build(release): 1.11.1 [skip ci]

## [1.11.1](https://github.com/actions/create-github-app-token/compare/v1.11.0...v1.11.1) (2024-12-20) ### Bug Fixes * **deps:** bump the production-dependencies group across 1 directory with 3 updates ([#193](https://github.com/actions/create-github-app-token/issues/193)) ([fa6118c](https://github.com/actions/create-github-app-token/commit/fa6118ca8519e5d19f94c18bbaaa727bd543ae0d)), closes [#1842](https://github.com/actions/create-github-app-token/issues/1842) [#1551](https://github.com/actions/create-github-app-token/issues/1551) [#1824](https://github.com/actions/create-github-app-token/issues/1824) [#654](https://github.com/actions/create-github-app-token/issues/654) [#651](https://github.com/actions/create-github-app-token/issues/651) [#654](https://github.com/actions/create-github-app-token/issues/654) [#652](https://github.com/actions/create-github-app-token/issues/652) [#644](https://github.com/actions/create-github-app-token/issues/644) [#651](https://github.com/actions/create-github-app-token/issues/651) [#650](https://github.com/actions/create-github-app-token/issues/650) [#648](https://github.com/actions/create-github-app-token/issues/648) [#646](https://github.com/actions/create-github-app-token/issues/646) [#645](https://github.com/actions/create-github-app-token/issues/645) [#626](https://github.com/actions/create-github-app-token/issues/626) [#643](https://github.com/actions/create-github-app-token/issues/643) [#82](https://github.com/actions/create-github-app-token/issues/82) [#82](https://github.com/actions/create-github-app-token/issues/82)
fix(deps): bump the production-dependencies group across 1 directory with 3 updates (#193 )
2024-12-20 18:12:15 +00:00 · 2024-12-20 10:11:41 -08:00 · 2024-12-20 18:08:35 +00:00 · 2024-12-20 00:25:54 +00:00 · 2024-12-19 16:22:13 -08:00 · 2024-12-19 16:20:55 -08:00
13 changed files with 3275 additions and 2944 deletions
@@ -1,19 +1,30 @@
 version: 2
 updates:
-  - package-ecosystem: "npm"
-    directory: "/"
+  - package-ecosystem: 'npm'
+    directory: '/'
    schedule:
-      interval: "monthly"
+      interval: 'monthly'
    groups:
      production-dependencies:
-        dependency-type: "production"
+        dependency-type: 'production'
+        update-types:
+          - minor
+          - patch
      development-dependencies:
-        dependency-type: "development"
+        dependency-type: 'development'
+        update-types:
+          - minor
+          - patch
    commit-message:
-      prefix: "fix"
-      prefix-development: "build"
-      include: "scope"
-  - package-ecosystem: "github-actions"
-    directory: "/"
+      prefix: 'fix'
+      prefix-development: 'build'
+      include: 'scope'
+  - package-ecosystem: 'github-actions'
+    directory: '/'
    schedule:
-      interval: "monthly"
+      interval: 'monthly'
+    groups:
+      github-actions:
+        update-types:
+          - minor
+          - patch
@@ -0,0 +1,17 @@
+name: 'Publish Immutable Action'
+
+on:
+  release:
+    types: [published]
+
+jobs:
+  publish:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      id-token: write
+      packages: write
+    steps:
+      - uses: actions/checkout@v4
+      - name: Publish Immutable Action
+        uses: actions/publish-immutable-action@v0.0.4
@@ -111,7 +111,7 @@ jobs:
          GH_TOKEN: ${{ steps.app-token.outputs.token }}
      - run: |
          git config --global user.name '${{ steps.app-token.outputs.app-slug }}[bot]'
-          git config --global user.email '${{ steps.get-user-id.outputs.user-id }}+${{ steps.app-token.outputs.app-slug }}[bot]@users.noreply.github.com>'
+          git config --global user.email '${{ steps.get-user-id.outputs.user-id }}+${{ steps.app-token.outputs.app-slug }}[bot]@users.noreply.github.com'
      # git commands like commit work using the bot user
      - run: |
          git add .
@@ -26,9 +26,7 @@ export async function main(

  // If neither owner nor repositories are set, default to current repository
  if (!owner && repositories.length === 0) {
-    const [owner, repo] = String(
-      process.env.GITHUB_REPOSITORY
-    ).split("/");
+    const [owner, repo] = String(process.env.GITHUB_REPOSITORY).split("/");
    parsedOwner = owner;
    parsedRepositoryNames = [repo];

