_modules/@esbuild/sunos-x64": {
"version": "0.25.0",
"resolved": "https://registry.npmjs.org/@esbuild/sunos-x64/-/sunos-x64-0.25.0.tgz",
"integrity": "sha512-bxI7ThgLzPrPz484/S9jLlvUAHYMzy6I0XiU1ZMeAEOBcS0VePBFxh1JjTQt3Xiat5b6Oh4x7UC7IwKQKIJRIg==",
"version": "0.25.2",
"resolved": "https://registry.npmjs.org/@esbuild/sunos-x64/-/sunos-x64-0.25.2.tgz",
"integrity": "sha512-cfZH1co2+imVdWCjd+D1gf9NjkchVhhdpgb1q5y6Hcv9TP6Zi9ZG/beI3ig8TvwT9lH9dlxLq5MQBBgwuj4xvA==",
"cpu": [
"x64"
],
@@ -454,9 +454,9 @@
}
},
"node_modules/@esbuild/win32-arm64": {
"version": "0.25.0",
"resolved": "https://registry.npmjs.org/@esbuild/win32-arm64/-/win32-arm64-0.25.0.tgz",
"integrity": "sha512-ZUAc2YK6JW89xTbXvftxdnYy3m4iHIkDtK3CLce8wg8M2L+YZhIvO1DKpxrd0Yr59AeNNkTiic9YLf6FTtXWMw==",
"version": "0.25.2",
"resolved": "https://registry.npmjs.org/@esbuild/win32-arm64/-/win32-arm64-0.25.2.tgz",
"integrity": "sha512-7Loyjh+D/Nx/sOTzV8vfbB3GJuHdOQyrOryFdZvPHLf42Tk9ivBU5Aedi7iyX+x6rbn2Mh68T4qq1SDqJBQO5Q==",
"cpu": [
"arm64"
],
@@ -471,9 +471,9 @@
}
},
"node_modules/@esbuild/win32-ia32": {
"version": "0.25.0",
"resolved": "https://registry.npmjs.org/@esbuild/win32-ia32/-/win32-ia32-0.25.0.tgz",
"integrity": "sha512-eSNxISBu8XweVEWG31/JzjkIGbGIJN/TrRoiSVZwZ6pkC6VX4Im/WV2cz559/TXLcYbcrDN8JtKgd9DJVIo8GA==",
"version": "0.25.2",
"resolved": "https://registry.npmjs.org/@esbuild/win32-ia32/-/win32-ia32-0.25.2.tgz",
"integrity": "sha512-WRJgsz9un0nqZJ4MfhabxaD9Ft8KioqU3JMinOTvobbX6MOSUigSBlogP8QB3uxpJDsFS6yN+3FDBdqE5lg9kg==",
"cpu": [
"ia32"
],
@@ -488,9 +488,9 @@
}
},
"node_modules/@esbuild/win32-x64": {
"version": "0.25.0",
"resolved": "https://registry.npmjs.org/@esbuild/win32-x64/-/win32-x64-0.25.0.tgz",
"integrity": "sha512-ZENoHJBxA20C2zFzh6AI4fT6RraMzjYw4xKWemRTRmRVtN9c5DcH9r/f2ihEkMjOW5eGgrwCslG/+Y/3bL+DHQ==",
"version": "0.25.2",
"resolved": "https://registry.npmjs.org/@esbuild/win32-x64/-/win32-x64-0.25.2.tgz",
"integrity": "sha512-kM3HKb16VIXZyIeVrM1ygYmZBKybX8N4p754bw390wGO3Tf2j4L2/WYL+4suWujpgf6GBYs3jv7TyUivdd05JA==",
"cpu": [
"x64"
],
@@ -672,9 +672,9 @@
}
},
"node_modules/@octokit/auth-app": {
"version": "7.1.5",
"resolved": "https://registry.npmjs.org/@octokit/auth-app/-/auth-app-7.1.5.tgz",
"integrity": "sha512-boklS4E6LpbA3nRx+SU2fRKRGZJdOGoSZne/i3Y0B5rfHOcGwFgcXrwDLdtbv4igfDSnAkZaoNBv1GYjPDKRNw==",
"version": "7.2.0",
"resolved": "https://registry.npmjs.org/@octokit/auth-app/-/auth-app-7.2.0.tgz",
"integrity": "sha512-js6wDY3SNLNZo5XwybhC8WKEw8BonEa9vqxN4IKbhEbo22i2+DinHxapV/PpFCTsmlkT1HMhF75xyOG9RVvI5g==",
"license": "MIT",
"dependencies": {
"@octokit/auth-oauth-app": "^8.1.3",
@@ -775,9 +775,9 @@
}
},
"node_modules/@octokit/openapi": {
"version": "18.0.0",
"resolved": "https://registry.npmjs.org/@octokit/openapi/-/openapi-18.0.0.tgz",
"integrity": "sha512-N1khK+uLrWkyJ6J/kjYfhD4NnTsgU+xf1av6Ui9an5Z7Now5ZzUvUkKgymbmfGb+yjPHM/jQG2Ql4RWKw/AkpA==",
"version": "18.2.0",
"resolved": "https://registry.npmjs.org/@octokit/openapi/-/openapi-18.2.0.tgz",
"integrity": "sha512-o9P7OtVWNtIV8Vze2fceohx1NdThnMZJc8kR44dmSXKcYH7GFHI/44PJgNsqIfiArbbSfjpLeXwvR9EKBjfgcw==",
"dev": true,
"license": "MIT",
"engines": {
@@ -1622,9 +1622,9 @@
"dev": true
},
"node_modules/esbuild": {
"version": "0.25.0",
