build(release): 1.10.3 [skip ci]

## [1.10.3](https://github.com/actions/create-github-app-token/compare/v1.10.2...v1.10.3) (2024-07-01)

### Bug Fixes

* **deps:** bump undici from 6.18.2 to 6.19.2 in the production-dependencies group ([#149](https://github.com/actions/create-github-app-token/issues/149)) ([cc82279](https://github.com/actions/create-github-app-token/commit/cc82279e84540c5543078cedc5af4fcfab0a96bb)), closes [#3337](https://github.com/actions/create-github-app-token/issues/3337) [nodejs/undici#3338](https://github.com/nodejs/undici/issues/3338) [nodejs/undici#3340](https://github.com/nodejs/undici/issues/3340) [nodejs/undici#3332](https://github.com/nodejs/undici/issues/3332) [nodejs/undici#3335](https://github.com/nodejs/undici/issues/3335) [nodejs/undici#3305](https://github.com/nodejs/undici/issues/3305) [nodejs/undici#3303](https://github.com/nodejs/undici/issues/3303) [nodejs/undici#3304](https://github.com/nodejs/undici/issues/3304) [nodejs/undici#3306](https://github.com/nodejs/undici/issues/3306) [nodejs/undici#3309](https://github.com/nodejs/undici/issues/3309) [nodejs/undici#3313](https://github.com/nodejs/undici/issues/3313) [nodejs/undici#3311](https://github.com/nodejs/undici/issues/3311) [nodejs/undici#3107](https://github.com/nodejs/undici/issues/3107) [nodejs/undici#3302](https://github.com/nodejs/undici/issues/3302) [nodejs/undici#3320](https://github.com/nodejs/undici/issues/3320) [nodejs/undici#3321](https://github.com/nodejs/undici/issues/3321) [nodejs/undici#3316](https://github.com/nodejs/undici/issues/3316) [nodejs/undici#3318](https://github.com/nodejs/undici/issues/3318) [nodejs/undici#3326](https://github.com/nodejs/undici/issues/3326) [nodejs/undici#3324](https://github.com/nodejs/undici/issues/3324) [nodejs/undici#3325](https://github.com/nodejs/undici/issues/3325) [nodejs/undici#3316](https://github.com/nodejs/undici/issues/3316) [nodejs/undici#3318](https://github.com/nodejs/undici/issues/3318) [#3342](https://github.com/actions/create-github-app-token/issues/3342) [#3332](https://github.com/actions/create-github-app-token/issues/3332) [#3340](https://github.com/actions/create-github-app-token/issues/3340) [#3337](https://github.com/actions/create-github-app-token/issues/3337) [#3338](https://github.com/actions/create-github-app-token/issues/3338) [#3336](https://github.com/actions/create-github-app-token/issues/3336) [#3335](https://github.com/actions/create-github-app-token/issues/3335) [#3325](https://github.com/actions/create-github-app-token/issues/3325) [#3324](https://github.com/actions/create-github-app-token/issues/3324) [#3326](https://github.com/actions/create-github-app-token/issues/3326)

README.md

@@ -12,6 +12,9 @@ In order to use this action, you need to:
 2. [Store the App's ID in your repository environment variables](https://docs.github.com/actions/learn-github-actions/variables#defining-configuration-variables-for-multiple-workflows) (example: `APP_ID`)
 3. [Store the App's private key in your repository secrets](https://docs.github.com/actions/security-guides/encrypted-secrets?tool=webui#creating-encrypted-secrets-for-a-repository) (example: `PRIVATE_KEY`)
 
+> [!IMPORTANT]  
+> An installation access token expires after 1 hour. Please [see this comment](https://github.com/actions/create-github-app-token/issues/121#issuecomment-2043214796) for alternative approaches if you have long-running processes.
+
 ### Create a token for the current repository
 
 ```yaml
@@ -30,7 +33,6 @@ jobs:
         with:
           app-id: ${{ vars.APP_ID }}
           private-key: ${{ secrets.PRIVATE_KEY }}
-          github-api-url: "https://github.acme-inc.com/api/v3"
       - uses: ./actions/staging-tests
         with:
           token: ${{ steps.app-token.outputs.token }}
@@ -62,6 +64,64 @@ jobs:
           github_token: ${{ steps.app-token.outputs.token }}
 ```
 
