build(release): 2.2.0 [skip ci]

# [2.2.0](https://github.com/actions/create-github-app-token/compare/v2.1.4...v2.2.0) (2025-11-21)

### Bug Fixes

* **deps:** bump glob from 10.4.5 to 10.5.0 ([#305](https://github.com/actions/create-github-app-token/issues/305)) ([5480f43](https://github.com/actions/create-github-app-token/commit/5480f4325a18c025ee16d7e081413854624e9edc))
* **deps:** bump p-retry from 6.2.1 to 7.1.0 ([#294](https://github.com/actions/create-github-app-token/issues/294)) ([dce3be8](https://github.com/actions/create-github-app-token/commit/dce3be8b284f45e65caed11a610e2bef738d15b4))
* **deps:** bump the production-dependencies group with 2 updates ([#292](https://github.com/actions/create-github-app-token/issues/292)) ([55e2a4b](https://github.com/actions/create-github-app-token/commit/55e2a4b2ccaaa8364303e6ab9f77e31ad02298e5))

### Features

* update permission inputs ([#296](https://github.com/actions/create-github-app-token/issues/296)) ([d90aa53](https://github.com/actions/create-github-app-token/commit/d90aa532332d33f6dc9656fd4491a98441595a37))

.github/workflows/publish-immutable-action.yml

@@ -12,6 +12,6 @@ jobs:
       id-token: write
       packages: write
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v6
       - name: Publish Immutable Action
         uses: actions/publish-immutable-action@v0.0.4

.github/workflows/release.yml

@@ -3,7 +3,9 @@ name: release
 on:
   push:
     branches:
+      - "*.x"
       - main
+      - beta
 
 permissions:
   contents: write
@@ -16,14 +18,14 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       # build local version to create token
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v6
         with:
           persist-credentials: false
 
-      - uses: actions/setup-node@v4
+      - uses: actions/setup-node@v6
         with:
-          node-version-file: .node-version
-          cache: 'npm'
+          node-version-file: package.json
+
 
       - run: npm ci
       - run: npm run build

.github/workflows/test.yml

@@ -5,38 +5,40 @@ on:
     branches:
       - main
   pull_request:
+  merge_group:
   workflow_dispatch:
 
 concurrency:
   group: ${{ github.workflow }}-${{ github.ref }}
   cancel-in-progress: true
 
+permissions:
+  contents: read
+
 jobs:
   integration:
-    name: Integration
+    name: integration
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v6
 
-      - uses: actions/setup-node@v4
+      - uses: actions/setup-node@v6
         with:
-          node-version-file: .node-version
-          cache: 'npm'
+          node-version-file: package.json
 
       - run: npm ci
       - run: npm test
 
   end-to-end:
-    name: End-to-End
+    name: end-to-end
     runs-on: ubuntu-latest
     # do not run from forks, as forks don’t have access to repository secrets
-    if: github.event.pull_request.head.repo.owner.login == github.event.pull_request.base.repo.owner.login
+    if: github.event_name == 'merge_group' || github.event.pull_request.head.repo.owner.login == github.event.pull_request.base.repo.owner.login
     steps:
-      - uses: actions/checkout@v4
-      - uses: actions/setup-node@v4
+      - uses: actions/checkout@v6
+      - uses: actions/setup-node@v6
         with:
-          node-version: 20
-          cache: "npm"
+          node-version-file: package.json
       - run: npm ci
       - run: npm run build
       - uses: ./ # Uses the action in the root directory

.github/workflows/update-permission-inputs.yml

@@ -0,0 +1,42 @@
+name: Update Permission Inputs
+
+on:
+  pull_request:
+    paths:
+      - 'package.json'
+      - 'package-lock.json'
+  workflow_dispatch:
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
+permissions:
+  contents: write
+  pull-requests: write
+
+jobs:
+  update-permission-inputs:
+    runs-on: ubuntu-latest
+    env:
+      COMMIT_MESSAGE: 'feat: update permission inputs'
+    steps:
+      - uses: actions/checkout@v6
+      - uses: actions/setup-node@v6
+        with:
+          node-version-file: package.json
+      - name: Install dependencies
+        run: npm ci
+      - name: Run permission inputs update script
+        run: node scripts/update-permission-inputs.js
+      - name: Commit changes
+        id: auto-commit
+        uses: stefanzweifel/git-auto-commit-action@778341af668090896ca464160c2def5d1d1a3eb0 # v6.0.1
+        with:
+          commit_message: ${{ env.COMMIT_MESSAGE }}
+      - name: Update PR title
+        if: github.event_name == 'pull_request' && steps.auto-commit.outputs.changes_detected == 'true'
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: |
+          gh pr edit ${{ github.event.pull_request.number }} --title "${{ env.COMMIT_MESSAGE }}"

