From 5cc811bc40176329bb642bff9e5d9e356099ad2a Mon Sep 17 00:00:00 2001
From: Parker Brown <17183625+parkerbxyz@users.noreply.github.com>
Date: Thu, 3 Apr 2025 12:09:57 -0700
Subject: [PATCH] feat!: remove deprecated inputs (#213)

BREAKING CHANGE: Removed deprecated inputs (`app_id`, `private_key`, `skip_token_revoke`) and made `app-id` and `private-key` required in the action configuration.
---
 action.yml                             |  16 ++--------------
 lib/post.js                            |   7 ++-----
 main.js                                |  18 ++++--------------
 package-lock.json                      |   4 ++--
 tests/main-missing-app-id.test.js      |   9 ---------
 tests/main-missing-private-key.test.js |  10 ----------
 tests/snapshots/index.js.md            |  24 +-----------------------
 tests/snapshots/index.js.snap          | Bin 1511 -> 1349 bytes
 8 files changed, 11 insertions(+), 77 deletions(-)
 delete mode 100644 tests/main-missing-app-id.test.js
 delete mode 100644 tests/main-missing-private-key.test.js

diff --git a/action.yml b/action.yml
index aab57bc..38b6dc7 100644
--- a/action.yml
+++ b/action.yml
@@ -7,18 +7,10 @@ branding:
 inputs:
   app-id:
     description: "GitHub App ID"
-    required: false # TODO: When 'app_id' is removed, make 'app-id' required
-  app_id:
-    description: "GitHub App ID"
-    required: false
-    deprecationMessage: "'app_id' is deprecated and will be removed in a future version. Use 'app-id' instead."
+    required: true
   private-key:
     description: "GitHub App private key"
-    required: false # TODO: When 'private_key' is removed, make 'private-key' required
-  private_key:
-    description: "GitHub App private key"
-    required: false
-    deprecationMessage: "'private_key' is deprecated and will be removed in a future version. Use 'private-key' instead."
+    required: true
   owner:
     description: "The owner of the GitHub App installation (defaults to current repository owner)"
     required: false
@@ -28,10 +20,6 @@ inputs:
   skip-token-revoke:
     description: "If truthy, the token will not be revoked when the current job is complete"
     required: false
-  skip_token_revoke:
-    description: "If truthy, the token will not be revoked when the current job is complete"
-    required: false
-    deprecationMessage: "'skip_token_revoke' is deprecated and will be removed in a future version. Use 'skip-token-revoke' instead."
   # Make GitHub API configurable to support non-GitHub Cloud use cases
   # see https://github.com/actions/create-github-app-token/issues/77
   github-api-url:
diff --git a/lib/post.js b/lib/post.js
index 9b294ae..f21174d 100644
--- a/lib/post.js
+++ b/lib/post.js
@@ -5,9 +5,7 @@
  * @param {import("@octokit/request").request} request
  */
 export async function post(core, request) {
-  const skipTokenRevoke = Boolean(
-    core.getInput("skip-token-revoke") || core.getInput("skip_token_revoke")
-  );
+  const skipTokenRevoke = Boolean(core.getInput("skip-token-revoke"));
 
   if (skipTokenRevoke) {
     core.info("Token revocation was skipped");
@@ -35,8 +33,7 @@ export async function post(core, request) {
     });
     core.info("Token revoked");
   } catch (error) {
-    core.warning(
-      `Token revocation failed: ${error.message}`)
+    core.warning(`Token revocation failed: ${error.message}`);
   }
 }
 
diff --git a/main.js b/main.js
index 81b7767..ac3a7c5 100644
--- a/main.js
+++ b/main.js
@@ -3,9 +3,9 @@
 import core from "@actions/core";
 import { createAppAuth } from "@octokit/auth-app";
 
+import { getPermissionsFromInputs } from "./lib/get-permissions-from-inputs.js";
 import { main } from "./lib/main.js";
 import request from "./lib/request.js";
-import { getPermissionsFromInputs } from "./lib/get-permissions-from-inputs.js";
 
 if (!process.env.GITHUB_REPOSITORY) {
   throw new Error("GITHUB_REPOSITORY missing, must be set to '<owner>/<repo>'");
@@ -15,16 +15,8 @@ if (!process.env.GITHUB_REPOSITORY_OWNER) {
   throw new Error("GITHUB_REPOSITORY_OWNER missing, must be set to '<owner>'");
 }
 
