actions/create-github-app-token
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
250 Commits 10 Branches 73 Tags
main
Commit Graph

12 Commits

Author SHA1 Message Date
dependabot[bot] e02e816e55 build(deps-dev): bump undici from 7.24.6 to 8.2.0 (#366) 
Bumps [undici](https://github.com/nodejs/undici) from 7.24.6 to 8.2.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/nodejs/undici/releases">undici's
releases</a>.</em></p>
<blockquote>
<h2>v8.2.0</h2>
<h2>What's Changed</h2>
<ul>
<li>chore: use native addAbortListener by <a
href="https://github.com/trivikr"><code>@​trivikr</code></a> in <a
href="https://redirect.github.com/nodejs/undici/pull/5021">nodejs/undici#5021</a></li>
<li>fix: fix the logic for the UNDICI_NO_WASM_SIMD environment variable
by <a
href="https://github.com/ShenHongFei"><code>@​ShenHongFei</code></a> in
<a
href="https://redirect.github.com/nodejs/undici/pull/5026">nodejs/undici#5026</a></li>
<li>fix(http2): send body for non-expectsPayload methods with content by
<a href="https://github.com/mcollina"><code>@​mcollina</code></a> in <a
href="https://redirect.github.com/nodejs/undici/pull/5030">nodejs/undici#5030</a></li>
<li>fix(fetch): correct 'navigator' typo to 'navigate' in fetchFinale by
<a
href="https://github.com/deepview-autofix"><code>@​deepview-autofix</code></a>
in <a
href="https://redirect.github.com/nodejs/undici/pull/5044">nodejs/undici#5044</a></li>
<li>fix(webidl): correct signed integer bounds in ConvertToInt by <a
href="https://github.com/deepview-autofix"><code>@​deepview-autofix</code></a>
in <a
href="https://redirect.github.com/nodejs/undici/pull/5038">nodejs/undici#5038</a></li>
<li>fix(fetch): use || for CRLF check in multipart formdata-parser by <a
href="https://github.com/deepview-autofix"><code>@​deepview-autofix</code></a>
in <a
href="https://redirect.github.com/nodejs/undici/pull/5049">nodejs/undici#5049</a></li>
<li>fix(websocket): correct argument order in WebSocketStream UTF-8
failure by <a
href="https://github.com/deepview-autofix"><code>@​deepview-autofix</code></a>
in <a
href="https://redirect.github.com/nodejs/undici/pull/5050">nodejs/undici#5050</a></li>
<li>fix(pool): propagate useH2c to connector when connections &gt; 1 by
<a href="https://github.com/SAY-5"><code>@​SAY-5</code></a> in <a
href="https://redirect.github.com/nodejs/undici/pull/5031">nodejs/undici#5031</a></li>
<li>fix(cache): return immutable staleAt in milliseconds by <a
href="https://github.com/deepview-autofix"><code>@​deepview-autofix</code></a>
in <a
href="https://redirect.github.com/nodejs/undici/pull/5048">nodejs/undici#5048</a></li>
<li>fix(socks5-proxy-agent): use per-origin pools to prevent
cross-origin routing by <a
href="https://github.com/deepview-autofix"><code>@​deepview-autofix</code></a>
in <a
href="https://redirect.github.com/nodejs/undici/pull/5041">nodejs/undici#5041</a></li>
<li>fix(cache): evict oldest entries first in SqliteCacheStore prune by
<a
href="https://github.com/deepview-autofix"><code>@​deepview-autofix</code></a>
in <a
href="https://redirect.github.com/nodejs/undici/pull/5039">nodejs/undici#5039</a></li>
<li>fix(socks5): correctly expand IPv6 '::' compressed notation by <a
href="https://github.com/deepview-autofix"><code>@​deepview-autofix</code></a>
in <a
href="https://redirect.github.com/nodejs/undici/pull/5046">nodejs/undici#5046</a></li>
<li>Remove unused func and unnecessary shim by <a
href="https://github.com/tsctx"><code>@​tsctx</code></a> in <a
