build(release): 1.1.5 [skip ci]

## [1.1.5](https://github.com/actions/create-github-app-token/compare/v1.1.4...v1.1.5) (2023-08-28) ### Bug Fixes * **release:** update version in `package.json` ([#35](https://github.com/actions/create-github-app-token/issues/35)) ([1dccc4c](https://github.com/actions/create-github-app-token/commit/1dccc4ccc6e1df7d6adc1bde339ce0d7a2ea7df7)), closes [#34](https://github.com/actions/create-github-app-token/issues/34)
fix(release): update version in package.json (#35 )
2023-08-28 22:38:26 +00:00 · 2023-08-28 15:37:47 -07:00 · 2023-08-28 22:29:27 +00:00 · 2023-08-28 15:28:55 -07:00 · 2023-08-28 15:14:31 -07:00 · 2023-08-25 21:51:50 -07:00
9 changed files with 1040 additions and 6758 deletions
@@ -4,6 +4,15 @@ updates:
    directory: "/"
    schedule:
      interval: "monthly"
+    groups:
+      production-dependencies:
+        dependency-type: "production"
+      development-dependencies:
+        dependency-type: "development"
+    commit-message:
+      prefix: "fix"
+      prefix-development: "build"
+      include: "scope"
  - package-ecosystem: "github-actions"
    directory: "/"
    schedule:
@@ -23,6 +23,7 @@ jobs:
        with:
          token: ${{ steps.app-token.outputs.token }}
      - run: npm install --no-save @semantic-release/git semantic-release-plugin-github-breaking-version-tag
-      - run: npx semantic-release
+      - run: npm run build
+      - run: npx semantic-release --debug
        env:
          GITHUB_TOKEN: ${{ steps.app-token.outputs.token }}
@@ -1,5 +1,10 @@
 name: test
-on: [push]
+on:
+  pull_request:
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true

 jobs:
  test:
@@ -13,14 +18,14 @@ jobs:
      - run: npm ci
      - run: npm run build
      - uses: ./ # Uses the action in the root directory
-        id: demo
+        id: test
        with:
          app_id: ${{ vars.TEST_APP_ID }}
          private_key: ${{ secrets.TEST_APP_PRIVATE_KEY }}
      - uses: octokit/request-action@v2.x
        id: get-repository
        env:
-          GITHUB_TOKEN: ${{ steps.demo.outputs.token }}
+          GITHUB_TOKEN: ${{ steps.test.outputs.token }}
        with:
          route: GET /installation/repositories
      - run: echo '${{ steps.get-repository.outputs.data }}'
@@ -81,7 +81,7 @@ The action creates an installation access token using [the `POST /app/installati
 2. The token inherits all the installation's permissions.
 3. The token is set as output `token` which can be used in subsequent steps.
 4. The token is revoked in the `post` step of the action, which means it cannot be passed to another job.
-5. The token is masked, it cannot be logged accidentally. That is not a feature by the action, but by the GitHub Actions runner itself, due to the specific format of GitHub tokens.
+5. The token is masked, it cannot be logged accidentally.

 > [!NOTE]
 > Installation permissions can differ from the app's permissions they belong to. Installation permissions are set when an app is installed on an account. When the app adds more permissions after the installation, an account administrator will have to approve the new permissions before they are set on the installation.
@@ -52,6 +52,9 @@ export async function main(
    repositoryNames: [repo],
  });

+  // Register the token with the runner as a secret to ensure it is masked in logs
+  core.setSecret(authentication.token);
+
  core.setOutput("token", authentication.token);

  // Make token accessible to post function (so we can invalidate it)
@@ -10,6 +10,8 @@ import { request } from "@octokit/request";
 export async function post(core, request) {
  const token = core.getState("token");

