Merge origin/main into enterprise-app-enterprise-slug

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

.github/workflows/release.yml

@@ -0,0 +1,40 @@
+name: release
+
+on:
+  push:
+    branches:
+      - "*.x"
+      - main
+      - beta
+
+permissions:
+  contents: write
+  issues: write
+  pull-requests: write
+
+jobs:
+  release:
+    name: release
+    runs-on: ubuntu-latest
+    steps:
+      # build local version to create token
+      - uses: actions/checkout@v6
+        with:
+          persist-credentials: false
+
+      - uses: actions/setup-node@v6
+        with:
+          node-version-file: package.json
+
+      - run: npm ci
+      - run: npm run build
+      - uses: ./
+        id: app-token
+        with:
+          app-id: ${{ vars.RELEASER_APP_ID }}
+          private-key: ${{ secrets.RELEASER_APP_PRIVATE_KEY }}
+      # install release dependencies and release
+      - run: npm install --no-save @semantic-release/git semantic-release-plugin-github-breaking-version-tag
+      - run: npx semantic-release --debug
+        env:
+          GITHUB_TOKEN: ${{ steps.app-token.outputs.token }}

.github/workflows/stale.yml

@@ -0,0 +1,34 @@
+# This workflow warns and then closes issues that have had no activity for a specified amount of time.
+# https://github.com/actions/stale
+
+name: Stale
+
+on:
+  workflow_dispatch:
+  schedule:
+    # 00:00 UTC on Mondays
+    - cron: '0 0 * * 1'
+
+permissions:
+  issues: write
+  pull-requests: write
+
+env:
+  DAYS_BEFORE_STALE: 180
+  DAYS_BEFORE_CLOSE: 60
+  STALE_LABEL: 'stale'
+  STALE_LABEL_URL: ${{github.server_url}}/${{github.repository}}/labels/stale
+
+jobs:
+  stale:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/stale@v10
+        with:
+          operations-per-run: 100
+          days-before-stale: ${{ env.DAYS_BEFORE_STALE }}
+          days-before-close: ${{ env.DAYS_BEFORE_CLOSE }}
+          stale-issue-label: ${{ env.STALE_LABEL }}
+          stale-pr-label: ${{ env.STALE_LABEL }}
+          stale-issue-message: 'This issue has been marked ${{ env.STALE_LABEL_URL }} because it has been open for ${{ env.DAYS_BEFORE_STALE }} days with no activity. Please close this issue if it is no longer needed. If this issue is still relevant and you would like it to remain open, simply update it within the next ${{ env.DAYS_BEFORE_CLOSE }} days.'
+          stale-pr-message: 'This pull request has been marked ${{ env.STALE_LABEL_URL }} because it has been open for ${{ env.DAYS_BEFORE_STALE }} days with no activity. Please close this pull request if it is no longer needed. If this pull request is still relevant and you would like it to remain open, simply update it within the next ${{ env.DAYS_BEFORE_CLOSE }} days.'

.github/workflows/test.yml

@@ -0,0 +1,81 @@
+name: test
+
+on:
+  push:
+    branches:
+      - main
+      - beta
+  pull_request:
+  merge_group:
+  workflow_dispatch:
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
+permissions:
+  contents: read
+
+jobs:
+  integration:
+    name: integration
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v6
+
+      - uses: actions/setup-node@v6
+        with:
+          node-version-file: package.json
+
+      - run: npm ci
+      - run: npm test
+
+  end-to-end:
+    name: end-to-end
+    runs-on: ubuntu-latest
+    # do not run from forks, as forks don’t have access to repository secrets
+    if: github.event_name != 'pull_request' || github.event.pull_request.head.repo.owner.login == github.event.pull_request.base.repo.owner.login
+    steps:
+      - uses: actions/checkout@v6
+      - uses: actions/setup-node@v6
+        with:
+          node-version-file: package.json
+      - run: npm ci
+      - run: npm run build
+      - uses: ./ # Uses the action in the root directory
+        id: test
+        with:
+          app-id: ${{ vars.TEST_APP_ID }}
+          private-key: ${{ secrets.TEST_APP_PRIVATE_KEY }}
+      - uses: octokit/request-action@v2.x
+        id: get-repository
+        env:
+          GITHUB_TOKEN: ${{ steps.test.outputs.token }}
+        with:
+          route: GET /installation/repositories
+      - run: echo '${{ steps.get-repository.outputs.data }}'
+
+  end-to-end-proxy:
+    name: end-to-end with unreachable proxy
+    runs-on: ubuntu-latest
+    # do not run from forks, as forks don’t have access to repository secrets
+    if: github.event_name != 'pull_request' || github.event.pull_request.head.repo.owner.login == github.event.pull_request.base.repo.owner.login
+    steps:
+      - uses: actions/checkout@v6
+      - uses: actions/setup-node@v6
+        with:
+          node-version-file: package.json
+          cache: 'npm'
+      - run: npm ci
+      - run: npm run build
+      - uses: ./ # Uses the action in the root directory
+        continue-on-error: true
+        id: test
+        env:
+          NODE_USE_ENV_PROXY: "1"
+          https_proxy: http://127.0.0.1:9
+        with:
+          app-id: ${{ vars.TEST_APP_ID }}
+          private-key: ${{ secrets.TEST_APP_PRIVATE_KEY }}
+      - name: Assert action failed through unreachable proxy
+        run: test "${{ steps.test.outcome }}" = "failure"

.github/workflows/update-permission-inputs.yml

@@ -0,0 +1,42 @@
+name: Update Permission Inputs
+
+on:
+  pull_request:
+    paths:
+      - 'package.json'
+      - 'package-lock.json'
+  workflow_dispatch:
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
+permissions:
+  contents: write
+  pull-requests: write
+
+jobs:
+  update-permission-inputs:
+    runs-on: ubuntu-latest
+    env:
+      COMMIT_MESSAGE: 'feat: update permission inputs'
+    steps:
+      - uses: actions/checkout@v6
+      - uses: actions/setup-node@v6
+        with:
+          node-version-file: package.json
+      - name: Install dependencies
+        run: npm ci
+      - name: Run permission inputs update script
+        run: node scripts/update-permission-inputs.js
+      - name: Commit changes
+        id: auto-commit
+        uses: stefanzweifel/git-auto-commit-action@04702edda442b2e678b25b537cec683a1493fcb9 # v7.1.0
+        with:
+          commit_message: ${{ env.COMMIT_MESSAGE }}
+      - name: Update PR title
+        if: github.event_name == 'pull_request' && steps.auto-commit.outputs.changes_detected == 'true'
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: |
+          gh pr edit ${{ github.event.pull_request.number }} --title "${{ env.COMMIT_MESSAGE }}"

.release-please-manifest.json

@@ -1,3 +0,0 @@
-{
-  ".": "3.1.1"
-}

README.md

@@ -207,8 +207,8 @@ jobs:
       - uses: actions/create-github-app-token@v3
         id: app-token
         with:
-          client-id: ${{ vars.APP_CLIENT_ID }}
-          private-key: ${{ secrets.APP_PRIVATE_KEY }}
+          app-id: ${{ vars.APP_ID }}
+          private-key: ${{ secrets.PRIVATE_KEY }}
           enterprise: my-enterprise-slug
       - name: Call enterprise management REST API with gh
         run: |
@@ -220,7 +220,7 @@ jobs:
 ### Create a token with specific permissions
 
 > [!NOTE]
-> Selected permissions must be granted to the specified app installation. Setting a permission that the installation does not have will result in an error.
+> Selected permissions must be granted to the installation of the specified app and repository owner. Setting a permission that the installation does not have will result in an error.
 
 ```yaml
 on: [issues]
@@ -380,10 +380,10 @@ steps:
 
 ### `enterprise`
 
-**Optional:** The slug of the enterprise account to generate a token for an enterprise installation.
+**Optional:** The slug version of the enterprise name to generate a token for enterprise-level app installations.
 
 > [!NOTE]
-> The `enterprise` input is mutually exclusive with `owner` and `repositories`. Use it when the GitHub App is installed on an enterprise account. Enterprise installation tokens can call enterprise APIs, but do not grant organization or repository access.
+> The `enterprise` input is mutually exclusive with `owner` and `repositories`. GitHub Apps can be installed on enterprise accounts with permissions that let them call enterprise management APIs. Enterprise installations do not grant access to organization or repository resources.
 
 ### `permission-<permission name>`
 
@@ -415,14 +415,13 @@ GitHub App slug.
 
 ## How it works
 
-The action creates an installation access token using [the `POST /app/installations/{installation_id}/access_tokens` endpoint](https://docs.github.com/rest/apps/apps?apiVersion=2022-11-28#create-an-installation-access-token-for-an-app).
+The action creates an installation access token using [the `POST /app/installations/{installation_id}/access_tokens` endpoint](https://docs.github.com/rest/apps/apps?apiVersion=2022-11-28#create-an-installation-access-token-for-an-app). By default,
 
-The token target depends on the inputs: `enterprise` creates a token for an enterprise installation, `owner` without `repositories` creates a token for all repositories in the owner's installation, `repositories` scopes the token to those repositories, and no target inputs scopes the token to the current repository.
-
-1. The token inherits all the installation's permissions.
-2. The token is set as output `token` which can be used in subsequent steps.
-3. Unless the `skip-token-revoke` input is set to true, the token is revoked in the `post` step of the action, which means it cannot be passed to another job.
-4. The token is masked, it cannot be logged accidentally.
+1. The token is scoped to the current repository or `repositories` if set.
+2. The token inherits all the installation's permissions.
+3. The token is set as output `token` which can be used in subsequent steps.
+4. Unless the `skip-token-revoke` input is set to true, the token is revoked in the `post` step of the action, which means it cannot be passed to another job.
+5. The token is masked, it cannot be logged accidentally.
 
 > [!NOTE]
 > Installation permissions can differ from the app's permissions they belong to. Installation permissions are set when an app is installed on an account. When the app adds more permissions after the installation, an account administrator will have to approve the new permissions before they are set on the installation.