href="https://redirect.github.com/nodejs/undici/pull/5053">nodejs/undici#5053</a></li>
<li>fix: reject malformed content-length request headers by <a
href="https://github.com/trivikr"><code>@​trivikr</code></a> in <a
href="https://redirect.github.com/nodejs/undici/pull/5060">nodejs/undici#5060</a></li>
<li>fix(request): reject NaN highWaterMark during option validation by
<a href="https://github.com/trivikr"><code>@​trivikr</code></a> in <a
href="https://redirect.github.com/nodejs/undici/pull/5062">nodejs/undici#5062</a></li>
<li>docs: fix broken links in docsify sidebar by <a
href="https://github.com/maruthang"><code>@​maruthang</code></a> in <a
href="https://redirect.github.com/nodejs/undici/pull/5065">nodejs/undici#5065</a></li>
<li>fix(fetch): prefer filename* over filename in multipart form-data by
<a href="https://github.com/maruthang"><code>@​maruthang</code></a> in
<a
href="https://redirect.github.com/nodejs/undici/pull/5068">nodejs/undici#5068</a></li>
<li>fix(http2): reject websocket upgrades on non-200 responses by <a
href="https://github.com/trivikr"><code>@​trivikr</code></a> in <a
href="https://redirect.github.com/nodejs/undici/pull/5072">nodejs/undici#5072</a></li>
<li>feat: support username-only proxy authentication in ProxyAgent by <a
href="https://github.com/rossilor95"><code>@​rossilor95</code></a> in <a
href="https://redirect.github.com/nodejs/undici/pull/4935">nodejs/undici#4935</a></li>
<li>build(deps): bump uWebSockets.js from v20.58.0 to v20.64.0 in
/benchmarks by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/nodejs/undici/pull/5083">nodejs/undici#5083</a></li>
<li>fix(client-h2): stop double-decrementing kOpenStreams on stream
timeout by <a href="https://github.com/SAY-5"><code>@​SAY-5</code></a>
in <a
href="https://redirect.github.com/nodejs/undici/pull/5076">nodejs/undici#5076</a></li>
<li>fix(http2): reject upgrade streams closed before response headers by
<a href="https://github.com/trivikr"><code>@​trivikr</code></a> in <a
href="https://redirect.github.com/nodejs/undici/pull/5069">nodejs/undici#5069</a></li>
<li>fix(http2): allow GET and HEAD request bodies over h2 by <a
href="https://github.com/trivikr"><code>@​trivikr</code></a> in <a
href="https://redirect.github.com/nodejs/undici/pull/5058">nodejs/undici#5058</a></li>
<li>fix(cache): include query in cache key when opts.path is undefined
by <a href="https://github.com/maruthang"><code>@​maruthang</code></a>
in <a
href="https://redirect.github.com/nodejs/undici/pull/5081">nodejs/undici#5081</a></li>
<li>fix: avoid premature cleanup of dispatcher in Agent by <a
href="https://github.com/bienzaaron"><code>@​bienzaaron</code></a> in <a
href="https://redirect.github.com/nodejs/undici/pull/5034">nodejs/undici#5034</a></li>
<li>fix(http2): record ping failures on the socket by <a
href="https://github.com/trivikr"><code>@​trivikr</code></a> in <a
href="https://redirect.github.com/nodejs/undici/pull/5075">nodejs/undici#5075</a></li>
<li>add undici security policy by <a
href="https://github.com/mcollina"><code>@​mcollina</code></a> in <a
href="https://redirect.github.com/nodejs/undici/pull/5056">nodejs/undici#5056</a></li>
<li>fix(mock): make filterCalls AND operator actually intersect results
by <a
href="https://github.com/deepview-autofix"><code>@​deepview-autofix</code></a>
in <a
href="https://redirect.github.com/nodejs/undici/pull/5045">nodejs/undici#5045</a></li>
<li>fix(socks5): enforce authenticated state before CONNECT by <a