"resolved": "https://registry.npmjs.org/esbuild/-/esbuild-0.25.0.tgz",
"integrity": "sha512-BXq5mqc8ltbaN34cDqWuYKyNhX8D/Z0J1xdtdQ8UcIIIyJyz+ZMKUt58tF3SrZ85jcfN/PZYhjR5uDQAYNVbuw==",
"version": "0.25.2",
"resolved": "https://registry.npmjs.org/esbuild/-/esbuild-0.25.2.tgz",
"integrity": "sha512-16854zccKPnC+toMywC+uKNeYSv+/eXkevRAfwRD/G9Cleq66m8XFIrigkbvauLLlCfDL45Q2cWegSg53gGBnQ==",
"dev": true,
"hasInstallScript": true,
"license": "MIT",
@@ -1635,31 +1635,31 @@
"node": ">=18"
},
"optionalDependencies": {
"@esbuild/aix-ppc64": "0.25.0",
"@esbuild/android-arm": "0.25.0",
"@esbuild/android-arm64": "0.25.0",
"@esbuild/android-x64": "0.25.0",
"@esbuild/darwin-arm64": "0.25.0",
"@esbuild/darwin-x64": "0.25.0",
"@esbuild/freebsd-arm64": "0.25.0",
"@esbuild/freebsd-x64": "0.25.0",
"@esbuild/linux-arm": "0.25.0",
"@esbuild/linux-arm64": "0.25.0",
"@esbuild/linux-ia32": "0.25.0",
"@esbuild/linux-loong64": "0.25.0",
"@esbuild/linux-mips64el": "0.25.0",
"@esbuild/linux-ppc64": "0.25.0",
"@esbuild/linux-riscv64": "0.25.0",
"@esbuild/linux-s390x": "0.25.0",
"@esbuild/linux-x64": "0.25.0",
"@esbuild/netbsd-arm64": "0.25.0",
"@esbuild/netbsd-x64": "0.25.0",
"@esbuild/openbsd-arm64": "0.25.0",
"@esbuild/openbsd-x64": "0.25.0",
"@esbuild/sunos-x64": "0.25.0",
"@esbuild/win32-arm64": "0.25.0",
"@esbuild/win32-ia32": "0.25.0",
"@esbuild/win32-x64": "0.25.0"
"@esbuild/aix-ppc64": "0.25.2",
"@esbuild/android-arm": "0.25.2",
"@esbuild/android-arm64": "0.25.2",
"@esbuild/android-x64": "0.25.2",
"@esbuild/darwin-arm64": "0.25.2",
"@esbuild/darwin-x64": "0.25.2",
"@esbuild/freebsd-arm64": "0.25.2",
"@esbuild/freebsd-x64": "0.25.2",
"@esbuild/linux-arm": "0.25.2",
"@esbuild/linux-arm64": "0.25.2",
"@esbuild/linux-ia32": "0.25.2",
"@esbuild/linux-loong64": "0.25.2",
"@esbuild/linux-mips64el": "0.25.2",
"@esbuild/linux-ppc64": "0.25.2",
"@esbuild/linux-riscv64": "0.25.2",
"@esbuild/linux-s390x": "0.25.2",
"@esbuild/linux-x64": "0.25.2",
"@esbuild/netbsd-arm64": "0.25.2",
"@esbuild/netbsd-x64": "0.25.2",
"@esbuild/openbsd-arm64": "0.25.2",
"@esbuild/openbsd-x64": "0.25.2",
"@esbuild/sunos-x64": "0.25.2",
"@esbuild/win32-arm64": "0.25.2",
"@esbuild/win32-ia32": "0.25.2",
"@esbuild/win32-x64": "0.25.2"
}
},
"node_modules/escalade": {
@@ -3651,9 +3651,9 @@
}
},
"node_modules/undici": {
"version": "7.5.0",
"resolved": "https://registry.npmjs.org/undici/-/undici-7.5.0.tgz",
"integrity": "sha512-NFQG741e8mJ0fLQk90xKxFdaSM7z4+IQpAgsFI36bCDY9Z2+aXXZjVy2uUksMouWfMI9+w5ejOq5zYYTBCQJDQ==",
"version": "7.7.0",
"resolved": "https://registry.npmjs.org/undici/-/undici-7.7.0.tgz",
"integrity": "sha512-tZ6+5NBq4KH35rr46XJ2JPFKxfcBlYNaqLF/wyWIO9RMHqqU/gx/CLB1Y2qMcgB8lWw/bKHa7qzspqCN7mUHvA==",
"license": "MIT",
"engines": {
"node": ">=20.18.1"
@@ -3956,10 +3956,11 @@
"dev": true
},
"node_modules/yaml": {
"version": "2.7.0",
"resolved": "https://registry.npmjs.org/yaml/-/yaml-2.7.0.tgz",
"integrity": "sha512-+hSoy/QHluxmC9kCIJyL/uyFmLmc+e5CFR5Wa+bpIhIj85LVb9ZH2nVnqrHoSvKogwODv0ClqZkmiSSaIH5LTA==",
"version": "2.7.1",
"resolved": "https://registry.npmjs.org/yaml/-/yaml-2.7.1.tgz",
"integrity": "sha512-10ULxpnOCQXxJvBgxsn9ptjq6uviG/htZKk9veJGhlqn3w/DxQ631zFF+nlQXLwmImeS5amR2dl2U8sg6U9jsQ==",
"dev": true,
"license": "ISC",
"bin": {
"yaml": "bin.mjs"
},