action.yml

@@ -22,7 +22,7 @@ inputs:
     description: "Comma or newline-separated list of repositories to install the GitHub App on (defaults to current repository if owner is unset)"
     required: false
   enterprise:
-    description: "The slug of the enterprise account where the GitHub App is installed (cannot be used with 'owner' or 'repositories')"
+    description: "The slug version of the enterprise name for enterprise-level app installations (cannot be used with 'owner' or 'repositories')"
     required: false
   skip-token-revoke:
     description: "If true, the token will not be revoked when the current job is complete"

dist/main.cjs

@@ -22964,37 +22964,30 @@ var isError = (value) => objectToString.call(value) === "[object Error]";
 var errorMessages = /* @__PURE__ */ new Set([
   "network error",
   // Chrome
+  "Failed to fetch",
+  // Chrome
   "NetworkError when attempting to fetch resource.",
   // Firefox
   "The Internet connection appears to be offline.",
   // Safari 16
+  "Load failed",
+  // Safari 17+
   "Network request failed",
   // `cross-fetch`
   "fetch failed",
   // Undici (Node.js)
-  "terminated",
+  "terminated"
   // Undici (Node.js)
-  " A network error occurred.",
-  // Bun (WebKit)
-  "Network connection lost"
-  // Cloudflare Workers (fetch)
 ]);
 function isNetworkError(error2) {
   const isValid = error2 && isError(error2) && error2.name === "TypeError" && typeof error2.message === "string";
   if (!isValid) {
     return false;
   }
-  const { message, stack } = error2;
-  if (message === "Load failed" || message.startsWith("Load failed (") && message.endsWith(")")) {
-    return stack === void 0 || "__sentry_captured__" in error2;
+  if (error2.message === "Load failed") {
+    return error2.stack === void 0;
   }
-  if (message.startsWith("error sending request for url")) {
-    return true;
-  }
-  if (message === "Failed to fetch" || message.startsWith("Failed to fetch (") && message.endsWith(")")) {
-    return true;
-  }
-  return errorMessages.has(message);
+  return errorMessages.has(error2.message);
 }
 
 // node_modules/p-retry/index.js
@@ -23024,14 +23017,6 @@ function validateNumberOption(name, value, { min = 0, allowInfinity = false } =
     throw new TypeError(`Expected \`${name}\` to be \u2265 ${min}.`);
   }
 }
-function validateFunctionOption(name, value) {
-  if (value === void 0) {
-    return;
-  }
-  if (typeof value !== "function") {
-    throw new TypeError(`Expected \`${name}\` to be a function.`);
-  }
-}
 var AbortError = class extends Error {
   constructor(message) {
     super();
@@ -23059,26 +23044,6 @@ function calculateRemainingTime(start, max) {
   }
   return max - (performance.now() - start);
 }
-async function delayForRetry(delay, options) {
-  if (delay <= 0) {
-    return;
-  }
-  await new Promise((resolve2, reject) => {
-    const onAbort = () => {
-      clearTimeout(timeoutToken);
-      options.signal?.removeEventListener("abort", onAbort);
-      reject(options.signal.reason);
-    };
-    const timeoutToken = setTimeout(() => {
-      options.signal?.removeEventListener("abort", onAbort);
-      resolve2();
-    }, delay);
-    if (options.unref) {
-      timeoutToken.unref?.();
-    }
-    options.signal?.addEventListener("abort", onAbort, { once: true });
-  });
-}
 async function onAttemptFailure({ error: error2, attemptNumber, retriesConsumed, startTime, options }) {
   const normalizedError = error2 instanceof Error ? error2 : new TypeError(`Non-error was thrown: "${error2}". You should only throw errors.`);
   if (normalizedError instanceof AbortError) {
@@ -23086,60 +23051,55 @@ async function onAttemptFailure({ error: error2, attemptNumber, retriesConsumed,
   }
   const retriesLeft = Number.isFinite(options.retries) ? Math.max(0, options.retries - retriesConsumed) : options.retries;
   const maxRetryTime = options.maxRetryTime ?? Number.POSITIVE_INFINITY;
-  const delayTime = calculateDelay(retriesConsumed, options);
-  const remainingTimeBeforeCallbacks = calculateRemainingTime(startTime, maxRetryTime);
-  if (remainingTimeBeforeCallbacks <= 0) {
-    const context2 = Object.freeze({
-      error: normalizedError,
-      attemptNumber,
-      retriesLeft,
-      retriesConsumed,
-      retryDelay: 0
-    });
-    await options.onFailedAttempt(context2);
-    throw normalizedError;
-  }
-  const consumeRetryContext = Object.freeze({
-    error: normalizedError,
-    attemptNumber,
-    retriesLeft,
-    retriesConsumed,
-    retryDelay: retriesLeft > 0 ? delayTime : 0
-  });
-  const consumeRetry = await options.shouldConsumeRetry(consumeRetryContext);
-  const effectiveDelay = consumeRetry && retriesLeft > 0 ? delayTime : 0;
   const context = Object.freeze({
     error: normalizedError,
     attemptNumber,
     retriesLeft,
-    retriesConsumed,
-    retryDelay: effectiveDelay
+    retriesConsumed
   });
   await options.onFailedAttempt(context);
   if (calculateRemainingTime(startTime, maxRetryTime) <= 0) {
     throw normalizedError;
   }
+  const consumeRetry = await options.shouldConsumeRetry(context);
   const remainingTime = calculateRemainingTime(startTime, maxRetryTime);
   if (remainingTime <= 0 || retriesLeft <= 0) {
     throw normalizedError;
   }
   if (normalizedError instanceof TypeError && !isNetworkError(normalizedError)) {
-    throw normalizedError;
+    if (consumeRetry) {
+      throw normalizedError;
+    }
+    options.signal?.throwIfAborted();
+    return false;
   }
   if (!await options.shouldRetry(context)) {
     throw normalizedError;
   }
-  const remainingTimeAfterShouldRetry = calculateRemainingTime(startTime, maxRetryTime);
-  if (remainingTimeAfterShouldRetry <= 0) {
-    throw normalizedError;
-  }
   if (!consumeRetry) {
     options.signal?.throwIfAborted();
     return false;
   }
-  const finalDelay = Math.min(effectiveDelay, remainingTimeAfterShouldRetry);
+  const delayTime = calculateDelay(retriesConsumed, options);
+  const finalDelay = Math.min(delayTime, remainingTime);
   options.signal?.throwIfAborted();
-  await delayForRetry(finalDelay, options);
+  if (finalDelay > 0) {
+    await new Promise((resolve2, reject) => {
+      const onAbort = () => {
+        clearTimeout(timeoutToken);
+        options.signal?.removeEventListener("abort", onAbort);
+        reject(options.signal.reason);
+      };
+      const timeoutToken = setTimeout(() => {
+        options.signal?.removeEventListener("abort", onAbort);
+        resolve2();
+      }, finalDelay);
+      if (options.unref) {
+        timeoutToken.unref?.();
+      }
+      options.signal?.addEventListener("abort", onAbort, { once: true });
+    });
+  }
   options.signal?.throwIfAborted();
   return true;
 }
@@ -23159,9 +23119,6 @@ async function pRetry(input, options = {}) {
   };
   options.shouldRetry ??= () => true;
   options.shouldConsumeRetry ??= () => true;
-  validateFunctionOption("onFailedAttempt", options.onFailedAttempt);
-  validateFunctionOption("shouldRetry", options.shouldRetry);
-  validateFunctionOption("shouldConsumeRetry", options.shouldConsumeRetry);
   validateNumberOption("factor", options.factor, { min: 0, allowInfinity: false });
   validateNumberOption("minTimeout", options.minTimeout, { min: 0, allowInfinity: false });
   validateNumberOption("maxTimeout", options.maxTimeout, { min: 0, allowInfinity: true });
@@ -23206,10 +23163,54 @@ async function main(clientId, privateKey, enterprise, owner, repositories, permi
     privateKey,
     request: request2
   });
-  const { authentication, installationId, appSlug } = await pRetry(
-    () => getTokenFromTarget(request2, auth5, target, permissions),
-    createTokenRetryOptions(core, getTokenRetryDescription(target))
-  );
+  let authentication, installationId, appSlug;
+  if (target.type === "enterprise") {
+    ({ authentication, installationId, appSlug } = await pRetry(
+      () => getTokenFromEnterprise(request2, auth5, target.enterprise, permissions),
+      {
+        shouldRetry: ({ error: error2 }) => error2.status >= 500,
