build(release): 2.1.4 [skip ci]

## [2.1.4](https://github.com/actions/create-github-app-token/compare/v2.1.3...v2.1.4) (2025-09-13)

### Bug Fixes

* **deps:** bump @octokit/auth-app from 7.2.1 to 8.0.1 ([#257](https://github.com/actions/create-github-app-token/issues/257)) ([bef1eaf](bef1eaf1c0))

.github/workflows/publish-immutable-action.yml

@@ -12,6 +12,6 @@ jobs:
       id-token: write
       packages: write
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
       - name: Publish Immutable Action
         uses: actions/publish-immutable-action@v0.0.4

.github/workflows/release.yml

@@ -3,7 +3,9 @@ name: release
 on:
   push:
     branches:
+      - "*.x"
       - main
+      - beta
 
 permissions:
   contents: write
@@ -16,7 +18,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       # build local version to create token
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
         with:
           persist-credentials: false
 

.github/workflows/test.yml

@@ -11,12 +11,15 @@ concurrency:
   group: ${{ github.workflow }}-${{ github.ref }}
   cancel-in-progress: true
 
+permissions:
+  contents: read
+
 jobs:
   integration:
     name: Integration
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
 
       - uses: actions/setup-node@v4
         with:
@@ -32,7 +35,7 @@ jobs:
     # do not run from forks, as forks don’t have access to repository secrets
     if: github.event.pull_request.head.repo.owner.login == github.event.pull_request.base.repo.owner.login
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
       - uses: actions/setup-node@v4
         with:
           node-version: 20

.github/workflows/update-permission-inputs.yml

@@ -0,0 +1,33 @@
+name: Update Permission Inputs
+
+on:
+  pull_request:
+    paths:
+      - 'package.json'
+      - 'package-lock.json'
+  workflow_dispatch:
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
+permissions:
+  contents: write
+
+jobs:
+  update-permission-inputs:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v5
+      - uses: actions/setup-node@v4
+        with:
+          node-version-file: .node-version
+          cache: 'npm'
+      - name: Install dependencies
+        run: npm ci
+      - name: Run permission inputs update script
+        run: node scripts/update-permission-inputs.js
+      - name: Commit changes
+        uses: stefanzweifel/git-auto-commit-action@778341af668090896ca464160c2def5d1d1a3eb0 # v6.0.1
+        with:
+          commit_message: 'feat: update permission inputs'

