build(release): 1.10.0 [skip ci]

# [1.10.0](https://github.com/actions/create-github-app-token/compare/v1.9.3...v1.10.0) (2024-05-01)

### Features

* **`private-key`:** escaped newlines will be replaced ([#132](https://github.com/actions/create-github-app-token/issues/132)) ([9d23fb9](9d23fb93dd))

README.md

@@ -30,7 +30,6 @@ jobs:
         with:
           app-id: ${{ vars.APP_ID }}
           private-key: ${{ secrets.PRIVATE_KEY }}
-          github-api-url: "https://github.acme-inc.com/api/v3"
       - uses: ./actions/staging-tests
         with:
           token: ${{ steps.app-token.outputs.token }}
@@ -179,6 +178,29 @@ jobs:
 
 ```yaml
 on: [push]
+
+jobs:
+  create_issue:
+    runs-on: self-hosted
+
+    steps:
+    - name: Create GitHub App token
+      id: create_token
+      uses: actions/create-github-app-token@v1
+      with:
+        app-id: ${{ vars.GHES_APP_ID }}
+        private-key: ${{ secrets.GHES_APP_PRIVATE_KEY }}
+        owner: ${{ vars.GHES_INSTALLATION_ORG }}
+        github-api-url: ${{ vars.GITHUB_API_URL }}
+
+    - name: Create issue
+      uses: octokit/request-action@v2.x
+      with:
+        route: POST /repos/${{ github.repository }}/issues
+        title: "New issue from workflow"
+        body: "This is a new issue created from a GitHub Action workflow."
+      env:
+        GITHUB_TOKEN: ${{ steps.create_token.outputs.token }}
 ```
 
 ## Inputs
@@ -189,11 +211,11 @@ on: [push]
 
 ### `private-key`
 
-**Required:** GitHub App private key.
+**Required:** GitHub App private key. Escaped newlines (`\\n`) will be automatically replaced with actual newlines.
 
 ### `owner`
 
-**Optional:** GitHub App installation owner. If empty, defaults to the current repository owner.
+**Optional:** The owner of the GitHub App installation. If empty, defaults to the current repository owner.
 
 ### `repositories`
 
@@ -216,6 +238,14 @@ on: [push]
 
 GitHub App installation access token.
 
+### `installation-id`
+
+GitHub App installation ID.
+
+### `app-slug`
+
+GitHub App slug.
+
 ## How it works
 
 The action creates an installation access token using [the `POST /app/installations/{installation_id}/access_tokens` endpoint](https://docs.github.com/rest/apps/apps?apiVersion=2022-11-28#create-an-installation-access-token-for-an-app). By default,

action.yml

@@ -20,7 +20,7 @@ inputs:
     required: false
     deprecationMessage: "'private_key' is deprecated and will be removed in a future version. Use 'private-key' instead."
   owner:
-    description: "GitHub App owner (defaults to current repository owner)"
+    description: "The owner of the GitHub App installation (defaults to current repository owner)"
     required: false
   repositories:
     description: "Repositories to install the GitHub App on (defaults to current repository if owner is unset)"
@@ -40,6 +40,10 @@ inputs:
 outputs:
   token:
     description: "GitHub installation access token"
+  installation-id:
+    description: "GitHub App installation ID"
+  app-slug:
+    description: "GitHub App slug"
 runs:
   using: "node20"
   main: "dist/main.cjs"

lib/main.js

@@ -70,35 +70,36 @@ export async function main(
     request,
   });
 
-  let authentication;
+  let authentication, installationId, appSlug;
   // If at least one repository is set, get installation ID from that repository
 
   if (parsedRepositoryNames) {
-    authentication = await pRetry(() => getTokenFromRepository(request, auth, parsedOwner, parsedRepositoryNames), {
+    ({ authentication, installationId, appSlug } = await pRetry(() => getTokenFromRepository(request, auth, parsedOwner, parsedRepositoryNames), {
       onFailedAttempt: (error) => {
         core.info(
           `Failed to create token for "${parsedRepositoryNames}" (attempt ${error.attemptNumber}): ${error.message}`
         );
       },
       retries: 3,
-    });
-
+    }));
   } else {
     // Otherwise get the installation for the owner, which can either be an organization or a user account
-    authentication = await pRetry(() => getTokenFromOwner(request, auth, parsedOwner), {
+    ({ authentication, installationId, appSlug } = await pRetry(() => getTokenFromOwner(request, auth, parsedOwner), {
       onFailedAttempt: (error) => {
         core.info(
           `Failed to create token for "${parsedOwner}" (attempt ${error.attemptNumber}): ${error.message}`
         );
       },
       retries: 3,
-    });
+    }));
   }
 