13
package.json
View File

@@ -2,7 +2,7 @@
"name": "create-github-app-token",
"private": true,
"type": "module",
"version": "1.12.0",
"version": "2.0.4",
"description": "GitHub Action for creating a GitHub App Installation Access Token",
"scripts": {
"build": "esbuild main.js post.js --bundle --outdir=dist --out-extension:.js=.cjs --platform=node --target=node20.0.0 --packages=bundle",
@@ -13,21 +13,21 @@
"license": "MIT",
"dependencies": {
"@actions/core": "^1.11.1",
"@octokit/auth-app": "^7.1.5",
"@octokit/auth-app": "^7.2.0",
"@octokit/request": "^9.2.2",
"p-retry": "^6.2.1",
"undici": "^7.5.0"
"undici": "^7.7.0"
},
"devDependencies": {
"@octokit/openapi": "^18.0.0",
"@octokit/openapi": "^18.2.0",
"@sinonjs/fake-timers": "^14.0.0",
"ava": "^6.2.0",
"c8": "^10.1.3",
"dotenv": "^16.4.7",
"esbuild": "^0.25.0",
"esbuild": "^0.25.2",
"execa": "^9.5.2",
"open-cli": "^8.0.0",
"yaml": "^2.7.0"
"yaml": "^2.7.1"
},
"release": {
"branches": [
@@ -45,6 +45,7 @@
{
"assets": [
"package.json",
"package-lock.json",
"dist/*"
],
"message": "build(release): ${nextRelease.version} [skip ci]\n\n${nextRelease.notes}"