-const appId = core.getInput("app-id") || core.getInput("app_id");
-if (!appId) {
-  // The 'app_id' input was previously required, but it and 'app-id' are both optional now, until the former is removed. Still, we want to ensure that at least one of them is set.
-  throw new Error("Input required and not supplied: app-id");
-}
-const privateKey = core.getInput("private-key") || core.getInput("private_key");
-if (!privateKey) {
-  // The 'private_key' input was previously required, but it and 'private-key' are both optional now, until the former is removed. Still, we want to ensure that at least one of them is set.
-  throw new Error("Input required and not supplied: private-key");
-}
+const appId = core.getInput("app-id");
+const privateKey = core.getInput("private-key");
 const owner = core.getInput("owner");
 const repositories = core
   .getInput("repositories")
@@ -32,9 +24,7 @@ const repositories = core
   .map((s) => s.trim())
   .filter((x) => x !== "");
 
-const skipTokenRevoke = Boolean(
-  core.getInput("skip-token-revoke") || core.getInput("skip_token_revoke"),
-);
+const skipTokenRevoke = Boolean(core.getInput("skip-token-revoke"));
 
 const permissions = getPermissionsFromInputs(process.env);
 
diff --git a/package-lock.json b/package-lock.json
index 42a7c74..954ed1f 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -1,12 +1,12 @@
 {
   "name": "create-github-app-token",
-  "version": "1.11.6",
+  "version": "1.12.0",
   "lockfileVersion": 3,
   "requires": true,
   "packages": {
     "": {
       "name": "create-github-app-token",
-      "version": "1.11.6",
+      "version": "1.12.0",
       "license": "MIT",
       "dependencies": {
         "@actions/core": "^1.11.1",
diff --git a/tests/main-missing-app-id.test.js b/tests/main-missing-app-id.test.js
deleted file mode 100644
index 9382b44..0000000
--- a/tests/main-missing-app-id.test.js
+++ /dev/null
@@ -1,9 +0,0 @@
-process.env.GITHUB_REPOSITORY_OWNER = "actions";
-process.env.GITHUB_REPOSITORY = "actions/create-github-app-token";
-
-// Verify `main` exits with an error when neither the `app-id` nor `app_id` input is set.
-try {
-  await import("../main.js");
-} catch (error) {
-  console.error(error.message);
-}
diff --git a/tests/main-missing-private-key.test.js b/tests/main-missing-private-key.test.js
deleted file mode 100644
index a78b1c7..0000000
--- a/tests/main-missing-private-key.test.js
+++ /dev/null
@@ -1,10 +0,0 @@
-process.env.GITHUB_REPOSITORY_OWNER = "actions";
-process.env.GITHUB_REPOSITORY = "actions/create-github-app-token";
-process.env["INPUT_APP-ID"] = "123456";
-
-// Verify `main` exits with an error when neither the `private-key` nor `private_key` input is set.
-try {
-  await import("../main.js");
-} catch (error) {
-  console.error(error.message);
-}
diff --git a/tests/snapshots/index.js.md b/tests/snapshots/index.js.md
index f085f87..eeb7387 100644
--- a/tests/snapshots/index.js.md
+++ b/tests/snapshots/index.js.md
@@ -12,9 +12,7 @@ Generated by [AVA](https://avajs.dev).
 
 > stdout
 
-    `app_id — 'app_id' is deprecated and will be removed in a future version. Use 'app-id' instead.␊
-    private_key — 'private_key' is deprecated and will be removed in a future version. Use 'private-key' instead.␊
-    skip_token_revoke — 'skip_token_revoke' is deprecated and will be removed in a future version. Use 'skip-token-revoke' instead.`
+    ''
 
 ## main-custom-github-api-url.test.js
 
@@ -39,16 +37,6 @@ Generated by [AVA](https://avajs.dev).
     POST /api/v3/app/installations/123456/access_tokens␊
     {"repositories":["create-github-app-token"]}`
 
-## main-missing-app-id.test.js
-
-> stderr
-
-    'Input required and not supplied: app-id'
-
-> stdout
-
-    ''
-
 ## main-missing-owner.test.js
 
 > stderr
@@ -59,16 +47,6 @@ Generated by [AVA](https://avajs.dev).
 