CONTRIBUTING.md

@@ -12,4 +12,4 @@ Run tests locally
 npm test
 ```
 
-Learn more about how the tests work in [test/README.md](test/README.md).
+Learn more about how the tests work in [tests/README.md](tests/README.md).

README.md

@@ -8,9 +8,9 @@ GitHub Action for creating a GitHub App installation access token.
 
 In order to use this action, you need to:
 
-1. [Register new GitHub App](https://docs.github.com/apps/creating-github-apps/setting-up-a-github-app/creating-a-github-app)
+1. [Register new GitHub App](https://docs.github.com/apps/creating-github-apps/setting-up-a-github-app/creating-a-github-app).
-2. [Store the App's ID in your repository environment variables](https://docs.github.com/actions/learn-github-actions/variables#defining-configuration-variables-for-multiple-workflows) (example: `APP_ID`)
+2. [Store the App's ID or Client ID in your repository environment variables](https://docs.github.com/actions/learn-github-actions/variables#defining-configuration-variables-for-multiple-workflows) (example: `APP_ID`).
-3. [Store the App's private key in your repository secrets](https://docs.github.com/actions/security-guides/encrypted-secrets?tool=webui#creating-encrypted-secrets-for-a-repository) (example: `PRIVATE_KEY`)
+3. [Store the App's private key in your repository secrets](https://docs.github.com/actions/security-guides/encrypted-secrets?tool=webui#creating-encrypted-secrets-for-a-repository) (example: `PRIVATE_KEY`).
 
 > [!IMPORTANT]  
 > An installation access token expires after 1 hour. Please [see this comment](https://github.com/actions/create-github-app-token/issues/121#issuecomment-2043214796) for alternative approaches if you have long-running processes.
@@ -28,7 +28,7 @@ jobs:
   hello-world:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/create-github-app-token@v1
+      - uses: actions/create-github-app-token@v2
         id: app-token
         with:
           app-id: ${{ vars.APP_ID }}
@@ -47,7 +47,7 @@ jobs:
   auto-format:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/create-github-app-token@v1
+      - uses: actions/create-github-app-token@v2
         id: app-token
         with:
           # required
@@ -73,7 +73,7 @@ jobs:
   auto-format:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/create-github-app-token@v1
+      - uses: actions/create-github-app-token@v2
         id: app-token
         with:
           # required
@@ -98,7 +98,7 @@ jobs:
   auto-format:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/create-github-app-token@v1
+      - uses: actions/create-github-app-token@v2
         id: app-token
         with:
           # required
@@ -135,7 +135,7 @@ jobs:
   hello-world:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/create-github-app-token@v1
+      - uses: actions/create-github-app-token@v2
         id: app-token
         with:
           app-id: ${{ vars.APP_ID }}
@@ -157,7 +157,7 @@ jobs:
   hello-world:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/create-github-app-token@v1
+      - uses: actions/create-github-app-token@v2
         id: app-token
         with:
           app-id: ${{ vars.APP_ID }}
@@ -182,7 +182,7 @@ jobs:
   hello-world:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/create-github-app-token@v1
+      - uses: actions/create-github-app-token@v2
         id: app-token
         with:
           app-id: ${{ vars.APP_ID }}
@@ -207,7 +207,7 @@ jobs:
   hello-world:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/create-github-app-token@v1
+      - uses: actions/create-github-app-token@v2
         id: app-token
         with:
           app-id: ${{ vars.APP_ID }}
@@ -249,7 +249,7 @@ jobs:
         owners-and-repos: ${{ fromJson(needs.set-matrix.outputs.matrix) }}
 
     steps:
-      - uses: actions/create-github-app-token@v1
+      - uses: actions/create-github-app-token@v2
         id: app-token
         with:
           app-id: ${{ vars.APP_ID }}
@@ -279,7 +279,7 @@ jobs:
     steps:
       - name: Create GitHub App token
         id: create_token
-        uses: actions/create-github-app-token@v1
+        uses: actions/create-github-app-token@v2
         with:
           app-id: ${{ vars.GHES_APP_ID }}
           private-key: ${{ secrets.GHES_APP_PRIVATE_KEY }}
@@ -318,7 +318,7 @@ steps:
       echo "private-key=$private_key" >> "$GITHUB_OUTPUT"
   - name: Generate GitHub App Token
     id: app-token
-    uses: actions/create-github-app-token@v1
+    uses: actions/create-github-app-token@v2
     with:
       app-id: ${{ vars.APP_ID }}
       private-key: ${{ steps.decode.outputs.private-key }}
@@ -343,7 +343,7 @@ The reason we define one `permision-<permission name>` input per permission is t
 