.node-version

@@ -1 +0,0 @@
-20.9.0

CONTRIBUTING.md

@@ -12,4 +12,4 @@ Run tests locally
 npm test
 ```
 
-Learn more about how the tests work in [test/README.md](test/README.md).
+Learn more about how the tests work in [tests/README.md](tests/README.md).

README.md

@@ -8,9 +8,9 @@ GitHub Action for creating a GitHub App installation access token.
 
 In order to use this action, you need to:
 
-1. [Register new GitHub App](https://docs.github.com/apps/creating-github-apps/setting-up-a-github-app/creating-a-github-app)
-2. [Store the App's ID in your repository environment variables](https://docs.github.com/actions/learn-github-actions/variables#defining-configuration-variables-for-multiple-workflows) (example: `APP_ID`)
-3. [Store the App's private key in your repository secrets](https://docs.github.com/actions/security-guides/encrypted-secrets?tool=webui#creating-encrypted-secrets-for-a-repository) (example: `PRIVATE_KEY`)
+1. [Register new GitHub App](https://docs.github.com/apps/creating-github-apps/setting-up-a-github-app/creating-a-github-app).
+2. [Store the App's ID or Client ID in your repository environment variables](https://docs.github.com/actions/learn-github-actions/variables#defining-configuration-variables-for-multiple-workflows) (example: `APP_ID`).
+3. [Store the App's private key in your repository secrets](https://docs.github.com/actions/security-guides/encrypted-secrets?tool=webui#creating-encrypted-secrets-for-a-repository) (example: `PRIVATE_KEY`).
 
 > [!IMPORTANT]  
 > An installation access token expires after 1 hour. Please [see this comment](https://github.com/actions/create-github-app-token/issues/121#issuecomment-2043214796) for alternative approaches if you have long-running processes.
@@ -28,7 +28,7 @@ jobs:
   hello-world:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/create-github-app-token@v1
+      - uses: actions/create-github-app-token@v2
         id: app-token
         with:
           app-id: ${{ vars.APP_ID }}
@@ -47,7 +47,7 @@ jobs:
   auto-format:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/create-github-app-token@v1
+      - uses: actions/create-github-app-token@v2
         id: app-token
         with:
           # required
@@ -73,7 +73,7 @@ jobs:
   auto-format:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/create-github-app-token@v1
+      - uses: actions/create-github-app-token@v2
         id: app-token
         with:
           # required
@@ -98,7 +98,7 @@ jobs:
   auto-format:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/create-github-app-token@v1
+      - uses: actions/create-github-app-token@v2
         id: app-token
         with:
           # required
@@ -135,7 +135,7 @@ jobs:
   hello-world:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/create-github-app-token@v1
+      - uses: actions/create-github-app-token@v2
         id: app-token
         with:
           app-id: ${{ vars.APP_ID }}
@@ -157,7 +157,7 @@ jobs:
   hello-world:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/create-github-app-token@v1
+      - uses: actions/create-github-app-token@v2
         id: app-token
         with:
           app-id: ${{ vars.APP_ID }}
@@ -182,7 +182,7 @@ jobs:
   hello-world:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/create-github-app-token@v1
+      - uses: actions/create-github-app-token@v2
         id: app-token
         with:
           app-id: ${{ vars.APP_ID }}
@@ -207,7 +207,7 @@ jobs:
   hello-world:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/create-github-app-token@v1
+      - uses: actions/create-github-app-token@v2
         id: app-token
         with:
           app-id: ${{ vars.APP_ID }}
@@ -249,7 +249,7 @@ jobs:
         owners-and-repos: ${{ fromJson(needs.set-matrix.outputs.matrix) }}
 
     steps:
-      - uses: actions/create-github-app-token@v1
+      - uses: actions/create-github-app-token@v2
         id: app-token
         with:
           app-id: ${{ vars.APP_ID }}
@@ -279,7 +279,7 @@ jobs:
     steps:
       - name: Create GitHub App token
         id: create_token
-        uses: actions/create-github-app-token@v1
+        uses: actions/create-github-app-token@v2
         with:
           app-id: ${{ vars.GHES_APP_ID }}
           private-key: ${{ secrets.GHES_APP_PRIVATE_KEY }}
@@ -318,7 +318,7 @@ steps:
       echo "private-key=$private_key" >> "$GITHUB_OUTPUT"
   - name: Generate GitHub App Token
     id: app-token
-    uses: actions/create-github-app-token@v1
+    uses: actions/create-github-app-token@v2
     with:
       app-id: ${{ vars.APP_ID }}
       private-key: ${{ steps.decode.outputs.private-key }}
@@ -343,7 +343,7 @@ The reason we define one `permision-<permission name>` input per permission is t
 
 ### `skip-token-revoke`
 
-**Optional:** If truthy, the token will not be revoked when the current job is complete.