+### Create a git committer string for an app installation
+
+```yaml
+on: [pull_request]
+
+jobs:
+  auto-format:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/create-github-app-token@v1
+        id: app-token
+        with:
+          # required
+          app-id: ${{ vars.APP_ID }}
+          private-key: ${{ secrets.PRIVATE_KEY }}
+      - name: Retrieve GitHub App User ID
+        id: get-user-id
+        run: echo "user-id=$(gh api "/users/${{ steps.generate-token.outputs.app-slug }}[bot]" --jq .id)" >> "$GITHUB_OUTPUT"
+        env:
+          GH_TOKEN: ${{ steps.app-token.outputs.token }}
+      - id: committer
+        run: echo "string=${{steps.app-token.outputs.app-slug}}[bot] <${{steps.get-user-id.outputs.user-id}}+${{ steps.app-token.outputs.app-slug }}[bot]@users.noreply.github.com>"  >> "$GITHUB_OUTPUT"
+      - run: echo "committer string is ${{steps.committer.outputs.string}}"
+```
+
+### Configure git CLI for an app's bot user
+
+```yaml
+on: [pull_request]
+
+jobs:
+  auto-format:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/create-github-app-token@v1
+        id: app-token
+        with:
+          # required
+          app-id: ${{ vars.APP_ID }}
+          private-key: ${{ secrets.PRIVATE_KEY }}
+      - name: Retrieve GitHub App User ID
+        id: get-user-id
+        run: echo "user-id=$(gh api "/users/${{ steps.generate-token.outputs.app-slug }}[bot]" --jq .id)" >> "$GITHUB_OUTPUT"
+        env:
+          GH_TOKEN: ${{ steps.app-token.outputs.token }}
+      - run: |
+          git config --global user.name '${{steps.app-token.outputs.app-slug}}[bot]'
+          git config --global user.email '${{steps.get-user-id.outputs.user-id}}+${{ steps.app-token.outputs.app-slug }}[bot]@users.noreply.github.com>'
+      # git commands like commit work using the bot user
+      - run: |
+          git add .
+          git commit -m "Auto-generated changes"
+          git push
+```
+
+The `<BOT USER ID>` is the numeric user ID of the app's bot user, which can be found under `https://api.github.com/users/<app-slug>%5Bbot%5D`.
+For example, we can check at `https://api.github.com/users/dependabot%5Bbot%5D` to see the user ID of dependabot is 49699333.
+
 ### Create a token for all repositories in the current owner's installation
 
 ```yaml
@@ -212,7 +272,7 @@ jobs:
 
 ### `private-key`
 
-**Required:** GitHub App private key.
+**Required:** GitHub App private key. Escaped newlines (`\\n`) will be automatically replaced with actual newlines.
 
 ### `owner`
 

lib/main.js

@@ -104,7 +104,7 @@ export async function main(
   // Make token accessible to post function (so we can invalidate it)
   if (!skipTokenRevoke) {
     core.saveState("token", authentication.token);
-    core.setOutput("expiresAt", authentication.expiresAt);
+    core.saveState("expiresAt", authentication.expiresAt);
   }
 }
 

package.json

@@ -2,7 +2,7 @@
   "name": "create-github-app-token",
   "private": true,
   "type": "module",
-  "version": "1.9.1",
+  "version": "1.10.3",
   "description": "GitHub Action for creating a GitHub App Installation Access Token",
   "scripts": {
     "build": "esbuild main.js post.js --bundle --outdir=dist --out-extension:.js=.cjs --platform=node --target=node20.0.0",
@@ -13,20 +13,20 @@
   "license": "MIT",
   "dependencies": {
     "@actions/core": "^1.10.1",
-    "@octokit/auth-app": "^6.0.4",
+    "@octokit/auth-app": "^7.1.0",
     "@octokit/request": "^9.0.1",
     "p-retry": "^6.2.0",
-    "undici": "^6.6.2"
+    "undici": "^6.19.2"
   },
   "devDependencies": {
     "@sinonjs/fake-timers": "^11.2.2",
-    "ava": "^6.1.2",
+    "ava": "^6.1.3",
     "c8": "^9.1.0",
     "dotenv": "^16.4.5",
-    "esbuild": "^0.20.1",
-    "execa": "^8.0.1",