2
scripts/generated/app-permissions.json
View File

@@ -45,7 +45,7 @@
},
"dependabot_secrets": {
"type": "string",
"description": "The leve of permission to grant the access token to manage Dependabot secrets.",
"description": "The level of permission to grant the access token to manage Dependabot secrets.",
"enum": [
"read",
"write"

9
tests/main-missing-app-id.test.js
View File

@@ -1,9 +0,0 @@
process.env.GITHUB_REPOSITORY_OWNER = "actions";
process.env.GITHUB_REPOSITORY = "actions/create-github-app-token";
// Verify `main` exits with an error when neither the `app-id` nor `app_id` input is set.
try {
await import("../main.js");
} catch (error) {
console.error(error.message);
}

10
tests/main-missing-private-key.test.js
View File

@@ -1,10 +0,0 @@
process.env.GITHUB_REPOSITORY_OWNER = "actions";
process.env.GITHUB_REPOSITORY = "actions/create-github-app-token";
process.env["INPUT_APP-ID"] = "123456";
// Verify `main` exits with an error when neither the `private-key` nor `private_key` input is set.
try {
await import("../main.js");
} catch (error) {
console.error(error.message);
}

4
tests/main-token-permissions-set.test.js
View File

@@ -2,6 +2,6 @@ import { test } from "./main.js";
// Verify `main` successfully sets permissions
await test(() => {
process.env.INPUT_PERMISSION_ISSUES = `write`;
process.env.INPUT_PERMISSION_PULL_REQUESTS = `read`;
process.env["INPUT_PERMISSION-ISSUES"] = `write`;
process.env["INPUT_PERMISSION-PULL-REQUESTS"] = `read`;
});

9
tests/main.js
View File

@@ -8,6 +8,7 @@ export const DEFAULT_ENV = {
// inputs are set as environment variables with the prefix INPUT_
// https://docs.github.com/actions/creating-actions/metadata-syntax-for-github-actions#example-specifying-inputs
"INPUT_GITHUB-API-URL": "https://api.github.com",
"INPUT_SKIP-TOKEN-REVOKE": "false",
"INPUT_APP-ID": "123456",
// This key is invalidated. Its from https://github.com/octokit/auth-app.js/issues/465#issuecomment-1564998327.
"INPUT_PRIVATE-KEY": `-----BEGIN RSA PRIVATE KEY-----
@@ -37,6 +38,8 @@ so0tiQKBgGQXZaxaXhYUcxYHuCkQ3V4Vsj3ezlM92xXlP32SGFm3KgFhYy9kATxw
Cax1ytZzvlrKLQyQFVK1COs2rHt7W4cJ7op7C8zXfsigXCiejnS664oAuX8sQZID
x3WQZRiXlWejSMUAHuMwXrhGlltF3lw83+xAjnqsVp75kGS6OH61
-----END RSA PRIVATE KEY-----`,
// The Actions runner sets all inputs to empty strings if not set.
"INPUT_PERMISSION-ADMINISTRATION": "",
};
export async function test(cb = (_mockPool) => {}, env = DEFAULT_ENV) {
@@ -60,7 +63,7 @@ export async function test(cb = (_mockPool) => {}, env = DEFAULT_ENV) {
const owner = env.INPUT_OWNER ?? env.GITHUB_REPOSITORY_OWNER;
const currentRepoName = env.GITHUB_REPOSITORY.split("/")[1];
const repo = encodeURIComponent(
(env.INPUT_REPOSITORIES ?? currentRepoName).split(",")[0],
(env.INPUT_REPOSITORIES ?? currentRepoName).split(",")[0]
);
mockPool
@@ -76,7 +79,7 @@ export async function test(cb = (_mockPool) => {}, env = DEFAULT_ENV) {
.reply(
200,
{ id: mockInstallationId, app_slug: mockAppSlug },
{ headers: { "content-type": "application/json" } },
{ headers: { "content-type": "application/json" } }
);
// Mock installation access token request
@@ -97,7 +100,7 @@ export async function test(cb = (_mockPool) => {}, env = DEFAULT_ENV) {
.reply(
201,
{ token: mockInstallationAccessToken, expires_at: mockExpiresAt },
{ headers: { "content-type": "application/json" } },
{ headers: { "content-type": "application/json" } }
);
// Run the callback