   // Register the token with the runner as a secret to ensure it is masked in logs
   core.setSecret(authentication.token);
 
   core.setOutput("token", authentication.token);
+  core.setOutput("installation-id", installationId);
+  core.setOutput("app-slug", appSlug);
 
   // Make token accessible to post function (so we can invalidate it)
   if (!skipTokenRevoke) {
@@ -132,7 +133,11 @@ async function getTokenFromOwner(request, auth, parsedOwner) {
     type: "installation",
     installationId: response.data.id,
   });
-  return authentication;
+
+  const installationId = response.data.id;
+  const appSlug = response.data['app_slug'];
+
+  return { authentication, installationId, appSlug };
 }
 
 async function getTokenFromRepository(request, auth, parsedOwner, parsedRepositoryNames) {
@@ -152,5 +157,8 @@ async function getTokenFromRepository(request, auth, parsedOwner, parsedReposito
     repositoryNames: parsedRepositoryNames.split(","),
   });
 
-  return authentication;
-}
+  const installationId = response.data.id;
+  const appSlug = response.data['app_slug'];
+
+  return { authentication, installationId, appSlug };
+ }

package.json

@@ -2,7 +2,7 @@
   "name": "create-github-app-token",
   "private": true,
   "type": "module",
-  "version": "1.8.0",
+  "version": "1.10.0",
   "description": "GitHub Action for creating a GitHub App Installation Access Token",
   "scripts": {
     "build": "esbuild main.js post.js --bundle --outdir=dist --out-extension:.js=.cjs --platform=node --target=node20.0.0",
@@ -13,20 +13,20 @@
   "license": "MIT",
   "dependencies": {
     "@actions/core": "^1.10.1",
-    "@octokit/auth-app": "^6.0.3",
-    "@octokit/request": "^8.1.6",
+    "@octokit/auth-app": "^7.0.0",
+    "@octokit/request": "^9.0.1",
     "p-retry": "^6.2.0",
-    "undici": "^6.6.0"
+    "undici": "^6.15.0"
   },
   "devDependencies": {
     "@sinonjs/fake-timers": "^11.2.2",
-    "ava": "^6.1.1",
+    "ava": "^6.1.2",
     "c8": "^9.1.0",
-    "dotenv": "^16.4.1",
-    "esbuild": "^0.20.0",
+    "dotenv": "^16.4.5",
+    "esbuild": "^0.20.2",
     "execa": "^8.0.1",
     "open-cli": "^8.0.0",
-    "yaml": "^2.3.4"
+    "yaml": "^2.4.2"
   },
   "release": {
     "branches": [

tests/main-private-key-with-escaped-newlines.js

@@ -0,0 +1,6 @@
+import { test, DEFAULT_ENV } from "./main.js";
+
+// Verify `main` works correctly when `private-key` input has escaped newlines
+await test(() => {
+  process.env['INPUT_PRIVATE-KEY'] = DEFAULT_ENV.PRIVATE_KEY.replace(/\n/g, '\\n')
+});

tests/main-repo-skew.js

@@ -9,6 +9,7 @@ await test((mockPool) => {
   const owner = process.env.INPUT_OWNER
   const repo = process.env.INPUT_REPOSITORIES
   const mockInstallationId = "123456";
+  const mockAppSlug = "github-actions";
 
   install({ now: 0, toFake: ["Date"] });
 