+        onFailedAttempt: (context) => {
+          core.info(
+            `Failed to create token for enterprise "${target.enterprise}" (attempt ${context.attemptNumber}): ${context.error.message}`
+          );
+        },
+        retries: 3
+      }
+    ));
+  } else if (target.type === "repository") {
+    ({ authentication, installationId, appSlug } = await pRetry(
+      () => getTokenFromRepository(
+        request2,
+        auth5,
+        target.owner,
+        target.repositories,
+        permissions
+      ),
+      {
+        shouldRetry: ({ error: error2 }) => error2.status >= 500,
+        onFailedAttempt: (context) => {
+          core.info(
+            `Failed to create token for "${target.repositories.join(
+              ","
+            )}" (attempt ${context.attemptNumber}): ${context.error.message}`
+          );
+        },
+        retries: 3
+      }
+    ));
+  } else {
+    ({ authentication, installationId, appSlug } = await pRetry(
+      () => getTokenFromOwner(request2, auth5, target.owner, permissions),
+      {
+        onFailedAttempt: (context) => {
+          core.info(
+            `Failed to create token for "${target.owner}" (attempt ${context.attemptNumber}): ${context.error.message}`
+          );
+        },
+        retries: 3
+      }
+    ));
+  }
   core.setSecret(authentication.token);
   core.setOutput("token", authentication.token);
   core.setOutput("installation-id", installationId);
@@ -23249,7 +23250,8 @@ function resolveInstallationTarget(enterprise, owner, repositories, core) {
     );
   } else {
     core.info(
-      `Inputs 'owner' and 'repositories' are set. Creating token for the following repositories:${repositories.map((repo) => `
+      `Inputs 'owner' and 'repositories' are set. Creating token for the following repositories:
+      ${repositories.map((repo) => `
 - ${parsedOwner}/${repo}`).join("")}`
     );
   }
@@ -23259,49 +23261,6 @@ function resolveInstallationTarget(enterprise, owner, repositories, core) {
     repositories
   };
 }
-function getTokenRetryDescription(target) {
-  switch (target.type) {
-    case "enterprise":
-      return `enterprise "${target.enterprise}"`;
-    case "repository":
-      return `"${target.repositories.map((repository) => `${target.owner}/${repository}`).join(",")}"`;
-    case "owner":
-      return `"${target.owner}"`;
-    /* c8 ignore next 2 */
-    default:
-      throw new Error(`Unsupported installation target type: ${target.type}`);
-  }
-}
-function getTokenFromTarget(request2, auth5, target, permissions) {
-  switch (target.type) {
-    case "enterprise":
-      return getTokenFromEnterprise(request2, auth5, target.enterprise, permissions);
-    case "repository":
-      return getTokenFromRepository(
-        request2,
-        auth5,
-        target.owner,
-        target.repositories,
-        permissions
-      );
-    case "owner":
-      return getTokenFromOwner(request2, auth5, target.owner, permissions);
-    /* c8 ignore next 2 */
-    default:
-      throw new Error(`Unsupported installation target type: ${target.type}`);
-  }
-}
-function createTokenRetryOptions(core, targetDescription) {
-  return {
-    shouldRetry: ({ error: error2 }) => error2.status >= 500 || isNetworkError(error2),
-    onFailedAttempt: (context) => {
-      core.info(
-        `Failed to create token for ${targetDescription} (attempt ${context.attemptNumber}): ${context.error.message}`
-      );
-    },
-    retries: 3
-  };
-}
 async function createInstallationAuthResult(auth5, installation, permissions, options = {}) {
   const authentication = await auth5({
     type: "installation",
@@ -23348,7 +23307,7 @@ async function getTokenFromEnterprise(request2, auth5, enterprise, permissions)
   } catch (error2) {
     if (error2.status === 404) {
       throw new Error(
-        `No enterprise installation found matching the enterprise slug "${enterprise}".`
+        `No enterprise installation found matching the name ${enterprise}.`
       );
     }
     throw error2;

lib/main.js

@@ -1,5 +1,4 @@
 import pRetry from "p-retry";
-import isNetworkError from "is-network-error";
 // @ts-check
 
 /**
@@ -39,10 +38,57 @@ export async function main(
     request,
   });
 
-  const { authentication, installationId, appSlug } = await pRetry(
-    () => getTokenFromTarget(request, auth, target, permissions),
-    createTokenRetryOptions(core, getTokenRetryDescription(target))
-  );
+  let authentication, installationId, appSlug;
+
+  if (target.type === "enterprise") {
+    ({ authentication, installationId, appSlug } = await pRetry(
+      () => getTokenFromEnterprise(request, auth, target.enterprise, permissions),
+      {
+        shouldRetry: ({ error }) => error.status >= 500,
+        onFailedAttempt: (context) => {
+          core.info(
+            `Failed to create token for enterprise "${target.enterprise}" (attempt ${context.attemptNumber}): ${context.error.message}`
+          );
+        },
+        retries: 3,
+      }
+    ));
+  } else if (target.type === "repository") {
+    ({ authentication, installationId, appSlug } = await pRetry(
+      () =>
+        getTokenFromRepository(
+          request,
+          auth,
+          target.owner,
+          target.repositories,
+          permissions
+        ),
+      {
+        shouldRetry: ({ error }) => error.status >= 500,
+        onFailedAttempt: (context) => {
+          core.info(
+            `Failed to create token for "${target.repositories.join(
+              ","
+            )}" (attempt ${context.attemptNumber}): ${context.error.message}`
+          );
+        },
+        retries: 3,
+      }
+    ));
+  } else {
+    // Otherwise get the installation for the owner, which can either be an organization or a user account
+    ({ authentication, installationId, appSlug } = await pRetry(
+      () => getTokenFromOwner(request, auth, target.owner, permissions),
+      {
+        onFailedAttempt: (context) => {
+          core.info(
+            `Failed to create token for "${target.owner}" (attempt ${context.attemptNumber}): ${context.error.message}`
+          );
+        },
+        retries: 3,
+      }
+    ));
+  }
 
   // Register the token with the runner as a secret to ensure it is masked in logs
   core.setSecret(authentication.token);
@@ -96,9 +142,8 @@ function resolveInstallationTarget(enterprise, owner, repositories, core) {
     );
   } else {
     core.info(
-      `Inputs 'owner' and 'repositories' are set. Creating token for the following repositories:${repositories
-        .map((repo) => `\n- ${parsedOwner}/${repo}`)
-        .join("")}`
+      `Inputs 'owner' and 'repositories' are set. Creating token for the following repositories:
+      ${repositories.map((repo) => `\n- ${parsedOwner}/${repo}`).join("")}`
     );
   }
 
@@ -109,54 +154,6 @@ function resolveInstallationTarget(enterprise, owner, repositories, core) {
   };
 }
 
-function getTokenRetryDescription(target) {
-  switch (target.type) {
-    case "enterprise":
-      return `enterprise "${target.enterprise}"`;
-    case "repository":
-      return `"${target.repositories
-        .map((repository) => `${target.owner}/${repository}`)
-        .join(",")}"`;
-    case "owner":
-      return `"${target.owner}"`;
-    /* c8 ignore next 2 */
-    default:
-      throw new Error(`Unsupported installation target type: ${target.type}`);
-  }
-}
-
-function getTokenFromTarget(request, auth, target, permissions) {
-  switch (target.type) {
-    case "enterprise":
-      return getTokenFromEnterprise(request, auth, target.enterprise, permissions);
-    case "repository":
-      return getTokenFromRepository(
-        request,
-        auth,
-        target.owner,
-        target.repositories,
-        permissions
-      );
-    case "owner":
-      return getTokenFromOwner(request, auth, target.owner, permissions);
-    /* c8 ignore next 2 */
-    default:
-      throw new Error(`Unsupported installation target type: ${target.type}`);
-  }
-}
-
-function createTokenRetryOptions(core, targetDescription) {
