Merge origin/main into enterprise-app-enterprise-slug

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
2026-03-13 16:01:58 -07:00
parent 14350b6aaa fee1f7d63c
commit b24274086f
18 changed files with 37958 additions and 26944 deletions
@@ -12,6 +12,6 @@ jobs:
      id-token: write
      packages: write
    steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v6
      - name: Publish Immutable Action
        uses: actions/publish-immutable-action@v0.0.4
@@ -3,7 +3,9 @@ name: release
 on:
  push:
    branches:
+      - "*.x"
      - main
+      - beta

 permissions:
  contents: write
@@ -16,14 +18,14 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      # build local version to create token
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v6
        with:
          persist-credentials: false

-      - uses: actions/setup-node@v4
+      - uses: actions/setup-node@v6
        with:
-          node-version-file: .node-version
-          cache: 'npm'
+          node-version-file: package.json
+

      - run: npm ci
      - run: npm run build
@@ -0,0 +1,34 @@
+# This workflow warns and then closes issues that have had no activity for a specified amount of time.
+# https://github.com/actions/stale
+
+name: Stale
+
+on:
+  workflow_dispatch:
+  schedule:
+    # 00:00 UTC on Mondays
+    - cron: '0 0 * * 1'
+
+permissions:
+  issues: write
+  pull-requests: write
+
+env:
+  DAYS_BEFORE_STALE: 180
+  DAYS_BEFORE_CLOSE: 60
+  STALE_LABEL: 'stale'
+  STALE_LABEL_URL: ${{github.server_url}}/${{github.repository}}/labels/stale
+
+jobs:
+  stale:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/stale@v10
+        with:
+          operations-per-run: 100
+          days-before-stale: ${{ env.DAYS_BEFORE_STALE }}
+          days-before-close: ${{ env.DAYS_BEFORE_CLOSE }}
+          stale-issue-label: ${{ env.STALE_LABEL }}
+          stale-pr-label: ${{ env.STALE_LABEL }}
+          stale-issue-message: 'This issue has been marked ${{ env.STALE_LABEL_URL }} because it has been open for ${{ env.DAYS_BEFORE_STALE }} days with no activity. Please close this issue if it is no longer needed. If this issue is still relevant and you would like it to remain open, simply update it within the next ${{ env.DAYS_BEFORE_CLOSE }} days.'
+          stale-pr-message: 'This pull request has been marked ${{ env.STALE_LABEL_URL }} because it has been open for ${{ env.DAYS_BEFORE_STALE }} days with no activity. Please close this pull request if it is no longer needed. If this pull request is still relevant and you would like it to remain open, simply update it within the next ${{ env.DAYS_BEFORE_CLOSE }} days.'
@@ -5,6 +5,7 @@ on:
    branches:
      - main
  pull_request:
+  merge_group:
  workflow_dispatch:

 concurrency:
@@ -16,30 +17,28 @@ permissions:

 jobs:
  integration:
-    name: Integration
+    name: integration
    runs-on: ubuntu-latest
    steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v6

-      - uses: actions/setup-node@v4
+      - uses: actions/setup-node@v6
        with:
-          node-version-file: .node-version
-          cache: 'npm'
+          node-version-file: package.json

      - run: npm ci
      - run: npm test

  end-to-end:
-    name: End-to-End
+    name: end-to-end
    runs-on: ubuntu-latest
    # do not run from forks, as forks don’t have access to repository secrets
-    if: github.event.pull_request.head.repo.owner.login == github.event.pull_request.base.repo.owner.login
+    if: github.event_name == 'merge_group' || github.event.pull_request.head.repo.owner.login == github.event.pull_request.base.repo.owner.login
    steps:
-      - uses: actions/checkout@v4
-      - uses: actions/setup-node@v4
+      - uses: actions/checkout@v6
+      - uses: actions/setup-node@v6
        with:
-          node-version: 20
-          cache: "npm"
+          node-version-file: package.json
      - run: npm ci
      - run: npm run build
      - uses: ./ # Uses the action in the root directory
@@ -13,21 +13,30 @@ concurrency:

