build(release): 1.11.0 [skip ci]

# [1.11.0](https://github.com/actions/create-github-app-token/compare/v1.10.4...v1.11.0) (2024-09-11)

### Features

* allow repositories input to be comma or newline-separated ([#169](https://github.com/actions/create-github-app-token/issues/169)) ([796b88d](https://github.com/actions/create-github-app-token/commit/796b88dc585016182c9da7fa3e5dfe98e0a9b19f))

.github/workflows/test.yml

@@ -5,6 +5,7 @@ on:
     branches:
       - main
   pull_request:
+  workflow_dispatch:
 
 concurrency:
   group: ${{ github.workflow }}-${{ github.ref }}

README.md

@@ -12,6 +12,9 @@ In order to use this action, you need to:
 2. [Store the App's ID in your repository environment variables](https://docs.github.com/actions/learn-github-actions/variables#defining-configuration-variables-for-multiple-workflows) (example: `APP_ID`)
 3. [Store the App's private key in your repository secrets](https://docs.github.com/actions/security-guides/encrypted-secrets?tool=webui#creating-encrypted-secrets-for-a-repository) (example: `PRIVATE_KEY`)
 
+> [!IMPORTANT]  
+> An installation access token expires after 1 hour. Please [see this comment](https://github.com/actions/create-github-app-token/issues/121#issuecomment-2043214796) for alternative approaches if you have long-running processes.
+
 ### Create a token for the current repository
 
 ```yaml
@@ -30,7 +33,6 @@ jobs:
         with:
           app-id: ${{ vars.APP_ID }}
           private-key: ${{ secrets.PRIVATE_KEY }}
-          github-api-url: "https://github.acme-inc.com/api/v3"
       - uses: ./actions/staging-tests
         with:
           token: ${{ steps.app-token.outputs.token }}
@@ -62,6 +64,68 @@ jobs:
           github_token: ${{ steps.app-token.outputs.token }}
 ```
 
+### Create a git committer string for an app installation
+
+```yaml
+on: [pull_request]
+
+jobs:
+  auto-format:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/create-github-app-token@v1
+        id: app-token
+        with:
+          # required
+          app-id: ${{ vars.APP_ID }}
+          private-key: ${{ secrets.PRIVATE_KEY }}
+      - name: Get GitHub App User ID
+        id: get-user-id
+        run: echo "user-id=$(gh api "/users/${{ steps.app-token.outputs.app-slug }}[bot]" --jq .id)" >> "$GITHUB_OUTPUT"
+        env:
+          GH_TOKEN: ${{ steps.app-token.outputs.token }}
+      - id: committer
+        run: echo "string=${{ steps.app-token.outputs.app-slug }}[bot] <${{ steps.get-user-id.outputs.user-id }}+${{ steps.app-token.outputs.app-slug }}[bot]@users.noreply.github.com>"  >> "$GITHUB_OUTPUT"
+      - run: echo "committer string is ${ {steps.committer.outputs.string }}"
+```
+
+### Configure git CLI for an app's bot user
+
+```yaml
+on: [pull_request]
+
+jobs:
+  auto-format:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/create-github-app-token@v1
+        id: app-token
+        with:
+          # required
+          app-id: ${{ vars.APP_ID }}
+          private-key: ${{ secrets.PRIVATE_KEY }}
+      - name: Get GitHub App User ID
+        id: get-user-id
+        run: echo "user-id=$(gh api "/users/${{ steps.app-token.outputs.app-slug }}[bot]" --jq .id)" >> "$GITHUB_OUTPUT"
+        env:
+          GH_TOKEN: ${{ steps.app-token.outputs.token }}
+      - run: |
+          git config --global user.name '${{ steps.app-token.outputs.app-slug }}[bot]'
+          git config --global user.email '${{ steps.get-user-id.outputs.user-id }}+${{ steps.app-token.outputs.app-slug }}[bot]@users.noreply.github.com>'
+      # git commands like commit work using the bot user
+      - run: |
+          git add .
+          git commit -m "Auto-generated changes"
+          git push
+```
+
+> [!TIP]
+> The `<BOT USER ID>` is the numeric user ID of the app's bot user, which can be found under `https://api.github.com/users/<app-slug>%5Bbot%5D`.
+> 
+> For example, we can check at `https://api.github.com/users/dependabot[bot]` to see the user ID of Dependabot is 49699333.
+>
+> Alternatively, you can use the [octokit/request-action](https://github.com/octokit/request-action) to get the ID.
