build(release): 1.6.3 [skip ci]

## [1.6.3](https://github.com/actions/create-github-app-token/compare/v1.6.2...v1.6.3) (2024-01-09)

### Bug Fixes

* **deps:** bump the production-dependencies group with 2 updates ([#94](https://github.com/actions/create-github-app-token/issues/94)) ([323044f](https://github.com/actions/create-github-app-token/commit/323044ff3180ac0ba3543efbe2b76ff90050e9b6)), closes [#562](https://github.com/actions/create-github-app-token/issues/562) [#557](https://github.com/actions/create-github-app-token/issues/557) [#562](https://github.com/actions/create-github-app-token/issues/562) [#560](https://github.com/actions/create-github-app-token/issues/560) [#559](https://github.com/actions/create-github-app-token/issues/559) [#558](https://github.com/actions/create-github-app-token/issues/558) [#557](https://github.com/actions/create-github-app-token/issues/557) [#553](https://github.com/actions/create-github-app-token/issues/553) [#552](https://github.com/actions/create-github-app-token/issues/552) [#551](https://github.com/actions/create-github-app-token/issues/551) [#75](https://github.com/actions/create-github-app-token/issues/75) [#75](https://github.com/actions/create-github-app-token/issues/75)

.github/workflows/release.yml

@@ -1,5 +1,6 @@
 name: release
-"on":
+
+on:
   push:
     branches:
       - main
@@ -14,16 +15,25 @@ jobs:
     name: release
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/create-github-app-token@v1
+      # build local version to create token
+      - uses: actions/checkout@v4
+        with:
+          persist-credentials: false
+
+      - uses: actions/setup-node@v4
+        with:
+          node-version-file: .node-version
+          cache: 'npm'
+
+      - run: npm ci
+      - run: npm run build
+      - uses: ./
         id: app-token
         with:
-          app_id: ${{ vars.RELEASER_APP_ID }}
-          private_key: ${{ secrets.RELEASER_APP_PRIVATE_KEY }}
-      - uses: actions/checkout@v3
-        with:
-          token: ${{ steps.app-token.outputs.token }}
+          app-id: ${{ vars.RELEASER_APP_ID }}
+          private-key: ${{ secrets.RELEASER_APP_PRIVATE_KEY }}
+      # install release dependencies and release
       - run: npm install --no-save @semantic-release/git semantic-release-plugin-github-breaking-version-tag
-      - run: npm run build
       - run: npx semantic-release --debug
         env:
           GITHUB_TOKEN: ${{ steps.app-token.outputs.token }}

.github/workflows/test.yml

@@ -1,5 +1,9 @@
 name: test
+
 on:
+  push:
+    branches:
+      - main
   pull_request:
 
 concurrency:
@@ -7,21 +11,38 @@ concurrency:
   cancel-in-progress: true
 
 jobs:
-  test:
+  integration:
+    name: Integration
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3
-      - uses: actions/setup-node@v3
+      - uses: actions/checkout@v4
+
+      - uses: actions/setup-node@v4
         with:
-          node-version: "16.16"
+          node-version-file: .node-version
+          cache: 'npm'
+
+      - run: npm ci
+      - run: npm test
+
+  end-to-end:
+    name: End-to-End
+    runs-on: ubuntu-latest
+    # do not run from forks, as forks don’t have access to repository secrets
+    if: github.event.pull_request.head.repo.owner.login == github.event.pull_request.base.repo.owner.login
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-node@v4
+        with:
+          node-version: 20
           cache: "npm"
       - run: npm ci
       - run: npm run build
       - uses: ./ # Uses the action in the root directory
         id: test
         with:
-          app_id: ${{ vars.TEST_APP_ID }}
-          private_key: ${{ secrets.TEST_APP_PRIVATE_KEY }}
+          app-id: ${{ vars.TEST_APP_ID }}
+          private-key: ${{ secrets.TEST_APP_PRIVATE_KEY }}
       - uses: octokit/request-action@v2.x
         id: get-repository
         env:

.gitignore

@@ -1,2 +1,3 @@
-node_modules/
 .env
+coverage
+node_modules/

.node-version

@@ -0,0 +1 @@
+20.9.0

README.md

@@ -1,5 +1,7 @@
 # Create GitHub App Token
 
+[![test](https://github.com/actions/create-github-app-token/actions/workflows/test.yml/badge.svg)](https://github.com/actions/create-github-app-token/actions/workflows/test.yml)
+
 GitHub Action for creating a GitHub App installation access token.
 
 ## Usage
@@ -10,7 +12,7 @@ In order to use this action, you need to:
 2. [Store the App's ID in your repository environment variables](https://docs.github.com/actions/learn-github-actions/variables#defining-configuration-variables-for-multiple-workflows) (example: `APP_ID`)
 3. [Store the App's private key in your repository secrets](https://docs.github.com/actions/security-guides/encrypted-secrets?tool=webui#creating-encrypted-secrets-for-a-repository) (example: `PRIVATE_KEY`)
 
-### Minimal usage
+### Create a token for the current repository
 
 ```yaml
 on: [issues]
@@ -22,8 +24,8 @@ jobs:
       - uses: actions/create-github-app-token@v1
         id: app-token
         with:
-          app_id: ${{ vars.APP_ID }}
-          private_key: ${{ secrets.PRIVATE_KEY }}
+          app-id: ${{ vars.APP_ID }}
+          private-key: ${{ secrets.PRIVATE_KEY }}
       - uses: peter-evans/create-or-update-comment@v3
         with:
           token: ${{ steps.app-token.outputs.token }}
@@ -44,9 +46,9 @@ jobs:
         id: app-token
         with:
           # required
-          app_id: ${{ vars.APP_ID }}
-          private_key: ${{ secrets.PRIVATE_KEY }}
-      - uses: actions/checkout@v3
+          app-id: ${{ vars.APP_ID }}
+          private-key: ${{ secrets.PRIVATE_KEY }}
+      - uses: actions/checkout@v4
         with:
           token: ${{ steps.app-token.outputs.token }}
           ref: ${{ github.head_ref }}
@@ -57,16 +59,144 @@ jobs:
           github_token: ${{ steps.app-token.outputs.token }}
 ```
 
+### Create a token for all repositories in the current owner's installation
+
+```yaml
+on: [workflow_dispatch]
+
+jobs:
+  hello-world:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/create-github-app-token@v1
+        id: app-token
+        with:
+          app-id: ${{ vars.APP_ID }}
+          private-key: ${{ secrets.PRIVATE_KEY }}
+          owner: ${{ github.repository_owner }}
+      - uses: peter-evans/create-or-update-comment@v3
+        with:
+          token: ${{ steps.app-token.outputs.token }}
+          issue-number: ${{ github.event.issue.number }}
+          body: "Hello, World!"
+```
+
+### Create a token for multiple repositories in the current owner's installation
+
+```yaml
+on: [issues]
+
+jobs:
+  hello-world:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/create-github-app-token@v1
+        id: app-token
+        with:
+          app-id: ${{ vars.APP_ID }}
+          private-key: ${{ secrets.PRIVATE_KEY }}
+          owner: ${{ github.repository_owner }}
+          repositories: "repo1,repo2"
+      - uses: peter-evans/create-or-update-comment@v3
+        with:
+          token: ${{ steps.app-token.outputs.token }}
+          issue-number: ${{ github.event.issue.number }}
+          body: "Hello, World!"
+```
+
+### Create a token for all repositories in another owner's installation
+
+```yaml
+on: [issues]
+
+jobs:
+  hello-world:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/create-github-app-token@v1
+        id: app-token
+        with:
+          app-id: ${{ vars.APP_ID }}
+          private-key: ${{ secrets.PRIVATE_KEY }}
+          owner: another-owner
+      - uses: peter-evans/create-or-update-comment@v3
+        with:
+          token: ${{ steps.app-token.outputs.token }}
+          issue-number: ${{ github.event.issue.number }}
+          body: "Hello, World!"
+```
+
+### Create tokens for multiple user or organization accounts
+
+You can use a matrix strategy to create tokens for multiple user or organization accounts.
+
+> [!NOTE]
+> See [this documentation](https://docs.github.com/actions/using-workflows/workflow-commands-for-github-actions#multiline-strings) for information on using multiline strings in workflows.
+
+```yaml
+on: [workflow_dispatch]
+
+jobs:
+  set-matrix:
+    runs-on: ubuntu-latest
+    outputs:
+      matrix: ${{steps.set.outputs.matrix }}
+    steps:
+      - id: set
+        run: echo 'matrix=[{"owner":"owner1"},{"owner":"owner2","repos":["repo1"]}]' >>"$GITHUB_OUTPUT"
+
+  use-matrix:
+    name: '@${{ matrix.owners-and-repos.owner }} installation'
+    needs: [set-matrix]
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        owners-and-repos: ${{ fromJson(needs.set-matrix.outputs.matrix) }}
+
+    steps:
+      - uses: actions/create-github-app-token@v1
+        id: app-token
+        with:
+          app-id: ${{ vars.APP_ID }}
+          private-key: ${{ secrets.PRIVATE_KEY }}
+          owner: ${{ matrix.owners-and-repos.owner }}
+          repositories: ${{ join(matrix.owners-and-repos.repos) }}
+      - uses: octokit/request-action@v2.x
+        id: get-installation-repositories
+        with:
+          route: GET /installation/repositories
+        env:
+          GITHUB_TOKEN: ${{ steps.app-token.outputs.token }}
+      - run: echo "$MULTILINE_JSON_STRING"
+        env:
+          MULTILINE_JSON_STRING: ${{ steps.get-installation-repositories.outputs.data }}
+```
+
 ## Inputs
 
-### `app_id`
+### `app-id`
 
 **Required:** GitHub App ID.
 
-### `private_key`
+### `private-key`
 
 **Required:** GitHub App private key.
 
+### `owner`
+
+**Optional:** GitHub App installation owner. If empty, defaults to the current repository owner.
+
+### `repositories`
+
+**Optional:** Comma-separated list of repositories to grant access to.
+
+> [!NOTE]
+> If `owner` is set and `repositories` is empty, access will be scoped to all repositories in the provided repository owner's installation. If `owner` and `repositories` are empty, access will be scoped to only the current repository.
+
+### `skip-token-revoke`
+
+**Optional:** If truthy, the token will not be revoked when the current job is complete.
+
 ## Outputs
 
 ### `token`
@@ -77,10 +207,10 @@ GitHub App installation access token.
 
 The action creates an installation access token using [the `POST /app/installations/{installation_id}/access_tokens` endpoint](https://docs.github.com/rest/apps/apps?apiVersion=2022-11-28#create-an-installation-access-token-for-an-app). By default,
 
-1. The token is scoped to the current repository.
+1. The token is scoped to the current repository or `repositories` if set.
 2. The token inherits all the installation's permissions.
 3. The token is set as output `token` which can be used in subsequent steps.
-4. The token is revoked in the `post` step of the action, which means it cannot be passed to another job.
+4. Unless the `skip-token-revoke` input is set to a truthy value, the token is revoked in the `post` step of the action, which means it cannot be passed to another job.
 5. The token is masked, it cannot be logged accidentally.
 