 ### `skip-token-revoke`
 
-**Optional:** If truthy, the token will not be revoked when the current job is complete.
+**Optional:** If true, the token will not be revoked when the current job is complete.
 
 ### `github-api-url`
 
@@ -370,7 +370,7 @@ The action creates an installation access token using [the `POST /app/installati
 1. The token is scoped to the current repository or `repositories` if set.
 2. The token inherits all the installation's permissions.
 3. The token is set as output `token` which can be used in subsequent steps.
-4. Unless the `skip-token-revoke` input is set to a truthy value, the token is revoked in the `post` step of the action, which means it cannot be passed to another job.
+4. Unless the `skip-token-revoke` input is set to true, the token is revoked in the `post` step of the action, which means it cannot be passed to another job.
 5. The token is masked, it cannot be logged accidentally.
 
 > [!NOTE]

action.yml

@@ -18,8 +18,9 @@ inputs:
     description: "Comma or newline-separated list of repositories to install the GitHub App on (defaults to current repository if owner is unset)"
     required: false
   skip-token-revoke:
-    description: "If truthy, the token will not be revoked when the current job is complete"
+    description: "If true, the token will not be revoked when the current job is complete"
     required: false
+    default: "false"
   # Make GitHub API configurable to support non-GitHub Cloud use cases
   # see https://github.com/actions/create-github-app-token/issues/77
   github-api-url:
@@ -37,7 +38,7 @@ inputs:
   permission-contents:
     description: "The level of permission to grant the access token for repository contents, commits, branches, downloads, releases, and merges. Can be set to 'read' or 'write'."
   permission-dependabot-secrets:
-    description: "The leve of permission to grant the access token to manage Dependabot secrets. Can be set to 'read' or 'write'."
+    description: "The level of permission to grant the access token to manage Dependabot secrets. Can be set to 'read' or 'write'."
   permission-deployments:
     description: "The level of permission to grant the access token for deployments and deployment statuses. Can be set to 'read' or 'write'."
   permission-email-addresses:

lib/get-permissions-from-inputs.js

@@ -7,9 +7,13 @@
  */
 export function getPermissionsFromInputs(env) {
   return Object.entries(env).reduce((permissions, [key, value]) => {
-    if (!key.startsWith("INPUT_PERMISSION_")) return permissions;
+    if (!key.startsWith("INPUT_PERMISSION-")) return permissions;
+    if (!value) return permissions;
 
-    const permission = key.slice("INPUT_PERMISSION_".length).toLowerCase();
+    const permission = key.slice("INPUT_PERMISSION-".length).toLowerCase()
+      .replaceAll(/-/g, "_");
+
+    // Inherit app permissions if no permissions inputs are set
     if (permissions === undefined) {
       return { [permission]: value };
     }

lib/main.js

@@ -21,7 +21,7 @@ export async function main(
   core,
   createAppAuth,
   request,
-  skipTokenRevoke,
+  skipTokenRevoke
 ) {
   let parsedOwner = "";
   let parsedRepositoryNames = [];
@@ -33,7 +33,7 @@ export async function main(
     parsedRepositoryNames = [repo];
 
     core.info(
-      `owner and repositories not set, creating token for the current repository ("${repo}")`,
+      `Inputs 'owner' and 'repositories' are not set. Creating token for this repository (${owner}/${repo}).`
     );
   }
 
@@ -42,7 +42,7 @@ export async function main(
     parsedOwner = owner;
 
     core.info(
-      `repositories not set, creating token for all repositories for given owner "${owner}"`,
+      `Input 'repositories' is not set. Creating token for all repositories owned by ${owner}.`
     );
   }
 
@@ -52,9 +52,9 @@ export async function main(
     parsedRepositoryNames = repositories;
 
     core.info(
-      `owner not set, creating owner for given repositories "${repositories.join(
+      `No 'owner' input provided. Using default owner '${parsedOwner}' to create token for the following repositories:${repositories
-        ",",
+        .map((repo) => `\n- ${parsedOwner}/${repo}`)
-      )}" in current owner ("${parsedOwner}")`,
+        .join("")}`
     );
   }
 
@@ -64,9 +64,8 @@ export async function main(
     parsedRepositoryNames = repositories;
 
     core.info(
-      `owner and repositories set, creating token for repositories "${repositories.join(
+      `Inputs 'owner' and 'repositories' are set. Creating token for the following repositories:
-        ",",
+      ${repositories.map((repo) => `\n- ${parsedOwner}/${repo}`).join("")}`
-      )}" owned by "${owner}"`,
     );
   }
 