-  return {
-    shouldRetry: ({ error }) => error.status >= 500 || isNetworkError(error),
-    onFailedAttempt: (context) => {
-      core.info(
-        `Failed to create token for ${targetDescription} (attempt ${context.attemptNumber}): ${context.error.message}`
-      );
-    },
-    retries: 3,
-  };
-}
-
 async function createInstallationAuthResult(
   auth,
   installation,
@@ -225,7 +222,7 @@ async function getTokenFromEnterprise(request, auth, enterprise, permissions) {
   } catch (error) {
     if (error.status === 404) {
       throw new Error(
-        `No enterprise installation found matching the enterprise slug "${enterprise}".`
+        `No enterprise installation found matching the name ${enterprise}.`
       );
     }
 

package-lock.json

@@ -9,28 +9,27 @@
       "version": "3.1.1",
       "license": "MIT",
       "dependencies": {
-        "@actions/core": "^3.0.1",
+        "@actions/core": "^3.0.0",
         "@octokit/auth-app": "^8.2.0",
         "@octokit/request": "^10.0.8",
-        "is-network-error": "^1.3.2",
         "p-retry": "^8.0.0"
       },
       "devDependencies": {
         "@octokit/openapi": "^22.0.0",
         "c8": "^11.0.0",
-        "esbuild": "^0.28.0",
+        "esbuild": "^0.27.4",
         "open-cli": "^9.0.0",
-        "undici": "^8.2.0",
-        "yaml": "^2.8.4"
+        "undici": "^7.24.6",
+        "yaml": "^2.8.3"
       },
       "engines": {
         "node": ">=24.4.0"
       }
     },
     "node_modules/@actions/core": {
-      "version": "3.0.1",
-      "resolved": "https://registry.npmjs.org/@actions/core/-/core-3.0.1.tgz",
-      "integrity": "sha512-a6d/Nwahm9fliVGRhdhofo40HjHQasUPusmc7vBfyky+7Z+P2A1J68zyFVaNcEclc/Se+eO595oAr5nwEIoIUA==",
+      "version": "3.0.0",
+      "resolved": "https://registry.npmjs.org/@actions/core/-/core-3.0.0.tgz",
+      "integrity": "sha512-zYt6cz+ivnTmiT/ksRVriMBOiuoUpDCJJlZ5KPl2/FRdvwU3f7MPh9qftvbkXJThragzUZieit2nyHUyw53Seg==",
       "license": "MIT",
       "dependencies": {
         "@actions/exec": "^3.0.0",
@@ -92,9 +91,9 @@
       }
     },
     "node_modules/@esbuild/aix-ppc64": {
-      "version": "0.28.0",
-      "resolved": "https://registry.npmjs.org/@esbuild/aix-ppc64/-/aix-ppc64-0.28.0.tgz",
-      "integrity": "sha512-lhRUCeuOyJQURhTxl4WkpFTjIsbDayJHih5kZC1giwE+MhIzAb7mEsQMqMf18rHLsrb5qI1tafG20mLxEWcWlA==",
+      "version": "0.27.4",
+      "resolved": "https://registry.npmjs.org/@esbuild/aix-ppc64/-/aix-ppc64-0.27.4.tgz",
+      "integrity": "sha512-cQPwL2mp2nSmHHJlCyoXgHGhbEPMrEEU5xhkcy3Hs/O7nGZqEpZ2sUtLaL9MORLtDfRvVl2/3PAuEkYZH0Ty8Q==",
       "cpu": [
         "ppc64"
       ],
@@ -109,9 +108,9 @@
       }
     },
     "node_modules/@esbuild/android-arm": {
-      "version": "0.28.0",
-      "resolved": "https://registry.npmjs.org/@esbuild/android-arm/-/android-arm-0.28.0.tgz",
-      "integrity": "sha512-wqh0ByljabXLKHeWXYLqoJ5jKC4XBaw6Hk08OfMrCRd2nP2ZQ5eleDZC41XHyCNgktBGYMbqnrJKq/K/lzPMSQ==",
+      "version": "0.27.4",
+      "resolved": "https://registry.npmjs.org/@esbuild/android-arm/-/android-arm-0.27.4.tgz",
+      "integrity": "sha512-X9bUgvxiC8CHAGKYufLIHGXPJWnr0OCdR0anD2e21vdvgCI8lIfqFbnoeOz7lBjdrAGUhqLZLcQo6MLhTO2DKQ==",
       "cpu": [
         "arm"
       ],
@@ -126,9 +125,9 @@
       }
     },
     "node_modules/@esbuild/android-arm64": {
-      "version": "0.28.0",
-      "resolved": "https://registry.npmjs.org/@esbuild/android-arm64/-/android-arm64-0.28.0.tgz",
-      "integrity": "sha512-+WzIXQOSaGs33tLEgYPYe/yQHf0WTU0X42Jca3y8NWMbUVhp7rUnw+vAsRC/QiDrdD31IszMrZy+qwPOPjd+rw==",
+      "version": "0.27.4",
+      "resolved": "https://registry.npmjs.org/@esbuild/android-arm64/-/android-arm64-0.27.4.tgz",
+      "integrity": "sha512-gdLscB7v75wRfu7QSm/zg6Rx29VLdy9eTr2t44sfTW7CxwAtQghZ4ZnqHk3/ogz7xao0QAgrkradbBzcqFPasw==",
       "cpu": [
         "arm64"
       ],
@@ -143,9 +142,9 @@
       }
     },
     "node_modules/@esbuild/android-x64": {
-      "version": "0.28.0",
-      "resolved": "https://registry.npmjs.org/@esbuild/android-x64/-/android-x64-0.28.0.tgz",
-      "integrity": "sha512-+VJggoaKhk2VNNqVL7f6S189UzShHC/mR9EE8rDdSkdpN0KflSwWY/gWjDrNxxisg8Fp1ZCD9jLMo4m0OUfeUA==",
+      "version": "0.27.4",
+      "resolved": "https://registry.npmjs.org/@esbuild/android-x64/-/android-x64-0.27.4.tgz",
+      "integrity": "sha512-PzPFnBNVF292sfpfhiyiXCGSn9HZg5BcAz+ivBuSsl6Rk4ga1oEXAamhOXRFyMcjwr2DVtm40G65N3GLeH1Lvw==",
       "cpu": [
         "x64"
       ],
@@ -160,9 +159,9 @@
       }
     },
     "node_modules/@esbuild/darwin-arm64": {
-      "version": "0.28.0",
-      "resolved": "https://registry.npmjs.org/@esbuild/darwin-arm64/-/darwin-arm64-0.28.0.tgz",
-      "integrity": "sha512-0T+A9WZm+bZ84nZBtk1ckYsOvyA3x7e2Acj1KdVfV4/2tdG4fzUp91YHx+GArWLtwqp77pBXVCPn2We7Letr0Q==",
+      "version": "0.27.4",
+      "resolved": "https://registry.npmjs.org/@esbuild/darwin-arm64/-/darwin-arm64-0.27.4.tgz",
+      "integrity": "sha512-b7xaGIwdJlht8ZFCvMkpDN6uiSmnxxK56N2GDTMYPr2/gzvfdQN8rTfBsvVKmIVY/X7EM+/hJKEIbbHs9oA4tQ==",
       "cpu": [
         "arm64"
       ],
@@ -177,9 +176,9 @@
       }
     },
     "node_modules/@esbuild/darwin-x64": {
-      "version": "0.28.0",
-      "resolved": "https://registry.npmjs.org/@esbuild/darwin-x64/-/darwin-x64-0.28.0.tgz",
-      "integrity": "sha512-fyzLm/DLDl/84OCfp2f/XQ4flmORsjU7VKt8HLjvIXChJoFFOIL6pLJPH4Yhd1n1gGFF9mPwtlN5Wf82DZs+LQ==",
+      "version": "0.27.4",
+      "resolved": "https://registry.npmjs.org/@esbuild/darwin-x64/-/darwin-x64-0.27.4.tgz",
+      "integrity": "sha512-sR+OiKLwd15nmCdqpXMnuJ9W2kpy0KigzqScqHI3Hqwr7IXxBp3Yva+yJwoqh7rE8V77tdoheRYataNKL4QrPw==",
       "cpu": [
         "x64"
       ],
@@ -194,9 +193,9 @@
       }
     },
     "node_modules/@esbuild/freebsd-arm64": {
-      "version": "0.28.0",
-      "resolved": "https://registry.npmjs.org/@esbuild/freebsd-arm64/-/freebsd-arm64-0.28.0.tgz",
-      "integrity": "sha512-l9GeW5UZBT9k9brBYI+0WDffcRxgHQD8ShN2Ur4xWq/NFzUKm3k5lsH4PdaRgb2w7mI9u61nr2gI2mLI27Nh3Q==",
+      "version": "0.27.4",
+      "resolved": "https://registry.npmjs.org/@esbuild/freebsd-arm64/-/freebsd-arm64-0.27.4.tgz",
+      "integrity": "sha512-jnfpKe+p79tCnm4GVav68A7tUFeKQwQyLgESwEAUzyxk/TJr4QdGog9sqWNcUbr/bZt/O/HXouspuQDd9JxFSw==",
       "cpu": [
         "arm64"
       ],
@@ -211,9 +210,9 @@
       }
     },
     "node_modules/@esbuild/freebsd-x64": {
-      "version": "0.28.0",
-      "resolved": "https://registry.npmjs.org/@esbuild/freebsd-x64/-/freebsd-x64-0.28.0.tgz",
-      "integrity": "sha512-BXoQai/A0wPO6Es3yFJ7APCiKGc1tdAEOgeTNy3SsB491S3aHn4S4r3e976eUnPdU+NbdtmBuLncYir2tMU9Nw==",
+      "version": "0.27.4",
+      "resolved": "https://registry.npmjs.org/@esbuild/freebsd-x64/-/freebsd-x64-0.27.4.tgz",
+      "integrity": "sha512-2kb4ceA/CpfUrIcTUl1wrP/9ad9Atrp5J94Lq69w7UwOMolPIGrfLSvAKJp0RTvkPPyn6CIWrNy13kyLikZRZQ==",
       "cpu": [
         "x64"
       ],
@@ -228,9 +227,9 @@
       }
     },
     "node_modules/@esbuild/linux-arm": {
-      "version": "0.28.0",
-      "resolved": "https://registry.npmjs.org/@esbuild/linux-arm/-/linux-arm-0.28.0.tgz",
-      "integrity": "sha512-CjaaREJagqJp7iTaNQjjidaNbCKYcd4IDkzbwwxtSvjI7NZm79qiHc8HqciMddQ6CKvJT6aBd8lO9kN/ZudLlw==",
+      "version": "0.27.4",
+      "resolved": "https://registry.npmjs.org/@esbuild/linux-arm/-/linux-arm-0.27.4.tgz",
+      "integrity": "sha512-aBYgcIxX/wd5n2ys0yESGeYMGF+pv6g0DhZr3G1ZG4jMfruU9Tl1i2Z+Wnj9/KjGz1lTLCcorqE2viePZqj4Eg==",
       "cpu": [
         "arm"
       ],
@@ -245,9 +244,9 @@
       }
     },
     "node_modules/@esbuild/linux-arm64": {
-      "version": "0.28.0",
-      "resolved": "https://registry.npmjs.org/@esbuild/linux-arm64/-/linux-arm64-0.28.0.tgz",
-      "integrity": "sha512-RVyzfb3FWsGA55n6WY0MEIEPURL1FcbhFE6BffZEMEekfCzCIMtB5yyDcFnVbTnwk+CLAgTujmV/Lgvih56W+A==",
+      "version": "0.27.4",
+      "resolved": "https://registry.npmjs.org/@esbuild/linux-arm64/-/linux-arm64-0.27.4.tgz",
+      "integrity": "sha512-7nQOttdzVGth1iz57kxg9uCz57dxQLHWxopL6mYuYthohPKEK0vU0C3O21CcBK6KDlkYVcnDXY099HcCDXd9dA==",
       "cpu": [