 > [!NOTE]

action.yml

@@ -5,12 +5,33 @@ branding:
   icon: "lock"
   color: "gray-dark"
 inputs:
+  app-id:
+    description: "GitHub App ID"
+    required: false # TODO: When 'app_id' is removed, make 'app-id' required
   app_id:
     description: "GitHub App ID"
-    required: true
+    required: false
+    deprecationMessage: "'app_id' is deprecated and will be removed in a future version. Use 'app-id' instead."
+  private-key:
+    description: "GitHub App private key"
+    required: false # TODO: When 'private_key' is removed, make 'private-key' required
   private_key:
     description: "GitHub App private key"
-    required: true
+    required: false
+    deprecationMessage: "'private_key' is deprecated and will be removed in a future version. Use 'private-key' instead."
+  owner:
+    description: "GitHub App owner (defaults to current repository owner)"
+    required: false
+  repositories:
+    description: "Repositories to install the GitHub App on (defaults to current repository if owner is unset)"
+    required: false
+  skip-token-revoke:
+    description: "If truthy, the token will not be revoked when the current job is complete"
+    required: false
+  skip_token_revoke:
+    description: "If truthy, the token will not be revoked when the current job is complete"
+    required: false
+    deprecationMessage: "'skip_token_revoke' is deprecated and will be removed in a future version. Use 'skip-token-revoke' instead."
 outputs:
   token:
     description: "GitHub installation access token"

badges/coverage.svg

@@ -0,0 +1,25 @@
+<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" width="106"
+    height="20" role="img" aria-label="Coverage: 100%">
+    <title>Coverage: 100%</title>
+    <linearGradient id="s" x2="0" y2="100%">
+        <stop offset="0" stop-color="#bbb" stop-opacity=".1" />
+        <stop offset="1" stop-opacity=".1" />
+    </linearGradient>
+    <clipPath id="r">
+        <rect width="106" height="20" rx="3" fill="#fff" />
+    </clipPath>
+    <g clip-path="url(#r)">
+        <rect width="63" height="20" fill="#555" />
+        <rect x="63" width="43" height="20" fill="#4c1" />
+        <rect width="106" height="20" fill="url(#s)" />
+    </g>
+    <g fill="#fff" text-anchor="middle" font-family="Verdana,Geneva,DejaVu Sans,sans-serif"
+        text-rendering="geometricPrecision" font-size="110">
+        <text aria-hidden="true" x="325" y="150" fill="#010101" fill-opacity=".3"
+            transform="scale(.1)" textLength="530">Coverage</text>
+        <text x="325" y="140" transform="scale(.1)" fill="#fff" textLength="530">Coverage</text>
+        <text aria-hidden="true" x="835" y="150" fill="#010101" fill-opacity=".3"
+            transform="scale(.1)" textLength="330">100%</text>
+        <text x="835" y="140" transform="scale(.1)" fill="#fff" textLength="330">100%</text>
+    </g>
+</svg>

dist/post.cjs

@@ -34,10 +34,10 @@ var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: tru
 
 // node_modules/@actions/core/lib/utils.js
 var require_utils = __commonJS({
-  "node_modules/@actions/core/lib/utils.js"(exports) {
+  "node_modules/@actions/core/lib/utils.js"(exports2) {
     "use strict";
-    Object.defineProperty(exports, "__esModule", { value: true });
-    exports.toCommandProperties = exports.toCommandValue = void 0;
+    Object.defineProperty(exports2, "__esModule", { value: true });
+    exports2.toCommandProperties = exports2.toCommandValue = void 0;
     function toCommandValue(input) {
       if (input === null || input === void 0) {
         return "";
@@ -46,7 +46,7 @@ var require_utils = __commonJS({
       }
       return JSON.stringify(input);
     }
-    exports.toCommandValue = toCommandValue;
+    exports2.toCommandValue = toCommandValue;
     function toCommandProperties(annotationProperties) {
       if (!Object.keys(annotationProperties).length) {
         return {};
@@ -60,15 +60,15 @@ var require_utils = __commonJS({
         endColumn: annotationProperties.endColumn
       };
     }
-    exports.toCommandProperties = toCommandProperties;
+    exports2.toCommandProperties = toCommandProperties;
   }
 });
 
 // node_modules/@actions/core/lib/command.js
 var require_command = __commonJS({
-  "node_modules/@actions/core/lib/command.js"(exports) {
+  "node_modules/@actions/core/lib/command.js"(exports2) {
     "use strict";
-    var __createBinding = exports && exports.__createBinding || (Object.create ? function(o, m, k, k2) {
+    var __createBinding = exports2 && exports2.__createBinding || (Object.create ? function(o, m, k, k2) {
       if (k2 === void 0)
         k2 = k;
       Object.defineProperty(o, k2, { enumerable: true, get: function() {
@@ -79,12 +79,12 @@ var require_command = __commonJS({
         k2 = k;
       o[k2] = m[k];
     });
-    var __setModuleDefault = exports && exports.__setModuleDefault || (Object.create ? function(o, v) {
+    var __setModuleDefault = exports2 && exports2.__setModuleDefault || (Object.create ? function(o, v) {
       Object.defineProperty(o, "default", { enumerable: true, value: v });
     } : function(o, v) {
       o["default"] = v;
     });
-    var __importStar = exports && exports.__importStar || function(mod) {
+    var __importStar = exports2 && exports2.__importStar || function(mod) {
       if (mod && mod.__esModule)
         return mod;
       var result = {};
@@ -96,19 +96,19 @@ var require_command = __commonJS({
       __setModuleDefault(result, mod);
       return result;
     };
-    Object.defineProperty(exports, "__esModule", { value: true });
-    exports.issue = exports.issueCommand = void 0;
+    Object.defineProperty(exports2, "__esModule", { value: true });
+    exports2.issue = exports2.issueCommand = void 0;
     var os = __importStar(require("os"));
     var utils_1 = require_utils();
     function issueCommand(command, properties, message) {
       const cmd = new Command(command, properties, message);
       process.stdout.write(cmd.toString() + os.EOL);
     }
-    exports.issueCommand = issueCommand;
+    exports2.issueCommand = issueCommand;
     function issue(name, message = "") {
       issueCommand(name, {}, message);
     }
-    exports.issue = issue;
+    exports2.issue = issue;
     var CMD_STRING = "::";
     var Command = class {
       constructor(command, properties, message) {
@@ -486,9 +486,9 @@ var init_esm_node = __esm({
 
 // node_modules/@actions/core/lib/file-command.js
 var require_file_command = __commonJS({
-  "node_modules/@actions/core/lib/file-command.js"(exports) {
+  "node_modules/@actions/core/lib/file-command.js"(exports2) {
     "use strict";
-    var __createBinding = exports && exports.__createBinding || (Object.create ? function(o, m, k, k2) {
+    var __createBinding = exports2 && exports2.__createBinding || (Object.create ? function(o, m, k, k2) {
       if (k2 === void 0)
         k2 = k;
       Object.defineProperty(o, k2, { enumerable: true, get: function() {
@@ -499,12 +499,12 @@ var require_file_command = __commonJS({
         k2 = k;
       o[k2] = m[k];
     });
-    var __setModuleDefault = exports && exports.__setModuleDefault || (Object.create ? function(o, v) {
+    var __setModuleDefault = exports2 && exports2.__setModuleDefault || (Object.create ? function(o, v) {
       Object.defineProperty(o, "default", { enumerable: true, value: v });
     } : function(o, v) {
       o["default"] = v;
     });
-    var __importStar = exports && exports.__importStar || function(mod) {
+    var __importStar = exports2 && exports2.__importStar || function(mod) {
       if (mod && mod.__esModule)
         return mod;
       var result = {};
@@ -516,8 +516,8 @@ var require_file_command = __commonJS({
       __setModuleDefault(result, mod);
       return result;
     };
-    Object.defineProperty(exports, "__esModule", { value: true });
-    exports.prepareKeyValueMessage = exports.issueFileCommand = void 0;
+    Object.defineProperty(exports2, "__esModule", { value: true });
+    exports2.prepareKeyValueMessage = exports2.issueFileCommand = void 0;
     var fs = __importStar(require("fs"));
     var os = __importStar(require("os"));
     var uuid_1 = (init_esm_node(), __toCommonJS(esm_node_exports));
@@ -534,7 +534,7 @@ var require_file_command = __commonJS({
         encoding: "utf8"
       });
     }
-    exports.issueFileCommand = issueFileCommand;
+    exports2.issueFileCommand = issueFileCommand;
     function prepareKeyValueMessage(key, value) {
       const delimiter = `ghadelimiter_${uuid_1.v4()}`;
       const convertedValue = utils_1.toCommandValue(value);
@@ -546,16 +546,16 @@ var require_file_command = __commonJS({
       }
       return `${key}<<${delimiter}${os.EOL}${convertedValue}${os.EOL}${delimiter}`;
     }
-    exports.prepareKeyValueMessage = prepareKeyValueMessage;
+    exports2.prepareKeyValueMessage = prepareKeyValueMessage;
   }
 });
 
 // node_modules/@actions/http-client/lib/proxy.js
 var require_proxy = __commonJS({
-  "node_modules/@actions/http-client/lib/proxy.js"(exports) {
+  "node_modules/@actions/http-client/lib/proxy.js"(exports2) {
     "use strict";
-    Object.defineProperty(exports, "__esModule", { value: true });
-    exports.checkBypass = exports.getProxyUrl = void 0;
+    Object.defineProperty(exports2, "__esModule", { value: true });
+    exports2.checkBypass = exports2.getProxyUrl = void 0;
     function getProxyUrl(reqUrl) {
       const usingSsl = reqUrl.protocol === "https:";
       if (checkBypass(reqUrl)) {
@@ -569,12 +569,17 @@ var require_proxy = __commonJS({
         }
       })();
       if (proxyVar) {
-        return new URL(proxyVar);
+        try {
+          return new URL(proxyVar);
+        } catch (_a) {
+          if (!proxyVar.startsWith("http://") && !proxyVar.startsWith("https://"))
+            return new URL(`http://${proxyVar}`);
+        }
       } else {
         return void 0;
       }
     }
-    exports.getProxyUrl = getProxyUrl;
+    exports2.getProxyUrl = getProxyUrl;
     function checkBypass(reqUrl) {
       if (!reqUrl.hostname) {
         return false;
@@ -606,7 +611,7 @@ var require_proxy = __commonJS({
       }
       return false;
     }
-    exports.checkBypass = checkBypass;
+    exports2.checkBypass = checkBypass;
     function isLoopbackAddress(host) {
       const hostLower = host.toLowerCase();
       return hostLower === "localhost" || hostLower.startsWith("127.") || hostLower.startsWith("[::1]") || hostLower.startsWith("[0:0:0:0:0:0:0:1]");
@@ -616,7 +621,7 @@ var require_proxy = __commonJS({
 
 // node_modules/tunnel/lib/tunnel.js
 var require_tunnel = __commonJS({
-  "node_modules/tunnel/lib/tunnel.js"(exports) {
+  "node_modules/tunnel/lib/tunnel.js"(exports2) {
     "use strict";
     var net = require("net");
     var tls = require("tls");
@@ -625,10 +630,10 @@ var require_tunnel = __commonJS({
     var events = require("events");
     var assert = require("assert");
     var util = require("util");
-    exports.httpOverHttp = httpOverHttp;
-    exports.httpsOverHttp = httpsOverHttp;
-    exports.httpOverHttps = httpOverHttps;
-    exports.httpsOverHttps = httpsOverHttps;
+    exports2.httpOverHttp = httpOverHttp;
+    exports2.httpsOverHttp = httpsOverHttp;
+    exports2.httpOverHttps = httpOverHttps;
+    exports2.httpsOverHttps = httpsOverHttps;
     function httpOverHttp(options) {
       var agent = new TunnelingAgent(options);
       agent.request = http.request;
@@ -840,22 +845,22 @@ var require_tunnel = __commonJS({
       debug = function() {
       };
     }
-    exports.debug = debug;
+    exports2.debug = debug;
   }
 });
 
 // node_modules/tunnel/index.js
 var require_tunnel2 = __commonJS({
-  "node_modules/tunnel/index.js"(exports, module2) {
+  "node_modules/tunnel/index.js"(exports2, module2) {
     module2.exports = require_tunnel();
   }
 });
 
