fix: permission input handling (#243)
This pull request fixes the handling of permissions inputs. - Updated `getPermissionsFromInputs` in `lib/get-permissions-from-inputs.js` to use hyphens (`INPUT_PERMISSION-`) instead of underscores (`INPUT_PERMISSION_`) in input keys, added a check to skip empty values, and clarified behavior when no permissions are set. - Added a `shouldRetry` function to retry requests when server errors (HTTP status 500 or higher) occur in the `main` function in `lib/main.js` to prevent unnecessary retries. - Updated test cases in `tests/main-token-permissions-set.test.js` to match the new input key format with hyphens. - Added a default empty string for unset inputs (e.g., `INPUT_PERMISSION-ADMINISTRATION`) in `tests/main.js` to simulate the behavior of the Actions runner. - Updated snapshots in `tests/snapshots/index.js.md` to reflect the updated hyphenated input keys in permissions. --------- Co-authored-by: Gregor Martynus <39992+gr2m@users.noreply.github.com>
This commit is contained in:
Parker Brown
@@ -7,9 +7,12 @@
|
|||||||
*/
|
*/
|
||||||
export function getPermissionsFromInputs(env) {
|
export function getPermissionsFromInputs(env) {
|
||||||
return Object.entries(env).reduce((permissions, [key, value]) => {
|
return Object.entries(env).reduce((permissions, [key, value]) => {
|
||||||
if (!key.startsWith("INPUT_PERMISSION_")) return permissions;
|
if (!key.startsWith("INPUT_PERMISSION-")) return permissions;
|
||||||
|
if (!value) return permissions;
|
||||||
|
|
||||||
const permission = key.slice("INPUT_PERMISSION_".length).toLowerCase();
|
const permission = key.slice("INPUT_PERMISSION-".length).toLowerCase();
|
||||||
|
|
||||||
|
// Inherit app permissions if no permissions inputs are set
|
||||||
if (permissions === undefined) {
|
if (permissions === undefined) {
|
||||||
return { [permission]: value };
|
return { [permission]: value };
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -89,6 +89,7 @@ export async function main(
|
|||||||
permissions
|
permissions
|
||||||
),
|
),
|
||||||
{
|
{
|
||||||
|
shouldRetry: (error) => error.status >= 500,
|
||||||
onFailedAttempt: (error) => {
|
onFailedAttempt: (error) => {
|
||||||
core.info(
|
core.info(
|
||||||
`Failed to create token for "${parsedRepositoryNames.join(
|
`Failed to create token for "${parsedRepositoryNames.join(
|
||||||
|
|||||||
@@ -2,6 +2,6 @@ import { test } from "./main.js";
|
|||||||
|
|
||||||
// Verify `main` successfully sets permissions
|
// Verify `main` successfully sets permissions
|
||||||
await test(() => {
|
await test(() => {
|
||||||
process.env.INPUT_PERMISSION_ISSUES = `write`;
|
process.env["INPUT_PERMISSION-ISSUES"] = `write`;
|
||||||
process.env.INPUT_PERMISSION_PULL_REQUESTS = `read`;
|
process.env["INPUT_PERMISSION-PULL-REQUESTS"] = `read`;
|
||||||
});
|
});
|
||||||
|
|||||||
+5
-3
@@ -38,6 +38,8 @@ so0tiQKBgGQXZaxaXhYUcxYHuCkQ3V4Vsj3ezlM92xXlP32SGFm3KgFhYy9kATxw
|
|||||||
Cax1ytZzvlrKLQyQFVK1COs2rHt7W4cJ7op7C8zXfsigXCiejnS664oAuX8sQZID
|
Cax1ytZzvlrKLQyQFVK1COs2rHt7W4cJ7op7C8zXfsigXCiejnS664oAuX8sQZID
|
||||||
x3WQZRiXlWejSMUAHuMwXrhGlltF3lw83+xAjnqsVp75kGS6OH61
|
x3WQZRiXlWejSMUAHuMwXrhGlltF3lw83+xAjnqsVp75kGS6OH61
|
||||||
-----END RSA PRIVATE KEY-----`,
|
-----END RSA PRIVATE KEY-----`,
|
||||||
|
// The Actions runner sets all inputs to empty strings if not set.
|
||||||
|
"INPUT_PERMISSION-ADMINISTRATION": "",
|
||||||
};
|
};
|
||||||
|
|
||||||
export async function test(cb = (_mockPool) => {}, env = DEFAULT_ENV) {
|
export async function test(cb = (_mockPool) => {}, env = DEFAULT_ENV) {
|
||||||
@@ -61,7 +63,7 @@ export async function test(cb = (_mockPool) => {}, env = DEFAULT_ENV) {
|
|||||||
const owner = env.INPUT_OWNER ?? env.GITHUB_REPOSITORY_OWNER;
|
const owner = env.INPUT_OWNER ?? env.GITHUB_REPOSITORY_OWNER;
|
||||||
const currentRepoName = env.GITHUB_REPOSITORY.split("/")[1];
|
const currentRepoName = env.GITHUB_REPOSITORY.split("/")[1];
|
||||||
const repo = encodeURIComponent(
|
const repo = encodeURIComponent(
|
||||||
(env.INPUT_REPOSITORIES ?? currentRepoName).split(",")[0],
|
(env.INPUT_REPOSITORIES ?? currentRepoName).split(",")[0]
|
||||||
);
|
);
|
||||||
|
|
||||||
mockPool
|
mockPool
|
||||||
@@ -77,7 +79,7 @@ export async function test(cb = (_mockPool) => {}, env = DEFAULT_ENV) {
|
|||||||
.reply(
|
.reply(
|
||||||
200,
|
200,
|
||||||
{ id: mockInstallationId, app_slug: mockAppSlug },
|
{ id: mockInstallationId, app_slug: mockAppSlug },
|
||||||
{ headers: { "content-type": "application/json" } },
|
{ headers: { "content-type": "application/json" } }
|
||||||
);
|
);
|
||||||
|
|
||||||
// Mock installation access token request
|
// Mock installation access token request
|
||||||
@@ -98,7 +100,7 @@ export async function test(cb = (_mockPool) => {}, env = DEFAULT_ENV) {
|
|||||||
.reply(
|
.reply(
|
||||||
201,
|
201,
|
||||||
{ token: mockInstallationAccessToken, expires_at: mockExpiresAt },
|
{ token: mockInstallationAccessToken, expires_at: mockExpiresAt },
|
||||||
{ headers: { "content-type": "application/json" } },
|
{ headers: { "content-type": "application/json" } }
|
||||||
);
|
);
|
||||||
|
|
||||||
// Run the callback
|
// Run the callback
|
||||||
|
|||||||
@@ -331,7 +331,7 @@ Generated by [AVA](https://avajs.dev).
|
|||||||
--- REQUESTS ---␊
|
--- REQUESTS ---␊
|
||||||
GET /repos/actions/create-github-app-token/installation␊
|
GET /repos/actions/create-github-app-token/installation␊
|
||||||
POST /app/installations/123456/access_tokens␊
|
POST /app/installations/123456/access_tokens␊
|
||||||
{"repositories":["create-github-app-token"],"permissions":{"issues":"write","pull_requests":"read"}}`
|
{"repositories":["create-github-app-token"],"permissions":{"issues":"write","pull-requests":"read"}}`
|
||||||
|
|
||||||
## post-revoke-token-fail-response.test.js
|
## post-revoke-token-fail-response.test.js
|
||||||
|
|
||||||
|
|||||||
Binary file not shown.
Reference in New Issue
Block a user