1
tests/post-revoke-token-fail-response.test.js
View File

@@ -7,6 +7,7 @@ process.env.STATE_token = "secret123";
// inputs are set as environment variables with the prefix INPUT_
// https://docs.github.com/en/actions/creating-actions/metadata-syntax-for-github-actions#example-specifying-inputs
process.env["INPUT_GITHUB-API-URL"] = "https://api.github.com";
process.env["INPUT_SKIP-TOKEN-REVOKE"] = "false";
// 1 hour in the future, not expired
process.env.STATE_expiresAt = new Date(

4
tests/post-token-expired.test.js
View File

@@ -7,6 +7,10 @@ process.env.STATE_token = "secret123";
// 1 hour in the past, expired
process.env.STATE_expiresAt = new Date(Date.now() - 1000 * 60 * 60).toISOString();
// inputs are set as environment variables with the prefix INPUT_
// https://docs.github.com/en/actions/creating-actions/metadata-syntax-for-github-actions#example-specifying-inputs
process.env["INPUT_SKIP-TOKEN-REVOKE"] = "false";
const mockAgent = new MockAgent();
setGlobalDispatcher(mockAgent);

1
tests/post-token-set.test.js
View File

@@ -7,6 +7,7 @@ process.env.STATE_token = "secret123";
// inputs are set as environment variables with the prefix INPUT_
// https://docs.github.com/en/actions/creating-actions/metadata-syntax-for-github-actions#example-specifying-inputs
process.env["INPUT_GITHUB-API-URL"] = "https://api.github.com";
process.env["INPUT_SKIP-TOKEN-REVOKE"] = "false";
// 1 hour in the future, not expired
process.env.STATE_expiresAt = new Date(Date.now() + 1000 * 60 * 60).toISOString();

4
tests/post-token-unset.test.js
View File

@@ -2,4 +2,8 @@
// https://docs.github.com/en/actions/using-workflows/workflow-commands-for-github-actions#sending-values-to-the-pre-and-post-actions
delete process.env.STATE_token;
// inputs are set as environment variables with the prefix INPUT_
// https://docs.github.com/en/actions/creating-actions/metadata-syntax-for-github-actions#example-specifying-inputs
process.env["INPUT_SKIP-TOKEN-REVOKE"] = "false";
await import("../post.js");