href="https://github.com/trivikr"><code>@​trivikr</code></a> in <a
href="https://redirect.github.com/nodejs/undici/pull/5097">nodejs/undici#5097</a></li>
<li>fix(cache): skip expired sqlite vary entries during lookup by <a
href="https://github.com/trivikr"><code>@​trivikr</code></a> in <a
href="https://redirect.github.com/nodejs/undici/pull/5095">nodejs/undici#5095</a></li>
<li>fix: enforce maxCachedSessions in TLS session cache by <a
href="https://github.com/trivikr"><code>@​trivikr</code></a> in <a
href="https://redirect.github.com/nodejs/undici/pull/5102">nodejs/undici#5102</a></li>
<li>fix(socks5): encode embedded IPv4 tails in IPv6 literals correctly
by <a href="https://github.com/trivikr"><code>@​trivikr</code></a> in <a
href="https://redirect.github.com/nodejs/undici/pull/5099">nodejs/undici#5099</a></li>
<li>fix: handle invalid HTTP/2 connection headers (<a
href="https://redirect.github.com/nodejs/undici/issues/4356">#4356</a>)
by <a href="https://github.com/mcollina"><code>@​mcollina</code></a> in
<a
href="https://redirect.github.com/nodejs/undici/pull/5101">nodejs/undici#5101</a></li>
<li>fix(interceptor): add throwOnMaxRedirect to types and interceptor
opts by <a
href="https://github.com/maruthang"><code>@​maruthang</code></a> in <a
href="https://redirect.github.com/nodejs/undici/pull/5066">nodejs/undici#5066</a></li>
<li>fix(websocket): avoid double-closing canceled stream readers by <a
href="https://github.com/colinaaa"><code>@​colinaaa</code></a> in <a
href="https://redirect.github.com/nodejs/undici/pull/5105">nodejs/undici#5105</a></li>
<li>fix(cache): persist vary when updating sqlite cache entries by <a
href="https://github.com/trivikr"><code>@​trivikr</code></a> in <a
href="https://redirect.github.com/nodejs/undici/pull/5109">nodejs/undici#5109</a></li>
<li>refactor(h1): track HEAD keep-alive override as boolean by <a
href="https://github.com/trivikr"><code>@​trivikr</code></a> in <a
href="https://redirect.github.com/nodejs/undici/pull/5110">nodejs/undici#5110</a></li>
<li>client: cache llhttp wasm buffer view by <a
href="https://github.com/trivikr"><code>@​trivikr</code></a> in <a
href="https://redirect.github.com/nodejs/undici/pull/5115">nodejs/undici#5115</a></li>
<li>deps: update llhttp to 9.3.1 by <a
href="https://github.com/mcollina"><code>@​mcollina</code></a> in <a
href="https://redirect.github.com/nodejs/undici/pull/5113">nodejs/undici#5113</a></li>
<li>fix(http2): preserve accepted streams after GOAWAY by <a
href="https://github.com/trivikr"><code>@​trivikr</code></a> in <a
href="https://redirect.github.com/nodejs/undici/pull/5090">nodejs/undici#5090</a></li>
<li>fix: reuse parser WeakRef for timeout callbacks by <a
href="https://github.com/trivikr"><code>@​trivikr</code></a> in <a
href="https://redirect.github.com/nodejs/undici/pull/5125">nodejs/undici#5125</a></li>
<li>fix: stop buffering data after SOCKS5 connect by <a
href="https://github.com/trivikr"><code>@​trivikr</code></a> in <a
href="https://redirect.github.com/nodejs/undici/pull/5118">nodejs/undici#5118</a></li>
<li>perf(http2): avoid response header reserialization by <a
href="https://github.com/trivikr"><code>@​trivikr</code></a> in <a
href="https://redirect.github.com/nodejs/undici/pull/5085">nodejs/undici#5085</a></li>
<li>fix(cache): enforce sqlite maxCount after insert by <a
href="https://github.com/trivikr"><code>@​trivikr</code></a> in <a
href="https://redirect.github.com/nodejs/undici/pull/5112">nodejs/undici#5112</a></li>