+
 ### Create a token for all repositories in the current owner's installation
 
 ```yaml
@@ -99,7 +163,9 @@ jobs:
           app-id: ${{ vars.APP_ID }}
           private-key: ${{ secrets.PRIVATE_KEY }}
           owner: ${{ github.repository_owner }}
-          repositories: "repo1,repo2"
+          repositories: |
+            repo1
+            repo2
       - uses: peter-evans/create-or-update-comment@v3
         with:
           token: ${{ steps.app-token.outputs.token }}
@@ -143,7 +209,7 @@ jobs:
   set-matrix:
     runs-on: ubuntu-latest
     outputs:
-      matrix: ${{steps.set.outputs.matrix }}
+      matrix: ${{ steps.set.outputs.matrix }}
     steps:
       - id: set
         run: echo 'matrix=[{"owner":"owner1"},{"owner":"owner2","repos":["repo1"]}]' >>"$GITHUB_OUTPUT"
@@ -212,15 +278,33 @@ jobs:
 
 ### `private-key`
 
-**Required:** GitHub App private key.
+**Required:** GitHub App private key. Escaped newlines (`\\n`) will be automatically replaced with actual newlines.
+
+Some other actions may require the private key to be Base64 encoded. To avoid recreating a new secret, it can be decoded on the fly, but it needs to be managed securely. Here is an example of how this can be achieved:
+
+```yaml
+steps:
+  - name: Decode the GitHub App Private Key
+    id: decode
+    run: |
+      private_key=$(echo "${{ secrets.PRIVATE_KEY }}" | base64 -d | awk 'BEGIN {ORS="\\n"} {print}' | head -c -2) &> /dev/null
+      echo "::add-mask::$private_key"
+      echo "private-key=$private_key" >> "$GITHUB_OUTPUT"
+  - name: Generate GitHub App Token
+    id: app-token
+    uses: actions/create-github-app-token@v1
+    with:
+      app-id: ${{ vars.APP_ID }}
+      private-key: ${{ steps.decode.outputs.private-key }}
+```
 
 ### `owner`
 
-**Optional:** GitHub App installation owner. If empty, defaults to the current repository owner.
+**Optional:** The owner of the GitHub App installation. If empty, defaults to the current repository owner.
 
 ### `repositories`
 
-**Optional:** Comma-separated list of repositories to grant access to.
+**Optional:** Comma or newline-separated list of repositories to grant access to.
 
 > [!NOTE]
 > If `owner` is set and `repositories` is empty, access will be scoped to all repositories in the provided repository owner's installation. If `owner` and `repositories` are empty, access will be scoped to only the current repository.
@@ -239,6 +323,14 @@ jobs:
 
 GitHub App installation access token.
 
+### `installation-id`
+
+GitHub App installation ID.
+
+### `app-slug`
+
+GitHub App slug.
+
 ## How it works
 
 The action creates an installation access token using [the `POST /app/installations/{installation_id}/access_tokens` endpoint](https://docs.github.com/rest/apps/apps?apiVersion=2022-11-28#create-an-installation-access-token-for-an-app). By default,

action.yml

@@ -20,10 +20,10 @@ inputs:
     required: false
     deprecationMessage: "'private_key' is deprecated and will be removed in a future version. Use 'private-key' instead."