@@ -87,18 +86,19 @@ export async function main(
           auth,
           parsedOwner,
           parsedRepositoryNames,
-          permissions,
+          permissions
         ),
       {
+        shouldRetry: (error) => error.status >= 500,
         onFailedAttempt: (error) => {
           core.info(
             `Failed to create token for "${parsedRepositoryNames.join(
-              ",",
+              ","
-            )}" (attempt ${error.attemptNumber}): ${error.message}`,
+            )}" (attempt ${error.attemptNumber}): ${error.message}`
           );
         },
         retries: 3,
-      },
+      }
     ));
   } else {
     // Otherwise get the installation for the owner, which can either be an organization or a user account
@@ -107,11 +107,11 @@ export async function main(
       {
         onFailedAttempt: (error) => {
           core.info(
-            `Failed to create token for "${parsedOwner}" (attempt ${error.attemptNumber}): ${error.message}`,
+            `Failed to create token for "${parsedOwner}" (attempt ${error.attemptNumber}): ${error.message}`
           );
         },
         retries: 3,
-      },
+      }
     ));
   }
 
@@ -157,7 +157,7 @@ async function getTokenFromRepository(
   auth,
   parsedOwner,
   parsedRepositoryNames,
-  permissions,
+  permissions
 ) {
   // https://docs.github.com/rest/apps/apps?apiVersion=2022-11-28#get-a-repository-installation-for-the-authenticated-app
   const response = await request("GET /repos/{owner}/{repo}/installation", {

lib/post.js

@@ -5,7 +5,7 @@
  * @param {import("@octokit/request").request} request
  */
 export async function post(core, request) {
-  const skipTokenRevoke = Boolean(core.getInput("skip-token-revoke"));
+  const skipTokenRevoke = core.getBooleanInput("skip-token-revoke");
 
   if (skipTokenRevoke) {
     core.info("Token revocation was skipped");

main.js

@@ -24,7 +24,7 @@ const repositories = core
   .map((s) => s.trim())
   .filter((x) => x !== "");
 
-const skipTokenRevoke = Boolean(core.getInput("skip-token-revoke"));
+const skipTokenRevoke = core.getBooleanInput("skip-token-revoke");
 
 const permissions = getPermissionsFromInputs(process.env);
 

package.json

@@ -2,7 +2,7 @@
   "name": "create-github-app-token",
   "private": true,
   "type": "module",
-  "version": "2.0.0",
+  "version": "2.1.4",
   "description": "GitHub Action for creating a GitHub App Installation Access Token",
   "scripts": {
     "build": "esbuild main.js post.js --bundle --outdir=dist --out-extension:.js=.cjs --platform=node --target=node20.0.0 --packages=bundle",
@@ -13,26 +13,30 @@
   "license": "MIT",
   "dependencies": {
     "@actions/core": "^1.11.1",
-    "@octokit/auth-app": "^7.1.5",
+    "@octokit/auth-app": "^8.1.0",
-    "@octokit/request": "^9.2.2",
+    "@octokit/request": "^10.0.3",
     "p-retry": "^6.2.1",
-    "undici": "^7.5.0"
+    "undici": "^7.16.0"
   },
   "devDependencies": {
-    "@octokit/openapi": "^18.0.0",
+    "@octokit/openapi": "^19.1.0",
     "@sinonjs/fake-timers": "^14.0.0",
-    "ava": "^6.2.0",
+    "ava": "^6.4.1",
     "c8": "^10.1.3",
-    "dotenv": "^16.4.7",
+    "dotenv": "^17.2.1",
-    "esbuild": "^0.25.0",
+    "esbuild": "^0.25.8",
-    "execa": "^9.5.2",
+    "execa": "^9.6.0",
     "open-cli": "^8.0.0",
-    "yaml": "^2.7.0"
+    "yaml": "^2.8.1"
   },
   "release": {
     "branches": [
       "+([0-9]).x",
-      "main"
+      "main",
+      {
+        "name": "beta",
+        "prerelease": true
+      }
     ],
     "plugins": [
       "@semantic-release/commit-analyzer",

scripts/generated/app-permissions.json

@@ -45,7 +45,7 @@
     },
     "dependabot_secrets": {
       "type": "string",
-      "description": "The leve of permission to grant the access token to manage Dependabot secrets.",
+      "description": "The level of permission to grant the access token to manage Dependabot secrets.",
       "enum": [
         "read",
         "write"

tests/main-token-permissions-set.test.js

@@ -2,6 +2,6 @@ import { test } from "./main.js";
 
 // Verify `main` successfully sets permissions
 await test(() => {
-  process.env.INPUT_PERMISSION_ISSUES = `write`;
+  process.env["INPUT_PERMISSION-ISSUES"] = `write`;
-  process.env.INPUT_PERMISSION_PULL_REQUESTS = `read`;
+  process.env["INPUT_PERMISSION-PULL-REQUESTS"] = `read`;
 });

tests/main.js

@@ -8,6 +8,7 @@ export const DEFAULT_ENV = {
   // inputs are set as environment variables with the prefix INPUT_
   // https://docs.github.com/actions/creating-actions/metadata-syntax-for-github-actions#example-specifying-inputs
   "INPUT_GITHUB-API-URL": "https://api.github.com",
+  "INPUT_SKIP-TOKEN-REVOKE": "false",
   "INPUT_APP-ID": "123456",