         "arm64"
       ],
@@ -262,9 +261,9 @@
       }
     },
     "node_modules/@esbuild/linux-ia32": {
-      "version": "0.28.0",
-      "resolved": "https://registry.npmjs.org/@esbuild/linux-ia32/-/linux-ia32-0.28.0.tgz",
-      "integrity": "sha512-KBnSTt1kxl9x70q+ydterVdl+Cn0H18ngRMRCEQfrbqdUuntQQ0LoMZv47uB97NljZFzY6HcfqEZ2SAyIUTQBQ==",
+      "version": "0.27.4",
+      "resolved": "https://registry.npmjs.org/@esbuild/linux-ia32/-/linux-ia32-0.27.4.tgz",
+      "integrity": "sha512-oPtixtAIzgvzYcKBQM/qZ3R+9TEUd1aNJQu0HhGyqtx6oS7qTpvjheIWBbes4+qu1bNlo2V4cbkISr8q6gRBFA==",
       "cpu": [
         "ia32"
       ],
@@ -279,9 +278,9 @@
       }
     },
     "node_modules/@esbuild/linux-loong64": {
-      "version": "0.28.0",
-      "resolved": "https://registry.npmjs.org/@esbuild/linux-loong64/-/linux-loong64-0.28.0.tgz",
-      "integrity": "sha512-zpSlUce1mnxzgBADvxKXX5sl8aYQHo2ezvMNI8I0lbblJtp8V4odlm3Yzlj7gPyt3T8ReksE6bK+pT3WD+aJRg==",
+      "version": "0.27.4",
+      "resolved": "https://registry.npmjs.org/@esbuild/linux-loong64/-/linux-loong64-0.27.4.tgz",
+      "integrity": "sha512-8mL/vh8qeCoRcFH2nM8wm5uJP+ZcVYGGayMavi8GmRJjuI3g1v6Z7Ni0JJKAJW+m0EtUuARb6Lmp4hMjzCBWzA==",
       "cpu": [
         "loong64"
       ],
@@ -296,9 +295,9 @@
       }
     },
     "node_modules/@esbuild/linux-mips64el": {
-      "version": "0.28.0",
-      "resolved": "https://registry.npmjs.org/@esbuild/linux-mips64el/-/linux-mips64el-0.28.0.tgz",
-      "integrity": "sha512-2jIfP6mmjkdmeTlsX/9vmdmhBmKADrWqN7zcdtHIeNSCH1SqIoNI63cYsjQR8J+wGa4Y5izRcSHSm8K3QWmk3w==",
+      "version": "0.27.4",
+      "resolved": "https://registry.npmjs.org/@esbuild/linux-mips64el/-/linux-mips64el-0.27.4.tgz",
+      "integrity": "sha512-1RdrWFFiiLIW7LQq9Q2NES+HiD4NyT8Itj9AUeCl0IVCA459WnPhREKgwrpaIfTOe+/2rdntisegiPWn/r/aAw==",
       "cpu": [
         "mips64el"
       ],
@@ -313,9 +312,9 @@
       }
     },
     "node_modules/@esbuild/linux-ppc64": {
-      "version": "0.28.0",
-      "resolved": "https://registry.npmjs.org/@esbuild/linux-ppc64/-/linux-ppc64-0.28.0.tgz",
-      "integrity": "sha512-bc0FE9wWeC0WBm49IQMPSPILRocGTQt3j5KPCA8os6VprfuJ7KD+5PzESSrJ6GmPIPJK965ZJHTUlSA6GNYEhg==",
+      "version": "0.27.4",
+      "resolved": "https://registry.npmjs.org/@esbuild/linux-ppc64/-/linux-ppc64-0.27.4.tgz",
+      "integrity": "sha512-tLCwNG47l3sd9lpfyx9LAGEGItCUeRCWeAx6x2Jmbav65nAwoPXfewtAdtbtit/pJFLUWOhpv0FpS6GQAmPrHA==",
       "cpu": [
         "ppc64"
       ],
@@ -330,9 +329,9 @@
       }
     },
     "node_modules/@esbuild/linux-riscv64": {
-      "version": "0.28.0",
-      "resolved": "https://registry.npmjs.org/@esbuild/linux-riscv64/-/linux-riscv64-0.28.0.tgz",
-      "integrity": "sha512-SQPZOwoTTT/HXFXQJG/vBX8sOFagGqvZyXcgLA3NhIqcBv1BJU1d46c0rGcrij2B56Z2rNiSLaZOYW5cUk7yLQ==",
+      "version": "0.27.4",
+      "resolved": "https://registry.npmjs.org/@esbuild/linux-riscv64/-/linux-riscv64-0.27.4.tgz",
+      "integrity": "sha512-BnASypppbUWyqjd1KIpU4AUBiIhVr6YlHx/cnPgqEkNoVOhHg+YiSVxM1RLfiy4t9cAulbRGTNCKOcqHrEQLIw==",
       "cpu": [
         "riscv64"
       ],
@@ -347,9 +346,9 @@
       }
     },
     "node_modules/@esbuild/linux-s390x": {
-      "version": "0.28.0",
-      "resolved": "https://registry.npmjs.org/@esbuild/linux-s390x/-/linux-s390x-0.28.0.tgz",
-      "integrity": "sha512-SCfR0HN8CEEjnYnySJTd2cw0k9OHB/YFzt5zgJEwa+wL/T/raGWYMBqwDNAC6dqFKmJYZoQBRfHjgwLHGSrn3Q==",
+      "version": "0.27.4",
+      "resolved": "https://registry.npmjs.org/@esbuild/linux-s390x/-/linux-s390x-0.27.4.tgz",
+      "integrity": "sha512-+eUqgb/Z7vxVLezG8bVB9SfBie89gMueS+I0xYh2tJdw3vqA/0ImZJ2ROeWwVJN59ihBeZ7Tu92dF/5dy5FttA==",
       "cpu": [
         "s390x"
       ],
@@ -364,9 +363,9 @@
       }
     },
     "node_modules/@esbuild/linux-x64": {
-      "version": "0.28.0",
-      "resolved": "https://registry.npmjs.org/@esbuild/linux-x64/-/linux-x64-0.28.0.tgz",
-      "integrity": "sha512-us0dSb9iFxIi8srnpl931Nvs65it/Jd2a2K3qs7fz2WfGPHqzfzZTfec7oxZJRNPXPnNYZtanmRc4AL/JwVzHQ==",
+      "version": "0.27.4",
+      "resolved": "https://registry.npmjs.org/@esbuild/linux-x64/-/linux-x64-0.27.4.tgz",
+      "integrity": "sha512-S5qOXrKV8BQEzJPVxAwnryi2+Iq5pB40gTEIT69BQONqR7JH1EPIcQ/Uiv9mCnn05jff9umq/5nqzxlqTOg9NA==",
       "cpu": [
         "x64"
       ],
@@ -381,9 +380,9 @@
       }
     },
     "node_modules/@esbuild/netbsd-arm64": {
-      "version": "0.28.0",
-      "resolved": "https://registry.npmjs.org/@esbuild/netbsd-arm64/-/netbsd-arm64-0.28.0.tgz",
-      "integrity": "sha512-CR/RYotgtCKwtftMwJlUU7xCVNg3lMYZ0RzTmAHSfLCXw3NtZtNpswLEj/Kkf6kEL3Gw+BpOekRX0BYCtklhUw==",
+      "version": "0.27.4",
+      "resolved": "https://registry.npmjs.org/@esbuild/netbsd-arm64/-/netbsd-arm64-0.27.4.tgz",
+      "integrity": "sha512-xHT8X4sb0GS8qTqiwzHqpY00C95DPAq7nAwX35Ie/s+LO9830hrMd3oX0ZMKLvy7vsonee73x0lmcdOVXFzd6Q==",
       "cpu": [
         "arm64"
       ],
@@ -398,9 +397,9 @@
       }
     },
     "node_modules/@esbuild/netbsd-x64": {
-      "version": "0.28.0",
-      "resolved": "https://registry.npmjs.org/@esbuild/netbsd-x64/-/netbsd-x64-0.28.0.tgz",
-      "integrity": "sha512-nU1yhmYutL+fQ71Kxnhg8uEOdC0pwEW9entHykTgEbna2pw2dkbFSMeqjjyHZoCmt8SBkOSvV+yNmm94aUrrqw==",
+      "version": "0.27.4",
+      "resolved": "https://registry.npmjs.org/@esbuild/netbsd-x64/-/netbsd-x64-0.27.4.tgz",
+      "integrity": "sha512-RugOvOdXfdyi5Tyv40kgQnI0byv66BFgAqjdgtAKqHoZTbTF2QqfQrFwa7cHEORJf6X2ht+l9ABLMP0dnKYsgg==",
       "cpu": [
         "x64"
       ],
@@ -415,9 +414,9 @@
       }
     },
     "node_modules/@esbuild/openbsd-arm64": {
-      "version": "0.28.0",
-      "resolved": "https://registry.npmjs.org/@esbuild/openbsd-arm64/-/openbsd-arm64-0.28.0.tgz",
-      "integrity": "sha512-cXb5vApOsRsxsEl4mcZ1XY3D4DzcoMxR/nnc4IyqYs0rTI8ZKmW6kyyg+11Z8yvgMfAEldKzP7AdP64HnSC/6g==",
+      "version": "0.27.4",
+      "resolved": "https://registry.npmjs.org/@esbuild/openbsd-arm64/-/openbsd-arm64-0.27.4.tgz",
+      "integrity": "sha512-2MyL3IAaTX+1/qP0O1SwskwcwCoOI4kV2IBX1xYnDDqthmq5ArrW94qSIKCAuRraMgPOmG0RDTA74mzYNQA9ow==",
       "cpu": [
         "arm64"
       ],
@@ -432,9 +431,9 @@
       }
     },
     "node_modules/@esbuild/openbsd-x64": {
-      "version": "0.28.0",
-      "resolved": "https://registry.npmjs.org/@esbuild/openbsd-x64/-/openbsd-x64-0.28.0.tgz",
-      "integrity": "sha512-8wZM2qqtv9UP3mzy7HiGYNH/zjTA355mpeuA+859TyR+e+Tc08IHYpLJuMsfpDJwoLo1ikIJI8jC3GFjnRClzA==",
+      "version": "0.27.4",
+      "resolved": "https://registry.npmjs.org/@esbuild/openbsd-x64/-/openbsd-x64-0.27.4.tgz",
+      "integrity": "sha512-u8fg/jQ5aQDfsnIV6+KwLOf1CmJnfu1ShpwqdwC0uA7ZPwFws55Ngc12vBdeUdnuWoQYx/SOQLGDcdlfXhYmXQ==",
       "cpu": [
         "x64"
       ],
@@ -449,9 +448,9 @@
       }
     },
     "node_modules/@esbuild/openharmony-arm64": {
-      "version": "0.28.0",
-      "resolved": "https://registry.npmjs.org/@esbuild/openharmony-arm64/-/openharmony-arm64-0.28.0.tgz",
-      "integrity": "sha512-FLGfyizszcef5C3YtoyQDACyg95+dndv79i2EekILBofh5wpCa1KuBqOWKrEHZg3zrL3t5ouE5jgr94vA+Wb2w==",
+      "version": "0.27.4",
+      "resolved": "https://registry.npmjs.org/@esbuild/openharmony-arm64/-/openharmony-arm64-0.27.4.tgz",
+      "integrity": "sha512-JkTZrl6VbyO8lDQO3yv26nNr2RM2yZzNrNHEsj9bm6dOwwu9OYN28CjzZkH57bh4w0I2F7IodpQvUAEd1mbWXg==",
       "cpu": [
         "arm64"
       ],
@@ -466,9 +465,9 @@
       }
     },
     "node_modules/@esbuild/sunos-x64": {
-      "version": "0.28.0",
-      "resolved": "https://registry.npmjs.org/@esbuild/sunos-x64/-/sunos-x64-0.28.0.tgz",
-      "integrity": "sha512-1ZgjUoEdHZZl/YlV76TSCz9Hqj9h9YmMGAgAPYd+q4SicWNX3G5GCyx9uhQWSLcbvPW8Ni7lj4gDa1T40akdlw==",
+      "version": "0.27.4",
+      "resolved": "https://registry.npmjs.org/@esbuild/sunos-x64/-/sunos-x64-0.27.4.tgz",
+      "integrity": "sha512-/gOzgaewZJfeJTlsWhvUEmUG4tWEY2Spp5M20INYRg2ZKl9QPO3QEEgPeRtLjEWSW8FilRNacPOg8R1uaYkA6g==",
       "cpu": [
         "x64"
       ],
@@ -483,9 +482,9 @@
       }
     },
     "node_modules/@esbuild/win32-arm64": {