@@ -52,7 +50,9 @@ export async function main(
    parsedRepositoryNames = repositories;

    core.info(
-      `owner not set, creating owner for given repositories "${repositories.join(',')}" in current owner ("${parsedOwner}")`
+      `owner not set, creating owner for given repositories "${repositories.join(
+        ","
+      )}" in current owner ("${parsedOwner}")`
    );
  }

@@ -62,7 +62,9 @@ export async function main(
    parsedRepositoryNames = repositories;

    core.info(
-      `owner and repositories set, creating token for repositories "${repositories.join(',')}" owned by "${owner}"`
+      `owner and repositories set, creating token for repositories "${repositories.join(
+        ","
+      )}" owned by "${owner}"`
    );
  }

@@ -76,24 +78,38 @@ export async function main(
  // If at least one repository is set, get installation ID from that repository

  if (parsedRepositoryNames.length > 0) {
-    ({ authentication, installationId, appSlug } = await pRetry(() => getTokenFromRepository(request, auth, parsedOwner, parsedRepositoryNames), {
-      onFailedAttempt: (error) => {
-        core.info(
-          `Failed to create token for "${parsedRepositoryNames.join(',')}" (attempt ${error.attemptNumber}): ${error.message}`
-        );
-      },
-      retries: 3,
-    }));
+    ({ authentication, installationId, appSlug } = await pRetry(
+      () =>
+        getTokenFromRepository(
+          request,
+          auth,
+          parsedOwner,
+          parsedRepositoryNames
+        ),
+      {
+        onFailedAttempt: (error) => {
+          core.info(
+            `Failed to create token for "${parsedRepositoryNames.join(
+              ","
+            )}" (attempt ${error.attemptNumber}): ${error.message}`
+          );
+        },
+        retries: 3,
+      }
+    ));
  } else {
    // Otherwise get the installation for the owner, which can either be an organization or a user account
-    ({ authentication, installationId, appSlug } = await pRetry(() => getTokenFromOwner(request, auth, parsedOwner), {
-      onFailedAttempt: (error) => {
-        core.info(
-          `Failed to create token for "${parsedOwner}" (attempt ${error.attemptNumber}): ${error.message}`
-        );
-      },
-      retries: 3,
-    }));
+    ({ authentication, installationId, appSlug } = await pRetry(
+      () => getTokenFromOwner(request, auth, parsedOwner),
+      {
+        onFailedAttempt: (error) => {
+          core.info(
+            `Failed to create token for "${parsedOwner}" (attempt ${error.attemptNumber}): ${error.message}`
+          );
+        },
+        retries: 3,
+      }
+    ));
  }

  // Register the token with the runner as a secret to ensure it is masked in logs
@@ -111,23 +127,13 @@ export async function main(
 }

 async function getTokenFromOwner(request, auth, parsedOwner) {
-  // https://docs.github.com/en/rest/apps/apps?apiVersion=2022-11-28#get-an-organization-installation-for-the-authenticated-app
-  const response = await request("GET /orgs/{org}/installation", {
-    org: parsedOwner,
+  // https://docs.github.com/rest/apps/apps?apiVersion=2022-11-28#get-a-user-installation-for-the-authenticated-app
+  // This endpoint works for both users and organizations
+  const response = await request("GET /users/{username}/installation", {
+    username: parsedOwner,
    request: {
      hook: auth.hook,
    },
-  }).catch((error) => {
-    /* c8 ignore next */
-    if (error.status !== 404) throw error;
-
-    // https://docs.github.com/rest/apps/apps?apiVersion=2022-11-28#get-a-user-installation-for-the-authenticated-app
-    return request("GET /users/{username}/installation", {
-      username: parsedOwner,
-      request: {
-        hook: auth.hook,
-      },
-    });
  });

