diff --git a/dist/main.cjs b/dist/main.cjs index a236890..0b417b0 100644 --- a/dist/main.cjs +++ b/dist/main.cjs @@ -28,6 +28,7 @@ var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__ge isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target, mod )); +var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod); // node_modules/@actions/core/lib/utils.js var require_utils = __commonJS({ @@ -40431,6 +40432,11 @@ var require_undici2 = __commonJS({ }); // main.js +var main_exports = {}; +__export(main_exports, { + default: () => main_default +}); +module.exports = __toCommonJS(main_exports); var import_core2 = __toESM(require_core(), 1); // node_modules/universal-user-agent/index.js @@ -41890,19 +41896,19 @@ async function get(cache, options) { permissionsString, singleFileName ] = result.split("|"); - const permissions = options.permissions || permissionsString.split(/,/).reduce((permissions2, string) => { + const permissions2 = options.permissions || permissionsString.split(/,/).reduce((permissions22, string) => { if (/!$/.test(string)) { - permissions2[string.slice(0, -1)] = "write"; + permissions22[string.slice(0, -1)] = "write"; } else { - permissions2[string] = "read"; + permissions22[string] = "read"; } - return permissions2; + return permissions22; }, {}); return { token, createdAt, expiresAt, - permissions, + permissions: permissions2, repositoryIds: options.repositoryIds, repositoryNames: options.repositoryNames, singleFileName, @@ -41926,11 +41932,11 @@ async function set(cache, options, data) { } function optionsToCacheKey({ installationId, - permissions = {}, + permissions: permissions2 = {}, repositoryIds = [], repositoryNames = [] }) { - const permissionsString = Object.keys(permissions).sort().map((name) => permissions[name] === "read" ? name : `${name}!`).join(","); + const permissionsString = Object.keys(permissions2).sort().map((name) => permissions2[name] === "read" ? name : `${name}!`).join(","); const repositoryIdsString = repositoryIds.sort().join(","); const repositoryNamesString = repositoryNames.join(","); return [ @@ -41946,7 +41952,7 @@ function toTokenAuthentication({ createdAt, expiresAt, repositorySelection, - permissions, + permissions: permissions2, repositoryIds, repositoryNames, singleFileName @@ -41957,7 +41963,7 @@ function toTokenAuthentication({ tokenType: "installation", token, installationId, - permissions, + permissions: permissions2, createdAt, expiresAt, repositorySelection @@ -41995,7 +42001,7 @@ async function getInstallationAuthentication(state, options, customRequest) { token: token2, createdAt: createdAt2, expiresAt: expiresAt2, - permissions: permissions2, + permissions: permissions22, repositoryIds: repositoryIds2, repositoryNames: repositoryNames2, singleFileName: singleFileName2, @@ -42006,7 +42012,7 @@ async function getInstallationAuthentication(state, options, customRequest) { token: token2, createdAt: createdAt2, expiresAt: expiresAt2, - permissions: permissions2, + permissions: permissions22, repositorySelection: repositorySelection2, repositoryIds: repositoryIds2, repositoryNames: repositoryNames2, @@ -42049,7 +42055,7 @@ async function getInstallationAuthentication(state, options, customRequest) { "POST /app/installations/{installation_id}/access_tokens", payload ); - const permissions = permissionsOptional || {}; + const permissions2 = permissionsOptional || {}; const repositorySelection = repositorySelectionOptional || "all"; const repositoryIds = repositories2 ? repositories2.map((r) => r.id) : void 0; const repositoryNames = repositories2 ? repositories2.map((repo) => repo.name) : void 0; @@ -42059,7 +42065,7 @@ async function getInstallationAuthentication(state, options, customRequest) { createdAt, expiresAt, repositorySelection, - permissions, + permissions: permissions2, repositoryIds, repositoryNames }; @@ -42073,7 +42079,7 @@ async function getInstallationAuthentication(state, options, customRequest) { createdAt, expiresAt, repositorySelection, - permissions, + permissions: permissions2, repositoryIds, repositoryNames }; @@ -42376,7 +42382,7 @@ async function pRetry(input, options) { } // lib/main.js -async function main(appId2, privateKey2, owner2, repositories2, core3, createAppAuth2, request2, skipTokenRevoke2) { +async function main(appId2, privateKey2, owner2, repositories2, permissions2, core3, createAppAuth2, request2, skipTokenRevoke2) { let parsedOwner = ""; let parsedRepositoryNames = []; if (!owner2 && repositories2.length === 0) { @@ -42423,7 +42429,8 @@ async function main(appId2, privateKey2, owner2, repositories2, core3, createApp request2, auth5, parsedOwner, - parsedRepositoryNames + parsedRepositoryNames, + permissions2 ), { onFailedAttempt: (error) => { @@ -42438,7 +42445,7 @@ async function main(appId2, privateKey2, owner2, repositories2, core3, createApp )); } else { ({ authentication, installationId, appSlug } = await pRetry( - () => getTokenFromOwner(request2, auth5, parsedOwner), + () => getTokenFromOwner(request2, auth5, parsedOwner, permissions2), { onFailedAttempt: (error) => { core3.info( @@ -42458,7 +42465,7 @@ async function main(appId2, privateKey2, owner2, repositories2, core3, createApp core3.saveState("expiresAt", authentication.expiresAt); } } -async function getTokenFromOwner(request2, auth5, parsedOwner) { +async function getTokenFromOwner(request2, auth5, parsedOwner, permissions2) { const response = await request2("GET /users/{username}/installation", { username: parsedOwner, request: { @@ -42467,13 +42474,14 @@ async function getTokenFromOwner(request2, auth5, parsedOwner) { }); const authentication = await auth5({ type: "installation", - installationId: response.data.id + installationId: response.data.id, + permissions: permissions2 }); const installationId = response.data.id; const appSlug = response.data["app_slug"]; return { authentication, installationId, appSlug }; } -async function getTokenFromRepository(request2, auth5, parsedOwner, parsedRepositoryNames) { +async function getTokenFromRepository(request2, auth5, parsedOwner, parsedRepositoryNames, permissions2) { const response = await request2("GET /repos/{owner}/{repo}/installation", { owner: parsedOwner, repo: parsedRepositoryNames[0], @@ -42484,7 +42492,8 @@ async function getTokenFromRepository(request2, auth5, parsedOwner, parsedReposi const authentication = await auth5({ type: "installation", installationId: response.data.id, - repositoryNames: parsedRepositoryNames + repositoryNames: parsedRepositoryNames, + permissions: permissions2 }); const installationId = response.data.id; const appSlug = response.data["app_slug"]; @@ -42518,6 +42527,22 @@ var request_default = request.defaults({ request: proxyUrl ? { fetch: proxyFetch } : {} }); +// lib/get-permissions-from-inputs.js +function getPermissionsFromInputs(env) { + return Object.entries(env).reduce((permissions2, [key, value]) => { + if (!key.startsWith("INPUT_PERMISSION_")) return permissions2; + const permission = key.slice("INPUT_PERMISSION_".length).toLowerCase(); + if (permissions2 === void 0) { + return { [permission]: value }; + } + return { + // @ts-expect-error - needs to be typed correctly + ...permissions2, + [permission]: value + }; + }, void 0); +} + // main.js if (!process.env.GITHUB_REPOSITORY) { throw new Error("GITHUB_REPOSITORY missing, must be set to '/'"); @@ -42538,11 +42563,13 @@ var repositories = import_core2.default.getInput("repositories").split(/[\n,]+/) var skipTokenRevoke = Boolean( import_core2.default.getInput("skip-token-revoke") || import_core2.default.getInput("skip_token_revoke") ); -main( +var permissions = getPermissionsFromInputs(process.env); +var main_default = main( appId, privateKey, owner, repositories, + permissions, import_core2.default, createAppAuth, request_default, diff --git a/package.json b/package.json index 4ac10aa..fe1c992 100644 --- a/package.json +++ b/package.json @@ -2,7 +2,7 @@ "name": "create-github-app-token", "private": true, "type": "module", - "version": "1.11.7", + "version": "1.12.0", "description": "GitHub Action for creating a GitHub App Installation Access Token", "scripts": { "build": "esbuild main.js post.js --bundle --outdir=dist --out-extension:.js=.cjs --platform=node --target=node20.0.0 --packages=bundle",