     ''
 
-## main-missing-private-key.test.js
-
-> stderr
-
-    'Input required and not supplied: private-key'
-
-> stdout
-
-    ''
-
 ## main-missing-repository.test.js
 
 > stderr
diff --git a/tests/snapshots/index.js.snap b/tests/snapshots/index.js.snap
index 2291b3afed0274a2edb7b728e95da7287556f135..14f1a6cf97064fb740225c1f800358562db9872b 100644
GIT binary patch
literal 1349
zcmV-L1-kk{RzV<BZeeh9Xm4~Nb~6eC06k`$RSz{#qd!elK2yj*IB-{%2=*X|elm__
zPCxZQPalg200000000B+n%{2YL=?u`A_R(r1a}A!j4Y(I5GQdGn$}tnU6gGr#CEsM
zvh6Nanb;@E5XUy2ak9~BZ`e0LyZ|fl20RmQzy)`l8K;S@CjIB8NUVEN#m>x`Z)Seq
z8ILEww_A>9_4seEKrrFJGeRxFJXg2D55S@VY@NA&D0oo-7sa1A<1Y1i*Ax7gSGG+B
z{qBvWx0dAJ@|#QVErCN@;Iz50AqdVd;DzF}Rjp5%t6L!#USIDp(G6QV^_d<9&h^_p
zTIt1$to*Rz4P6Kbb!`%W?{Ox)fB`2QM1fcVP{G^|5nc~m()NO6Ax#y4sXAX*B{d?W
z+N3oiS~PZC%b6y%ZM{!<&onz-eqyYDQ-@mRUS+dlt#2BYM!jy7t&QqNwN~E(qrP#s
zMsrvTmFPGuINrpiefUzfkS+vsxuA|i)vPkxG>uBN_Qm?FqOwoi2|L)}xRX(TWKlW*
z9Rmrtp0KkK;F-??;9J5pD`jI{FV}U$XjUqwQ8SJ5lbo*WWWVw7QRAR_K=2~B-Dr{$
zLQxu2OKN6HV|k@HGgFFpJ@;VmU|Ju`B);XPXjCwy1)QI#`aJhsizA?!Pv=5#{9-28
zA1JQ-jB_MQSNP54`EWZ<>+<IIZgc0+-IM(WD&KAH?H`@&J-*-AC*x=Z(nq_H7D#*%
zT9Ut`;(wLDo&`TiNS*Y1G+*ydLa%v7?}bWBcVsiy6<kz;{eTVRjPzin4{=s>;1=~U
zYq>CVm<uWL*3rt7ME>}8UjA@BF*k>ZE)XjW0&vB&(ul0iC21{79*asIDYC|`q>F(f
zTE@_M4~Fxd_jiKJzn1d5oQJpuQIRK>Ls_4!<{4hBO`Jzvvg-=yfLhgX=#WPRD&i?v
zAOCf!P*;?52xKS8kaEIQ;9~CS*PeyanJCc^O@=)=CfiKxge|i5U^faOeZfauK!1E4
z0I^xS4GMl-AFE}wiRHOAFOq!_!AL3y;O7wgNu+s|fYT}#MzAa|MA^2qQgNn5Au$x+
zr(5FNlsT9><jrhZ|L>d`n}(ztuTnOpbK@w?S=^%qNJY>)a?B-qx*UC38LM(18-z3q
z5Kqu;uUvZB!Tu)MmNz?WfL})r(Rd%9`yJ47_f${ix*TPzSd>X2vPuQ|+84xFGvmgW
z8t4Ec(3S(4KNjVW5OXpwjb~$qC(il)N<MHy$C=4`buQ~_xw<jn|4ab?$70j@dE_VR
zX7p#P!&O&@&GQ{2KL`(LaYv_Hl{CJ2nedHR$eWIW@H__}0Si_atR8kXdq#RacP|BP
zOagwIurS94#-(kL;h*9Ezr(+LDg3>3$^SS(|NZPWcLw{SUu=JVKGz{`14J66-%cR?
z&+-j!d^37)XSaGv?*ewCv*}aNP4a3Q`hHB%_i&t0&tezdpAvS-Ov>EJkw6q-bpmDf
z_W$+Gsrp4!r_QR`c~(aBZ4#};i1r~+=fT)o+VuQu0^^q%#u>&pgmFQOVXB$WHFf@p
zpR{4X1mK3x$7hn0@tLK(kCANc#ccfZ*s4t30}MWP!417AKddBvd-17h4r$;b;-=YD
zjLSwXH7F!{S80;jKTuH;BW=;_*(p@5CseIQQpRBmg!h>5Pi;7rIP)w#CM;FDIQ%dn
z>YeHM^uWGwOqAwSWAa&|`H#*_k33}`w=z@B`!O{s9{>(NPH1^I(!wU0GSU9OM^4g6
H8Yln&BPNd&