 // node_modules/@actions/http-client/lib/index.js
 var require_lib = __commonJS({
-  "node_modules/@actions/http-client/lib/index.js"(exports) {
+  "node_modules/@actions/http-client/lib/index.js"(exports2) {
     "use strict";
-    var __createBinding = exports && exports.__createBinding || (Object.create ? function(o, m, k, k2) {
+    var __createBinding = exports2 && exports2.__createBinding || (Object.create ? function(o, m, k, k2) {
       if (k2 === void 0)
         k2 = k;
       Object.defineProperty(o, k2, { enumerable: true, get: function() {
@@ -866,12 +871,12 @@ var require_lib = __commonJS({
         k2 = k;
       o[k2] = m[k];
     });
-    var __setModuleDefault = exports && exports.__setModuleDefault || (Object.create ? function(o, v) {
+    var __setModuleDefault = exports2 && exports2.__setModuleDefault || (Object.create ? function(o, v) {
       Object.defineProperty(o, "default", { enumerable: true, value: v });
     } : function(o, v) {
       o["default"] = v;
     });
-    var __importStar = exports && exports.__importStar || function(mod) {
+    var __importStar = exports2 && exports2.__importStar || function(mod) {
       if (mod && mod.__esModule)
         return mod;
       var result = {};
@@ -883,7 +888,7 @@ var require_lib = __commonJS({
       __setModuleDefault(result, mod);
       return result;
     };
-    var __awaiter = exports && exports.__awaiter || function(thisArg, _arguments, P, generator) {
+    var __awaiter = exports2 && exports2.__awaiter || function(thisArg, _arguments, P, generator) {
       function adopt(value) {
         return value instanceof P ? value : new P(function(resolve) {
           resolve(value);
@@ -910,8 +915,8 @@ var require_lib = __commonJS({
         step((generator = generator.apply(thisArg, _arguments || [])).next());
       });
     };
-    Object.defineProperty(exports, "__esModule", { value: true });
-    exports.HttpClient = exports.isHttps = exports.HttpClientResponse = exports.HttpClientError = exports.getProxyUrl = exports.MediaTypes = exports.Headers = exports.HttpCodes = void 0;
+    Object.defineProperty(exports2, "__esModule", { value: true });
+    exports2.HttpClient = exports2.isHttps = exports2.HttpClientResponse = exports2.HttpClientError = exports2.getProxyUrl = exports2.MediaTypes = exports2.Headers = exports2.HttpCodes = void 0;
     var http = __importStar(require("http"));
     var https = __importStar(require("https"));
     var pm = __importStar(require_proxy());
@@ -945,21 +950,21 @@ var require_lib = __commonJS({
       HttpCodes2[HttpCodes2["BadGateway"] = 502] = "BadGateway";
       HttpCodes2[HttpCodes2["ServiceUnavailable"] = 503] = "ServiceUnavailable";
       HttpCodes2[HttpCodes2["GatewayTimeout"] = 504] = "GatewayTimeout";
-    })(HttpCodes = exports.HttpCodes || (exports.HttpCodes = {}));
+    })(HttpCodes = exports2.HttpCodes || (exports2.HttpCodes = {}));
     var Headers;
     (function(Headers2) {
       Headers2["Accept"] = "accept";
       Headers2["ContentType"] = "content-type";
-    })(Headers = exports.Headers || (exports.Headers = {}));
+    })(Headers = exports2.Headers || (exports2.Headers = {}));
     var MediaTypes;
     (function(MediaTypes2) {
       MediaTypes2["ApplicationJson"] = "application/json";
-    })(MediaTypes = exports.MediaTypes || (exports.MediaTypes = {}));
+    })(MediaTypes = exports2.MediaTypes || (exports2.MediaTypes = {}));
     function getProxyUrl(serverUrl) {
       const proxyUrl = pm.getProxyUrl(new URL(serverUrl));
       return proxyUrl ? proxyUrl.href : "";
     }
-    exports.getProxyUrl = getProxyUrl;
+    exports2.getProxyUrl = getProxyUrl;
     var HttpRedirectCodes = [
       HttpCodes.MovedPermanently,
       HttpCodes.ResourceMoved,
@@ -983,7 +988,7 @@ var require_lib = __commonJS({
         Object.setPrototypeOf(this, _HttpClientError.prototype);
       }
     };
-    exports.HttpClientError = HttpClientError;
+    exports2.HttpClientError = HttpClientError;
     var HttpClientResponse = class {
       constructor(message) {
         this.message = message;
@@ -1001,13 +1006,26 @@ var require_lib = __commonJS({
           }));
         });
       }
+      readBodyBuffer() {
+        return __awaiter(this, void 0, void 0, function* () {
+          return new Promise((resolve) => __awaiter(this, void 0, void 0, function* () {
+            const chunks = [];
+            this.message.on("data", (chunk) => {
+              chunks.push(chunk);
+            });
+            this.message.on("end", () => {
+              resolve(Buffer.concat(chunks));
+            });
+          }));
+        });
+      }
     };
-    exports.HttpClientResponse = HttpClientResponse;
+    exports2.HttpClientResponse = HttpClientResponse;
     function isHttps(requestUrl) {
       const parsedUrl = new URL(requestUrl);
       return parsedUrl.protocol === "https:";
     }
-    exports.isHttps = isHttps;
+    exports2.isHttps = isHttps;
     var HttpClient = class {
       constructor(userAgent, handlers, requestOptions) {
         this._ignoreSslError = false;
@@ -1426,16 +1444,16 @@ var require_lib = __commonJS({
         });
       }
     };
-    exports.HttpClient = HttpClient;
+    exports2.HttpClient = HttpClient;
     var lowercaseKeys = (obj) => Object.keys(obj).reduce((c, k) => (c[k.toLowerCase()] = obj[k], c), {});
   }
 });
 
 // node_modules/@actions/http-client/lib/auth.js
 var require_auth = __commonJS({
-  "node_modules/@actions/http-client/lib/auth.js"(exports) {
+  "node_modules/@actions/http-client/lib/auth.js"(exports2) {
     "use strict";
-    var __awaiter = exports && exports.__awaiter || function(thisArg, _arguments, P, generator) {
+    var __awaiter = exports2 && exports2.__awaiter || function(thisArg, _arguments, P, generator) {
       function adopt(value) {
         return value instanceof P ? value : new P(function(resolve) {
           resolve(value);
@@ -1462,8 +1480,8 @@ var require_auth = __commonJS({
         step((generator = generator.apply(thisArg, _arguments || [])).next());
       });
     };
-    Object.defineProperty(exports, "__esModule", { value: true });
-    exports.PersonalAccessTokenCredentialHandler = exports.BearerCredentialHandler = exports.BasicCredentialHandler = void 0;
+    Object.defineProperty(exports2, "__esModule", { value: true });
+    exports2.PersonalAccessTokenCredentialHandler = exports2.BearerCredentialHandler = exports2.BasicCredentialHandler = void 0;
     var BasicCredentialHandler = class {
       constructor(username, password) {
         this.username = username;
@@ -1485,7 +1503,7 @@ var require_auth = __commonJS({
         });
       }
     };
-    exports.BasicCredentialHandler = BasicCredentialHandler;
+    exports2.BasicCredentialHandler = BasicCredentialHandler;
     var BearerCredentialHandler = class {
       constructor(token) {
         this.token = token;
@@ -1508,7 +1526,7 @@ var require_auth = __commonJS({
         });
       }
     };
-    exports.BearerCredentialHandler = BearerCredentialHandler;
+    exports2.BearerCredentialHandler = BearerCredentialHandler;
     var PersonalAccessTokenCredentialHandler = class {
       constructor(token) {
         this.token = token;
@@ -1531,15 +1549,15 @@ var require_auth = __commonJS({
         });
       }
     };
-    exports.PersonalAccessTokenCredentialHandler = PersonalAccessTokenCredentialHandler;
+    exports2.PersonalAccessTokenCredentialHandler = PersonalAccessTokenCredentialHandler;
   }
 });
 
 // node_modules/@actions/core/lib/oidc-utils.js
 var require_oidc_utils = __commonJS({
-  "node_modules/@actions/core/lib/oidc-utils.js"(exports) {
+  "node_modules/@actions/core/lib/oidc-utils.js"(exports2) {
     "use strict";
-    var __awaiter = exports && exports.__awaiter || function(thisArg, _arguments, P, generator) {
+    var __awaiter = exports2 && exports2.__awaiter || function(thisArg, _arguments, P, generator) {
       function adopt(value) {
         return value instanceof P ? value : new P(function(resolve) {
           resolve(value);
@@ -1566,8 +1584,8 @@ var require_oidc_utils = __commonJS({
         step((generator = generator.apply(thisArg, _arguments || [])).next());
       });
     };
-    Object.defineProperty(exports, "__esModule", { value: true });
-    exports.OidcClient = void 0;
+    Object.defineProperty(exports2, "__esModule", { value: true });
+    exports2.OidcClient = void 0;
     var http_client_1 = require_lib();
     var auth_1 = require_auth();
     var core_1 = require_core();
@@ -1602,7 +1620,7 @@ var require_oidc_utils = __commonJS({
  
         Error Code : ${error.statusCode}
  
-        Error Message: ${error.result.message}`);
+        Error Message: ${error.message}`);
           });
           const id_token = (_a = res.result) === null || _a === void 0 ? void 0 : _a.value;
           if (!id_token) {
@@ -1629,15 +1647,15 @@ var require_oidc_utils = __commonJS({
         });
       }
     };
-    exports.OidcClient = OidcClient;
+    exports2.OidcClient = OidcClient;
   }
 });
 
 // node_modules/@actions/core/lib/summary.js
 var require_summary = __commonJS({
-  "node_modules/@actions/core/lib/summary.js"(exports) {
+  "node_modules/@actions/core/lib/summary.js"(exports2) {
     "use strict";
-    var __awaiter = exports && exports.__awaiter || function(thisArg, _arguments, P, generator) {
+    var __awaiter = exports2 && exports2.__awaiter || function(thisArg, _arguments, P, generator) {
       function adopt(value) {
         return value instanceof P ? value : new P(function(resolve) {
           resolve(value);
@@ -1664,13 +1682,13 @@ var require_summary = __commonJS({
         step((generator = generator.apply(thisArg, _arguments || [])).next());
       });
     };
-    Object.defineProperty(exports, "__esModule", { value: true });
-    exports.summary = exports.markdownSummary = exports.SUMMARY_DOCS_URL = exports.SUMMARY_ENV_VAR = void 0;
+    Object.defineProperty(exports2, "__esModule", { value: true });
+    exports2.summary = exports2.markdownSummary = exports2.SUMMARY_DOCS_URL = exports2.SUMMARY_ENV_VAR = void 0;
     var os_1 = require("os");
     var fs_1 = require("fs");
     var { access, appendFile, writeFile } = fs_1.promises;
-    exports.SUMMARY_ENV_VAR = "GITHUB_STEP_SUMMARY";
-    exports.SUMMARY_DOCS_URL = "https://docs.github.com/actions/using-workflows/workflow-commands-for-github-actions#adding-a-job-summary";
+    exports2.SUMMARY_ENV_VAR = "GITHUB_STEP_SUMMARY";
+    exports2.SUMMARY_DOCS_URL = "https://docs.github.com/actions/using-workflows/workflow-commands-for-github-actions#adding-a-job-summary";
     var Summary = class {
       constructor() {
         this._buffer = "";
@@ -1686,9 +1704,9 @@ var require_summary = __commonJS({
           if (this._filePath) {
             return this._filePath;
           }
-          const pathFromEnv = process.env[exports.SUMMARY_ENV_VAR];
+          const pathFromEnv = process.env[exports2.SUMMARY_ENV_VAR];
           if (!pathFromEnv) {
-            throw new Error(`Unable to find environment variable for $${exports.SUMMARY_ENV_VAR}. Check if your runtime environment supports job summaries.`);
+            throw new Error(`Unable to find environment variable for $${exports2.SUMMARY_ENV_VAR}. Check if your runtime environment supports job summaries.`);
           }
           try {
             yield access(pathFromEnv, fs_1.constants.R_OK | fs_1.constants.W_OK);
@@ -1922,16 +1940,16 @@ var require_summary = __commonJS({
       }
     };
     var _summary = new Summary();
-    exports.markdownSummary = _summary;
-    exports.summary = _summary;
+    exports2.markdownSummary = _summary;
+    exports2.summary = _summary;
   }
 });
 