  // Get token for for all repositories of the given installation
@@ -137,12 +143,17 @@ async function getTokenFromOwner(request, auth, parsedOwner) {
  });

  const installationId = response.data.id;
-  const appSlug = response.data['app_slug'];
+  const appSlug = response.data["app_slug"];

  return { authentication, installationId, appSlug };
 }

-async function getTokenFromRepository(request, auth, parsedOwner, parsedRepositoryNames) {
+async function getTokenFromRepository(
+  request,
+  auth,
+  parsedOwner,
+  parsedRepositoryNames
+) {
  // https://docs.github.com/rest/apps/apps?apiVersion=2022-11-28#get-a-repository-installation-for-the-authenticated-app
  const response = await request("GET /repos/{owner}/{repo}/installation", {
    owner: parsedOwner,
@@ -160,7 +171,7 @@ async function getTokenFromRepository(request, auth, parsedOwner, parsedReposito
  });

  const installationId = response.data.id;
-  const appSlug = response.data['app_slug'];
+  const appSlug = response.data["app_slug"];

  return { authentication, installationId, appSlug };
 }
@@ -2,7 +2,7 @@
  "name": "create-github-app-token",
  "private": true,
  "type": "module",
-  "version": "1.11.0",
+  "version": "1.11.1",
  "description": "GitHub Action for creating a GitHub App Installation Access Token",
  "scripts": {
    "build": "esbuild main.js post.js --bundle --outdir=dist --out-extension:.js=.cjs --platform=node --target=node20.0.0 --packages=bundle",
@@ -12,21 +12,21 @@
  },
  "license": "MIT",
  "dependencies": {
-    "@actions/core": "^1.10.1",
-    "@octokit/auth-app": "^7.1.1",
+    "@actions/core": "^1.11.1",
+    "@octokit/auth-app": "^7.1.3",
    "@octokit/request": "^9.1.3",
-    "p-retry": "^6.2.0",
+    "p-retry": "^6.2.1",
    "undici": "^6.19.8"
  },
  "devDependencies": {
-    "@sinonjs/fake-timers": "^13.0.1",
-    "ava": "^6.1.3",
-    "c8": "^10.1.2",
-    "dotenv": "^16.4.5",
-    "esbuild": "^0.23.1",
-    "execa": "^9.3.1",
+    "@sinonjs/fake-timers": "^13.0.2",
+    "ava": "^6.2.0",
+    "c8": "^10.1.3",
+    "dotenv": "^16.4.7",
+    "esbuild": "^0.24.0",
+    "execa": "^9.5.2",
    "open-cli": "^8.0.0",
-    "yaml": "^2.5.1"
+    "yaml": "^2.6.1"
  },
  "release": {
    "branches": [
@@ -1,6 +1,6 @@
 import { test } from "./main.js";

-// Verify `main` successfully obtains a token when the `owner` input is set (to a user), but the `repositories` input isn’t set.
+// Verify retries work when getting a token for a user or organization fails on the first attempt.
 await test((mockPool) => {
  process.env.INPUT_OWNER = "smockle";
  delete process.env.INPUT_REPOSITORIES;
@@ -10,7 +10,7 @@ await test((mockPool) => {
  const mockAppSlug = "github-actions";
  mockPool
    .intercept({
-      path: `/orgs/${process.env.INPUT_OWNER}/installation`,
+      path: `/users/${process.env.INPUT_OWNER}/installation`,
      method: "GET",
      headers: {
        accept: "application/vnd.github.v3+json",
@@ -18,7 +18,7 @@ await test((mockPool) => {
        // Intentionally omitting the `authorization` header, since JWT creation is not idempotent.
      },
    })
-    .reply(404);
+    .reply(500, "GitHub API not available");
  mockPool
    .intercept({
      path: `/users/${process.env.INPUT_OWNER}/installation`,
@@ -31,7 +31,7 @@ await test((mockPool) => {
    })
    .reply(
      200,
-      { id: mockInstallationId, "app_slug": mockAppSlug },
+      { id: mockInstallationId, app_slug: mockAppSlug },
      { headers: { "content-type": "application/json" } }
    );
 });
@@ -1,16 +1,16 @@
 import { test } from "./main.js";

-// Verify `main` successfully obtains a token when the `owner` input is set (to an org), but the `repositories` input isn’t set.
+// Verify `main` successfully obtains a token when the `owner` input is set, and the `repositories` input isn’t set.
 await test((mockPool) => {
  process.env.INPUT_OWNER = process.env.GITHUB_REPOSITORY_OWNER;
  delete process.env.INPUT_REPOSITORIES;

