build(release): 2.0.0 [skip ci]

# [2.0.0](https://github.com/actions/create-github-app-token/compare/v1.12.0...v2.0.0) (2025-04-03)

* feat!: remove deprecated inputs ([#213](https://github.com/actions/create-github-app-token/issues/213)) ([5cc811b](https://github.com/actions/create-github-app-token/commit/5cc811bc40176329bb642bff9e5d9e356099ad2a))

### BREAKING CHANGES

* Removed deprecated inputs (`app_id`, `private_key`, `skip_token_revoke`) and made `app-id` and `private-key` required in the action configuration.

action.yml

@@ -7,18 +7,10 @@ branding:
 inputs:
   app-id:
     description: "GitHub App ID"
-    required: false # TODO: When 'app_id' is removed, make 'app-id' required
-  app_id:
-    description: "GitHub App ID"
-    required: false
-    deprecationMessage: "'app_id' is deprecated and will be removed in a future version. Use 'app-id' instead."
+    required: true
   private-key:
     description: "GitHub App private key"
-    required: false # TODO: When 'private_key' is removed, make 'private-key' required
-  private_key:
-    description: "GitHub App private key"
-    required: false
-    deprecationMessage: "'private_key' is deprecated and will be removed in a future version. Use 'private-key' instead."
+    required: true
   owner:
     description: "The owner of the GitHub App installation (defaults to current repository owner)"
     required: false
@@ -28,10 +20,6 @@ inputs:
   skip-token-revoke:
     description: "If truthy, the token will not be revoked when the current job is complete"
     required: false
-  skip_token_revoke:
-    description: "If truthy, the token will not be revoked when the current job is complete"
-    required: false
-    deprecationMessage: "'skip_token_revoke' is deprecated and will be removed in a future version. Use 'skip-token-revoke' instead."
   # Make GitHub API configurable to support non-GitHub Cloud use cases
   # see https://github.com/actions/create-github-app-token/issues/77
   github-api-url:

badges/coverage.svg

@@ -1,25 +0,0 @@
-<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" width="106"
-    height="20" role="img" aria-label="Coverage: 100%">
-    <title>Coverage: 100%</title>
-    <linearGradient id="s" x2="0" y2="100%">
-        <stop offset="0" stop-color="#bbb" stop-opacity=".1" />
-        <stop offset="1" stop-opacity=".1" />
-    </linearGradient>
-    <clipPath id="r">
-        <rect width="106" height="20" rx="3" fill="#fff" />
-    </clipPath>
-    <g clip-path="url(#r)">
-        <rect width="63" height="20" fill="#555" />
-        <rect x="63" width="43" height="20" fill="#4c1" />
-        <rect width="106" height="20" fill="url(#s)" />
-    </g>
-    <g fill="#fff" text-anchor="middle" font-family="Verdana,Geneva,DejaVu Sans,sans-serif"
-        text-rendering="geometricPrecision" font-size="110">
-        <text aria-hidden="true" x="325" y="150" fill="#010101" fill-opacity=".3"
-            transform="scale(.1)" textLength="530">Coverage</text>
-        <text x="325" y="140" transform="scale(.1)" fill="#fff" textLength="530">Coverage</text>
-        <text aria-hidden="true" x="835" y="150" fill="#010101" fill-opacity=".3"
-            transform="scale(.1)" textLength="330">100%</text>
-        <text x="835" y="140" transform="scale(.1)" fill="#fff" textLength="330">100%</text>
-    </g>
-</svg>

dist/main.cjs

@@ -42271,6 +42271,22 @@ function createAppAuth(options) {
   });
 }
 
+// lib/get-permissions-from-inputs.js
+function getPermissionsFromInputs(env) {
+  return Object.entries(env).reduce((permissions2, [key, value]) => {
+    if (!key.startsWith("INPUT_PERMISSION_")) return permissions2;
+    const permission = key.slice("INPUT_PERMISSION_".length).toLowerCase();
+    if (permissions2 === void 0) {
+      return { [permission]: value };
+    }
+    return {
+      // @ts-expect-error - needs to be typed correctly
+      ...permissions2,
+      [permission]: value
+    };
+  }, void 0);
+}
+
 // node_modules/p-retry/index.js
 var import_retry = __toESM(require_retry2(), 1);
 
@@ -42527,22 +42543,6 @@ var request_default = request.defaults({
   request: proxyUrl ? { fetch: proxyFetch } : {}
 });
 