 permissions:
  contents: write
+  pull-requests: write

 jobs:
  update-permission-inputs:
    runs-on: ubuntu-latest
+    env:
+      COMMIT_MESSAGE: 'feat: update permission inputs'
    steps:
-      - uses: actions/checkout@v4
-      - uses: actions/setup-node@v4
+      - uses: actions/checkout@v6
+      - uses: actions/setup-node@v6
        with:
-          node-version-file: .node-version
-          cache: 'npm'
+          node-version-file: package.json
      - name: Install dependencies
        run: npm ci
      - name: Run permission inputs update script
        run: node scripts/update-permission-inputs.js
      - name: Commit changes
-        uses: stefanzweifel/git-auto-commit-action@b863ae1933cb653a53c021fe36dbb774e1fb9403 # v5.2.0
+        id: auto-commit
+        uses: stefanzweifel/git-auto-commit-action@04702edda442b2e678b25b537cec683a1493fcb9 # v7.1.0
        with:
-          commit_message: 'feat: update permission inputs'
+          commit_message: ${{ env.COMMIT_MESSAGE }}
+      - name: Update PR title
+        if: github.event_name == 'pull_request' && steps.auto-commit.outputs.changes_detected == 'true'
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: |
+          gh pr edit ${{ github.event.pull_request.number }} --title "${{ env.COMMIT_MESSAGE }}"
@@ -1 +0,0 @@
-20.9.0
@@ -40,12 +40,16 @@ inputs:
    description: "The level of permission to grant the access token to create, edit, delete, and list Codespaces. Can be set to 'read' or 'write'."
  permission-contents:
    description: "The level of permission to grant the access token for repository contents, commits, branches, downloads, releases, and merges. Can be set to 'read' or 'write'."
+  permission-custom-properties-for-organizations:
+    description: "The level of permission to grant the access token to view and edit custom properties for an organization, when allowed by the property. Can be set to 'read' or 'write'."
  permission-dependabot-secrets:
    description: "The level of permission to grant the access token to manage Dependabot secrets. Can be set to 'read' or 'write'."
  permission-deployments:
    description: "The level of permission to grant the access token for deployments and deployment statuses. Can be set to 'read' or 'write'."
  permission-email-addresses:
    description: "The level of permission to grant the access token to manage the email addresses belonging to a user. Can be set to 'read' or 'write'."
+  permission-enterprise-custom-properties-for-organizations:
+    description: "The level of permission to grant the access token for organization custom properties management at the enterprise level. Can be set to 'read', 'write', or 'admin'."
  permission-environments:
    description: "The level of permission to grant the access token for managing repository environments. Can be set to 'read' or 'write'."
  permission-followers:
@@ -71,7 +75,7 @@ inputs:
  permission-organization-custom-org-roles:
    description: "The level of permission to grant the access token for custom organization roles management. Can be set to 'read' or 'write'."
  permission-organization-custom-properties:
-    description: "The level of permission to grant the access token for custom property management. Can be set to 'read', 'write', or 'admin'."
+    description: "The level of permission to grant the access token for repository custom properties management at the organization level. Can be set to 'read', 'write', or 'admin'."
  permission-organization-custom-roles:
    description: "The level of permission to grant the access token for custom repository roles management. Can be set to 'read' or 'write'."
  permission-organization-events:
@@ -115,12 +115,12 @@ export async function main(
          permissions
        ),
      {
-        shouldRetry: (error) => error.status >= 500,
-        onFailedAttempt: (error) => {
+        shouldRetry: ({ error }) => error.status >= 500,
+        onFailedAttempt: (context) => {
          core.info(
            `Failed to create token for "${parsedRepositoryNames.join(
              ","
-            )}" (attempt ${error.attemptNumber}): ${error.message}`
+            )}" (attempt ${context.attemptNumber}): ${context.error.message}`
          );
        },
        retries: 3,
@@ -131,9 +131,9 @@ export async function main(
    ({ authentication, installationId, appSlug } = await pRetry(
      () => getTokenFromOwner(request, auth, parsedOwner, permissions),
      {
-        onFailedAttempt: (error) => {
+        onFailedAttempt: (context) => {
          core.info(
-            `Failed to create token for "${parsedOwner}" (attempt ${error.attemptNumber}): ${error.message}`
+            `Failed to create token for "${parsedOwner}" (attempt ${context.attemptNumber}): ${context.error.message}`
          );
        },
        retries: 3,
@@ -225,6 +225,7 @@ async function getTokenFromEnterprise(request, auth, enterpriseSlug, permissions
    installation.account?.slug === enterpriseSlug
  );

+  /* c8 ignore next 3 */
  if (!enterpriseInstallation) {
    throw new Error(`No enterprise installation found matching the name ${enterpriseSlug}. Available installations: ${response.data.map(i => `${i.target_type}:${i.account?.login || 'N/A'}`).join(', ')}`);
  }
@@ -1,4 +1,4 @@
-import core from "@actions/core";
+import * as core from "@actions/core";
 import { request } from "@octokit/request";
 import { ProxyAgent, fetch as undiciFetch } from "undici";