 // node_modules/@actions/core/lib/path-utils.js
 var require_path_utils = __commonJS({
-  "node_modules/@actions/core/lib/path-utils.js"(exports) {
+  "node_modules/@actions/core/lib/path-utils.js"(exports2) {
     "use strict";
-    var __createBinding = exports && exports.__createBinding || (Object.create ? function(o, m, k, k2) {
+    var __createBinding = exports2 && exports2.__createBinding || (Object.create ? function(o, m, k, k2) {
       if (k2 === void 0)
         k2 = k;
       Object.defineProperty(o, k2, { enumerable: true, get: function() {
@@ -1942,12 +1960,12 @@ var require_path_utils = __commonJS({
         k2 = k;
       o[k2] = m[k];
     });
-    var __setModuleDefault = exports && exports.__setModuleDefault || (Object.create ? function(o, v) {
+    var __setModuleDefault = exports2 && exports2.__setModuleDefault || (Object.create ? function(o, v) {
       Object.defineProperty(o, "default", { enumerable: true, value: v });
     } : function(o, v) {
       o["default"] = v;
     });
-    var __importStar = exports && exports.__importStar || function(mod) {
+    var __importStar = exports2 && exports2.__importStar || function(mod) {
       if (mod && mod.__esModule)
         return mod;
       var result = {};
@@ -1959,29 +1977,29 @@ var require_path_utils = __commonJS({
       __setModuleDefault(result, mod);
       return result;
     };
-    Object.defineProperty(exports, "__esModule", { value: true });
-    exports.toPlatformPath = exports.toWin32Path = exports.toPosixPath = void 0;
+    Object.defineProperty(exports2, "__esModule", { value: true });
+    exports2.toPlatformPath = exports2.toWin32Path = exports2.toPosixPath = void 0;
     var path = __importStar(require("path"));
     function toPosixPath(pth) {
       return pth.replace(/[\\]/g, "/");
     }
-    exports.toPosixPath = toPosixPath;
+    exports2.toPosixPath = toPosixPath;
     function toWin32Path(pth) {
       return pth.replace(/[/]/g, "\\");
     }
-    exports.toWin32Path = toWin32Path;
+    exports2.toWin32Path = toWin32Path;
     function toPlatformPath(pth) {
       return pth.replace(/[/\\]/g, path.sep);
     }
-    exports.toPlatformPath = toPlatformPath;
+    exports2.toPlatformPath = toPlatformPath;
   }
 });
 
 // node_modules/@actions/core/lib/core.js
 var require_core = __commonJS({
-  "node_modules/@actions/core/lib/core.js"(exports) {
+  "node_modules/@actions/core/lib/core.js"(exports2) {
     "use strict";
-    var __createBinding = exports && exports.__createBinding || (Object.create ? function(o, m, k, k2) {
+    var __createBinding = exports2 && exports2.__createBinding || (Object.create ? function(o, m, k, k2) {
       if (k2 === void 0)
         k2 = k;
       Object.defineProperty(o, k2, { enumerable: true, get: function() {
@@ -1992,12 +2010,12 @@ var require_core = __commonJS({
         k2 = k;
       o[k2] = m[k];
     });
-    var __setModuleDefault = exports && exports.__setModuleDefault || (Object.create ? function(o, v) {
+    var __setModuleDefault = exports2 && exports2.__setModuleDefault || (Object.create ? function(o, v) {
       Object.defineProperty(o, "default", { enumerable: true, value: v });
     } : function(o, v) {
       o["default"] = v;
     });
-    var __importStar = exports && exports.__importStar || function(mod) {
+    var __importStar = exports2 && exports2.__importStar || function(mod) {
       if (mod && mod.__esModule)
         return mod;
       var result = {};
@@ -2009,7 +2027,7 @@ var require_core = __commonJS({
       __setModuleDefault(result, mod);
       return result;
     };
-    var __awaiter = exports && exports.__awaiter || function(thisArg, _arguments, P, generator) {
+    var __awaiter = exports2 && exports2.__awaiter || function(thisArg, _arguments, P, generator) {
       function adopt(value) {
         return value instanceof P ? value : new P(function(resolve) {
           resolve(value);
@@ -2036,8 +2054,8 @@ var require_core = __commonJS({
         step((generator = generator.apply(thisArg, _arguments || [])).next());
       });
     };
-    Object.defineProperty(exports, "__esModule", { value: true });
-    exports.getIDToken = exports.getState = exports.saveState = exports.group = exports.endGroup = exports.startGroup = exports.info = exports.notice = exports.warning = exports.error = exports.debug = exports.isDebug = exports.setFailed = exports.setCommandEcho = exports.setOutput = exports.getBooleanInput = exports.getMultilineInput = exports.getInput = exports.addPath = exports.setSecret = exports.exportVariable = exports.ExitCode = void 0;
+    Object.defineProperty(exports2, "__esModule", { value: true });
+    exports2.getIDToken = exports2.getState = exports2.saveState = exports2.group = exports2.endGroup = exports2.startGroup = exports2.info = exports2.notice = exports2.warning = exports2.error = exports2.debug = exports2.isDebug = exports2.setFailed = exports2.setCommandEcho = exports2.setOutput = exports2.getBooleanInput = exports2.getMultilineInput = exports2.getInput = exports2.addPath = exports2.setSecret = exports2.exportVariable = exports2.ExitCode = void 0;
     var command_1 = require_command();
     var file_command_1 = require_file_command();
     var utils_1 = require_utils();
@@ -2048,7 +2066,7 @@ var require_core = __commonJS({
     (function(ExitCode2) {
       ExitCode2[ExitCode2["Success"] = 0] = "Success";
       ExitCode2[ExitCode2["Failure"] = 1] = "Failure";
-    })(ExitCode = exports.ExitCode || (exports.ExitCode = {}));
+    })(ExitCode = exports2.ExitCode || (exports2.ExitCode = {}));
     function exportVariable(name, val) {
       const convertedVal = utils_1.toCommandValue(val);
       process.env[name] = convertedVal;
@@ -2058,11 +2076,11 @@ var require_core = __commonJS({
       }
       command_1.issueCommand("set-env", { name }, convertedVal);
     }
-    exports.exportVariable = exportVariable;
+    exports2.exportVariable = exportVariable;
     function setSecret(secret) {
       command_1.issueCommand("add-mask", {}, secret);
     }
-    exports.setSecret = setSecret;
+    exports2.setSecret = setSecret;
     function addPath(inputPath) {
       const filePath = process.env["GITHUB_PATH"] || "";
       if (filePath) {
@@ -2072,7 +2090,7 @@ var require_core = __commonJS({
       }
       process.env["PATH"] = `${inputPath}${path.delimiter}${process.env["PATH"]}`;
     }
-    exports.addPath = addPath;
+    exports2.addPath = addPath;
     function getInput(name, options) {
       const val = process.env[`INPUT_${name.replace(/ /g, "_").toUpperCase()}`] || "";
       if (options && options.required && !val) {
@@ -2083,7 +2101,7 @@ var require_core = __commonJS({
       }
       return val.trim();
     }
-    exports.getInput = getInput;
+    exports2.getInput = getInput;
     function getMultilineInput(name, options) {
       const inputs = getInput(name, options).split("\n").filter((x) => x !== "");
       if (options && options.trimWhitespace === false) {
@@ -2091,7 +2109,7 @@ var require_core = __commonJS({
       }
       return inputs.map((input) => input.trim());
     }
-    exports.getMultilineInput = getMultilineInput;
+    exports2.getMultilineInput = getMultilineInput;
     function getBooleanInput(name, options) {
       const trueValue = ["true", "True", "TRUE"];
       const falseValue = ["false", "False", "FALSE"];
@@ -2103,7 +2121,7 @@ var require_core = __commonJS({
       throw new TypeError(`Input does not meet YAML 1.2 "Core Schema" specification: ${name}
 Support boolean input list: \`true | True | TRUE | false | False | FALSE\``);
     }
-    exports.getBooleanInput = getBooleanInput;
+    exports2.getBooleanInput = getBooleanInput;
     function setOutput(name, value) {
       const filePath = process.env["GITHUB_OUTPUT"] || "";
       if (filePath) {
@@ -2112,48 +2130,48 @@ Support boolean input list: \`true | True | TRUE | false | False | FALSE\``);
       process.stdout.write(os.EOL);
       command_1.issueCommand("set-output", { name }, utils_1.toCommandValue(value));
     }
-    exports.setOutput = setOutput;
+    exports2.setOutput = setOutput;
     function setCommandEcho(enabled) {
       command_1.issue("echo", enabled ? "on" : "off");
     }
-    exports.setCommandEcho = setCommandEcho;
+    exports2.setCommandEcho = setCommandEcho;
     function setFailed(message) {
       process.exitCode = ExitCode.Failure;
       error(message);
     }
-    exports.setFailed = setFailed;
+    exports2.setFailed = setFailed;
     function isDebug() {
       return process.env["RUNNER_DEBUG"] === "1";
     }
-    exports.isDebug = isDebug;
+    exports2.isDebug = isDebug;
     function debug(message) {
       command_1.issueCommand("debug", {}, message);
     }
-    exports.debug = debug;
+    exports2.debug = debug;
     function error(message, properties = {}) {
       command_1.issueCommand("error", utils_1.toCommandProperties(properties), message instanceof Error ? message.toString() : message);
     }
-    exports.error = error;
+    exports2.error = error;
     function warning(message, properties = {}) {
       command_1.issueCommand("warning", utils_1.toCommandProperties(properties), message instanceof Error ? message.toString() : message);
     }
-    exports.warning = warning;
+    exports2.warning = warning;
     function notice(message, properties = {}) {
       command_1.issueCommand("notice", utils_1.toCommandProperties(properties), message instanceof Error ? message.toString() : message);
     }
-    exports.notice = notice;
+    exports2.notice = notice;
     function info(message) {
       process.stdout.write(message + os.EOL);
     }
-    exports.info = info;
+    exports2.info = info;
     function startGroup(name) {
       command_1.issue("group", name);
     }
-    exports.startGroup = startGroup;
+    exports2.startGroup = startGroup;
     function endGroup() {
       command_1.issue("endgroup");
     }
-    exports.endGroup = endGroup;
+    exports2.endGroup = endGroup;
     function group(name, fn) {
       return __awaiter(this, void 0, void 0, function* () {
         startGroup(name);
@@ -2166,7 +2184,7 @@ Support boolean input list: \`true | True | TRUE | false | False | FALSE\``);
         return result;
       });
     }
-    exports.group = group;
+    exports2.group = group;
     function saveState(name, value) {
       const filePath = process.env["GITHUB_STATE"] || "";
       if (filePath) {
@@ -2174,33 +2192,33 @@ Support boolean input list: \`true | True | TRUE | false | False | FALSE\``);
       }
       command_1.issueCommand("save-state", { name }, utils_1.toCommandValue(value));
     }
-    exports.saveState = saveState;
+    exports2.saveState = saveState;
     function getState(name) {
       return process.env[`STATE_${name}`] || "";
     }
-    exports.getState = getState;
+    exports2.getState = getState;
     function getIDToken(aud) {
       return __awaiter(this, void 0, void 0, function* () {
         return yield oidc_utils_1.OidcClient.getIDToken(aud);
       });
     }
-    exports.getIDToken = getIDToken;
+    exports2.getIDToken = getIDToken;
     var summary_1 = require_summary();
-    Object.defineProperty(exports, "summary", { enumerable: true, get: function() {
+    Object.defineProperty(exports2, "summary", { enumerable: true, get: function() {
       return summary_1.summary;
     } });
     var summary_2 = require_summary();
-    Object.defineProperty(exports, "markdownSummary", { enumerable: true, get: function() {
+    Object.defineProperty(exports2, "markdownSummary", { enumerable: true, get: function() {
       return summary_2.markdownSummary;
     } });
     var path_utils_1 = require_path_utils();
-    Object.defineProperty(exports, "toPosixPath", { enumerable: true, get: function() {
+    Object.defineProperty(exports2, "toPosixPath", { enumerable: true, get: function() {
       return path_utils_1.toPosixPath;
     } });
-    Object.defineProperty(exports, "toWin32Path", { enumerable: true, get: function() {
+    Object.defineProperty(exports2, "toWin32Path", { enumerable: true, get: function() {
       return path_utils_1.toWin32Path;
     } });
-    Object.defineProperty(exports, "toPlatformPath", { enumerable: true, get: function() {
+    Object.defineProperty(exports2, "toPlatformPath", { enumerable: true, get: function() {
       return path_utils_1.toPlatformPath;
     } });
   }
@@ -2208,9 +2226,9 @@ Support boolean input list: \`true | True | TRUE | false | False | FALSE\``);
 