   // This key is invalidated. It’s from https://github.com/octokit/auth-app.js/issues/465#issuecomment-1564998327.
   "INPUT_PRIVATE-KEY": `-----BEGIN RSA PRIVATE KEY-----
@@ -37,6 +38,8 @@ so0tiQKBgGQXZaxaXhYUcxYHuCkQ3V4Vsj3ezlM92xXlP32SGFm3KgFhYy9kATxw
 Cax1ytZzvlrKLQyQFVK1COs2rHt7W4cJ7op7C8zXfsigXCiejnS664oAuX8sQZID
 x3WQZRiXlWejSMUAHuMwXrhGlltF3lw83+xAjnqsVp75kGS6OH61
 -----END RSA PRIVATE KEY-----`,
+  // The Actions runner sets all inputs to empty strings if not set.
+  "INPUT_PERMISSION-ADMINISTRATION": "",
 };
 
 export async function test(cb = (_mockPool) => {}, env = DEFAULT_ENV) {
@@ -60,7 +63,7 @@ export async function test(cb = (_mockPool) => {}, env = DEFAULT_ENV) {
   const owner = env.INPUT_OWNER ?? env.GITHUB_REPOSITORY_OWNER;
   const currentRepoName = env.GITHUB_REPOSITORY.split("/")[1];
   const repo = encodeURIComponent(
-    (env.INPUT_REPOSITORIES ?? currentRepoName).split(",")[0],
+    (env.INPUT_REPOSITORIES ?? currentRepoName).split(",")[0]
   );
 
   mockPool
@@ -76,7 +79,7 @@ export async function test(cb = (_mockPool) => {}, env = DEFAULT_ENV) {
     .reply(
       200,
       { id: mockInstallationId, app_slug: mockAppSlug },
-      { headers: { "content-type": "application/json" } },
+      { headers: { "content-type": "application/json" } }
     );
 
   // Mock installation access token request
@@ -97,7 +100,7 @@ export async function test(cb = (_mockPool) => {}, env = DEFAULT_ENV) {
     .reply(
       201,
       { token: mockInstallationAccessToken, expires_at: mockExpiresAt },
-      { headers: { "content-type": "application/json" } },
+      { headers: { "content-type": "application/json" } }
     );
 
   // Run the callback

tests/post-revoke-token-fail-response.test.js

@@ -7,6 +7,7 @@ process.env.STATE_token = "secret123";
 // inputs are set as environment variables with the prefix INPUT_
 // https://docs.github.com/en/actions/creating-actions/metadata-syntax-for-github-actions#example-specifying-inputs
 process.env["INPUT_GITHUB-API-URL"] = "https://api.github.com";
+process.env["INPUT_SKIP-TOKEN-REVOKE"] = "false";
 
 // 1 hour in the future, not expired
 process.env.STATE_expiresAt = new Date(

tests/post-token-expired.test.js

@@ -7,6 +7,10 @@ process.env.STATE_token = "secret123";
 // 1 hour in the past, expired
 process.env.STATE_expiresAt = new Date(Date.now() - 1000 * 60 * 60).toISOString();
 
+// inputs are set as environment variables with the prefix INPUT_
+// https://docs.github.com/en/actions/creating-actions/metadata-syntax-for-github-actions#example-specifying-inputs
+process.env["INPUT_SKIP-TOKEN-REVOKE"] = "false";
+
 const mockAgent = new MockAgent();
 
 setGlobalDispatcher(mockAgent);

tests/post-token-set.test.js

@@ -7,6 +7,7 @@ process.env.STATE_token = "secret123";
 // inputs are set as environment variables with the prefix INPUT_
 // https://docs.github.com/en/actions/creating-actions/metadata-syntax-for-github-actions#example-specifying-inputs
 process.env["INPUT_GITHUB-API-URL"] = "https://api.github.com";
+process.env["INPUT_SKIP-TOKEN-REVOKE"] = "false";
 
 // 1 hour in the future, not expired
 process.env.STATE_expiresAt = new Date(Date.now() + 1000 * 60 * 60).toISOString();

tests/post-token-unset.test.js

@@ -2,4 +2,8 @@
 // https://docs.github.com/en/actions/using-workflows/workflow-commands-for-github-actions#sending-values-to-the-pre-and-post-actions
 delete process.env.STATE_token;
 
+// inputs are set as environment variables with the prefix INPUT_
+// https://docs.github.com/en/actions/creating-actions/metadata-syntax-for-github-actions#example-specifying-inputs
+process.env["INPUT_SKIP-TOKEN-REVOKE"] = "false";
+
 await import("../post.js");

tests/snapshots/index.js.md

@@ -22,7 +22,9 @@ Generated by [AVA](https://avajs.dev).
 
 > stdout
 
-    `owner and repositories set, creating token for repositories "create-github-app-token" owned by "actions"␊
+    `Inputs 'owner' and 'repositories' are set. Creating token for the following repositories:␊
+          ␊
+    - actions/create-github-app-token␊
     ::add-mask::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
     ␊
     ::set-output name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
@@ -65,7 +67,7 @@ Generated by [AVA](https://avajs.dev).
 
 > stdout
 
-    `owner and repositories not set, creating token for the current repository ("create-github-app-token")␊
+    `Inputs 'owner' and 'repositories' are not set. Creating token for this repository (actions/create-github-app-token).␊
     ::add-mask::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
     ␊
     ::set-output name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
@@ -89,7 +91,9 @@ Generated by [AVA](https://avajs.dev).
 
 > stdout
 