+    "esbuild": "^0.21.4",
+    "execa": "^9.1.0",
     "open-cli": "^8.0.0",
-    "yaml": "^2.4.0"
+    "yaml": "^2.4.2"
   },
   "release": {
     "branches": [

tests/main-private-key-with-escaped-newlines.js

@@ -0,0 +1,6 @@
+import { test, DEFAULT_ENV } from "./main.js";
+
+// Verify `main` works correctly when `private-key` input has escaped newlines
+await test(() => {
+  process.env['INPUT_PRIVATE-KEY'] = DEFAULT_ENV.PRIVATE_KEY.replace(/\n/g, '\\n')
+});

tests/snapshots/index.js.md

@@ -33,8 +33,7 @@ Generated by [AVA](https://avajs.dev).
     ␊
     ::set-output name=app-slug::github-actions␊
     ::save-state name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
-    ␊
-    ::set-output name=expiresAt::2016-07-11T22:14:10Z`
+    ::save-state name=expiresAt::2016-07-11T22:14:10Z`
 
 ## main-missing-app-id.test.js
 
@@ -94,8 +93,7 @@ Generated by [AVA](https://avajs.dev).
     ␊
     ::set-output name=app-slug::github-actions␊
     ::save-state name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
-    ␊
-    ::set-output name=expiresAt::2016-07-11T22:14:10Z`
+    ::save-state name=expiresAt::2016-07-11T22:14:10Z`
 
 ## main-token-get-owner-set-repo-set-to-many.test.js
 
@@ -114,8 +112,7 @@ Generated by [AVA](https://avajs.dev).
     ␊
     ::set-output name=app-slug::github-actions␊
     ::save-state name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
-    ␊
-    ::set-output name=expiresAt::2016-07-11T22:14:10Z`
+    ::save-state name=expiresAt::2016-07-11T22:14:10Z`
 
 ## main-token-get-owner-set-repo-set-to-one.test.js
 
@@ -134,8 +131,7 @@ Generated by [AVA](https://avajs.dev).
     ␊
     ::set-output name=app-slug::github-actions␊
     ::save-state name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
-    ␊
-    ::set-output name=expiresAt::2016-07-11T22:14:10Z`
+    ::save-state name=expiresAt::2016-07-11T22:14:10Z`
 
 ## main-token-get-owner-set-to-org-repo-unset.test.js
 
@@ -154,8 +150,7 @@ Generated by [AVA](https://avajs.dev).
     ␊
     ::set-output name=app-slug::github-actions␊
     ::save-state name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
-    ␊
-    ::set-output name=expiresAt::2016-07-11T22:14:10Z`
+    ::save-state name=expiresAt::2016-07-11T22:14:10Z`
 
 ## main-token-get-owner-set-to-user-fail-response.test.js
 
@@ -175,8 +170,7 @@ Generated by [AVA](https://avajs.dev).
     ␊
     ::set-output name=app-slug::github-actions␊
     ::save-state name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
-    ␊
-    ::set-output name=expiresAt::2016-07-11T22:14:10Z`
+    ::save-state name=expiresAt::2016-07-11T22:14:10Z`
 
 ## main-token-get-owner-set-to-user-repo-unset.test.js
 
@@ -195,8 +189,7 @@ Generated by [AVA](https://avajs.dev).
     ␊
     ::set-output name=app-slug::github-actions␊
     ::save-state name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
-    ␊
-    ::set-output name=expiresAt::2016-07-11T22:14:10Z`
+    ::save-state name=expiresAt::2016-07-11T22:14:10Z`
 
 ## main-token-get-owner-unset-repo-set.test.js
 
@@ -215,8 +208,7 @@ Generated by [AVA](https://avajs.dev).
     ␊
     ::set-output name=app-slug::github-actions␊
     ::save-state name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
-    ␊
-    ::set-output name=expiresAt::2016-07-11T22:14:10Z`
+    ::save-state name=expiresAt::2016-07-11T22:14:10Z`
 
 ## main-token-get-owner-unset-repo-unset.test.js
 
@@ -235,8 +227,7 @@ Generated by [AVA](https://avajs.dev).
     ␊
     ::set-output name=app-slug::github-actions␊
     ::save-state name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
-    ␊
-    ::set-output name=expiresAt::2016-07-11T22:14:10Z`
+    ::save-state name=expiresAt::2016-07-11T22:14:10Z`
 
 ## post-revoke-token-fail-response.test.js