-// lib/get-permissions-from-inputs.js
-function getPermissionsFromInputs(env) {
-  return Object.entries(env).reduce((permissions2, [key, value]) => {
-    if (!key.startsWith("INPUT_PERMISSION_")) return permissions2;
-    const permission = key.slice("INPUT_PERMISSION_".length).toLowerCase();
-    if (permissions2 === void 0) {
-      return { [permission]: value };
-    }
-    return {
-      // @ts-expect-error - needs to be typed correctly
-      ...permissions2,
-      [permission]: value
-    };
-  }, void 0);
-}
-
 // main.js
 if (!process.env.GITHUB_REPOSITORY) {
   throw new Error("GITHUB_REPOSITORY missing, must be set to '<owner>/<repo>'");
@@ -42550,19 +42550,11 @@ if (!process.env.GITHUB_REPOSITORY) {
 if (!process.env.GITHUB_REPOSITORY_OWNER) {
   throw new Error("GITHUB_REPOSITORY_OWNER missing, must be set to '<owner>'");
 }
-var appId = import_core2.default.getInput("app-id") || import_core2.default.getInput("app_id");
-if (!appId) {
-  throw new Error("Input required and not supplied: app-id");
-}
-var privateKey = import_core2.default.getInput("private-key") || import_core2.default.getInput("private_key");
-if (!privateKey) {
-  throw new Error("Input required and not supplied: private-key");
-}
+var appId = import_core2.default.getInput("app-id");
+var privateKey = import_core2.default.getInput("private-key");
 var owner = import_core2.default.getInput("owner");
 var repositories = import_core2.default.getInput("repositories").split(/[\n,]+/).map((s) => s.trim()).filter((x) => x !== "");
-var skipTokenRevoke = Boolean(
-  import_core2.default.getInput("skip-token-revoke") || import_core2.default.getInput("skip_token_revoke")
-);
+var skipTokenRevoke = Boolean(import_core2.default.getInput("skip-token-revoke"));
 var permissions = getPermissionsFromInputs(process.env);
 var main_default = main(
   appId,

dist/post.cjs

@@ -40202,9 +40202,7 @@ var import_core2 = __toESM(require_core(), 1);
 
 // lib/post.js
 async function post(core3, request2) {
-  const skipTokenRevoke = Boolean(
-    core3.getInput("skip-token-revoke") || core3.getInput("skip_token_revoke")
-  );
+  const skipTokenRevoke = Boolean(core3.getInput("skip-token-revoke"));
   if (skipTokenRevoke) {
     core3.info("Token revocation was skipped");
     return;
@@ -40227,9 +40225,7 @@ async function post(core3, request2) {
     });
     core3.info("Token revoked");
   } catch (error) {
-    core3.warning(
-      `Token revocation failed: ${error.message}`
-    );
+    core3.warning(`Token revocation failed: ${error.message}`);
   }
 }
 function tokenExpiresIn(expiresAt) {

lib/post.js

@@ -5,9 +5,7 @@
  * @param {import("@octokit/request").request} request
  */
 export async function post(core, request) {
-  const skipTokenRevoke = Boolean(
-    core.getInput("skip-token-revoke") || core.getInput("skip_token_revoke")
-  );
+  const skipTokenRevoke = Boolean(core.getInput("skip-token-revoke"));
 
   if (skipTokenRevoke) {
     core.info("Token revocation was skipped");
@@ -35,8 +33,7 @@ export async function post(core, request) {
     });
     core.info("Token revoked");
   } catch (error) {
-    core.warning(
-      `Token revocation failed: ${error.message}`)
+    core.warning(`Token revocation failed: ${error.message}`);
   }
 }
 

main.js

@@ -3,9 +3,9 @@
 import core from "@actions/core";
 import { createAppAuth } from "@octokit/auth-app";
 
+import { getPermissionsFromInputs } from "./lib/get-permissions-from-inputs.js";
 import { main } from "./lib/main.js";
 import request from "./lib/request.js";
-import { getPermissionsFromInputs } from "./lib/get-permissions-from-inputs.js";
 
 if (!process.env.GITHUB_REPOSITORY) {
   throw new Error("GITHUB_REPOSITORY missing, must be set to '<owner>/<repo>'");
@@ -15,16 +15,8 @@ if (!process.env.GITHUB_REPOSITORY_OWNER) {
   throw new Error("GITHUB_REPOSITORY_OWNER missing, must be set to '<owner>'");
 }
 