@@ -44,7 +45,8 @@ await test((mockPool) => {
       return {
         statusCode: 200,
         data: {
-          id: mockInstallationId
+          id: mockInstallationId,
+          "app_slug": mockAppSlug
         },
         responseOptions: {
           headers: {

tests/main-token-get-owner-set-repo-fail-response.test.js

@@ -7,6 +7,7 @@ await test((mockPool) => {
   const owner = process.env.INPUT_OWNER;
   const repo = process.env.INPUT_REPOSITORIES;
   const mockInstallationId = "123456";
+  const mockAppSlug = "github-actions";
 
   mockPool
     .intercept({
@@ -32,7 +33,7 @@ await test((mockPool) => {
     })
     .reply(
       200,
-      { id: mockInstallationId },
+      { id: mockInstallationId, "app_slug": mockAppSlug },
       { headers: { "content-type": "application/json" } }
     );
 });

tests/main-token-get-owner-set-to-org-repo-unset.test.js

@@ -5,8 +5,9 @@ await test((mockPool) => {
   process.env.INPUT_OWNER = process.env.GITHUB_REPOSITORY_OWNER;
   delete process.env.INPUT_REPOSITORIES;
 
-  // Mock installation id request
+  // Mock installation id and app slug request
   const mockInstallationId = "123456";
+  const mockAppSlug = "github-actions";
   mockPool
     .intercept({
       path: `/orgs/${process.env.INPUT_OWNER}/installation`,
@@ -19,7 +20,7 @@ await test((mockPool) => {
     })
     .reply(
       200,
-      { id: mockInstallationId },
+      { id: mockInstallationId, "app_slug": mockAppSlug },
       { headers: { "content-type": "application/json" } }
     );
 });

tests/main-token-get-owner-set-to-user-fail-response.test.js

@@ -5,8 +5,9 @@ await test((mockPool) => {
   process.env.INPUT_OWNER = "smockle";
   delete process.env.INPUT_REPOSITORIES;
 
-  // Mock installation id request
+  // Mock installation ID and app slug request
   const mockInstallationId = "123456";
+  const mockAppSlug = "github-actions";
   mockPool
     .intercept({
       path: `/orgs/${process.env.INPUT_OWNER}/installation`,
@@ -30,7 +31,7 @@ await test((mockPool) => {
     })
     .reply(
       200,
-      { id: mockInstallationId },
+      { id: mockInstallationId, "app_slug": mockAppSlug },
       { headers: { "content-type": "application/json" } }
     );
 });

tests/main-token-get-owner-set-to-user-repo-unset.test.js

@@ -5,8 +5,9 @@ await test((mockPool) => {
   process.env.INPUT_OWNER = "smockle";
   delete process.env.INPUT_REPOSITORIES;
 
-  // Mock installation id request
+  // Mock installation ID and app slug request
   const mockInstallationId = "123456";
+  const mockAppSlug = "github-actions";
   mockPool
     .intercept({
       path: `/orgs/${process.env.INPUT_OWNER}/installation`,
@@ -30,7 +31,7 @@ await test((mockPool) => {
     })
     .reply(
       200,
-      { id: mockInstallationId },
+      { id: mockInstallationId, "app_slug": mockAppSlug },
       { headers: { "content-type": "application/json" } }
     );
 });

tests/main-token-get-owner-unset-repo-unset.test.js

@@ -5,8 +5,9 @@ await test((mockPool) => {
   delete process.env.INPUT_OWNER;
   delete process.env.INPUT_REPOSITORIES;
 
-  // Mock installation id request
+  // Mock installation ID and app slug request
   const mockInstallationId = "123456";
+  const mockAppSlug = "github-actions";
   mockPool
     .intercept({
       path: `/repos/${process.env.GITHUB_REPOSITORY}/installation`,
@@ -19,7 +20,7 @@ await test((mockPool) => {
     })
     .reply(
       200,
-      { id: mockInstallationId },
+      { id: mockInstallationId, "app_slug": mockAppSlug },
       { headers: { "content-type": "application/json" } }
     );
 });

tests/main.js

@@ -54,8 +54,9 @@ export async function test(cb = (_mockPool) => {}, env = DEFAULT_ENV) {
 
   // Calling `auth({ type: "app" })` to obtain a JWT doesn’t make network requests, so no need to intercept.
 
