AVA stores snapshots in a binary format (`.snap`), which produces no
meaningful diffs and bloats Git history. This replaces AVA with the
built-in `node:test` module, whose snapshot support generates
human-readable text files that are easy to diff and review in pull
requests.
The migration also replaces `@sinonjs/fake-timers` and `execa` with
Node.js built-ins (`node:test` mock timers and `node:child_process`),
removing three dev dependencies total.
- **`tests/index.js`**: Rewritten to use `node:test` with a custom
snapshot serializer that renders strings with actual newlines. Uses
subtests for labeled `stderr`/`stdout` snapshots, and only snapshots
non-empty output.
- **`tests/main-repo-skew.test.js`**: Replace `@sinonjs/fake-timers`
with `mock.timers.enable()` from `node:test`.
- **`tests/README.md`**: Updated documentation to reflect `node --test`
and the new snapshot file.
- **`package.json`**: Remove `ava`, `@sinonjs/fake-timers`, and `execa`
from devDependencies. Update test script to `c8 --100 node --test
tests/index.js`.
- **`tests/index.js.snapshot`**: New text-based snapshot file replacing
binary `tests/snapshots/index.js.snap`.
- **`tests/snapshots/`**: Deleted.
All 22 test scenarios (66 subtests) pass with 100% code coverage.
Closes#344
---------
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
(cherry picked from commit f863ba5554)
- Load `app-permissions` from schema exported by `@octokit/openapi`
- Update documentation in README.md
- Implement the `permissions_*` inputs in the action code
---------
Co-authored-by: Parker Brown <17183625+parkerbxyz@users.noreply.github.com>
Fixes https://github.com/actions/create-github-app-token/issues/55
Currently, `actions/create-github-app-token` always/unconditionally
revokes the installation access token in a `post` step, at the
completion of the current job. This prevents tokens from being used in
other jobs.
This PR makes this behavior configurable:
- When the `skip-token-revoke` input is not specified (i.e. by default),
the token is revoked in a `post` step (i.e. the current behavior).
- When the `skip-token-revoke` input is set to a truthy value (e.g.
`"true"`[^1]), the token is not revoked in a `post` step.
This PR adds a test for the `skip-token-revoke: "true"` case.
This is configurable in other app token actions, e.g.
[tibdex/github-app-token](https://github.com/tibdex/github-app-token/blob/3eb77c7243b85c65e84acfa93fdbac02fb6bd532/README.md?plain=1#L46-L47)
and
[wow-actions/use-app-token](https://github.com/wow-actions/use-app-token/blob/cd772994fc762f99cf291f308797341327a49b0c/README.md?plain=1#L132).
[^1]: Note that `"false"` is also truthy: `Boolean("false")` is `true`.
If we think that’ll potentially confuse folks, I can require
`skip-token-revoke` to be set explicitly to `"true"`.
Parker Brown