   owner:
-    description: "GitHub App owner (defaults to current repository owner)"
+    description: "The owner of the GitHub App installation (defaults to current repository owner)"
     required: false
   repositories:
-    description: "Repositories to install the GitHub App on (defaults to current repository if owner is unset)"
+    description: "Comma or newline-separated list of repositories to install the GitHub App on (defaults to current repository if owner is unset)"
     required: false
   skip-token-revoke:
     description: "If truthy, the token will not be revoked when the current job is complete"
@@ -40,6 +40,10 @@ inputs:
 outputs:
   token:
     description: "GitHub installation access token"
+  installation-id:
+    description: "GitHub App installation ID"
+  app-slug:
+    description: "GitHub App slug"
 runs:
   using: "node20"
   main: "dist/main.cjs"

lib/main.js

@@ -5,7 +5,7 @@ import pRetry from "p-retry";
  * @param {string} appId
  * @param {string} privateKey
  * @param {string} owner
- * @param {string} repositories
+ * @param {string[]} repositories
  * @param {import("@actions/core")} core
  * @param {import("@octokit/auth-app").createAppAuth} createAppAuth
  * @param {import("@octokit/request").request} request
@@ -22,21 +22,23 @@ export async function main(
   skipTokenRevoke
 ) {
   let parsedOwner = "";
-  let parsedRepositoryNames = "";
+  let parsedRepositoryNames = [];
 
   // If neither owner nor repositories are set, default to current repository
-  if (!owner && !repositories) {
-    [parsedOwner, parsedRepositoryNames] = String(
+  if (!owner && repositories.length === 0) {
+    const [owner, repo] = String(
       process.env.GITHUB_REPOSITORY
     ).split("/");
+    parsedOwner = owner;
+    parsedRepositoryNames = [repo];
 
     core.info(
-      `owner and repositories not set, creating token for the current repository ("${parsedRepositoryNames}")`
+      `owner and repositories not set, creating token for the current repository ("${repo}")`
     );
   }
 
   // If only an owner is set, default to all repositories from that owner
-  if (owner && !repositories) {
+  if (owner && repositories.length === 0) {
     parsedOwner = owner;
 
     core.info(
@@ -45,22 +47,22 @@ export async function main(
   }
 
   // If repositories are set, but no owner, default to `GITHUB_REPOSITORY_OWNER`
-  if (!owner && repositories) {
+  if (!owner && repositories.length > 0) {
     parsedOwner = String(process.env.GITHUB_REPOSITORY_OWNER);
     parsedRepositoryNames = repositories;
 
     core.info(
-      `owner not set, creating owner for given repositories "${repositories}" in current owner ("${parsedOwner}")`
+      `owner not set, creating owner for given repositories "${repositories.join(',')}" in current owner ("${parsedOwner}")`
     );
   }
 
   // If both owner and repositories are set, use those values
-  if (owner && repositories) {
+  if (owner && repositories.length > 0) {
     parsedOwner = owner;
     parsedRepositoryNames = repositories;
 
     core.info(
-      `owner and repositories set, creating token for repositories "${repositories}" owned by "${owner}"`
+      `owner and repositories set, creating token for repositories "${repositories.join(',')}" owned by "${owner}"`
     );
   }
 
@@ -70,40 +72,41 @@ export async function main(
     request,
   });
 
-  let authentication;
+  let authentication, installationId, appSlug;
   // If at least one repository is set, get installation ID from that repository
 
-  if (parsedRepositoryNames) {
-    authentication = await pRetry(() => getTokenFromRepository(request, auth, parsedOwner, parsedRepositoryNames), {
+  if (parsedRepositoryNames.length > 0) {
+    ({ authentication, installationId, appSlug } = await pRetry(() => getTokenFromRepository(request, auth, parsedOwner, parsedRepositoryNames), {
       onFailedAttempt: (error) => {
         core.info(
-          `Failed to create token for "${parsedRepositoryNames}" (attempt ${error.attemptNumber}): ${error.message}`
+          `Failed to create token for "${parsedRepositoryNames.join(',')}" (attempt ${error.attemptNumber}): ${error.message}`
         );
       },
       retries: 3,
-    });
-
+    }));
   } else {