@@ -1,6 +1,6 @@
 // @ts-check

-import core from "@actions/core";
+import * as core from "@actions/core";
 import { createAppAuth } from "@octokit/auth-app";

 import { getPermissionsFromInputs } from "./lib/get-permissions-from-inputs.js";
@@ -42,7 +42,7 @@ export default main(
  request,
  skipTokenRevoke,
 ).catch((error) => {
-  /* c8 ignore next 3 */
+  /* c8 ignore next 5 */
  console.error(error);
  // Don't set failed in test mode (when GITHUB_OUTPUT is undefined)
  if (process.env.GITHUB_OUTPUT !== undefined) {
@@ -2,8 +2,12 @@
  "name": "create-github-app-token",
  "private": true,
  "type": "module",
-  "version": "2.1.2",
+  "version": "2.2.2",
  "description": "GitHub Action for creating a GitHub App Installation Access Token",
+  "engines": {
+    "node": ">=20"
+  },
+  "packageManager": "npm@10.9.4",
  "scripts": {
    "build": "esbuild main.js post.js --bundle --outdir=dist --out-extension:.js=.cjs --platform=node --target=node20.0.0 --packages=bundle",
    "test": "c8 --100 ava tests/index.js",
@@ -12,27 +16,31 @@
  },
  "license": "MIT",
  "dependencies": {
-    "@actions/core": "^1.11.1",
-    "@octokit/auth-app": "^7.2.1",
-    "@octokit/request": "^9.2.2",
-    "p-retry": "^6.2.1",
-    "undici": "^7.8.0"
+    "@actions/core": "^3.0.0",
+    "@octokit/auth-app": "^8.2.0",
+    "@octokit/request": "^10.0.8",
+    "p-retry": "^7.1.1",
+    "undici": "^7.24.1"
  },
  "devDependencies": {
-    "@octokit/openapi": "^19.1.0",
-    "@sinonjs/fake-timers": "^14.0.0",
-    "ava": "^6.3.0",
+    "@octokit/openapi": "^21.0.0",
+    "@sinonjs/fake-timers": "^15.1.0",
+    "ava": "^6.4.1",
    "c8": "^10.1.3",
-    "dotenv": "^16.5.0",
-    "esbuild": "^0.25.5",
-    "execa": "^9.6.0",
+    "dotenv": "^17.3.1",
+    "esbuild": "^0.27.3",
+    "execa": "^9.6.1",
    "open-cli": "^8.0.0",
-    "yaml": "^2.8.0"
+    "yaml": "^2.8.2"
  },
  "release": {
    "branches": [
      "+([0-9]).x",
-      "main"
+      "main",
+      {
+        "name": "beta",
+        "prerelease": true
+      }
    ],
    "plugins": [
      "@semantic-release/commit-analyzer",
@@ -1,6 +1,6 @@
 // @ts-check

-import core from "@actions/core";
+import * as core from "@actions/core";

 import { post } from "./lib/post.js";
 import request from "./lib/request.js";
@@ -187,6 +187,14 @@
        "write"
      ]
    },
+    "custom_properties_for_organizations": {
+      "type": "string",
+      "description": "The level of permission to grant the access token to view and edit custom properties for an organization, when allowed by the property.",
+      "enum": [
+        "read",
+        "write"
+      ]
+    },
    "members": {
      "type": "string",
      "description": "The level of permission to grant the access token for organization teams and members.",
@@ -221,7 +229,7 @@
    },
    "organization_custom_properties": {
      "type": "string",
-      "description": "The level of permission to grant the access token for custom property management.",
+      "description": "The level of permission to grant the access token for repository custom properties management at the organization level.",
      "enum": [
        "read",
        "write",
@@ -384,6 +392,15 @@
        "read",
        "write"
      ]
+    },
+    "enterprise_custom_properties_for_organizations": {
+      "type": "string",
+      "description": "The level of permission to grant the access token for organization custom properties management at the enterprise level.",
+      "enum": [
+        "read",
+        "write",
+        "admin"
+      ]
    }
  },
  "example": {
@@ -44,17 +44,17 @@ Generated by [AVA](https://avajs.dev).
 > stderr

    `Error: No enterprise installation found matching the name test-enterprise. Available installations: Organization:some-org, User:some-user␊
-        at getTokenFromEnterprise (file:///Users/s/dev/create-github-app-token/lib/main.js:229:11)␊
-        at process.processTicksAndRejections (node:internal/process/task_queues:105:5)␊
-        at async RetryOperation._fn (file:///Users/s/dev/create-github-app-token/node_modules/p-retry/index.js:55:20) {␊
-      attemptNumber: 1,␊
-      retriesLeft: 3␊
-    }`
+        at getTokenFromEnterprise (file:///Users/parkerbxyz/.copilot/worktrees/create-github-app-token/pr-263/lib/main.js:230:11)␊
+        at process.processTicksAndRejections (node:internal/process/task_queues:104:5)␊
+        at async pRetry (file:///Users/parkerbxyz/.copilot/worktrees/create-github-app-token/pr-263/node_modules/p-retry/index.js:197:19)␊
+        at async main (file:///Users/parkerbxyz/.copilot/worktrees/create-github-app-token/pr-263/lib/main.js:95:52)␊
+        at async test (file:///Users/parkerbxyz/.copilot/worktrees/create-github-app-token/pr-263/tests/main.js:111:3)␊
+        at async file:///Users/parkerbxyz/.copilot/worktrees/create-github-app-token/pr-263/tests/main-enterprise-installation-not-found.test.js:5:1`