-      "version": "0.28.0",
-      "resolved": "https://registry.npmjs.org/@esbuild/win32-arm64/-/win32-arm64-0.28.0.tgz",
-      "integrity": "sha512-Q9StnDmQ/enxnpxCCLSg0oo4+34B9TdXpuyPeTedN/6+iXBJ4J+zwfQI28u/Jl40nOYAxGoNi7mFP40RUtkmUA==",
+      "version": "0.27.4",
+      "resolved": "https://registry.npmjs.org/@esbuild/win32-arm64/-/win32-arm64-0.27.4.tgz",
+      "integrity": "sha512-Z9SExBg2y32smoDQdf1HRwHRt6vAHLXcxD2uGgO/v2jK7Y718Ix4ndsbNMU/+1Qiem9OiOdaqitioZwxivhXYg==",
       "cpu": [
         "arm64"
       ],
@@ -500,9 +499,9 @@
       }
     },
     "node_modules/@esbuild/win32-ia32": {
-      "version": "0.28.0",
-      "resolved": "https://registry.npmjs.org/@esbuild/win32-ia32/-/win32-ia32-0.28.0.tgz",
-      "integrity": "sha512-zF3ag/gfiCe6U2iczcRzSYJKH1DCI+ByzSENHlM2FcDbEeo5Zd2C86Aq0tKUYAJJ1obRP84ymxIAksZUcdztHA==",
+      "version": "0.27.4",
+      "resolved": "https://registry.npmjs.org/@esbuild/win32-ia32/-/win32-ia32-0.27.4.tgz",
+      "integrity": "sha512-DAyGLS0Jz5G5iixEbMHi5KdiApqHBWMGzTtMiJ72ZOLhbu/bzxgAe8Ue8CTS3n3HbIUHQz/L51yMdGMeoxXNJw==",
       "cpu": [
         "ia32"
       ],
@@ -517,9 +516,9 @@
       }
     },
     "node_modules/@esbuild/win32-x64": {
-      "version": "0.28.0",
-      "resolved": "https://registry.npmjs.org/@esbuild/win32-x64/-/win32-x64-0.28.0.tgz",
-      "integrity": "sha512-pEl1bO9mfAmIC+tW5btTmrKaujg3zGtUmWNdCw/xs70FBjwAL3o9OEKNHvNmnyylD6ubxUERiEhdsL0xBQ9efw==",
+      "version": "0.27.4",
+      "resolved": "https://registry.npmjs.org/@esbuild/win32-x64/-/win32-x64-0.27.4.tgz",
+      "integrity": "sha512-+knoa0BDoeXgkNvvV1vvbZX4+hizelrkwmGJBdT17t8FNPwG2lKemmuMZlmaNQ3ws3DKKCxpb4zRZEIp3UxFCg==",
       "cpu": [
         "x64"
       ],
@@ -1023,9 +1022,9 @@
       }
     },
     "node_modules/esbuild": {
-      "version": "0.28.0",
-      "resolved": "https://registry.npmjs.org/esbuild/-/esbuild-0.28.0.tgz",
-      "integrity": "sha512-sNR9MHpXSUV/XB4zmsFKN+QgVG82Cc7+/aaxJ8Adi8hyOac+EXptIp45QBPaVyX3N70664wRbTcLTOemCAnyqw==",
+      "version": "0.27.4",
+      "resolved": "https://registry.npmjs.org/esbuild/-/esbuild-0.27.4.tgz",
+      "integrity": "sha512-Rq4vbHnYkK5fws5NF7MYTU68FPRE1ajX7heQ/8QXXWqNgqqJ/GkmmyxIzUnf2Sr/bakf8l54716CcMGHYhMrrQ==",
       "dev": true,
       "hasInstallScript": true,
       "license": "MIT",
@@ -1036,32 +1035,32 @@
         "node": ">=18"
       },
       "optionalDependencies": {
-        "@esbuild/aix-ppc64": "0.28.0",
-        "@esbuild/android-arm": "0.28.0",
-        "@esbuild/android-arm64": "0.28.0",
-        "@esbuild/android-x64": "0.28.0",
-        "@esbuild/darwin-arm64": "0.28.0",
-        "@esbuild/darwin-x64": "0.28.0",
-        "@esbuild/freebsd-arm64": "0.28.0",
-        "@esbuild/freebsd-x64": "0.28.0",
-        "@esbuild/linux-arm": "0.28.0",
-        "@esbuild/linux-arm64": "0.28.0",
-        "@esbuild/linux-ia32": "0.28.0",
-        "@esbuild/linux-loong64": "0.28.0",
-        "@esbuild/linux-mips64el": "0.28.0",
-        "@esbuild/linux-ppc64": "0.28.0",
-        "@esbuild/linux-riscv64": "0.28.0",
-        "@esbuild/linux-s390x": "0.28.0",
-        "@esbuild/linux-x64": "0.28.0",
-        "@esbuild/netbsd-arm64": "0.28.0",
-        "@esbuild/netbsd-x64": "0.28.0",
-        "@esbuild/openbsd-arm64": "0.28.0",
-        "@esbuild/openbsd-x64": "0.28.0",
-        "@esbuild/openharmony-arm64": "0.28.0",
-        "@esbuild/sunos-x64": "0.28.0",
-        "@esbuild/win32-arm64": "0.28.0",
-        "@esbuild/win32-ia32": "0.28.0",
-        "@esbuild/win32-x64": "0.28.0"
+        "@esbuild/aix-ppc64": "0.27.4",
+        "@esbuild/android-arm": "0.27.4",
+        "@esbuild/android-arm64": "0.27.4",
+        "@esbuild/android-x64": "0.27.4",
+        "@esbuild/darwin-arm64": "0.27.4",
+        "@esbuild/darwin-x64": "0.27.4",
+        "@esbuild/freebsd-arm64": "0.27.4",
+        "@esbuild/freebsd-x64": "0.27.4",
+        "@esbuild/linux-arm": "0.27.4",
+        "@esbuild/linux-arm64": "0.27.4",
+        "@esbuild/linux-ia32": "0.27.4",
+        "@esbuild/linux-loong64": "0.27.4",
+        "@esbuild/linux-mips64el": "0.27.4",
+        "@esbuild/linux-ppc64": "0.27.4",
+        "@esbuild/linux-riscv64": "0.27.4",
+        "@esbuild/linux-s390x": "0.27.4",
+        "@esbuild/linux-x64": "0.27.4",
+        "@esbuild/netbsd-arm64": "0.27.4",
+        "@esbuild/netbsd-x64": "0.27.4",
+        "@esbuild/openbsd-arm64": "0.27.4",
+        "@esbuild/openbsd-x64": "0.27.4",
+        "@esbuild/openharmony-arm64": "0.27.4",
+        "@esbuild/sunos-x64": "0.27.4",
+        "@esbuild/win32-arm64": "0.27.4",
+        "@esbuild/win32-ia32": "0.27.4",
+        "@esbuild/win32-x64": "0.27.4"
       }
     },
     "node_modules/escalade": {
@@ -1253,9 +1252,9 @@
       }
     },
     "node_modules/is-network-error": {
-      "version": "1.3.2",
-      "resolved": "https://registry.npmjs.org/is-network-error/-/is-network-error-1.3.2.tgz",
-      "integrity": "sha512-PhBY86zaxNZUuWP6h13Vu5oFe0XY6/UlKzQnYFELzGVHygP3MxmvTfYSG7GN3aIab/iWudSMgjSnG9Dq+nHrgA==",
+      "version": "1.3.1",
+      "resolved": "https://registry.npmjs.org/is-network-error/-/is-network-error-1.3.1.tgz",
+      "integrity": "sha512-6QCxa49rQbmUWLfk0nuGqzql9U8uaV2H6279bRErPBHe/109hCzsLUBUHfbEtvLIHBd6hyXbgedBSHevm43Edw==",
       "license": "MIT",
       "engines": {
         "node": ">=16"
@@ -1786,13 +1785,13 @@
       }
     },
     "node_modules/undici": {
-      "version": "8.2.0",
-      "resolved": "https://registry.npmjs.org/undici/-/undici-8.2.0.tgz",
-      "integrity": "sha512-Z+4Hx9GE26Lh9Upwfnc8C7SsrpBPGaM/Gm6kMFtiG7c+5IvQKlXi/t+9x9DrrCh29cww5TSP9YdVaBcnLDs5fQ==",
+      "version": "7.24.6",
+      "resolved": "https://registry.npmjs.org/undici/-/undici-7.24.6.tgz",
+      "integrity": "sha512-Xi4agocCbRzt0yYMZGMA6ApD7gvtUFaxm4ZmeacWI4cZxaF6C+8I8QfofC20NAePiB/IcvZmzkJ7XPa471AEtA==",
       "dev": true,
       "license": "MIT",
       "engines": {
-        "node": ">=22.19.0"
+        "node": ">=20.18.1"
       }
     },
     "node_modules/unique-string": {
@@ -1966,9 +1965,9 @@
       "dev": true
     },
     "node_modules/yaml": {
-      "version": "2.8.4",
-      "resolved": "https://registry.npmjs.org/yaml/-/yaml-2.8.4.tgz",
-      "integrity": "sha512-ml/JPOj9fOQK8RNnWojA67GbZ0ApXAUlN2UQclwv2eVgTgn7O9gg9o7paZWKMp4g0H3nTLtS9LVzhkpOFIKzog==",
+      "version": "2.8.3",
+      "resolved": "https://registry.npmjs.org/yaml/-/yaml-2.8.3.tgz",
+      "integrity": "sha512-AvbaCLOO2Otw/lW5bmh9d/WEdcDFdQp2Z2ZUH3pX9U2ihyUY0nvLv7J6TrWowklRGPYbB/IuIMfYgxaCPg5Bpg==",
       "dev": true,
       "license": "ISC",
       "bin": {

package.json

@@ -16,18 +16,45 @@
   },
   "license": "MIT",
   "dependencies": {
-    "@actions/core": "^3.0.1",
+    "@actions/core": "^3.0.0",
     "@octokit/auth-app": "^8.2.0",
     "@octokit/request": "^10.0.8",
-    "is-network-error": "^1.3.2",
     "p-retry": "^8.0.0"
   },
   "devDependencies": {
     "@octokit/openapi": "^22.0.0",
     "c8": "^11.0.0",
-    "esbuild": "^0.28.0",
+    "esbuild": "^0.27.4",
     "open-cli": "^9.0.0",
-    "undici": "^8.2.0",
-    "yaml": "^2.8.4"
+    "undici": "^7.24.6",
+    "yaml": "^2.8.3"
+  },
+  "release": {
+    "branches": [
+      "+([0-9]).x",
+      "main",
+      {
+        "name": "beta",
+        "prerelease": true
+      }
+    ],
+    "plugins": [
+      "@semantic-release/commit-analyzer",
+      "@semantic-release/release-notes-generator",
+      "@semantic-release/github",
+      "@semantic-release/npm",
+      "semantic-release-plugin-github-breaking-version-tag",
+      [
+        "@semantic-release/git",
+        {
+          "assets": [
+            "package.json",
+            "package-lock.json",
+            "dist/*"
+          ],
+          "message": "build(release): ${nextRelease.version} [skip ci]\n\n${nextRelease.notes}"
+        }
+      ]
+    ]
   }
 }

release-please-config.beta.json

@@ -1,12 +0,0 @@
-{
-  "$schema": "https://raw.githubusercontent.com/googleapis/release-please/main/schemas/config.json",
-  "packages": {
-    ".": {
-      "prerelease": true,
-      "prerelease-type": "beta",