-  // Mock installation id and app slug request
+  // Mock installation ID and app slug request
  const mockInstallationId = "123456";
  const mockAppSlug = "github-actions";
  mockPool
    .intercept({
-      path: `/orgs/${process.env.INPUT_OWNER}/installation`,
+      path: `/users/${process.env.INPUT_OWNER}/installation`,
      method: "GET",
      headers: {
        accept: "application/vnd.github.v3+json",
@@ -20,7 +20,7 @@ await test((mockPool) => {
    })
    .reply(
      200,
-      { id: mockInstallationId, "app_slug": mockAppSlug },
+      { id: mockInstallationId, app_slug: mockAppSlug },
      { headers: { "content-type": "application/json" } }
    );
 });
@@ -1,37 +0,0 @@
-import { test } from "./main.js";
-
-// Verify `main` successfully obtains a token when the `owner` input is set (to a user), but the `repositories` input isn’t set.
-await test((mockPool) => {
-  process.env.INPUT_OWNER = "smockle";
-  delete process.env.INPUT_REPOSITORIES;
-
-  // Mock installation ID and app slug request
-  const mockInstallationId = "123456";
-  const mockAppSlug = "github-actions";
-  mockPool
-    .intercept({
-      path: `/orgs/${process.env.INPUT_OWNER}/installation`,
-      method: "GET",
-      headers: {
-        accept: "application/vnd.github.v3+json",
-        "user-agent": "actions/create-github-app-token",
-        // Intentionally omitting the `authorization` header, since JWT creation is not idempotent.
-      },
-    })
-    .reply(500, "GitHub API not available");
-  mockPool
-    .intercept({
-      path: `/orgs/${process.env.INPUT_OWNER}/installation`,
-      method: "GET",
-      headers: {
-        accept: "application/vnd.github.v3+json",
-        "user-agent": "actions/create-github-app-token",
-        // Intentionally omitting the `authorization` header, since JWT creation is not idempotent.
-      },
-    })
-    .reply(
-      200,
-      { id: mockInstallationId, "app_slug": mockAppSlug },
-      { headers: { "content-type": "application/json" } }
-    );
-});
@@ -114,6 +114,26 @@ Generated by [AVA](https://avajs.dev).
    ::save-state name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
    ::save-state name=expiresAt::2016-07-11T22:14:10Z`

+## main-token-get-owner-set-fail-response.test.js
+
+> stderr
+
+    ''
+
+> stdout
+
+    `repositories not set, creating token for all repositories for given owner "smockle"␊
+    Failed to create token for "smockle" (attempt 1): GitHub API not available␊
+    ::add-mask::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
+    ␊
+    ::set-output name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
+    ␊
+    ::set-output name=installation-id::123456␊
+    ␊
+    ::set-output name=app-slug::github-actions␊
+    ::save-state name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
+    ::save-state name=expiresAt::2016-07-11T22:14:10Z`
+
 ## main-token-get-owner-set-repo-fail-response.test.js

 > stderr
@@ -191,7 +211,7 @@ Generated by [AVA](https://avajs.dev).
    ::save-state name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
    ::save-state name=expiresAt::2016-07-11T22:14:10Z`

-## main-token-get-owner-set-to-org-repo-unset.test.js
+## main-token-get-owner-set-repo-unset.test.js

 > stderr

@@ -210,45 +230,6 @@ Generated by [AVA](https://avajs.dev).
    ::save-state name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
    ::save-state name=expiresAt::2016-07-11T22:14:10Z`

-## main-token-get-owner-set-to-user-fail-response.test.js
-
-> stderr
-
-    ''
-
-> stdout
-
-    `repositories not set, creating token for all repositories for given owner "smockle"␊
-    Failed to create token for "smockle" (attempt 1): GitHub API not available␊
-    ::add-mask::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
-    ␊
-    ::set-output name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
-    ␊
-    ::set-output name=installation-id::123456␊
-    ␊
-    ::set-output name=app-slug::github-actions␊
-    ::save-state name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
-    ::save-state name=expiresAt::2016-07-11T22:14:10Z`
-
-## main-token-get-owner-set-to-user-repo-unset.test.js
-
-> stderr
-
-    ''
-
-> stdout
-
-    `repositories not set, creating token for all repositories for given owner "smockle"␊
-    ::add-mask::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
-    ␊
-    ::set-output name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
-    ␊
-    ::set-output name=installation-id::123456␊
-    ␊
-    ::set-output name=app-slug::github-actions␊
-    ::save-state name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
-    ::save-state name=expiresAt::2016-07-11T22:14:10Z`
-
 ## main-token-get-owner-unset-repo-set.test.js

 > stderr