 // node_modules/universal-user-agent/dist-node/index.js
 var require_dist_node = __commonJS({
-  "node_modules/universal-user-agent/dist-node/index.js"(exports) {
+  "node_modules/universal-user-agent/dist-node/index.js"(exports2) {
     "use strict";
-    Object.defineProperty(exports, "__esModule", { value: true });
+    Object.defineProperty(exports2, "__esModule", { value: true });
     function getUserAgent() {
       if (typeof navigator === "object" && "userAgent" in navigator) {
         return navigator.userAgent;
@@ -2220,15 +2238,15 @@ var require_dist_node = __commonJS({
       }
       return "<environment undetectable>";
     }
-    exports.getUserAgent = getUserAgent;
+    exports2.getUserAgent = getUserAgent;
   }
 });
 
 // node_modules/is-plain-object/dist/is-plain-object.js
 var require_is_plain_object = __commonJS({
-  "node_modules/is-plain-object/dist/is-plain-object.js"(exports) {
+  "node_modules/is-plain-object/dist/is-plain-object.js"(exports2) {
     "use strict";
-    Object.defineProperty(exports, "__esModule", { value: true });
+    Object.defineProperty(exports2, "__esModule", { value: true });
     function isObject(o) {
       return Object.prototype.toString.call(o) === "[object Object]";
     }
@@ -2247,13 +2265,13 @@ var require_is_plain_object = __commonJS({
       }
       return true;
     }
-    exports.isPlainObject = isPlainObject;
+    exports2.isPlainObject = isPlainObject;
   }
 });
 
 // node_modules/@octokit/endpoint/dist-node/index.js
 var require_dist_node2 = __commonJS({
-  "node_modules/@octokit/endpoint/dist-node/index.js"(exports, module2) {
+  "node_modules/@octokit/endpoint/dist-node/index.js"(exports2, module2) {
     "use strict";
     var __defProp2 = Object.defineProperty;
     var __getOwnPropDesc2 = Object.getOwnPropertyDescriptor;
@@ -2278,7 +2296,7 @@ var require_dist_node2 = __commonJS({
     });
     module2.exports = __toCommonJS2(dist_src_exports);
     var import_universal_user_agent = require_dist_node();
-    var VERSION = "9.0.0";
+    var VERSION = "9.0.1";
     var userAgent = `octokit-endpoint.js/${VERSION} ${(0, import_universal_user_agent.getUserAgent)()}`;
     var DEFAULTS = {
       method: "GET",
@@ -2581,9 +2599,9 @@ var require_dist_node2 = __commonJS({
 
 // node_modules/deprecation/dist-node/index.js
 var require_dist_node3 = __commonJS({
-  "node_modules/deprecation/dist-node/index.js"(exports) {
+  "node_modules/deprecation/dist-node/index.js"(exports2) {
     "use strict";
-    Object.defineProperty(exports, "__esModule", { value: true });
+    Object.defineProperty(exports2, "__esModule", { value: true });
     var Deprecation = class extends Error {
       constructor(message) {
         super(message);
@@ -2593,13 +2611,13 @@ var require_dist_node3 = __commonJS({
         this.name = "Deprecation";
       }
     };
-    exports.Deprecation = Deprecation;
+    exports2.Deprecation = Deprecation;
   }
 });
 
 // node_modules/wrappy/wrappy.js
 var require_wrappy = __commonJS({
-  "node_modules/wrappy/wrappy.js"(exports, module2) {
+  "node_modules/wrappy/wrappy.js"(exports2, module2) {
     module2.exports = wrappy;
     function wrappy(fn, cb) {
       if (fn && cb)
@@ -2630,7 +2648,7 @@ var require_wrappy = __commonJS({
 
 // node_modules/once/once.js
 var require_once = __commonJS({
-  "node_modules/once/once.js"(exports, module2) {
+  "node_modules/once/once.js"(exports2, module2) {
     var wrappy = require_wrappy();
     module2.exports = wrappy(once);
     module2.exports.strict = wrappy(onceStrict);
@@ -2675,7 +2693,7 @@ var require_once = __commonJS({
 
 // node_modules/@octokit/request-error/dist-node/index.js
 var require_dist_node4 = __commonJS({
-  "node_modules/@octokit/request-error/dist-node/index.js"(exports, module2) {
+  "node_modules/@octokit/request-error/dist-node/index.js"(exports2, module2) {
     "use strict";
     var __create2 = Object.create;
     var __defProp2 = Object.defineProperty;
@@ -2767,7 +2785,7 @@ var require_dist_node4 = __commonJS({
 
 // node_modules/@octokit/request/dist-node/index.js
 var require_dist_node5 = __commonJS({
-  "node_modules/@octokit/request/dist-node/index.js"(exports, module2) {
+  "node_modules/@octokit/request/dist-node/index.js"(exports2, module2) {
     "use strict";
     var __defProp2 = Object.defineProperty;
     var __getOwnPropDesc2 = Object.getOwnPropertyDescriptor;
@@ -2793,8 +2811,18 @@ var require_dist_node5 = __commonJS({
     module2.exports = __toCommonJS2(dist_src_exports);
     var import_endpoint = require_dist_node2();
     var import_universal_user_agent = require_dist_node();
-    var VERSION = "8.1.1";
-    var import_is_plain_object = require_is_plain_object();
+    var VERSION = "8.1.6";
+    function isPlainObject(value) {
+      if (typeof value !== "object" || value === null)
+        return false;
+      if (Object.prototype.toString.call(value) !== "[object Object]")
+        return false;
+      const proto = Object.getPrototypeOf(value);
+      if (proto === null)
+        return true;
+      const Ctor = Object.prototype.hasOwnProperty.call(proto, "constructor") && proto.constructor;
+      return typeof Ctor === "function" && Ctor instanceof Ctor && Function.prototype.call(Ctor) === Function.prototype.call(value);
+    }
     var import_request_error = require_dist_node4();
     function getBufferResponse(response) {
       return response.arrayBuffer();
@@ -2803,7 +2831,7 @@ var require_dist_node5 = __commonJS({
       var _a, _b, _c;
       const log = requestOptions.request && requestOptions.request.log ? requestOptions.request.log : console;
       const parseSuccessResponseBody = ((_a = requestOptions.request) == null ? void 0 : _a.parseSuccessResponseBody) !== false;
-      if ((0, import_is_plain_object.isPlainObject)(requestOptions.body) || Array.isArray(requestOptions.body)) {
+      if (isPlainObject(requestOptions.body) || Array.isArray(requestOptions.body)) {
         requestOptions.body = JSON.stringify(requestOptions.body);
       }
       let headers = {};
@@ -2893,7 +2921,15 @@ var require_dist_node5 = __commonJS({
           throw error;
         else if (error.name === "AbortError")
           throw error;
-        throw new import_request_error.RequestError(error.message, 500, {
+        let message = error.message;
+        if (error.name === "TypeError" && "cause" in error) {
+          if (error.cause instanceof Error) {
+            message = error.cause.message;
+          } else if (typeof error.cause === "string") {
+            message = error.cause;
+          }
+        }
+        throw new import_request_error.RequestError(message, 500, {
           request: requestOptions
         });
       });
@@ -2901,7 +2937,7 @@ var require_dist_node5 = __commonJS({
     async function getResponseData(response) {
       const contentType = response.headers.get("content-type");
       if (/application\/json/.test(contentType)) {
-        return response.json();
+        return response.json().catch(() => response.text()).catch(() => "");
       }
       if (!contentType || /^text\/|charset=utf-8$/.test(contentType)) {
         return response.text();
@@ -2951,32 +2987,48 @@ var require_dist_node5 = __commonJS({
 });
 
 // post.js
-var import_core2 = __toESM(require_core(), 1);
-var import_request = __toESM(require_dist_node5(), 1);
+var import_core = __toESM(require_core(), 1);
 
 // lib/post.js
-var import_core = __toESM(require_core(), 1);
-async function post(core3, request2) {
-  const token = core3.getState("token");
-  if (!token)
+async function post(core2, request2) {
+  const skipTokenRevoke = Boolean(
+    core2.getInput("skip-token-revoke") || core2.getInput("skip_token_revoke")
+  );
+  if (skipTokenRevoke) {
+    core2.info("Token revocation was skipped");
     return;
+  }
+  const token = core2.getState("token");
+  if (!token) {
+    core2.info("Token is not set");
+    return;
+  }
   await request2("DELETE /installation/token", {
     headers: {
       authorization: `token ${token}`
     }
   });
-  core3.info("Token revoked");
+  core2.info("Token revoked");
 }
 
+// lib/request.js
+var import_request = __toESM(require_dist_node5(), 1);
+var request_default = import_request.request.defaults({
+  baseUrl: process.env["GITHUB_API_URL"],
+  headers: {
+    "user-agent": "actions/create-github-app-token"
+  }
+});
+
 // post.js
 post(
-  import_core2.default,
-  import_request.request.defaults({
+  import_core.default,
+  request_default.defaults({
     baseUrl: process.env["GITHUB_API_URL"]
   })
 ).catch((error) => {
   console.error(error);
-  import_core2.default.setFailed(error.message);
+  import_core.default.setFailed(error.message);
 });
 /*! Bundled license information:
 

lib/main.js

@@ -1,56 +1,99 @@
+import pRetry from "p-retry";
 // @ts-check
 
-import core from "@actions/core";
-import { createAppAuth } from "@octokit/auth-app";
-import { request } from "@octokit/request";
-
 /**
  * @param {string} appId
  * @param {string} privateKey
- * @param {string} repository
- * @param {core} core
- * @param {createAppAuth} createAppAuth
- * @param {request} request
+ * @param {string} owner
+ * @param {string} repositories
+ * @param {import("@actions/core")} core
+ * @param {import("@octokit/auth-app").createAppAuth} createAppAuth
+ * @param {import("@octokit/request").request} request
+ * @param {boolean} skipTokenRevoke
  */
 export async function main(
   appId,
   privateKey,
-  repository,
+  owner,
+  repositories,
   core,
   createAppAuth,
-  request
+  request,
+  skipTokenRevoke
 ) {
-  // Get owner and repo name from GITHUB_REPOSITORY
-  const [owner, repo] = repository.split("/");
+  let parsedOwner = "";
+  let parsedRepositoryNames = "";
+
+  // If neither owner nor repositories are set, default to current repository
+  if (!owner && !repositories) {
+    [parsedOwner, parsedRepositoryNames] = String(
+      process.env.GITHUB_REPOSITORY
+    ).split("/");
+
+    core.info(
+      `owner and repositories not set, creating token for the current repository ("${parsedRepositoryNames}")`
+    );
+  }
+
+  // If only an owner is set, default to all repositories from that owner
+  if (owner && !repositories) {
+    parsedOwner = owner;
+
+    core.info(
+      `repositories not set, creating token for all repositories for given owner "${owner}"`
+    );
+  }
+
+  // If repositories are set, but no owner, default to `GITHUB_REPOSITORY_OWNER`
+  if (!owner && repositories) {
+    parsedOwner = String(process.env.GITHUB_REPOSITORY_OWNER);
+    parsedRepositoryNames = repositories;
+
+    core.info(
+      `owner not set, creating owner for given repositories "${repositories}" in current owner ("${parsedOwner}")`
+    );
+  }
+
+  // If both owner and repositories are set, use those values
+  if (owner && repositories) {
+    parsedOwner = owner;
+    parsedRepositoryNames = repositories;
+
+    core.info(
+      `owner and repositories set, creating token for repositories "${repositories}" owned by "${owner}"`
+    );
+  }
 
   const auth = createAppAuth({
     appId,
     privateKey,
+    request,
   });
 