     // Otherwise get the installation for the owner, which can either be an organization or a user account
-    authentication = await pRetry(() => getTokenFromOwner(request, auth, parsedOwner), {
+    ({ authentication, installationId, appSlug } = await pRetry(() => getTokenFromOwner(request, auth, parsedOwner), {
       onFailedAttempt: (error) => {
         core.info(
           `Failed to create token for "${parsedOwner}" (attempt ${error.attemptNumber}): ${error.message}`
         );
       },
       retries: 3,
-    });
+    }));
   }
 
   // Register the token with the runner as a secret to ensure it is masked in logs
   core.setSecret(authentication.token);
 
   core.setOutput("token", authentication.token);
+  core.setOutput("installation-id", installationId);
+  core.setOutput("app-slug", appSlug);
 
   // Make token accessible to post function (so we can invalidate it)
   if (!skipTokenRevoke) {
     core.saveState("token", authentication.token);
-    core.setOutput("expiresAt", authentication.expiresAt);
+    core.saveState("expiresAt", authentication.expiresAt);
   }
 }
 
@@ -132,14 +135,18 @@ async function getTokenFromOwner(request, auth, parsedOwner) {
     type: "installation",
     installationId: response.data.id,
   });
-  return authentication;
+
+  const installationId = response.data.id;
+  const appSlug = response.data['app_slug'];
+
+  return { authentication, installationId, appSlug };
 }
 
 async function getTokenFromRepository(request, auth, parsedOwner, parsedRepositoryNames) {
   // https://docs.github.com/rest/apps/apps?apiVersion=2022-11-28#get-a-repository-installation-for-the-authenticated-app
   const response = await request("GET /repos/{owner}/{repo}/installation", {
     owner: parsedOwner,
-    repo: parsedRepositoryNames.split(",")[0],
+    repo: parsedRepositoryNames[0],
     request: {
       hook: auth.hook,
     },
@@ -149,8 +156,11 @@ async function getTokenFromRepository(request, auth, parsedOwner, parsedReposito
   const authentication = await auth({
     type: "installation",
     installationId: response.data.id,
-    repositoryNames: parsedRepositoryNames.split(","),
+    repositoryNames: parsedRepositoryNames,
   });
 
-  return authentication;
-}
+  const installationId = response.data.id;
+  const appSlug = response.data['app_slug'];
+
+  return { authentication, installationId, appSlug };
+}

main.js

@@ -25,7 +25,10 @@ if (!privateKey) {
   throw new Error("Input required and not supplied: private-key");
 }
 const owner = core.getInput("owner");
-const repositories = core.getInput("repositories");
+const repositories = core.getInput("repositories")
+  .split(/[\n,]+/)
+  .map(s => s.trim())
+  .filter(x => x !== '');
 
 const skipTokenRevoke = Boolean(
   core.getInput("skip-token-revoke") || core.getInput("skip_token_revoke")

package.json

@@ -2,10 +2,10 @@
   "name": "create-github-app-token",
   "private": true,
   "type": "module",
-  "version": "1.8.2",
+  "version": "1.11.0",
   "description": "GitHub Action for creating a GitHub App Installation Access Token",
   "scripts": {
-    "build": "esbuild main.js post.js --bundle --outdir=dist --out-extension:.js=.cjs --platform=node --target=node20.0.0",
+    "build": "esbuild main.js post.js --bundle --outdir=dist --out-extension:.js=.cjs --platform=node --target=node20.0.0 --packages=bundle",
     "test": "c8 --100 ava tests/index.js",
     "coverage": "c8 report --reporter html",
     "postcoverage": "open-cli coverage/index.html"
@@ -13,20 +13,20 @@
   "license": "MIT",
   "dependencies": {
     "@actions/core": "^1.10.1",
-    "@octokit/auth-app": "^6.0.4",
-    "@octokit/request": "^9.0.1",
+    "@octokit/auth-app": "^7.1.1",
+    "@octokit/request": "^9.1.3",
     "p-retry": "^6.2.0",
-    "undici": "^6.6.2"
+    "undici": "^6.19.8"
   },
   "devDependencies": {
-    "@sinonjs/fake-timers": "^11.2.2",
-    "ava": "^6.1.2",
-    "c8": "^9.1.0",
+    "@sinonjs/fake-timers": "^13.0.1",
+    "ava": "^6.1.3",
+    "c8": "^10.1.2",
     "dotenv": "^16.4.5",
-    "esbuild": "^0.20.1",
-    "execa": "^8.0.1",
+    "esbuild": "^0.23.1",
+    "execa": "^9.3.1",
     "open-cli": "^8.0.0",
-    "yaml": "^2.4.0"
+    "yaml": "^2.5.1"
   },
   "release": {
     "branches": [

tests/index.js

@@ -1,11 +1,21 @@
 import { readdirSync } from "node:fs";
 