67
tests/snapshots/index.js.md
View File

@@ -12,9 +12,7 @@ Generated by [AVA](https://avajs.dev).
> stdout
`app_id — 'app_id' is deprecated and will be removed in a future version. Use 'app-id' instead.␊
private_key — 'private_key' is deprecated and will be removed in a future version. Use 'private-key' instead.␊
skip_token_revoke — 'skip_token_revoke' is deprecated and will be removed in a future version. Use 'skip-token-revoke' instead.`
''
## main-custom-github-api-url.test.js
@@ -24,7 +22,9 @@ Generated by [AVA](https://avajs.dev).
> stdout
`owner and repositories set, creating token for repositories "create-github-app-token" owned by "actions"
`Inputs 'owner' and 'repositories' are set. Creating token for the following repositories:
- actions/create-github-app-token␊
::add-mask::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
::set-output name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
@@ -39,16 +39,6 @@ Generated by [AVA](https://avajs.dev).
POST /api/v3/app/installations/123456/access_tokens␊
{"repositories":["create-github-app-token"]}`
## main-missing-app-id.test.js
> stderr
'Input required and not supplied: app-id'
> stdout
''
## main-missing-owner.test.js
> stderr
@@ -59,16 +49,6 @@ Generated by [AVA](https://avajs.dev).
''
## main-missing-private-key.test.js
> stderr
'Input required and not supplied: private-key'
> stdout
''
## main-missing-repository.test.js
> stderr
@@ -87,7 +67,7 @@ Generated by [AVA](https://avajs.dev).
> stdout
`owner and repositories not set, creating token for the current repository ("create-github-app-token")␊
`Inputs 'owner' and 'repositories' are not set. Creating token for this repository (actions/create-github-app-token).
::add-mask::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
::set-output name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
@@ -111,7 +91,9 @@ Generated by [AVA](https://avajs.dev).
> stdout
`owner and repositories set, creating token for repositories "failed-repo" owned by "actions"
`Inputs 'owner' and 'repositories' are set. Creating token for the following repositories:
- actions/failed-repo␊
::add-mask::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
::set-output name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
@@ -135,7 +117,7 @@ Generated by [AVA](https://avajs.dev).
> stdout
`repositories not set, creating token for all repositories for given owner "smockle"
`Input 'repositories' is not set. Creating token for all repositories owned by smockle.
Failed to create token for "smockle" (attempt 1): GitHub API not available␊
::add-mask::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
@@ -160,7 +142,9 @@ Generated by [AVA](https://avajs.dev).
> stdout
`owner and repositories set, creating token for repositories "failed-repo" owned by "actions"
`Inputs 'owner' and 'repositories' are set. Creating token for the following repositories:
- actions/failed-repo␊
Failed to create token for "failed-repo" (attempt 1): GitHub API not available␊
::add-mask::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
@@ -185,7 +169,11 @@ Generated by [AVA](https://avajs.dev).
> stdout
`owner and repositories set, creating token for repositories "create-github-app-token,toolkit,checkout" owned by "actions"
`Inputs 'owner' and 'repositories' are set. Creating token for the following repositories:
- actions/create-github-app-token␊
- actions/toolkit␊
- actions/checkout␊
::add-mask::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
::set-output name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
@@ -208,7 +196,11 @@ Generated by [AVA](https://avajs.dev).
> stdout
`owner and repositories set, creating token for repositories "create-github-app-token,toolkit,checkout" owned by "actions"
`Inputs 'owner' and 'repositories' are set. Creating token for the following repositories:
- actions/create-github-app-token␊
- actions/toolkit␊
- actions/checkout␊
::add-mask::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
::set-output name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
@@ -231,7 +223,9 @@ Generated by [AVA](https://avajs.dev).
> stdout
`owner and repositories set, creating token for repositories "create-github-app-token" owned by "actions"
`Inputs 'owner' and 'repositories' are set. Creating token for the following repositories:
- actions/create-github-app-token␊
::add-mask::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
::set-output name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
@@ -254,7 +248,7 @@ Generated by [AVA](https://avajs.dev).
> stdout
`repositories not set, creating token for all repositories for given owner "actions"
`Input 'repositories' is not set. Creating token for all repositories owned by actions.
::add-mask::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
::set-output name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
@@ -277,7 +271,8 @@ Generated by [AVA](https://avajs.dev).
> stdout
`owner not set, creating owner for given repositories "create-github-app-token" in current owner ("actions")
`No 'owner' input provided. Using default owner 'actions' to create token for the following repositories:
- actions/create-github-app-token␊
::add-mask::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
::set-output name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
@@ -300,7 +295,7 @@ Generated by [AVA](https://avajs.dev).
> stdout
`owner and repositories not set, creating token for the current repository ("create-github-app-token")␊
`Inputs 'owner' and 'repositories' are not set. Creating token for this repository (actions/create-github-app-token).
::add-mask::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
::set-output name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
@@ -323,7 +318,7 @@ Generated by [AVA](https://avajs.dev).
> stdout
`owner and repositories not set, creating token for the current repository ("create-github-app-token")␊
`Inputs 'owner' and 'repositories' are not set. Creating token for this repository (actions/create-github-app-token).
::add-mask::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
::set-output name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
@@ -336,7 +331,7 @@ Generated by [AVA](https://avajs.dev).
--- REQUESTS ---␊
GET /repos/actions/create-github-app-token/installation␊
POST /app/installations/123456/access_tokens␊
{"repositories":["create-github-app-token"],"permissions":{"issues":"write","pull_requests":"read"}}`
{"repositories":["create-github-app-token"],"permissions":{"issues":"write","pull-requests":"read"}}`
## post-revoke-token-fail-response.test.js

BIN
tests/snapshots/index.js.snap
View File

Binary file not shown.