-  const appAuthentication = await auth({
-    type: "app",
-  });
+  let authentication;
+  // If at least one repository is set, get installation ID from that repository
 
-  // Get the installation ID
-  // https://docs.github.com/en/rest/apps/apps?apiVersion=2022-11-28#get-a-repository-installation-for-the-authenticated-app
-  const { data: installation } = await request(
-    "GET /repos/{owner}/{repo}/installation",
-    {
-      owner,
-      repo,
-      headers: {
-        authorization: `bearer ${appAuthentication.token}`,
+  if (parsedRepositoryNames) {
+    authentication = await pRetry(() => getTokenFromRepository(request, auth, parsedOwner, parsedRepositoryNames), {
+      onFailedAttempt: (error) => {
+        core.info(
+          `Failed to create token for "${parsedRepositoryNames}" (attempt ${error.attemptNumber}): ${error.message}`
+        );
       },
-    }
-  );
+      retries: 3,
+    });
 
-  // Create a new installation token
-  const authentication = await auth({
-    type: "installation",
-    installationId: installation.id,
-    repositoryNames: [repo],
-  });
+  } else {
+    // Otherwise get the installation for the owner, which can either be an organization or a user account
+    authentication = await pRetry(() => getTokenFromOwner(request, auth, parsedOwner), {
+      onFailedAttempt: (error) => {
+        core.info(
+          `Failed to create token for "${parsedOwner}" (attempt ${error.attemptNumber}): ${error.message}`
+        );
+      },
+      retries: 3,
+    });
+  }
 
   // Register the token with the runner as a secret to ensure it is masked in logs
   core.setSecret(authentication.token);
@@ -58,5 +101,55 @@ export async function main(
   core.setOutput("token", authentication.token);
 
   // Make token accessible to post function (so we can invalidate it)
-  core.saveState("token", authentication.token);
+  if (!skipTokenRevoke) {
+    core.saveState("token", authentication.token);
+  }
 }
+
+async function getTokenFromOwner(request, auth, parsedOwner) {
+  // https://docs.github.com/en/rest/apps/apps?apiVersion=2022-11-28#get-an-organization-installation-for-the-authenticated-app
+  const response = await request("GET /orgs/{org}/installation", {
+    org: parsedOwner,
+    request: {
+      hook: auth.hook,
+    },
+  }).catch((error) => {
+    /* c8 ignore next */
+    if (error.status !== 404) throw error;
+
+    // https://docs.github.com/rest/apps/apps?apiVersion=2022-11-28#get-a-user-installation-for-the-authenticated-app
+    return request("GET /users/{username}/installation", {
+      username: parsedOwner,
+      request: {
+        hook: auth.hook,
+      },
+    });
+  });
+
+  // Get token for for all repositories of the given installation
+  const authentication = await auth({
+    type: "installation",
+    installationId: response.data.id,
+  });
+  return authentication;
+}
+
+async function getTokenFromRepository(request, auth, parsedOwner, parsedRepositoryNames) {
+  // https://docs.github.com/rest/apps/apps?apiVersion=2022-11-28#get-a-repository-installation-for-the-authenticated-app
+  const response = await request("GET /repos/{owner}/{repo}/installation", {
+    owner: parsedOwner,
+    repo: parsedRepositoryNames.split(",")[0],
+    request: {
+      hook: auth.hook,
+    },
+  });
+
+  // Get token for given repositories
+  const authentication = await auth({
+    type: "installation",
+    installationId: response.data.id,
+    repositoryNames: parsedRepositoryNames.split(","),
+  });
+
+  return authentication;
+}

lib/post.js

@@ -1,16 +1,25 @@
 // @ts-check
 
-import core from "@actions/core";
-import { request } from "@octokit/request";
-
 /**
- * @param {core} core
- * @param {request} request
+ * @param {import("@actions/core")} core
+ * @param {import("@octokit/request").request} request
  */
 export async function post(core, request) {
+  const skipTokenRevoke = Boolean(
+    core.getInput("skip-token-revoke") || core.getInput("skip_token_revoke")
+  );
+
+  if (skipTokenRevoke) {
+    core.info("Token revocation was skipped");
+    return;
+  }
+
   const token = core.getState("token");
 
-  if (!token) return;
+  if (!token) {
+    core.info("Token is not set");
+    return;
+  }
 
   await request("DELETE /installation/token", {
     headers: {

lib/request.js

@@ -0,0 +1,8 @@
+import { request } from "@octokit/request";
+
+export default request.defaults({
+  baseUrl: process.env["GITHUB_API_URL"],
+  headers: {
+    "user-agent": "actions/create-github-app-token",
+  },
+});

main.js

@@ -2,29 +2,48 @@
 
 import core from "@actions/core";
 import { createAppAuth } from "@octokit/auth-app";
-import { request } from "@octokit/request";
 
 import { main } from "./lib/main.js";
+import request from "./lib/request.js";
 
 if (!process.env.GITHUB_REPOSITORY) {
   throw new Error("GITHUB_REPOSITORY missing, must be set to '<owner>/<repo>'");
 }
 
-const appId = core.getInput("app_id");
-const privateKey = core.getInput("private_key");
+if (!process.env.GITHUB_REPOSITORY_OWNER) {
+  throw new Error("GITHUB_REPOSITORY_OWNER missing, must be set to '<owner>'");
+}
 
-const repository = process.env.GITHUB_REPOSITORY;
+const appId = core.getInput("app-id") || core.getInput("app_id");
+if (!appId) {
+  // The 'app_id' input was previously required, but it and 'app-id' are both optional now, until the former is removed. Still, we want to ensure that at least one of them is set.
+  throw new Error("Input required and not supplied: app-id");
+}
+const privateKey = core.getInput("private-key") || core.getInput("private_key");
+if (!privateKey) {
+  // The 'private_key' input was previously required, but it and 'private-key' are both optional now, until the former is removed. Still, we want to ensure that at least one of them is set.
+  throw new Error("Input required and not supplied: private-key");
+}
+const owner = core.getInput("owner");
+const repositories = core.getInput("repositories");
+
+const skipTokenRevoke = Boolean(
+  core.getInput("skip-token-revoke") || core.getInput("skip_token_revoke")
+);
 
 main(
   appId,
   privateKey,
-  repository,
+  owner,
+  repositories,
   core,
   createAppAuth,
   request.defaults({
     baseUrl: process.env["GITHUB_API_URL"],
-  })
+  }),
+  skipTokenRevoke
 ).catch((error) => {
+  /* c8 ignore next 3 */
   console.error(error);
   core.setFailed(error.message);
 });

package.json

@@ -2,21 +2,31 @@
   "name": "create-github-app-token",
   "private": true,
   "type": "module",
-  "version": "1.2.0",
+  "version": "1.6.3",
   "description": "GitHub Action for creating a GitHub App Installation Access Token",
   "scripts": {
-    "build": "esbuild main.js post.js --bundle --outdir=dist --out-extension:.js=.cjs --platform=node --target=node16.16",
-    "test": "echo \"Error: no test specified\" && exit 1"
+    "build": "esbuild main.js post.js --bundle --outdir=dist --out-extension:.js=.cjs --platform=node --target=node20.0.0",
+    "test": "c8 --100 ava tests/index.js",
+    "coverage": "c8 report --reporter html",
+    "postcoverage": "open-cli coverage/index.html"
   },
   "license": "MIT",
   "dependencies": {
-    "@actions/core": "^1.10.0",
-    "@octokit/auth-app": "^6.0.0",
-    "@octokit/request": "^8.1.1"
+    "@actions/core": "^1.10.1",
+    "@octokit/auth-app": "^6.0.3",
+    "@octokit/request": "^8.1.6",
+    "p-retry": "^6.2.0"
   },
   "devDependencies": {
+    "@sinonjs/fake-timers": "^11.2.2",
+    "ava": "^6.0.1",
+    "c8": "^8.0.1",
     "dotenv": "^16.3.1",
-    "esbuild": "^0.19.2"
+    "esbuild": "^0.19.11",
+    "execa": "^8.0.1",
+    "open-cli": "^8.0.0",
+    "undici": "^6.2.1",
+    "yaml": "^2.3.4"
   },
   "release": {
     "branches": [

post.js

@@ -1,9 +1,9 @@
 // @ts-check
 
 import core from "@actions/core";
-import { request } from "@octokit/request";
 
 import { post } from "./lib/post.js";
+import request from "./lib/request.js";
 
 post(
   core,
@@ -11,6 +11,7 @@ post(
     baseUrl: process.env["GITHUB_API_URL"],
   })
 ).catch((error) => {
+  /* c8 ignore next 3 */
   console.error(error);
   core.setFailed(error.message);
 });

tests/README.md

@@ -0,0 +1,19 @@
+# Tests
+
+Add one test file per scenario. You can run them in isolation with:
+
+```bash
+node tests/post-token-set.test.js
+```
+
+All tests are run together in [tests/index.js](index.js), which can be executed with ava
+
+```
+npx ava tests/index.js
+```
+
+or with npm
+
+```
+npm test
+```

tests/action-deprecated-inputs.test.js

@@ -0,0 +1,16 @@
+import { readFileSync } from "node:fs";
+import * as url from "node:url";
+import YAML from "yaml";
+
+const action = YAML.parse(
+  readFileSync(
+    url.fileURLToPath(new URL("../action.yml", import.meta.url)),
+    "utf8"
+  )
+);
+
+for (const [key, value] of Object.entries(action.inputs)) {
+  if ("deprecationMessage" in value) {
+    console.log(`${key} — ${value.deprecationMessage}`);
+  }
+}

tests/index.js

@@ -0,0 +1,19 @@
+import { readdirSync } from "node:fs";
+
+import { execa } from "execa";
+import test from "ava";
+
+const tests = readdirSync("tests").filter((file) => file.endsWith(".test.js"));
+
+for (const file of tests) {
+  test(file, async (t) => {
+    // Override Actions environment variables that change `core`’s behavior
+    const env = {
+      GITHUB_OUTPUT: undefined,
+      GITHUB_STATE: undefined,
+    };
+    const { stderr, stdout } = await execa("node", [`tests/${file}`], { env });
+    t.snapshot(stderr, "stderr");
+    t.snapshot(stdout, "stdout");
+  });
+}

tests/main-missing-app-id.test.js

@@ -0,0 +1,9 @@
+process.env.GITHUB_REPOSITORY_OWNER = "actions";
+process.env.GITHUB_REPOSITORY = "actions/create-github-app-token";
+
+// Verify `main` exits with an error when neither the `app-id` nor `app_id` input is set.
+try {
+  await import("../main.js");
+} catch (error) {
+  console.error(error.message);
+}