<li>perf: reduce EventSourceStream parser allocations by <a
href="https://github.com/trivikr"><code>@​trivikr</code></a> in <a
href="https://redirect.github.com/nodejs/undici/pull/5032">nodejs/undici#5032</a></li>
<li>types(dispatcher): use OutgoingHttpHeaders for request headers by <a
href="https://github.com/maruthang"><code>@​maruthang</code></a> in <a
href="https://redirect.github.com/nodejs/undici/pull/5067">nodejs/undici#5067</a></li>
<li>cleanup: delete redundant .gitkeep file by <a
href="https://github.com/shivarm"><code>@​shivarm</code></a> in <a
href="https://redirect.github.com/nodejs/undici/pull/5133">nodejs/undici#5133</a></li>
<li>fix(http2): respect peer max concurrent streams by <a
href="https://github.com/trivikr"><code>@​trivikr</code></a> in <a
href="https://redirect.github.com/nodejs/undici/pull/5135">nodejs/undici#5135</a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/nodejs/undici/commit/bf684f7de01616708a33a5d1c092177622394442"><code>bf684f7</code></a>
Bumped v8.2.0 (<a
href="https://redirect.github.com/nodejs/undici/issues/5152">#5152</a>)</li>
<li><a
href="https://github.com/nodejs/undici/commit/0ca054aa8524ed52709ebf15e94e187f4a18ebcf"><code>0ca054a</code></a>
fix: replace stale pool clients under connection limit (<a
href="https://redirect.github.com/nodejs/undici/issues/5145">#5145</a>)</li>
<li><a
href="https://github.com/nodejs/undici/commit/7af90e9721f882bb5fc97606e3f95217ca849994"><code>7af90e9</code></a>
perf: avoid redundant scans in BalancedPool dispatcher selection (<a
href="https://redirect.github.com/nodejs/undici/issues/5146">#5146</a>)</li>
<li><a
href="https://github.com/nodejs/undici/commit/abb9d06ba7b882d336129898f9e89176f1c8f1c3"><code>abb9d06</code></a>
fix: validate H2CClient maxConcurrentStreams option (<a
href="https://redirect.github.com/nodejs/undici/issues/5143">#5143</a>)</li>
<li><a
href="https://github.com/nodejs/undici/commit/72a75913138bc6197bf0620a1291f7c2e764c430"><code>72a7591</code></a>
perf(http2): avoid cloning headers when removing status (<a
href="https://redirect.github.com/nodejs/undici/issues/5127">#5127</a>)</li>
<li><a
href="https://github.com/nodejs/undici/commit/96fd5e9da9b19a4d49eb9e67534f73f4cfa1c677"><code>96fd5e9</code></a>
fix(cache): allow streamed entries at maxEntrySize limit (<a
href="https://redirect.github.com/nodejs/undici/issues/5129">#5129</a>)</li>
<li><a
href="https://github.com/nodejs/undici/commit/f41e53f112659ec37b6fa8db4e4f39388b9e6ca6"><code>f41e53f</code></a>
perf: use byteLength property for binary body chunks (<a
href="https://redirect.github.com/nodejs/undici/issues/5126">#5126</a>)</li>
<li><a
href="https://github.com/nodejs/undici/commit/bec49615931e3df3df4f75956b35c3f7f1fd05ca"><code>bec4961</code></a>
chore(deps): add lockfile (<a
href="https://redirect.github.com/nodejs/undici/issues/5139">#5139</a>)</li>
<li><a
href="https://github.com/nodejs/undici/commit/86f1242cfc86364fe5c30d7e0fc1deec8d52954b"><code>86f1242</code></a>
perf(http2): reduce writeH2 per-request callback allocations (<a
href="https://redirect.github.com/nodejs/undici/issues/5138">#5138</a>)</li>
<li><a
href="https://github.com/nodejs/undici/commit/cad3f70a86b95966a3e368f9f7118377858b8c3e"><code>cad3f70</code></a>
perf(client): parse h1 content-length statelessly (<a
href="https://redirect.github.com/nodejs/undici/issues/5124">#5124</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/nodejs/undici/compare/v7.24.6...v8.2.0">compare
view</a></li>
</ul>
</details>
<br />