-import { execa } from "execa";
 import test from "ava";
+import { execa } from "execa";
 
-const tests = readdirSync("tests").filter((file) => file.endsWith(".test.js"));
+// Get all files in tests directory
+const files = readdirSync("tests");
 
-for (const file of tests) {
+// Files to ignore
+const ignore = ["index.js", "main.js", "README.md", "snapshots"];
+
+const testFiles = files.filter((file) => !ignore.includes(file));
+
+// Throw an error if there is a file that does not end with test.js in the tests directory
+for (const file of testFiles) {
+  if (!file.endsWith(".test.js")) {
+    throw new Error(`File ${file} does not end with .test.js`);
+  }
   test(file, async (t) => {
     // Override Actions environment variables that change `core`’s behavior
     const env = {

tests/main-custom-github-api-url.test.js

@@ -1,10 +1,11 @@
-import { test, DEFAULT_ENV } from "./main.js";
+import { DEFAULT_ENV, test } from "./main.js";
 
 // Verify that main works with a custom GitHub API URL passed as `github-api-url` input
 await test(
   () => {
     process.env.INPUT_OWNER = process.env.GITHUB_REPOSITORY_OWNER;
-    process.env.INPUT_REPOSITORIES = process.env.GITHUB_REPOSITORY;
+    const currentRepoName = process.env.GITHUB_REPOSITORY.split("/")[1];
+    process.env.INPUT_REPOSITORIES = currentRepoName;
   },
   {
     ...DEFAULT_ENV,

tests/main-private-key-with-escaped-newlines.test.js

@@ -0,0 +1,9 @@
+import { DEFAULT_ENV, test } from "./main.js";
+
+// Verify `main` works correctly when `private-key` input has escaped newlines
+await test(() => {
+  process.env["INPUT_PRIVATE-KEY"] = DEFAULT_ENV["INPUT_PRIVATE-KEY"].replace(
+    /\n/g,
+    "\\n"
+  );
+});

tests/main-repo-skew.test.js

@@ -9,6 +9,7 @@ await test((mockPool) => {
   const owner = process.env.INPUT_OWNER
   const repo = process.env.INPUT_REPOSITORIES
   const mockInstallationId = "123456";
+  const mockAppSlug = "github-actions";
 
   install({ now: 0, toFake: ["Date"] });
 
@@ -44,7 +45,8 @@ await test((mockPool) => {
       return {
         statusCode: 200,
         data: {
-          id: mockInstallationId
+          id: mockInstallationId,
+          "app_slug": mockAppSlug
         },
         responseOptions: {
           headers: {

tests/main-token-get-owner-set-repo-fail-response.test.js

@@ -7,6 +7,7 @@ await test((mockPool) => {
   const owner = process.env.INPUT_OWNER;
   const repo = process.env.INPUT_REPOSITORIES;
   const mockInstallationId = "123456";
+  const mockAppSlug = "github-actions";
 
   mockPool
     .intercept({
@@ -32,7 +33,7 @@ await test((mockPool) => {
     })
     .reply(
       200,
-      { id: mockInstallationId },
+      { id: mockInstallationId, "app_slug": mockAppSlug },
       { headers: { "content-type": "application/json" } }
     );
 });

tests/main-token-get-owner-set-repo-set-to-many-newline.test.js

@@ -0,0 +1,9 @@
+import { test } from "./main.js";
+
+// Verify `main` successfully obtains a token when the `owner` and `repositories` inputs are set (and the latter is a list of repos).
+await test(() => {
+  process.env.INPUT_OWNER = process.env.GITHUB_REPOSITORY_OWNER;
+  const currentRepoName = process.env.GITHUB_REPOSITORY.split("/")[1];
+  // Intentional unnecessary whitespace to test parsing to array
+  process.env.INPUT_REPOSITORIES = `\n ${currentRepoName}\ntoolkit \n\n checkout \n`;
+});

tests/main-token-get-owner-set-repo-set-to-many.test.js

@@ -3,5 +3,7 @@ import { test } from "./main.js";
 // Verify `main` successfully obtains a token when the `owner` and `repositories` inputs are set (and the latter is a list of repos).
 await test(() => {
   process.env.INPUT_OWNER = process.env.GITHUB_REPOSITORY_OWNER;
-  process.env.INPUT_REPOSITORIES = `${process.env.GITHUB_REPOSITORY},actions/toolkit`;
+  const currentRepoName = process.env.GITHUB_REPOSITORY.split("/")[1];
+  // Intentional unnecessary whitespace to test parsing to array
+  process.env.INPUT_REPOSITORIES = ` ${currentRepoName}, toolkit  ,checkout`;
 });

tests/main-token-get-owner-set-repo-set-to-one.test.js

@@ -3,5 +3,6 @@ import { test } from "./main.js";
 // Verify `main` successfully obtains a token when the `owner` and `repositories` inputs are set (and the latter is a single repo).