tests/main-missing-owner.test.js

@@ -0,0 +1,9 @@
+process.env.GITHUB_REPOSITORY = "actions/create-github-app-token";
+delete process.env.GITHUB_REPOSITORY_OWNER;
+
+// Verify `main` exits with an error when `GITHUB_REPOSITORY_OWNER` is missing.
+try {
+  await import("../main.js");
+} catch (error) {
+  console.error(error.message);
+}

tests/main-missing-private-key.test.js

@@ -0,0 +1,10 @@
+process.env.GITHUB_REPOSITORY_OWNER = "actions";
+process.env.GITHUB_REPOSITORY = "actions/create-github-app-token";
+process.env["INPUT_APP-ID"] = "123456";
+
+// Verify `main` exits with an error when neither the `private-key` nor `private_key` input is set.
+try {
+  await import("../main.js");
+} catch (error) {
+  console.error(error.message);
+}

tests/main-missing-repository.test.js

@@ -0,0 +1,8 @@
+delete process.env.GITHUB_REPOSITORY;
+
+// Verify `main` exits with an error when `GITHUB_REPOSITORY` is missing.
+try {
+  await import("../main.js");
+} catch (error) {
+  console.error(error.message);
+}

tests/main-repo-skew.js

@@ -0,0 +1,56 @@
+import { test } from "./main.js";
+
+import { install } from "@sinonjs/fake-timers";
+
+// Verify `main` retry when the clock has drifted.
+await test((mockPool) => {
+  process.env.INPUT_OWNER = 'actions'
+  process.env.INPUT_REPOSITORIES = 'failed-repo';
+  const owner = process.env.INPUT_OWNER
+  const repo = process.env.INPUT_REPOSITORIES
+  const mockInstallationId = "123456";
+
+  install({ now: 0, toFake: ["Date"] });
+
+  mockPool
+    .intercept({
+      path: `/repos/${owner}/${repo}/installation`,
+      method: "GET",
+      headers: {
+        accept: "application/vnd.github.v3+json",
+        "user-agent": "actions/create-github-app-token",
+        // Intentionally omitting the `authorization` header, since JWT creation is not idempotent.
+      },
+    })
+    .reply(({ headers }) => {
+      const [_, jwt] = (headers.authorization || "").split(" ");
+      const payload = JSON.parse(Buffer.from(jwt.split(".")[1], "base64").toString());
+
+      if (payload.iat < 0) {
+        return {
+          statusCode: 401,
+          data: {
+            message: "'Issued at' claim ('iat') must be an Integer representing the time that the assertion was issued."
+          },
+          responseOptions: {
+            headers: {
+              "content-type": "application/json",
+              "date": new Date(Date.now() + 30000).toUTCString()
+            }
+          }
+        };
+      }
+
+      return {
+        statusCode: 200,
+        data: {
+          id: mockInstallationId
+        },
+        responseOptions: {
+          headers: {
+            "content-type": "application/json"
+          }
+        }
+      };
+    }).times(2);
+});

tests/main-token-get-owner-set-repo-fail-response.test.js

@@ -0,0 +1,39 @@
+import { test } from "./main.js";
+
+// Verify `main` retry when  the GitHub API returns a 500 error.
+await test((mockPool) => {
+  process.env.INPUT_OWNER = 'actions'
+  process.env.INPUT_REPOSITORIES = 'failed-repo';
+  const owner = process.env.INPUT_OWNER
+  const repo = process.env.INPUT_REPOSITORIES
+  const mockInstallationId = "123456";
+
+  mockPool
+    .intercept({
+      path: `/repos/${owner}/${repo}/installation`,
+      method: "GET",
+      headers: {
+        accept: "application/vnd.github.v3+json",
+        "user-agent": "actions/create-github-app-token",
+        // Intentionally omitting the `authorization` header, since JWT creation is not idempotent.
+      },
+    })
+    .reply(500, 'GitHub API not available')
+    
+    mockPool
+    .intercept({
+      path: `/repos/${owner}/${repo}/installation`,
+      method: "GET",
+      headers: {
+        accept: "application/vnd.github.v3+json",
+        "user-agent": "actions/create-github-app-token",
+        // Intentionally omitting the `authorization` header, since JWT creation is not idempotent.
+      },
+    })
+    .reply(
+      200,
+      { id: mockInstallationId },
+      { headers: { "content-type": "application/json" } }
+    );
+
+});

tests/main-token-get-owner-set-repo-set-to-many.test.js

@@ -0,0 +1,7 @@
+import { test } from "./main.js";
+
+// Verify `main` successfully obtains a token when the `owner` and `repositories` inputs are set (and the latter is a list of repos).
+await test(() => {
+  process.env.INPUT_OWNER = process.env.GITHUB_REPOSITORY_OWNER;
+  process.env.INPUT_REPOSITORIES = `${process.env.GITHUB_REPOSITORY},actions/toolkit`;
+});

tests/main-token-get-owner-set-repo-set-to-one.test.js

@@ -0,0 +1,7 @@
+import { test } from "./main.js";
+
+// Verify `main` successfully obtains a token when the `owner` and `repositories` inputs are set (and the latter is a single repo).
+await test(() => {
+  process.env.INPUT_OWNER = process.env.GITHUB_REPOSITORY_OWNER;
+  process.env.INPUT_REPOSITORIES = process.env.GITHUB_REPOSITORY;
+});

tests/main-token-get-owner-set-to-org-repo-unset.test.js

@@ -0,0 +1,25 @@
+import { test } from "./main.js";
+
+// Verify `main` successfully obtains a token when the `owner` input is set (to an org), but the `repositories` input isn’t set.
+await test((mockPool) => {
+  process.env.INPUT_OWNER = process.env.GITHUB_REPOSITORY_OWNER;
+  delete process.env.INPUT_REPOSITORIES;
+
+  // Mock installation id request
+  const mockInstallationId = "123456";
+  mockPool
+    .intercept({
+      path: `/orgs/${process.env.INPUT_OWNER}/installation`,
+      method: "GET",
+      headers: {
+        accept: "application/vnd.github.v3+json",
+        "user-agent": "actions/create-github-app-token",
+        // Intentionally omitting the `authorization` header, since JWT creation is not idempotent.
+      },
+    })
+    .reply(
+      200,
+      { id: mockInstallationId },
+      { headers: { "content-type": "application/json" } }
+    );
+});

tests/main-token-get-owner-set-to-user-fail-response.test.js

@@ -0,0 +1,36 @@
+import { test } from "./main.js";
+
+// Verify `main` successfully obtains a token when the `owner` input is set (to a user), but the `repositories` input isn’t set.
+await test((mockPool) => {
+  process.env.INPUT_OWNER = "smockle";
+  delete process.env.INPUT_REPOSITORIES;
+
+  // Mock installation id request
+  const mockInstallationId = "123456";
+  mockPool
+    .intercept({
+      path: `/orgs/${process.env.INPUT_OWNER}/installation`,
+      method: "GET",
+      headers: {
+        accept: "application/vnd.github.v3+json",
+        "user-agent": "actions/create-github-app-token",
+        // Intentionally omitting the `authorization` header, since JWT creation is not idempotent.
+      },
+    })
+    .reply(500, 'GitHub API not available')
+    mockPool
+    .intercept({
+      path: `/orgs/${process.env.INPUT_OWNER}/installation`,
+      method: "GET",
+      headers: {
+        accept: "application/vnd.github.v3+json",
+        "user-agent": "actions/create-github-app-token",
+        // Intentionally omitting the `authorization` header, since JWT creation is not idempotent.
+      },
+    })
+    .reply(
+      200,
+      { id: mockInstallationId },
+      { headers: { "content-type": "application/json" } }
+    );
+});

tests/main-token-get-owner-set-to-user-repo-unset.test.js

@@ -0,0 +1,36 @@
+import { test } from "./main.js";
+
+// Verify `main` successfully obtains a token when the `owner` input is set (to a user), but the `repositories` input isn’t set.
+await test((mockPool) => {
+  process.env.INPUT_OWNER = "smockle";
+  delete process.env.INPUT_REPOSITORIES;
+
+  // Mock installation id request
+  const mockInstallationId = "123456";
+  mockPool
+    .intercept({
+      path: `/orgs/${process.env.INPUT_OWNER}/installation`,
+      method: "GET",
+      headers: {
+        accept: "application/vnd.github.v3+json",
+        "user-agent": "actions/create-github-app-token",
+        // Intentionally omitting the `authorization` header, since JWT creation is not idempotent.
+      },
+    })
+    .reply(404);
+  mockPool
+    .intercept({
+      path: `/users/${process.env.INPUT_OWNER}/installation`,
+      method: "GET",
+      headers: {
+        accept: "application/vnd.github.v3+json",
+        "user-agent": "actions/create-github-app-token",
+        // Intentionally omitting the `authorization` header, since JWT creation is not idempotent.
+      },
+    })
+    .reply(
+      200,
+      { id: mockInstallationId },
+      { headers: { "content-type": "application/json" } }
+    );
+});

tests/main-token-get-owner-unset-repo-set.test.js

@@ -0,0 +1,7 @@
+import { test } from "./main.js";
+
+// Verify `main` successfully obtains a token when the `owner` input is not set, but the `repositories` input is set.
+await test(() => {
+  delete process.env.INPUT_OWNER;
+  process.env.INPUT_REPOSITORIES = process.env.GITHUB_REPOSITORY;
+});

tests/main-token-get-owner-unset-repo-unset.test.js

@@ -0,0 +1,25 @@
+import { test } from "./main.js";
+
+// Verify `main` successfully obtains a token when neither the `owner` nor `repositories` input is set.
+await test((mockPool) => {
+  delete process.env.INPUT_OWNER;
+  delete process.env.INPUT_REPOSITORIES;
+
+  // Mock installation id request
+  const mockInstallationId = "123456";
+  mockPool
+    .intercept({
+      path: `/repos/${process.env.GITHUB_REPOSITORY}/installation`,
+      method: "GET",
+      headers: {
+        accept: "application/vnd.github.v3+json",
+        "user-agent": "actions/create-github-app-token",
+        // Intentionally omitting the `authorization` header, since JWT creation is not idempotent.
+      },
+    })
+    .reply(
+      200,
+      { id: mockInstallationId },
+      { headers: { "content-type": "application/json" } }
+    );
+});