-const appId = core.getInput("app-id") || core.getInput("app_id");
-if (!appId) {
-  // The 'app_id' input was previously required, but it and 'app-id' are both optional now, until the former is removed. Still, we want to ensure that at least one of them is set.
-  throw new Error("Input required and not supplied: app-id");
-}
-const privateKey = core.getInput("private-key") || core.getInput("private_key");
-if (!privateKey) {
-  // The 'private_key' input was previously required, but it and 'private-key' are both optional now, until the former is removed. Still, we want to ensure that at least one of them is set.
-  throw new Error("Input required and not supplied: private-key");
-}
+const appId = core.getInput("app-id");
+const privateKey = core.getInput("private-key");
 const owner = core.getInput("owner");
 const repositories = core
   .getInput("repositories")
@@ -32,9 +24,7 @@ const repositories = core
   .map((s) => s.trim())
   .filter((x) => x !== "");
 
-const skipTokenRevoke = Boolean(
-  core.getInput("skip-token-revoke") || core.getInput("skip_token_revoke"),
-);
+const skipTokenRevoke = Boolean(core.getInput("skip-token-revoke"));
 
 const permissions = getPermissionsFromInputs(process.env);
 

package-lock.json

@@ -1,12 +1,12 @@
 {
   "name": "create-github-app-token",
-  "version": "1.11.6",
+  "version": "2.0.0",
   "lockfileVersion": 3,
   "requires": true,
   "packages": {
     "": {
       "name": "create-github-app-token",
-      "version": "1.11.6",
+      "version": "2.0.0",
       "license": "MIT",
       "dependencies": {
         "@actions/core": "^1.11.1",

package.json

@@ -2,7 +2,7 @@
   "name": "create-github-app-token",
   "private": true,
   "type": "module",
-  "version": "1.12.0",
+  "version": "2.0.0",
   "description": "GitHub Action for creating a GitHub App Installation Access Token",
   "scripts": {
     "build": "esbuild main.js post.js --bundle --outdir=dist --out-extension:.js=.cjs --platform=node --target=node20.0.0 --packages=bundle",
@@ -45,6 +45,7 @@
         {
           "assets": [
             "package.json",
+            "package-lock.json",
             "dist/*"
           ],
           "message": "build(release): ${nextRelease.version} [skip ci]\n\n${nextRelease.notes}"

tests/main-missing-app-id.test.js

@@ -1,9 +0,0 @@
-process.env.GITHUB_REPOSITORY_OWNER = "actions";
-process.env.GITHUB_REPOSITORY = "actions/create-github-app-token";
-
-// Verify `main` exits with an error when neither the `app-id` nor `app_id` input is set.
-try {
-  await import("../main.js");
-} catch (error) {
-  console.error(error.message);
-}

tests/main-missing-private-key.test.js

@@ -1,10 +0,0 @@
-process.env.GITHUB_REPOSITORY_OWNER = "actions";
-process.env.GITHUB_REPOSITORY = "actions/create-github-app-token";
-process.env["INPUT_APP-ID"] = "123456";
-
-// Verify `main` exits with an error when neither the `private-key` nor `private_key` input is set.
-try {
-  await import("../main.js");
-} catch (error) {
-  console.error(error.message);
-}

tests/snapshots/index.js.md

@@ -12,9 +12,7 @@ Generated by [AVA](https://avajs.dev).
 
 > stdout
 
-    `app_id — 'app_id' is deprecated and will be removed in a future version. Use 'app-id' instead.␊
-    private_key — 'private_key' is deprecated and will be removed in a future version. Use 'private-key' instead.␊
-    skip_token_revoke — 'skip_token_revoke' is deprecated and will be removed in a future version. Use 'skip-token-revoke' instead.`
+    ''
 
 ## main-custom-github-api-url.test.js
 
@@ -39,16 +37,6 @@ Generated by [AVA](https://avajs.dev).
     POST /api/v3/app/installations/123456/access_tokens␊
     {"repositories":["create-github-app-token"]}`
 
-## main-missing-app-id.test.js
-
-> stderr
-
-    'Input required and not supplied: app-id'
-
-> stdout
-
-    ''
-
 ## main-missing-owner.test.js
 
 > stderr
@@ -59,16 +47,6 @@ Generated by [AVA](https://avajs.dev).
 
     ''
 
-## main-missing-private-key.test.js
-
-> stderr
-
-    'Input required and not supplied: private-key'
-
-> stdout
-
-    ''
-
 ## main-missing-repository.test.js
 
 > stderr