 await test(() => {
   process.env.INPUT_OWNER = process.env.GITHUB_REPOSITORY_OWNER;
-  process.env.INPUT_REPOSITORIES = process.env.GITHUB_REPOSITORY;
+  const currentRepoName = process.env.GITHUB_REPOSITORY.split("/")[1];
+  process.env.INPUT_REPOSITORIES = currentRepoName;
 });

tests/main-token-get-owner-set-to-org-repo-unset.test.js

@@ -5,8 +5,9 @@ await test((mockPool) => {
   process.env.INPUT_OWNER = process.env.GITHUB_REPOSITORY_OWNER;
   delete process.env.INPUT_REPOSITORIES;
 
-  // Mock installation id request
+  // Mock installation id and app slug request
   const mockInstallationId = "123456";
+  const mockAppSlug = "github-actions";
   mockPool
     .intercept({
       path: `/orgs/${process.env.INPUT_OWNER}/installation`,
@@ -19,7 +20,7 @@ await test((mockPool) => {
     })
     .reply(
       200,
-      { id: mockInstallationId },
+      { id: mockInstallationId, "app_slug": mockAppSlug },
       { headers: { "content-type": "application/json" } }
     );
 });

tests/main-token-get-owner-set-to-user-fail-response.test.js

@@ -5,8 +5,9 @@ await test((mockPool) => {
   process.env.INPUT_OWNER = "smockle";
   delete process.env.INPUT_REPOSITORIES;
 
-  // Mock installation id request
+  // Mock installation ID and app slug request
   const mockInstallationId = "123456";
+  const mockAppSlug = "github-actions";
   mockPool
     .intercept({
       path: `/orgs/${process.env.INPUT_OWNER}/installation`,
@@ -30,7 +31,7 @@ await test((mockPool) => {
     })
     .reply(
       200,
-      { id: mockInstallationId },
+      { id: mockInstallationId, "app_slug": mockAppSlug },
       { headers: { "content-type": "application/json" } }
     );
 });

tests/main-token-get-owner-set-to-user-repo-unset.test.js

@@ -5,8 +5,9 @@ await test((mockPool) => {
   process.env.INPUT_OWNER = "smockle";
   delete process.env.INPUT_REPOSITORIES;
 
-  // Mock installation id request
+  // Mock installation ID and app slug request
   const mockInstallationId = "123456";
+  const mockAppSlug = "github-actions";
   mockPool
     .intercept({
       path: `/orgs/${process.env.INPUT_OWNER}/installation`,
@@ -30,7 +31,7 @@ await test((mockPool) => {
     })
     .reply(
       200,
-      { id: mockInstallationId },
+      { id: mockInstallationId, "app_slug": mockAppSlug },
       { headers: { "content-type": "application/json" } }
     );
 });

tests/main-token-get-owner-unset-repo-set.test.js

@@ -3,5 +3,6 @@ import { test } from "./main.js";
 // Verify `main` successfully obtains a token when the `owner` input is not set, but the `repositories` input is set.
 await test(() => {
   delete process.env.INPUT_OWNER;
-  process.env.INPUT_REPOSITORIES = process.env.GITHUB_REPOSITORY;
+  const currentRepoName = process.env.GITHUB_REPOSITORY.split("/")[1];
+  process.env.INPUT_REPOSITORIES = currentRepoName;
 });

tests/main-token-get-owner-unset-repo-unset.test.js

@@ -5,8 +5,9 @@ await test((mockPool) => {
   delete process.env.INPUT_OWNER;
   delete process.env.INPUT_REPOSITORIES;
 
-  // Mock installation id request
+  // Mock installation ID and app slug request
   const mockInstallationId = "123456";
+  const mockAppSlug = "github-actions";
   mockPool
     .intercept({
       path: `/repos/${process.env.GITHUB_REPOSITORY}/installation`,
@@ -19,7 +20,7 @@ await test((mockPool) => {
     })
     .reply(
       200,
-      { id: mockInstallationId },
+      { id: mockInstallationId, "app_slug": mockAppSlug },
       { headers: { "content-type": "application/json" } }
     );
 });

tests/main.js

@@ -46,7 +46,7 @@ export async function test(cb = (_mockPool) => {}, env = DEFAULT_ENV) {
 
   // Set up mocking
   const baseUrl = new URL(env["INPUT_GITHUB-API-URL"]);
-  const basePath = baseUrl.pathname === '/' ? '' : baseUrl.pathname;
+  const basePath = baseUrl.pathname === "/" ? "" : baseUrl.pathname;
   const mockAgent = new MockAgent();
   mockAgent.disableNetConnect();
   setGlobalDispatcher(mockAgent);
@@ -54,11 +54,13 @@ export async function test(cb = (_mockPool) => {}, env = DEFAULT_ENV) {
 
   // Calling `auth({ type: "app" })` to obtain a JWT doesn’t make network requests, so no need to intercept.