+  if (!token) return;
+  
  await request("DELETE /installation/token", {
    headers: {
      authorization: `token ${token}`,
@@ -2,7 +2,7 @@
  "name": "create-github-app-token",
  "private": true,
  "type": "module",
-  "version": "1.0.5",
+  "version": "1.1.5",
  "description": "GitHub Action for creating a GitHub App Installation Access Token",
  "scripts": {
    "build": "esbuild main.js post.js --bundle --outdir=dist --out-extension:.js=.cjs --platform=node --target=node16.16",
@@ -27,6 +27,7 @@
      "@semantic-release/commit-analyzer",
      "@semantic-release/release-notes-generator",
      "@semantic-release/github",
+      "@semantic-release/npm",
      "semantic-release-plugin-github-breaking-version-tag",
      [
        "@semantic-release/git",
Author	SHA1	Message	Date
semantic-release-bot	17cde8a7d8	build(release): 1.1.5 [skip ci] ## [1.1.5](https://github.com/actions/create-github-app-token/compare/v1.1.4...v1.1.5) (2023-08-28) ### Bug Fixes * release: update version in `package.json` ([#35](https://github.com/actions/create-github-app-token/issues/35)) ([`1dccc4c`](https://github.com/actions/create-github-app-token/commit/1dccc4ccc6e1df7d6adc1bde339ce0d7a2ea7df7)), closes [#34](https://github.com/actions/create-github-app-token/issues/34)	2023-08-28 22:38:26 +00:00
Gregor Martynus	1dccc4ccc6	fix(release): update version in `package.json` (#35 ) closes #34 Co-authored-by: Parker Brown <17183625+parkerbxyz@users.noreply.github.com>	2023-08-28 15:37:47 -07:00
semantic-release-bot	35d8ea9fdb	build(release): 1.1.4 [skip ci] ## [1.1.4](https://github.com/actions/create-github-app-token/compare/v1.1.3...v1.1.4) (2023-08-28) ### Bug Fixes * release: build `dist/` before release ([#33](https://github.com/actions/create-github-app-token/issues/33)) ([`9a6a017`](https://github.com/actions/create-github-app-token/commit/9a6a017c104eb1b36533ee8195e814f567934ce8)), closes [#32](https://github.com/actions/create-github-app-token/issues/32)	2023-08-28 22:29:27 +00:00
Gregor Martynus	9a6a017c10	fix(release): build `dist/` before release (#33 ) closes #32	2023-08-28 15:28:55 -07:00
David Sanders	2540ed49e5	fix: check for token before revoking (#30 ) Check before trying to revoke the token, in case the token generation failed. Otherwise the post step will throw an error. --------- Co-authored-by: Gregor Martynus <39992+gr2m@users.noreply.github.com>	2023-08-28 15:14:31 -07:00
Josh Gross	5611f921d9	docs(README): clarify token masking (#29 ) With #13, this action is explicitly masking the token so we don't need to mention that we're relying on a specific format of GitHub tokens being masked by the runner.	2023-08-25 21:51:50 -07:00
Parker Brown	bc256c234b	fix: mask the installation token in logs (#28 ) The runner will automatically mask GitHub token formats it recognizes, but sometimes a new pattern rolls out before the runner is updated to recognize it.	2023-08-25 11:59:01 -07:00
Parker Brown	04f8ace9a0	build(dependabot): group dependency updates by type and configure commit prefixes (#27 ) - Group production and development dependency updates - Configure dependency update commit prefixes to release on production dependency updates Dependabot commit messages before: - `build(deps): bump semver from 7.5.1 to 7.5.4` - `build(deps-dev): bump dotenv from 16.0.3 to 16.3.1` Dependabot commit messages after: - `fix(deps): bump semver from 7.5.1 to 7.5.4` - `build(deps-dev): bump dotenv from 16.0.3 to 16.3.1` (no change to dev dependencies)	2023-08-25 09:01:54 -07:00
Parker Brown	4fd0ce7c29	ci(test): run on pull request and add concurrency configuration (#17 ) - Run test on pull requests to the main branch instead of on every push - Cancel in-progress workflows if a PR is updated (i.e., a new commit is pushed) and the same workflows are triggered to run again - Rename step ID from `demo` to `test` --------- Co-authored-by: Gregor Martynus <39992+gr2m@users.noreply.github.com>	2023-08-24 15:30:49 -07:00