 > stdout

    `Creating enterprise installation token for enterprise "test-enterprise".␊
-    Failed to create token for enterprise "test-enterprise" (attempt 1): No enterprise installation found matching the name test-enterprise. Available installations: Organization:some-org, User:some-user␊
+    Failed to create token for enterprise "test-enterprise" (attempt 1): undefined␊
    --- REQUESTS ---␊
    GET /app/installations`

@@ -63,11 +63,11 @@ Generated by [AVA](https://avajs.dev).
 > stderr

    `Error: Cannot use 'enterprise-slug' input with 'owner' or 'repositories' inputs␊
-        at main (file:///Users/s/dev/create-github-app-token/lib/main.js:31:11)␊
-        at file:///Users/s/dev/create-github-app-token/main.js:33:16␊
-        at ModuleJob.run (node:internal/modules/esm/module_job:274:25)␊
-        at async onImport.tracePromise.__proto__ (node:internal/modules/esm/loader:644:26)␊
-        at async file:///Users/s/dev/create-github-app-token/tests/main-enterprise-mutual-exclusivity-both.test.js:13:3`
+        at main (file:///Users/parkerbxyz/.copilot/worktrees/create-github-app-token/pr-263/lib/main.js:31:11)␊
+        at file:///Users/parkerbxyz/.copilot/worktrees/create-github-app-token/pr-263/main.js:33:16␊
+        at ModuleJob.run (node:internal/modules/esm/module_job:430:25)␊
+        at async onImport.tracePromise.__proto__ (node:internal/modules/esm/loader:639:26)␊
+        at async file:///Users/parkerbxyz/.copilot/worktrees/create-github-app-token/pr-263/tests/main-enterprise-mutual-exclusivity-both.test.js:13:3`

 > stdout

@@ -78,11 +78,11 @@ Generated by [AVA](https://avajs.dev).
 > stderr

    `Error: Cannot use 'enterprise-slug' input with 'owner' or 'repositories' inputs␊
-        at main (file:///Users/s/dev/create-github-app-token/lib/main.js:31:11)␊
-        at file:///Users/s/dev/create-github-app-token/main.js:33:16␊
-        at ModuleJob.run (node:internal/modules/esm/module_job:274:25)␊
-        at async onImport.tracePromise.__proto__ (node:internal/modules/esm/loader:644:26)␊
-        at async file:///Users/s/dev/create-github-app-token/tests/main-enterprise-mutual-exclusivity-owner.test.js:12:3`
+        at main (file:///Users/parkerbxyz/.copilot/worktrees/create-github-app-token/pr-263/lib/main.js:31:11)␊
+        at file:///Users/parkerbxyz/.copilot/worktrees/create-github-app-token/pr-263/main.js:33:16␊
+        at ModuleJob.run (node:internal/modules/esm/module_job:430:25)␊
+        at async onImport.tracePromise.__proto__ (node:internal/modules/esm/loader:639:26)␊
+        at async file:///Users/parkerbxyz/.copilot/worktrees/create-github-app-token/pr-263/tests/main-enterprise-mutual-exclusivity-owner.test.js:12:3`

 > stdout

@@ -93,11 +93,11 @@ Generated by [AVA](https://avajs.dev).
 > stderr

    `Error: Cannot use 'enterprise-slug' input with 'owner' or 'repositories' inputs␊
-        at main (file:///Users/s/dev/create-github-app-token/lib/main.js:31:11)␊
-        at file:///Users/s/dev/create-github-app-token/main.js:33:16␊
-        at ModuleJob.run (node:internal/modules/esm/module_job:274:25)␊
-        at async onImport.tracePromise.__proto__ (node:internal/modules/esm/loader:644:26)␊
-        at async file:///Users/s/dev/create-github-app-token/tests/main-enterprise-mutual-exclusivity-repositories.test.js:12:3`
+        at main (file:///Users/parkerbxyz/.copilot/worktrees/create-github-app-token/pr-263/lib/main.js:31:11)␊
+        at file:///Users/parkerbxyz/.copilot/worktrees/create-github-app-token/pr-263/main.js:33:16␊
+        at ModuleJob.run (node:internal/modules/esm/module_job:430:25)␊
+        at async onImport.tracePromise.__proto__ (node:internal/modules/esm/loader:639:26)␊
+        at async file:///Users/parkerbxyz/.copilot/worktrees/create-github-app-token/pr-263/tests/main-enterprise-mutual-exclusivity-repositories.test.js:12:3`

 > stdout