 
-  // Mock installation id request
+  // Mock installation ID and app slug request
   const mockInstallationId = "123456";
+  const mockAppSlug = "github-actions";
   const owner = env.INPUT_OWNER ?? env.GITHUB_REPOSITORY_OWNER;
+  const currentRepoName = env.GITHUB_REPOSITORY.split("/")[1];
   const repo = encodeURIComponent(
-    (env.INPUT_REPOSITORIES ?? env.GITHUB_REPOSITORY).split(",")[0]
+    (env.INPUT_REPOSITORIES ?? currentRepoName).split(",")[0]
   );
   mockPool
     .intercept({
@@ -72,7 +74,7 @@ export async function test(cb = (_mockPool) => {}, env = DEFAULT_ENV) {
     })
     .reply(
       200,
-      { id: mockInstallationId },
+      { id: mockInstallationId, app_slug: mockAppSlug },
       { headers: { "content-type": "application/json" } }
     );
 

tests/snapshots/index.js.md

@@ -24,13 +24,16 @@ Generated by [AVA](https://avajs.dev).
 
 > stdout
 
-    `owner and repositories set, creating token for repositories "actions/create-github-app-token" owned by "actions"␊
+    `owner and repositories set, creating token for repositories "create-github-app-token" owned by "actions"␊
     ::add-mask::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
     ␊
     ::set-output name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
-    ::save-state name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
     ␊
-    ::set-output name=expiresAt::2016-07-11T22:14:10Z`
+    ::set-output name=installation-id::123456␊
+    ␊
+    ::set-output name=app-slug::github-actions␊
+    ::save-state name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
+    ::save-state name=expiresAt::2016-07-11T22:14:10Z`
 
 ## main-missing-app-id.test.js
 
@@ -72,6 +75,45 @@ Generated by [AVA](https://avajs.dev).
 
     ''
 
+## main-private-key-with-escaped-newlines.test.js
+
+> stderr
+
+    ''
+
+> stdout
+
+    `owner and repositories not set, creating token for the current repository ("create-github-app-token")␊
+    ::add-mask::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
+    ␊
+    ::set-output name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
+    ␊
+    ::set-output name=installation-id::123456␊
+    ␊
+    ::set-output name=app-slug::github-actions␊
+    ::save-state name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
+    ::save-state name=expiresAt::2016-07-11T22:14:10Z`
+
+## main-repo-skew.test.js
+
+> stderr
+
+    `'Issued at' claim ('iat') must be an Integer representing the time that the assertion was issued.␊
+    [@octokit/auth-app] GitHub API time and system time are different by 30 seconds. Retrying request with the difference accounted for.`
+
+> stdout
+
+    `owner and repositories set, creating token for repositories "failed-repo" owned by "actions"␊
+    ::add-mask::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
+    ␊
+    ::set-output name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
+    ␊
+    ::set-output name=installation-id::123456␊
+    ␊
+    ::set-output name=app-slug::github-actions␊
+    ::save-state name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
+    ::save-state name=expiresAt::2016-07-11T22:14:10Z`
+
 ## main-token-get-owner-set-repo-fail-response.test.js
 
 > stderr
@@ -85,9 +127,31 @@ Generated by [AVA](https://avajs.dev).
     ::add-mask::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
     ␊
     ::set-output name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
-    ::save-state name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
     ␊
-    ::set-output name=expiresAt::2016-07-11T22:14:10Z`
+    ::set-output name=installation-id::123456␊
+    ␊
+    ::set-output name=app-slug::github-actions␊
+    ::save-state name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
+    ::save-state name=expiresAt::2016-07-11T22:14:10Z`
+
+## main-token-get-owner-set-repo-set-to-many-newline.test.js
+
+> stderr
+
+    ''
+
+> stdout
+
+    `owner and repositories set, creating token for repositories "create-github-app-token,toolkit,checkout" owned by "actions"␊
+    ::add-mask::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
+    ␊
+    ::set-output name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
+    ␊
+    ::set-output name=installation-id::123456␊
+    ␊
+    ::set-output name=app-slug::github-actions␊
+    ::save-state name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
+    ::save-state name=expiresAt::2016-07-11T22:14:10Z`
 
 ## main-token-get-owner-set-repo-set-to-many.test.js
 
@@ -97,13 +161,16 @@ Generated by [AVA](https://avajs.dev).