-  // Mock installation id request
+  // Mock installation ID and app slug request
   const mockInstallationId = "123456";
+  const mockAppSlug = "github-actions";
   const owner = env.INPUT_OWNER ?? env.GITHUB_REPOSITORY_OWNER;
   const repo = encodeURIComponent(
     (env.INPUT_REPOSITORIES ?? env.GITHUB_REPOSITORY).split(",")[0]
@@ -72,7 +73,7 @@ export async function test(cb = (_mockPool) => {}, env = DEFAULT_ENV) {
     })
     .reply(
       200,
-      { id: mockInstallationId },
+      { id: mockInstallationId, "app_slug": mockAppSlug },
       { headers: { "content-type": "application/json" } }
     );
 

tests/snapshots/index.js.md

@@ -28,6 +28,10 @@ Generated by [AVA](https://avajs.dev).
     ::add-mask::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
     ␊
     ::set-output name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
+    ␊
+    ::set-output name=installation-id::123456␊
+    ␊
+    ::set-output name=app-slug::github-actions␊
     ::save-state name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
     ␊
     ::set-output name=expiresAt::2016-07-11T22:14:10Z`
@@ -85,6 +89,10 @@ Generated by [AVA](https://avajs.dev).
     ::add-mask::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
     ␊
     ::set-output name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
+    ␊
+    ::set-output name=installation-id::123456␊
+    ␊
+    ::set-output name=app-slug::github-actions␊
     ::save-state name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
     ␊
     ::set-output name=expiresAt::2016-07-11T22:14:10Z`
@@ -101,6 +109,10 @@ Generated by [AVA](https://avajs.dev).
     ::add-mask::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
     ␊
     ::set-output name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
+    ␊
+    ::set-output name=installation-id::123456␊
+    ␊
+    ::set-output name=app-slug::github-actions␊
     ::save-state name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
     ␊
     ::set-output name=expiresAt::2016-07-11T22:14:10Z`
@@ -117,6 +129,10 @@ Generated by [AVA](https://avajs.dev).
     ::add-mask::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
     ␊
     ::set-output name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
+    ␊
+    ::set-output name=installation-id::123456␊
+    ␊
+    ::set-output name=app-slug::github-actions␊
     ::save-state name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
     ␊
     ::set-output name=expiresAt::2016-07-11T22:14:10Z`
@@ -133,6 +149,10 @@ Generated by [AVA](https://avajs.dev).
     ::add-mask::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
     ␊
     ::set-output name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
+    ␊
+    ::set-output name=installation-id::123456␊
+    ␊
+    ::set-output name=app-slug::github-actions␊
     ::save-state name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
     ␊
     ::set-output name=expiresAt::2016-07-11T22:14:10Z`
@@ -150,6 +170,10 @@ Generated by [AVA](https://avajs.dev).
     ::add-mask::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
     ␊
     ::set-output name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
+    ␊
+    ::set-output name=installation-id::123456␊
+    ␊
+    ::set-output name=app-slug::github-actions␊
     ::save-state name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
     ␊
     ::set-output name=expiresAt::2016-07-11T22:14:10Z`
@@ -166,6 +190,10 @@ Generated by [AVA](https://avajs.dev).
     ::add-mask::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
     ␊
     ::set-output name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
+    ␊
+    ::set-output name=installation-id::123456␊
+    ␊
+    ::set-output name=app-slug::github-actions␊
     ::save-state name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
     ␊
     ::set-output name=expiresAt::2016-07-11T22:14:10Z`
@@ -182,6 +210,10 @@ Generated by [AVA](https://avajs.dev).
     ::add-mask::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
     ␊
     ::set-output name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
+    ␊
+    ::set-output name=installation-id::123456␊
+    ␊
+    ::set-output name=app-slug::github-actions␊
     ::save-state name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
     ␊
     ::set-output name=expiresAt::2016-07-11T22:14:10Z`
@@ -198,6 +230,10 @@ Generated by [AVA](https://avajs.dev).
     ::add-mask::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
     ␊
     ::set-output name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
+    ␊
+    ::set-output name=installation-id::123456␊
+    ␊
+    ::set-output name=app-slug::github-actions␊
     ::save-state name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
     ␊
     ::set-output name=expiresAt::2016-07-11T22:14:10Z`