-    `owner and repositories set, creating token for repositories "failed-repo" owned by "actions"␊
+    `Inputs 'owner' and 'repositories' are set. Creating token for the following repositories:␊
+          ␊
+    - actions/failed-repo␊
     ::add-mask::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
     ␊
     ::set-output name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
@@ -113,7 +117,7 @@ Generated by [AVA](https://avajs.dev).
 
 > stdout
 
-    `repositories not set, creating token for all repositories for given owner "smockle"␊
+    `Input 'repositories' is not set. Creating token for all repositories owned by smockle.␊
     Failed to create token for "smockle" (attempt 1): GitHub API not available␊
     ::add-mask::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
     ␊
@@ -138,7 +142,9 @@ Generated by [AVA](https://avajs.dev).
 
 > stdout
 
-    `owner and repositories set, creating token for repositories "failed-repo" owned by "actions"␊
+    `Inputs 'owner' and 'repositories' are set. Creating token for the following repositories:␊
+          ␊
+    - actions/failed-repo␊
     Failed to create token for "failed-repo" (attempt 1): GitHub API not available␊
     ::add-mask::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
     ␊
@@ -163,7 +169,11 @@ Generated by [AVA](https://avajs.dev).
 
 > stdout
 
-    `owner and repositories set, creating token for repositories "create-github-app-token,toolkit,checkout" owned by "actions"␊
+    `Inputs 'owner' and 'repositories' are set. Creating token for the following repositories:␊
+          ␊
+    - actions/create-github-app-token␊
+    - actions/toolkit␊
+    - actions/checkout␊
     ::add-mask::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
     ␊
     ::set-output name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
@@ -186,7 +196,11 @@ Generated by [AVA](https://avajs.dev).
 
 > stdout
 
-    `owner and repositories set, creating token for repositories "create-github-app-token,toolkit,checkout" owned by "actions"␊
+    `Inputs 'owner' and 'repositories' are set. Creating token for the following repositories:␊
+          ␊
+    - actions/create-github-app-token␊
+    - actions/toolkit␊
+    - actions/checkout␊
     ::add-mask::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
     ␊
     ::set-output name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
@@ -209,7 +223,9 @@ Generated by [AVA](https://avajs.dev).
 
 > stdout
 
-    `owner and repositories set, creating token for repositories "create-github-app-token" owned by "actions"␊
+    `Inputs 'owner' and 'repositories' are set. Creating token for the following repositories:␊
+          ␊
+    - actions/create-github-app-token␊
     ::add-mask::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
     ␊
     ::set-output name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
@@ -232,7 +248,7 @@ Generated by [AVA](https://avajs.dev).
 
 > stdout
 
-    `repositories not set, creating token for all repositories for given owner "actions"␊
+    `Input 'repositories' is not set. Creating token for all repositories owned by actions.␊
     ::add-mask::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
     ␊
     ::set-output name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
@@ -255,7 +271,8 @@ Generated by [AVA](https://avajs.dev).
 
 > stdout
 
-    `owner not set, creating owner for given repositories "create-github-app-token" in current owner ("actions")␊
+    `No 'owner' input provided. Using default owner 'actions' to create token for the following repositories:␊
+    - actions/create-github-app-token␊
     ::add-mask::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
     ␊
     ::set-output name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
@@ -278,7 +295,7 @@ Generated by [AVA](https://avajs.dev).
 
 > stdout
 
-    `owner and repositories not set, creating token for the current repository ("create-github-app-token")␊
+    `Inputs 'owner' and 'repositories' are not set. Creating token for this repository (actions/create-github-app-token).␊
     ::add-mask::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
     ␊
     ::set-output name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
@@ -301,7 +318,7 @@ Generated by [AVA](https://avajs.dev).
 
 > stdout
 
-    `owner and repositories not set, creating token for the current repository ("create-github-app-token")␊
+    `Inputs 'owner' and 'repositories' are not set. Creating token for this repository (actions/create-github-app-token).␊
     ::add-mask::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
     ␊
     ::set-output name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