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Parker Brown <17183625+parkerbxyz@users.noreply.github.com>
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
 2026-05-08 14:40:33 -07:00
Copilot e6bd4e6970 feat: add client-id input and deprecate app-id (#353) 
GitHub now recommends using a GitHub App's Client ID for authentication.
This PR adds a first-class `client-id` input, keeps `app-id` available
for compatibility, and makes the migration path explicit in both runtime
behavior and documentation.

### Action inputs

- Adds a new `client-id` input
- Removes `required` from `app-id`
- Marks `app-id` as deprecated in `action.yml`

### Runtime behavior

- Updates input parsing to prefer `client-id`
- Falls back to `app-id` for existing workflows
- Adds a clear error when neither `client-id` nor `app-id` is provided

### Docs

- Updates the README to recommend `client-id`
- Switches usage examples to `client-id`
- Documents that `app-id` is deprecated and that `client-id` takes
precedence if both are set

### Regression coverage

- Adds a focused test proving a client-ID-shaped value works through the
new `client-id` input
- Adds coverage for the missing-ID validation path
- Updates snapshots to lock in the new metadata and runtime behavior

### Resulting usage

Users can migrate to the new input name directly:

```yaml
- uses: actions/create-github-app-token@v3
  with:
    client-id: ${{ vars.GITHUB_APP_CLIENT_ID }}
    private-key: ${{ secrets.GITHUB_APP_PRIVATE_KEY }}
```

---------

Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
Co-authored-by: parkerbxyz <17183625+parkerbxyz@users.noreply.github.com>
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
 2026-04-10 17:36:03 -07:00
Parker Brown 2950cbc446 fix: permission input handling (#243) 
This pull request fixes the handling of permissions inputs.

- Updated `getPermissionsFromInputs` in
`lib/get-permissions-from-inputs.js` to use hyphens
(`INPUT_PERMISSION-`) instead of underscores (`INPUT_PERMISSION_`) in
input keys, added a check to skip empty values, and clarified behavior
when no permissions are set.
- Added a `shouldRetry` function to retry requests when server errors
(HTTP status 500 or higher) occur in the `main` function in
`lib/main.js` to prevent unnecessary retries.
- Updated test cases in `tests/main-token-permissions-set.test.js` to
match the new input key format with hyphens.
- Added a default empty string for unset inputs (e.g.,
`INPUT_PERMISSION-ADMINISTRATION`) in `tests/main.js` to simulate the
behavior of the Actions runner.
- Updated snapshots in `tests/snapshots/index.js.md` to reflect the
updated hyphenated input keys in permissions.

---------

Co-authored-by: Gregor Martynus <39992+gr2m@users.noreply.github.com>
 2025-05-02 11:44:01 -07:00
Yuta Kasai c3c17c79cc fix: use core.getBooleanInput() to retrieve boolean input values (#223) 
This PR switches from evaluating values passed to `skip-token-revoke` as
true if they are truthy in JavaScript, to using `getBooleanInput`. This
change ensures that only proper YAML boolean values are recognized,
preventing unintended evaluations to true.
- The definition of `getBooleanInput` is here: definition of
`core#getBooealnInput` is here:
https://github.com/actions/toolkit/blob/930c89072712a3aac52d74b23338f00bb0cfcb24/packages/core/src/core.ts#L188-L208

The documentation states, `"If truthy, the token will not be revoked
when the current job is complete"`, so this change could be considered a
breaking change. This means that if there are users who rely on `truthy`
and expect values like whitespace or `"false"` to be evaluated as true
(though this is likely rare), it would be a breaking change.
- `Boolean(" ")` and `Boolean("false")` are both evaluated as true.

Alternatively, it can simply be considered a fix. How to handle this is
up to the maintainer.

Resolves https://github.com/actions/create-github-app-token/issues/216
 2025-04-25 11:59:34 -07:00
Gregor Martynus 0e0aa99a86 feat: permissions (#168) 
- Load `app-permissions` from schema exported by `@octokit/openapi`
- Update documentation in README.md
- Implement the `permissions_*` inputs in the action code

---------

Co-authored-by: Parker Brown <17183625+parkerbxyz@users.noreply.github.com>
 2025-03-27 19:00:54 +00:00
Parker Brown 15db0371da test: fix test file extensions and inputs for repositories (#161) 
This pull request fixes the file extension for two test files that were
incorrectly named. This caused them not to be tested. A new test has
been added to ensure all test files have the correct extension.