-      "include-component-in-tag": false,
-      "release-type": "node",
-      "versioning": "prerelease"
-    }
-  }
-}

release-please-config.json

@@ -1,9 +0,0 @@
-{
-  "$schema": "https://raw.githubusercontent.com/googleapis/release-please/main/schemas/config.json",
-  "packages": {
-    ".": {
-      "include-component-in-tag": false,
-      "release-type": "node"
-    }
-  }
-}

tests/index.js

@@ -22,13 +22,7 @@ function normalizeStderr(stderr) {
 const files = readdirSync("tests");
 
 // Files to ignore
-const ignore = [
-  "index.js",
-  "index.js.snapshot",
-  "main.js",
-  "mock-agent.js",
-  "README.md",
-];
+const ignore = ["index.js", "index.js.snapshot", "main.js", "README.md"];
 
 const testFiles = files.filter((file) => !ignore.includes(file)).sort();
 

tests/index.js.snapshot

@@ -38,6 +38,7 @@ POST /app/installations/123456/access_tokens
 
 exports[`main-custom-github-api-url.test.js > stdout 1`] = `
 Inputs 'owner' and 'repositories' are set. Creating token for the following repositories:
+      
 - actions/create-github-app-token
 ::add-mask::ghs_16C7e42F292c6912E7710c838347Ae178B4a
 
@@ -74,7 +75,7 @@ null
 `;
 
 exports[`main-enterprise-installation-not-found.test.js > stderr 1`] = `
-Error: No enterprise installation found matching the enterprise slug "test-enterprise".
+Error: No enterprise installation found matching the name test-enterprise.
     at getTokenFromEnterprise (file://<cwd>/lib/main.js:<line>:<column>)
     at process.processTicksAndRejections (node:internal/process/task_queues:<line>:<column>)
     at async pRetry (file://<cwd>/node_modules/p-retry/index.js:<line>:<column>)
@@ -85,8 +86,8 @@ Error: No enterprise installation found matching the enterprise slug "test-enter
 
 exports[`main-enterprise-installation-not-found.test.js > stdout 1`] = `
 Creating enterprise installation token for enterprise "test-enterprise".
-Failed to create token for enterprise "test-enterprise" (attempt 1): No enterprise installation found matching the enterprise slug "test-enterprise".
-::error::No enterprise installation found matching the enterprise slug "test-enterprise".
+Failed to create token for enterprise "test-enterprise" (attempt 1): No enterprise installation found matching the name test-enterprise.
+::error::No enterprise installation found matching the name test-enterprise.
 --- REQUESTS ---
 GET /enterprises/test-enterprise/installation
 `;
@@ -136,7 +137,7 @@ POST /app/installations/123456/access_tokens
 null
 `;
 
-exports[`main-enterprise-token-permissions-set.test.js > stdout 1`] = `
+exports[`main-enterprise-token-with-permissions.test.js > stdout 1`] = `
 Creating enterprise installation token for enterprise "test-enterprise".
 ::add-mask::ghs_16C7e42F292c6912E7710c838347Ae178B4a
 
@@ -150,7 +151,7 @@ Creating enterprise installation token for enterprise "test-enterprise".
 --- REQUESTS ---
 GET /enterprises/test-enterprise/installation
 POST /app/installations/123456/access_tokens
-{"permissions":{"enterprise_custom_properties_for_organizations":"read"}}
+{"permissions":{"enterprise_organizations":"read","enterprise_people":"write"}}
 `;
 
 exports[`main-missing-client-and-app-id.test.js > stderr 1`] = `
@@ -201,6 +202,7 @@ exports[`main-repo-skew.test.js > stderr 1`] = `
 
 exports[`main-repo-skew.test.js > stdout 1`] = `
 Inputs 'owner' and 'repositories' are set. Creating token for the following repositories:
+      
 - actions/failed-repo
 ::add-mask::ghs_16C7e42F292c6912E7710c838347Ae178B4a
 
@@ -218,45 +220,6 @@ POST /app/installations/123456/access_tokens
 {"repositories":["failed-repo"]}
 `;
 
-exports[`main-token-get-owner-set-client-error.test.js > stderr 1`] = `
-RequestError [HttpError]: Forbidden
-    at fetchWrapper (file://<cwd>/node_modules/@octokit/request/dist-bundle/index.js:<line>:<column>)
-    at process.processTicksAndRejections (node:internal/process/task_queues:<line>:<column>)
-    at async hook (file://<cwd>/node_modules/@octokit/auth-app/dist-node/index.js:<line>:<column>)
-    at async getTokenFromOwner (file://<cwd>/lib/main.js:<line>:<column>)
-    at async pRetry (file://<cwd>/node_modules/p-retry/index.js:<line>:<column>)
-    at async main (file://<cwd>/lib/main.js:<line>:<column>)
-    at async test (file://<cwd>/tests/main.js:<line>:<column>)
-    at async file://<cwd>/tests/main-token-get-owner-set-client-error.test.js:<line>:<column> {
-  status: 403,
-  request: {
-    method: 'GET',
-    url: 'https://api.github.com/users/smockle/installation',
-    headers: {
-      accept: 'application/vnd.github.v3+json',
-      'user-agent': 'actions/create-github-app-token',
-      authorization: 'bearer [REDACTED]'
-    },
-    request: { hook: [Function: bound hook] AsyncFunction }
-  },
-  response: {
-    url: 'https://api.github.com/users/smockle/installation',
-    status: 403,
-    headers: { 'content-type': 'application/json' },
-    data: { message: 'Forbidden' }
-  },
-  [cause]: undefined
-}
-`;
-
-exports[`main-token-get-owner-set-client-error.test.js > stdout 1`] = `
-Input 'repositories' is not set. Creating token for all repositories owned by smockle.
-Failed to create token for "smockle" (attempt 1): Forbidden
-::error::Forbidden
---- REQUESTS ---
-GET /users/smockle/installation
-`;
-
 exports[`main-token-get-owner-set-fail-response.test.js > stdout 1`] = `
 Input 'repositories' is not set. Creating token for all repositories owned by smockle.
 Failed to create token for "smockle" (attempt 1): GitHub API not available
@@ -278,8 +241,9 @@ null
 
 exports[`main-token-get-owner-set-repo-fail-response.test.js > stdout 1`] = `
 Inputs 'owner' and 'repositories' are set. Creating token for the following repositories:
+      
 - actions/failed-repo
-Failed to create token for "actions/failed-repo" (attempt 1): GitHub API not available
+Failed to create token for "failed-repo" (attempt 1): GitHub API not available
 ::add-mask::ghs_16C7e42F292c6912E7710c838347Ae178B4a
 
 ::set-output name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a
@@ -296,28 +260,9 @@ POST /app/installations/123456/access_tokens
 {"repositories":["failed-repo"]}
 `;
 
-exports[`main-token-get-owner-set-repo-network-error.test.js > stdout 1`] = `
-Inputs 'owner' and 'repositories' are set. Creating token for the following repositories:
-- actions/network-repo
-Failed to create token for "actions/network-repo" (attempt 1): fetch failed
-::add-mask::ghs_16C7e42F292c6912E7710c838347Ae178B4a
-
-::set-output name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a
-
-::set-output name=installation-id::123456
-
-::set-output name=app-slug::github-actions
-::save-state name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a
-::save-state name=expiresAt::2016-07-11T22:14:10Z
---- REQUESTS ---
-GET /repos/actions/network-repo/installation
-GET /repos/actions/network-repo/installation
-POST /app/installations/123456/access_tokens
-{"repositories":["network-repo"]}
-`;
-
 exports[`main-token-get-owner-set-repo-set-to-many-newline.test.js > stdout 1`] = `
 Inputs 'owner' and 'repositories' are set. Creating token for the following repositories:
+      
 - actions/create-github-app-token
 - actions/toolkit
 - actions/checkout
@@ -338,6 +283,7 @@ POST /app/installations/123456/access_tokens
 
 exports[`main-token-get-owner-set-repo-set-to-many.test.js > stdout 1`] = `
 Inputs 'owner' and 'repositories' are set. Creating token for the following repositories:
+      
 - actions/create-github-app-token
 - actions/toolkit
 - actions/checkout
@@ -358,6 +304,7 @@ POST /app/installations/123456/access_tokens
 
 exports[`main-token-get-owner-set-repo-set-to-one.test.js > stdout 1`] = `
 Inputs 'owner' and 'repositories' are set. Creating token for the following repositories:
+      
 - actions/create-github-app-token
 ::add-mask::ghs_16C7e42F292c6912E7710c838347Ae178B4a
 

tests/main-enterprise-mutual-exclusivity-owner.test.js

@@ -1,13 +1,15 @@
 import { DEFAULT_ENV } from "./main.js";
 
 // Verify `main` exits with an error when `enterprise` is used with `owner` input.