literal 1511
zcmV<D1sM84RzV<BZeeh9Xm4~Nb~6eC0Q}$iw3VQ1ELh2CD&s0B)AE35?xp+S7I^O4
z$$829<{yg)00000000B+nqhC-L>R~0A_R(r1n&?-aI%onK`v?1u3fEx*ihG1h;_6b
zbQ@E+*iVup&YijEoUEEAA@&Ur;ysi227Dr3@C|suJGir(*lOH%bvq>Hyh@z&bN_qp
z_kYgz`PXhIklp})c?O#603H$MX)XozAynWo4L;=}j5O9Ypss(190d!pFE#%7%=ejQ
zU%WE++MM~!zdHBU90aTbK^L_TO2rNC&9iiqg`Ig8hHdVXKYsX`RO9be!jVk-Buw~Z
z%!7b*fG8Ns5%`1)!bmsLkpeOTg<Og{xr<<9P#Z&_2Iki*q2eQ^p*?_uxR=y{VqGPH
zXdLLUKOFF|t>pkjTfs;UAnx_Z;bMK8aMXsQlW>WGY1(C^59iVuGA^hWp_W71<GLSp
zC<{4_R8U|x7Y3Qx{ANLp1t>cd1))T)rQ(1DLDz_<fN3sz#L6aJsj`h6+W@BOk^wrz
zMD<DMfH*Oc=u}*n`92*o9Jp?;kL~8_XKS$1y4hN9d8_Nq*2daebIH59e06zc?K(8q
zuHIN-m5S>kXeuKeMw$pVgpX|x#X^|8vmjvBE8KV8W@~xn%Id79W=t4FJ=Z-PWIP_z
zl#PI*W*W{W>}Ujd6mkW4UAt~;skus*)@ZZ2*J`=V6}P!`zd|V`I~!l#-PqmRC6v<2
z=Efdru#h)K%MCj-jYM7}XJ#7dp;zu~?@rHWVVL<B8*x?|%<}*-b^=x&J81+Q_dzZM
z51-8B`jX{($Pu~d(b)XCK<{5k<2qm6GS!SI_&(w)aiEZzU=)S{2j3-eycy)@StF(F
zos2STjC^668DZ<2TYI<e-e~V^+}YmU+S}f_*WUj6_QnoLqSeSSLTw5Kf+kv$>NOkx
zlj_-|l8n?;S<4sfW(3zx%w#I)*)+bN(Kw;z7>Tzs65S&?Ju#b&Yo?pCCbez_r^Zdk
zT=yxU$3pO_fN{VD6j@6b?q{m+=XurF&O}ZH)_oveq!b7}J?Vff=KAn*S$Z$3^cJYO
zFQnLxEYT(g#Q}`-o%dIU%RlF;TZoY<3%W|Yfbk(&ta7HSmnY6+f@}#5J+RjV3J^pL
zY9EN^Lm;}(wEe{pL7734F+;*_;Cki3r_$4Mz;%N~x^G7EkZf{&E9#KzcedgX#us>i
z8ivVl1;ppwE?D?G2V{APAb3*vSSLH6)qzo9Y8s#>#=KU*;VB*v=6Ny_=Hjg@Reh#K
zA(M))id`Ue84tj>Gf-X>{ddkxO+(g=&(pS`bJHl~TpGm-P<)TjGdVZtQImahGF5<~
z6bMBYAk5J1FPwVWVL^~(+Z^oi5eO1H#KEET1_3ygn|7pTU5=|&D$1l0S!7znFw~@Z
z*-abYXka781J((k^v6Z{BSKKvNM>V(Cyx35xqKj^AehPeaxUw3xjHxCf6oB_+r^gi
z<H*mPThd>y4$r$ftRL?f^F>QKWa8lPR;7q<o@RWbFXTB<O-mUJxUPA9@CN@5wY)}p
zIqzO-PC|lHb0#e0*r0i88<hB$`2X+lUpf{3vRLtdn4$l6xk*sMe$m?kA05wiBoK5F
zq+ib<{rCJi-uRaEzL>k!LwYaZZge(%7P?7YEkfV78T!6V3hGhp;^R}oPFYF0m~08e
z5f&#<mQVj*-kM5JqPlQZE%&oZqF*G@PKxLdl-&=O0*jXCpE4LfEio=JJ|~Q8P6|`U
zeeBr%Pjp;othffJ=7doYw39tcb6f%QohP&LuZ9wJ^7>fff^&LMzTe8cd+~wmj+qi%
z^jvq(GHyEcY*I-4tkNa3U!t)RV{P&5<-gr?vZ~dLs>N7J61GOnD|O-2hEs_%_rg=c
z3YClfOBqpbO!G4U|HPbF&4qIEVW#_ck4%r*WlwsUspjpJnt~Sq`|oA6ycuiZlS-NC
N{~wy7L-4LD002Tg_Xz+1