This also fixes a bug in some tests where `repositories` inputs included
the repository owner. The owner has been removed from these inputs and
the snapshots have been updated.
 2024-09-03 20:04:47 -07:00
沙漠之子 babaff4320 feat(outputs): app-slug and installation-id (#105) 
It is convenient to use `https://api.github.com/users/$app_slug[bot]` to
obtain the corresponding account ID later.
Then build `Signed-off-by: $app_slug[bot]
<$id+$app_slug[bot]@users.noreply.github.com>`.

Currently, there is no Linux environment to build test snapshot files
 2024-03-01 19:18:38 +00:00
Parker Brown 1f82f7df93 feat: add proxy support (#102) 
Adds support for the following environment variables:

- `https_proxy`
- `HTTPS_PROXY`
- `http_proxy`
- `HTTP_PROXY`
- `no_proxy`
- `NO_PROXY`
 2024-02-08 15:39:04 -08:00
Gregor Martynus 837e2752e0 feat: github-api-url (#88) 
closes #77

---------

Co-authored-by: Parker Brown <17183625+parkerbxyz@users.noreply.github.com>
 2024-01-26 10:51:16 -08:00
Josh Gross 0c014070f9 fix(revocation): avoid revoking expired tokens and fail gracefully (#95) 
Fixes #72

If an Actions job is long enough, more than an hour can pass between
creating and revoking the App token in the post-job clean up step. Since
the token itself is used to authenticate with the revoke API, an expired
token will fail to be revoked.

This PR saves the token expiration in the actions state and uses that in
the post step to determine if the token can be revoked. I've also added
error handling to the revoke token API call, as it's unlikely that users
would want their job to fail if the token can't be revoked.
 2024-01-19 07:45:12 -08:00
Clay Miller 7b1d2aef87 feat: use dash notation for inputs (deprecates underscore notation) (#59) 
Fixes #57 

This PR implements the 3-step plan proposed by @gr2m in
https://github.com/actions/create-github-app-token/issues/57#issuecomment-1751272252:

> 1. Support both input types
> 2. Log a deprecation warning for the old notation
> 3. Add a test for deprecations

Although this PR supports both input formats simultaneously, I opted
_not_ to document the old format in the updated README. That’s a
decision I’m happy to revisit, if y’all would prefer to have
documentation for both the old and new formats.
 2023-10-06 13:10:49 -07:00
Clay Miller 9b283559f1 test: integration tests for main.js (#56) 
Part of https://github.com/actions/create-github-app-token/issues/43

This PR adds tests for
[`main.js`](https://github.com/actions/create-github-app-token/blob/main/lib/main.js),
similar to [the tests that already exist for
`post.js`](https://github.com/actions/create-github-app-token/tree/main/tests).

Specifically, it tests that:
- `main` exits with an error when `GITHUB_REPOSITORY` is missing.
- `main` exits with an error when `GITHUB_REPOSITORY_OWNER` is missing.
- `main` successfully obtains a token when…
- …the `owner` and `repositories` inputs are set (and the latter is a
single repo).
- …the `owner` and `repositories` inputs are set (and the latter is a
list of repos).
- …the `owner` input is set (to an org), but the `repositories` input
isn’t set.
- …the `owner` input is set (to a user), but the `repositories` input
isn’t set.
  - …the `owner` input is not set, but the `repositories` input is set.
  - …neither the `owner` nor `repositories` input is set.

❧

Architecturally, in order to keep individual tests concise, this PR adds
`tests/main.js`, which:
- sets commonly-used inputs, environment variables, and mocks, then
- calls a callback function that can edit the variables and add
additional mocks, then
- runs `main.js` itself.

The `tests/main-token-get-*.test.js` test files run `tests/main.js` with
various scenario-specific callback functions.
 2023-10-06 12:39:35 -07:00