-// Set up environment with enterprise and owner set
-for (const [key, value] of Object.entries(DEFAULT_ENV)) {
-  process.env[key] = value;
+try {
+  // Set up environment with enterprise and owner set
+  for (const [key, value] of Object.entries(DEFAULT_ENV)) {
+    process.env[key] = value;
+  }
+  process.env.INPUT_ENTERPRISE = "test-enterprise";
+  process.env.INPUT_OWNER = "test-owner";
+  
+  await import("../main.js");
+} catch (error) {
+  console.error(error.message);
 }
-
-process.env.INPUT_ENTERPRISE = "test-enterprise";
-process.env.INPUT_OWNER = "test-owner";
-
-const { default: promise } = await import("../main.js");
-await promise;

tests/main-enterprise-mutual-exclusivity-repositories.test.js

@@ -1,13 +1,15 @@
 import { DEFAULT_ENV } from "./main.js";
 
 // Verify `main` exits with an error when `enterprise` is used with `repositories` input.
-// Set up environment with enterprise and repositories set
-for (const [key, value] of Object.entries(DEFAULT_ENV)) {
-  process.env[key] = value;
+try {
+  // Set up environment with enterprise and repositories set
+  for (const [key, value] of Object.entries(DEFAULT_ENV)) {
+    process.env[key] = value;
+  }
+  process.env.INPUT_ENTERPRISE = "test-enterprise";
+  process.env.INPUT_REPOSITORIES = "repo1,repo2";
+  
+  await import("../main.js");
+} catch (error) {
+  console.error(error.message);
 }
-
-process.env.INPUT_ENTERPRISE = "test-enterprise";
-process.env.INPUT_REPOSITORIES = "repo1,repo2";
-
-const { default: promise } = await import("../main.js");
-await promise;

tests/main-enterprise-token-with-permissions.test.js

@@ -1,14 +1,12 @@
 import { test } from "./main.js";
 
-// Use a declared enterprise permission from the generated schema to verify
-// enterprise token requests forward permission inputs to token creation.
+// Verify `main` successfully generates enterprise token with specific permissions.
 await test((mockPool) => {
   process.env.INPUT_ENTERPRISE = "test-enterprise";
   delete process.env.INPUT_OWNER;
   delete process.env.INPUT_REPOSITORIES;
-  process.env[
-    "INPUT_PERMISSION-ENTERPRISE-CUSTOM-PROPERTIES-FOR-ORGANIZATIONS"
-  ] = "read";
+  process.env["INPUT_PERMISSION-ENTERPRISE-ORGANIZATIONS"] = "read";
+  process.env["INPUT_PERMISSION-ENTERPRISE-PEOPLE"] = "write";
 
   // Mock the enterprise installation endpoint
   const mockInstallationId = "123456";

tests/main-token-get-owner-set-client-error.test.js

@@ -1,23 +0,0 @@
-import { test } from "./main.js";
-
-// Verify client errors are not retried when getting a token for a user or organization.
-await test((mockPool) => {
-  process.env.INPUT_OWNER = "smockle";
-  delete process.env.INPUT_REPOSITORIES;
-
-  mockPool
-    .intercept({
-      path: "/users/smockle/installation",
-      method: "GET",
-      headers: {
-        accept: "application/vnd.github.v3+json",
-        "user-agent": "actions/create-github-app-token",
-        // Intentionally omitting the `authorization` header, since JWT creation is not idempotent.
-      },
-    })
-    .reply(
-      403,
-      { message: "Forbidden" },
-      { headers: { "content-type": "application/json" } },
-    );
-});

tests/main-token-get-owner-set-repo-network-error.test.js

@@ -1,39 +0,0 @@
-import { test } from "./main.js";
-
-// Verify transient network errors are retried when getting a repository token.
-await test((mockPool) => {
-  process.env.INPUT_OWNER = "actions";
-  process.env.INPUT_REPOSITORIES = "network-repo";
-  const owner = process.env.INPUT_OWNER;
-  const repo = process.env.INPUT_REPOSITORIES;
-  const mockInstallationId = "123456";
-  const mockAppSlug = "github-actions";
-
-  mockPool
-    .intercept({
-      path: `/repos/${owner}/${repo}/installation`,
-      method: "GET",
-      headers: {
-        accept: "application/vnd.github.v3+json",
-        "user-agent": "actions/create-github-app-token",
-        // Intentionally omitting the `authorization` header, since JWT creation is not idempotent.
-      },
-    })
-    .replyWithError(new TypeError("fetch failed"));
-
-  mockPool
-    .intercept({
-      path: `/repos/${owner}/${repo}/installation`,
-      method: "GET",
-      headers: {
-        accept: "application/vnd.github.v3+json",
-        "user-agent": "actions/create-github-app-token",
-        // Intentionally omitting the `authorization` header, since JWT creation is not idempotent.
-      },
-    })
-    .reply(
-      200,
-      { id: mockInstallationId, app_slug: mockAppSlug },
-      { headers: { "content-type": "application/json" } },
-    );
-});

tests/main.js

@@ -1,6 +1,6 @@
 // Base for all `main` tests.
 // @ts-check
-import { createMockAgent } from "./mock-agent.js";
+import { MockAgent, setGlobalDispatcher } from "undici";
 
 export const DEFAULT_ENV = {
   GITHUB_REPOSITORY_OWNER: "actions",
@@ -50,7 +50,9 @@ export async function test(cb = (_mockPool) => {}, env = DEFAULT_ENV) {
   // Set up mocking
   const baseUrl = new URL(env["INPUT_GITHUB-API-URL"]);
   const basePath = baseUrl.pathname === "/" ? "" : baseUrl.pathname;
-  const mockAgent = createMockAgent({ enableCallHistory: true });
+  const mockAgent = new MockAgent({ enableCallHistory: true });
+  mockAgent.disableNetConnect();
+  setGlobalDispatcher(mockAgent);
   const mockPool = mockAgent.get(baseUrl.origin);
 
   // Calling `auth({ type: "app" })` to obtain a JWT doesn’t make network requests, so no need to intercept.

tests/mock-agent.js

@@ -1,12 +0,0 @@
-import { install, MockAgent, setGlobalDispatcher } from "undici";
-
-// Ensure MockAgent intercepts requests made through global fetch.
-install();
-
-export function createMockAgent(options) {
-  const mockAgent = new MockAgent(options);
-  mockAgent.disableNetConnect();
-  setGlobalDispatcher(mockAgent);
-
-  return mockAgent;
-}

tests/post-revoke-token-fail-response.test.js

@@ -1,4 +1,4 @@
-import { createMockAgent } from "./mock-agent.js";
+import { MockAgent, setGlobalDispatcher } from "undici";
 
 // state variables are set as environment variables with the prefix STATE_
 // https://docs.github.com/en/actions/using-workflows/workflow-commands-for-github-actions#sending-values-to-the-pre-and-post-actions
@@ -14,7 +14,9 @@ process.env.STATE_expiresAt = new Date(
   Date.now() + 1000 * 60 * 60
 ).toISOString();
 
-const mockAgent = createMockAgent();
+const mockAgent = new MockAgent();
+
+setGlobalDispatcher(mockAgent);
 
 // Provide the base url to the request
 const mockPool = mockAgent.get("https://api.github.com");

tests/post-token-expired.test.js

@@ -1,4 +1,4 @@
-import { createMockAgent } from "./mock-agent.js";
+import { MockAgent, setGlobalDispatcher } from "undici";
 
 // state variables are set as environment variables with the prefix STATE_
 // https://docs.github.com/en/actions/using-workflows/workflow-commands-for-github-actions#sending-values-to-the-pre-and-post-actions
@@ -11,7 +11,9 @@ process.env.STATE_expiresAt = new Date(Date.now() - 1000 * 60 * 60).toISOString(
 // https://docs.github.com/en/actions/creating-actions/metadata-syntax-for-github-actions#example-specifying-inputs
 process.env["INPUT_SKIP-TOKEN-REVOKE"] = "false";
 
-const mockAgent = createMockAgent();
+const mockAgent = new MockAgent();
+
+setGlobalDispatcher(mockAgent);
 
 // Provide the base url to the request
 const mockPool = mockAgent.get("https://api.github.com");

tests/post-token-set.test.js

@@ -1,4 +1,4 @@
-import { createMockAgent } from "./mock-agent.js";
+import { MockAgent, setGlobalDispatcher } from "undici";
 
 // state variables are set as environment variables with the prefix STATE_
 // https://docs.github.com/en/actions/using-workflows/workflow-commands-for-github-actions#sending-values-to-the-pre-and-post-actions
@@ -12,7 +12,9 @@ process.env["INPUT_SKIP-TOKEN-REVOKE"] = "false";
 // 1 hour in the future, not expired
 process.env.STATE_expiresAt = new Date(Date.now() + 1000 * 60 * 60).toISOString();
 
-const mockAgent = createMockAgent();
+const mockAgent = new MockAgent();
+
+setGlobalDispatcher(mockAgent);
 
 // Provide the base url to the request
 const mockPool = mockAgent.get("https://api.github.com");

tests/post-token-skipped.test.js

@@ -1,4 +1,4 @@
-import { createMockAgent } from "./mock-agent.js";
+import { MockAgent, setGlobalDispatcher } from "undici";
 
 // state variables are set as environment variables with the prefix STATE_
 // https://docs.github.com/en/actions/using-workflows/workflow-commands-for-github-actions#sending-values-to-the-pre-and-post-actions
@@ -8,7 +8,9 @@ process.env.STATE_token = "secret123";
 // https://docs.github.com/en/actions/creating-actions/metadata-syntax-for-github-actions#example-specifying-inputs
 process.env["INPUT_SKIP-TOKEN-REVOKE"] = "true";
 
-const mockAgent = createMockAgent();
+const mockAgent = new MockAgent();
+
+setGlobalDispatcher(mockAgent);
 
 // Provide the base url to the request
 const mockPool = mockAgent.get("https://api.github.com");