tests/main.js

@@ -0,0 +1,96 @@
+// Base for all `main` tests.
+// @ts-check
+import { MockAgent, setGlobalDispatcher } from "undici";
+
+export async function test(cb = (_mockPool) => {}) {
+  // Set required environment variables and inputs
+  process.env.GITHUB_REPOSITORY_OWNER = "actions";
+  process.env.GITHUB_REPOSITORY = "actions/create-github-app-token";
+  // inputs are set as environment variables with the prefix INPUT_
+  // https://docs.github.com/en/actions/creating-actions/metadata-syntax-for-github-actions#example-specifying-inputs
+  process.env["INPUT_APP-ID"] = "123456";
+  process.env["INPUT_PRIVATE-KEY"] = `-----BEGIN RSA PRIVATE KEY-----
+MIIEowIBAAKCAQEA280nfuUM9w00Ib9E2rvZJ6Qu3Ua3IqR34ZlK53vn/Iobn2EL
+Z9puc5Q/nFBU15NKwHyQNb+OG2hTCkjd1Xi9XPzEOH1r42YQmTGq8YCkUSkk6KZA
+5dnhLwN9pFquT9fQgrf4r1D5GJj3rqvj8JDr1sBmunArqY5u4gziSrIohcjLIZV0
+cIMz/RUIMe/EAsNeiwzEteHAtf/WpMs+OfF94SIUrDlkPr0H0H3DER8l1HZAvE0e
+eD3ZJ6njrF6UHQWDVrekSTB0clpVTTU9TMpe+gs2nnFww9G8As+WsW8xHVjVipJy
+AwqBhiR+s7wlcbh2i0NQqt8GL9/jIFTmleiwsQIDAQABAoIBAHNyP8pgl/yyzKzk
+/0871wUBMTQ7zji91dGCaFtJM0HrcDK4D/uOOPEv7nE1qDpKPLr5Me1pHUS7+NGw
+EAPtlNhgUtew2JfppdIwyi5qeOPADoi7ud6AH8xHsxg+IMwC+JuP8WhzyUHoJj9y
+PRi/pX94Mvy9qdE25HqKddjx1mLdaHhxqPkr16/em23uYZqm1lORsCPD3vTlthj7
+WiEbBSqmpYvjj8iFP4yFk2N+LvuWgSilRzq1Af3qE7PUp4xhjmcOPs78Sag1T7nl
+ww/pgqCegISABHik7j++/5T+UlI5cLsyp/XENU9zAd4kCIczwNKpun2bn+djJdft
+ravyX4ECgYEA+k2mHfi1zwKF3wT+cJbf30+uXrJczK2yZ33//4RKnhBaq7nSbQAI
+nhWz2JESBK0TEo0+L7yYYq3HnT9vcES5R1NxzruH9wXgxssSx3JUj6w1raXYPh3B
++1XpYQsa6/bo2LmBELEx47F8FQbNgD5dmTJ4jBrf6MV4rRh9h6Bs7UkCgYEA4M3K
+eAw52c2MNMIxH/LxdOQtEBq5GMu3AQC8I64DSSRrAoiypfEgyTV6S4gWJ5TKgYfD
+zclnOVJF+tITe3neO9wHoZp8iCjCnoijcT6p2cJ4IaW68LEHPOokWBk0EpLjF4p2
+7sFi9+lUpXYXfCN7aMJ77QpGzB7dNsBf0KUxMCkCgYEAjw/mjGbk82bLwUaHby6s
+0mQmk7V6WPpGZ+Sadx7TzzglutVAslA8nK5m1rdEBywtJINaMcqnhm8xEm15cj+1
+blEBUVnaQpQ3fyf+mcR9FIknPRL3X7l+b/sQowjH4GqFd6m/XR0KGMwO0a3Lsyry
+MGeqgtmxdMe5S6YdyXEmERECgYAgQsgklDSVIh9Vzux31kh6auhgoEUh3tJDbZSS
+Vj2YeIZ21aE1mTYISglj34K2aW7qSc56sMWEf18VkKJFHQccdgYOVfo7HAZZ8+fo
+r4J2gqb0xTDfq7gLMNrIXc2QQM4gKbnJp60JQM3p9NmH8huavBZGvSvNzTwXyGG3
+so0tiQKBgGQXZaxaXhYUcxYHuCkQ3V4Vsj3ezlM92xXlP32SGFm3KgFhYy9kATxw
+Cax1ytZzvlrKLQyQFVK1COs2rHt7W4cJ7op7C8zXfsigXCiejnS664oAuX8sQZID
+x3WQZRiXlWejSMUAHuMwXrhGlltF3lw83+xAjnqsVp75kGS6OH61
+-----END RSA PRIVATE KEY-----`; // This key is invalidated. It’s from https://github.com/octokit/auth-app.js/issues/465#issuecomment-1564998327.
+
+  // Set up mocking
+  const mockAgent = new MockAgent();
+  mockAgent.disableNetConnect();
+  setGlobalDispatcher(mockAgent);
+  const mockPool = mockAgent.get("https://api.github.com");
+
+  // Calling `auth({ type: "app" })` to obtain a JWT doesn’t make network requests, so no need to intercept.
+
+  // Mock installation id request
+  const mockInstallationId = "123456";
+  const owner = process.env.INPUT_OWNER ?? process.env.GITHUB_REPOSITORY_OWNER;
+  const repo = encodeURIComponent(
+    (process.env.INPUT_REPOSITORIES ?? process.env.GITHUB_REPOSITORY).split(
+      ","
+    )[0]
+  );
+  mockPool
+    .intercept({
+      path: `/repos/${owner}/${repo}/installation`,
+      method: "GET",
+      headers: {
+        accept: "application/vnd.github.v3+json",
+        "user-agent": "actions/create-github-app-token",
+        // Intentionally omitting the `authorization` header, since JWT creation is not idempotent.
+      },
+    })
+    .reply(
+      200,
+      { id: mockInstallationId },
+      { headers: { "content-type": "application/json" } }
+    );
+
+  // Mock installation access token request
+  const mockInstallationAccessToken =
+    "ghs_16C7e42F292c6912E7710c838347Ae178B4a"; // This token is invalidated. It’s from https://docs.github.com/en/rest/apps/apps?apiVersion=2022-11-28#create-an-installation-access-token-for-an-app.
+  mockPool
+    .intercept({
+      path: `/app/installations/${mockInstallationId}/access_tokens`,
+      method: "POST",
+      headers: {
+        accept: "application/vnd.github.v3+json",
+        "user-agent": "actions/create-github-app-token",
+        // Note: Intentionally omitting the `authorization` header, since JWT creation is not idempotent.
+      },
+    })
+    .reply(
+      201,
+      { token: mockInstallationAccessToken },
+      { headers: { "content-type": "application/json" } }
+    );
+
+  // Run the callback
+  cb(mockPool);
+
+  // Run the main script
+  await import("../main.js");
+}

tests/post-token-set.test.js

@@ -0,0 +1,25 @@
+import { MockAgent, setGlobalDispatcher } from "undici";
+
+// state variables are set as environment variables with the prefix STATE_
+// https://docs.github.com/en/actions/using-workflows/workflow-commands-for-github-actions#sending-values-to-the-pre-and-post-actions
+process.env.STATE_token = "secret123";
+
+const mockAgent = new MockAgent();
+
+setGlobalDispatcher(mockAgent);
+
+// Provide the base url to the request
+const mockPool = mockAgent.get("https://api.github.com");
+
+// intercept the request
+mockPool
+  .intercept({
+    path: "/installation/token",
+    method: "DELETE",
+    headers: {
+      authorization: "token secret123",
+    },
+  })
+  .reply(204);
+
+await import("../post.js");

tests/post-token-skipped.test.js

@@ -0,0 +1,29 @@
+import { MockAgent, setGlobalDispatcher } from "undici";
+
+// state variables are set as environment variables with the prefix STATE_
+// https://docs.github.com/en/actions/using-workflows/workflow-commands-for-github-actions#sending-values-to-the-pre-and-post-actions
+process.env.STATE_token = "secret123";
+
+// inputs are set as environment variables with the prefix INPUT_
+// https://docs.github.com/en/actions/creating-actions/metadata-syntax-for-github-actions#example-specifying-inputs
+process.env["INPUT_SKIP-TOKEN-REVOKE"] = "true";
+
+const mockAgent = new MockAgent();
+
+setGlobalDispatcher(mockAgent);
+
+// Provide the base url to the request
+const mockPool = mockAgent.get("https://api.github.com");
+
+// intercept the request
+mockPool
+  .intercept({
+    path: "/installation/token",
+    method: "DELETE",
+    headers: {
+      authorization: "token secret123",
+    },
+  })
+  .reply(204);
+
+await import("../post.js");

tests/post-token-unset.test.js

@@ -0,0 +1,5 @@
+// state variables are set as environment variables with the prefix STATE_
+// https://docs.github.com/en/actions/using-workflows/workflow-commands-for-github-actions#sending-values-to-the-pre-and-post-actions
+delete process.env.STATE_token;
+
+await import("../post.js");

tests/snapshots/index.js.md

@@ -0,0 +1,201 @@
+# Snapshot report for `tests/index.js`
+
+The actual snapshot is saved in `index.js.snap`.
+
+Generated by [AVA](https://avajs.dev).
+
+## action-deprecated-inputs.test.js
+
+> stderr
+
+    ''
+
+> stdout
+
+    `app_id — 'app_id' is deprecated and will be removed in a future version. Use 'app-id' instead.␊
+    private_key — 'private_key' is deprecated and will be removed in a future version. Use 'private-key' instead.␊
+    skip_token_revoke — 'skip_token_revoke' is deprecated and will be removed in a future version. Use 'skip-token-revoke' instead.`
+
+## main-missing-app-id.test.js
+
+> stderr
+
+    'Input required and not supplied: app-id'
+
+> stdout
+
+    ''
+
+## main-missing-owner.test.js
+
+> stderr
+
+    'GITHUB_REPOSITORY_OWNER missing, must be set to \'<owner>\''
+
+> stdout
+
+    ''
+
+## main-missing-private-key.test.js
+
+> stderr
+
+    'Input required and not supplied: private-key'
+
+> stdout
+
+    ''
+
+## main-missing-repository.test.js
+
+> stderr
+
+    'GITHUB_REPOSITORY missing, must be set to \'<owner>/<repo>\''
+
+> stdout
+
+    ''
+
+## main-token-get-owner-set-repo-fail-response.test.js
+
+> stderr
+
+    ''
+
+> stdout
+
+    `owner and repositories set, creating token for repositories "failed-repo" owned by "actions"␊
+    Failed to create token for "failed-repo" (attempt 1): GitHub API not available␊
+    ::add-mask::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
+    ␊
+    ::set-output name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
+    ::save-state name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a`
+
+## main-token-get-owner-set-repo-set-to-many.test.js
+
+> stderr
+
+    ''
+
+> stdout
+
+    `owner and repositories set, creating token for repositories "actions/create-github-app-token,actions/toolkit" owned by "actions"␊
+    ::add-mask::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
+    ␊
+    ::set-output name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
+    ::save-state name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a`
+
+## main-token-get-owner-set-repo-set-to-one.test.js
+
+> stderr
+
+    ''
+
+> stdout
+
+    `owner and repositories set, creating token for repositories "actions/create-github-app-token" owned by "actions"␊
+    ::add-mask::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
+    ␊
+    ::set-output name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
+    ::save-state name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a`
+
+## main-token-get-owner-set-to-org-repo-unset.test.js
+
+> stderr
+
+    ''
+
+> stdout
+
+    `repositories not set, creating token for all repositories for given owner "actions"␊
+    ::add-mask::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
+    ␊
+    ::set-output name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
+    ::save-state name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a`
+
+## main-token-get-owner-set-to-user-fail-response.test.js
+
+> stderr
+
+    ''
+
+> stdout
+
+    `repositories not set, creating token for all repositories for given owner "smockle"␊
+    Failed to create token for "smockle" (attempt 1): GitHub API not available␊
+    ::add-mask::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
+    ␊
+    ::set-output name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
+    ::save-state name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a`
+
+## main-token-get-owner-set-to-user-repo-unset.test.js
+
+> stderr
+
+    ''
+
+> stdout
+
+    `repositories not set, creating token for all repositories for given owner "smockle"␊
+    ::add-mask::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
+    ␊
+    ::set-output name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
+    ::save-state name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a`
+
+## main-token-get-owner-unset-repo-set.test.js
+
+> stderr
+
+    ''
+
+> stdout
+
+    `owner not set, creating owner for given repositories "actions/create-github-app-token" in current owner ("actions")␊
+    ::add-mask::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
+    ␊
+    ::set-output name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
+    ::save-state name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a`
+
+## main-token-get-owner-unset-repo-unset.test.js
+
+> stderr
+
+    ''
+
+> stdout
+
+    `owner and repositories not set, creating token for the current repository ("create-github-app-token")␊
+    ::add-mask::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
+    ␊
+    ::set-output name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
+    ::save-state name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a`
+
+## post-token-set.test.js
+
+> stderr
+
+    ''
+
+> stdout
+
+    'Token revoked'
+
+## post-token-skipped.test.js
+
+> stderr
+
+    ''
+
+> stdout
+
+    'Token revocation was skipped'
+
+## post-token-unset.test.js
+
+> stderr
+
+    ''
+
+> stdout
+
+    'Token is not set'