 
 > stdout
 
-    `owner and repositories set, creating token for repositories "actions/create-github-app-token,actions/toolkit" owned by "actions"␊
+    `owner and repositories set, creating token for repositories "create-github-app-token,toolkit,checkout" owned by "actions"␊
     ::add-mask::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
     ␊
     ::set-output name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
-    ::save-state name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
     ␊
-    ::set-output name=expiresAt::2016-07-11T22:14:10Z`
+    ::set-output name=installation-id::123456␊
+    ␊
+    ::set-output name=app-slug::github-actions␊
+    ::save-state name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
+    ::save-state name=expiresAt::2016-07-11T22:14:10Z`
 
 ## main-token-get-owner-set-repo-set-to-one.test.js
 
@@ -113,13 +180,16 @@ Generated by [AVA](https://avajs.dev).
 
 > stdout
 
-    `owner and repositories set, creating token for repositories "actions/create-github-app-token" owned by "actions"␊
+    `owner and repositories set, creating token for repositories "create-github-app-token" owned by "actions"␊
     ::add-mask::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
     ␊
     ::set-output name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
-    ::save-state name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
     ␊
-    ::set-output name=expiresAt::2016-07-11T22:14:10Z`
+    ::set-output name=installation-id::123456␊
+    ␊
+    ::set-output name=app-slug::github-actions␊
+    ::save-state name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
+    ::save-state name=expiresAt::2016-07-11T22:14:10Z`
 
 ## main-token-get-owner-set-to-org-repo-unset.test.js
 
@@ -133,9 +203,12 @@ Generated by [AVA](https://avajs.dev).
     ::add-mask::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
     ␊
     ::set-output name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
-    ::save-state name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
     ␊
-    ::set-output name=expiresAt::2016-07-11T22:14:10Z`
+    ::set-output name=installation-id::123456␊
+    ␊
+    ::set-output name=app-slug::github-actions␊
+    ::save-state name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
+    ::save-state name=expiresAt::2016-07-11T22:14:10Z`
 
 ## main-token-get-owner-set-to-user-fail-response.test.js
 
@@ -150,9 +223,12 @@ Generated by [AVA](https://avajs.dev).
     ::add-mask::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
     ␊
     ::set-output name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
-    ::save-state name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
     ␊
-    ::set-output name=expiresAt::2016-07-11T22:14:10Z`
+    ::set-output name=installation-id::123456␊
+    ␊
+    ::set-output name=app-slug::github-actions␊
+    ::save-state name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
+    ::save-state name=expiresAt::2016-07-11T22:14:10Z`
 
 ## main-token-get-owner-set-to-user-repo-unset.test.js
 
@@ -166,9 +242,12 @@ Generated by [AVA](https://avajs.dev).
     ::add-mask::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
     ␊
     ::set-output name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
-    ::save-state name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
     ␊
-    ::set-output name=expiresAt::2016-07-11T22:14:10Z`
+    ::set-output name=installation-id::123456␊
+    ␊
+    ::set-output name=app-slug::github-actions␊
+    ::save-state name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
+    ::save-state name=expiresAt::2016-07-11T22:14:10Z`
 
 ## main-token-get-owner-unset-repo-set.test.js
 
@@ -178,13 +257,16 @@ Generated by [AVA](https://avajs.dev).
 
 > stdout
 
-    `owner not set, creating owner for given repositories "actions/create-github-app-token" in current owner ("actions")␊
+    `owner not set, creating owner for given repositories "create-github-app-token" in current owner ("actions")␊
     ::add-mask::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
     ␊
     ::set-output name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
-    ::save-state name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
     ␊
-    ::set-output name=expiresAt::2016-07-11T22:14:10Z`
+    ::set-output name=installation-id::123456␊
+    ␊
+    ::set-output name=app-slug::github-actions␊
+    ::save-state name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
+    ::save-state name=expiresAt::2016-07-11T22:14:10Z`
 
 ## main-token-get-owner-unset-repo-unset.test.js
 
@@ -198,9 +280,12 @@ Generated by [AVA](https://avajs.dev).
     ::add-mask::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
     ␊
     ::set-output name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
-    ::save-state name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
     ␊
-    ::set-output name=expiresAt::2016-07-11T22:14:10Z`
+    ::set-output name=installation-id::123456␊
+    ␊
+    ::set-output name=app-slug::github-actions␊
+    ::save-state name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
+    ::save-state name=expiresAt::2016-07-11T22:14:10Z`
 
 ## post-revoke-token-fail-response.test.js