+**Optional:** If true, the token will not be revoked when the current job is complete.
 
 ### `github-api-url`
 
@@ -370,7 +370,7 @@ The action creates an installation access token using [the `POST /app/installati
 1. The token is scoped to the current repository or `repositories` if set.
 2. The token inherits all the installation's permissions.
 3. The token is set as output `token` which can be used in subsequent steps.
-4. Unless the `skip-token-revoke` input is set to a truthy value, the token is revoked in the `post` step of the action, which means it cannot be passed to another job.
+4. Unless the `skip-token-revoke` input is set to true, the token is revoked in the `post` step of the action, which means it cannot be passed to another job.
 5. The token is masked, it cannot be logged accidentally.
 
 > [!NOTE]

action.yml

@@ -18,8 +18,9 @@ inputs:
     description: "Comma or newline-separated list of repositories to install the GitHub App on (defaults to current repository if owner is unset)"
     required: false
   skip-token-revoke:
-    description: "If truthy, the token will not be revoked when the current job is complete"
+    description: "If true, the token will not be revoked when the current job is complete"
     required: false
+    default: "false"
   # Make GitHub API configurable to support non-GitHub Cloud use cases
   # see https://github.com/actions/create-github-app-token/issues/77
   github-api-url:
@@ -36,12 +37,16 @@ inputs:
     description: "The level of permission to grant the access token to create, edit, delete, and list Codespaces. Can be set to 'read' or 'write'."
   permission-contents:
     description: "The level of permission to grant the access token for repository contents, commits, branches, downloads, releases, and merges. Can be set to 'read' or 'write'."
+  permission-custom-properties-for-organizations:
+    description: "The level of permission to grant the access token to view and edit custom properties for an organization, when allowed by the property. Can be set to 'read' or 'write'."
   permission-dependabot-secrets:
-    description: "The leve of permission to grant the access token to manage Dependabot secrets. Can be set to 'read' or 'write'."
+    description: "The level of permission to grant the access token to manage Dependabot secrets. Can be set to 'read' or 'write'."
   permission-deployments:
     description: "The level of permission to grant the access token for deployments and deployment statuses. Can be set to 'read' or 'write'."
   permission-email-addresses:
     description: "The level of permission to grant the access token to manage the email addresses belonging to a user. Can be set to 'read' or 'write'."
+  permission-enterprise-custom-properties-for-organizations:
+    description: "The level of permission to grant the access token for organization custom properties management at the enterprise level. Can be set to 'read', 'write', or 'admin'."
   permission-environments:
     description: "The level of permission to grant the access token for managing repository environments. Can be set to 'read' or 'write'."
   permission-followers:
@@ -67,7 +72,7 @@ inputs:
   permission-organization-custom-org-roles:
     description: "The level of permission to grant the access token for custom organization roles management. Can be set to 'read' or 'write'."
   permission-organization-custom-properties:
-    description: "The level of permission to grant the access token for custom property management. Can be set to 'read', 'write', or 'admin'."
+    description: "The level of permission to grant the access token for repository custom properties management at the organization level. Can be set to 'read', 'write', or 'admin'."
   permission-organization-custom-roles:
     description: "The level of permission to grant the access token for custom repository roles management. Can be set to 'read' or 'write'."
   permission-organization-events:

lib/get-permissions-from-inputs.js

@@ -7,9 +7,13 @@
  */
 export function getPermissionsFromInputs(env) {
   return Object.entries(env).reduce((permissions, [key, value]) => {
-    if (!key.startsWith("INPUT_PERMISSION_")) return permissions;
+    if (!key.startsWith("INPUT_PERMISSION-")) return permissions;
+    if (!value) return permissions;
 
-    const permission = key.slice("INPUT_PERMISSION_".length).toLowerCase();
+    const permission = key.slice("INPUT_PERMISSION-".length).toLowerCase()
+      .replaceAll(/-/g, "_");
+
+    // Inherit app permissions if no permissions inputs are set
     if (permissions === undefined) {
       return { [permission]: value };
     }

lib/main.js

@@ -21,7 +21,7 @@ export async function main(
   core,
   createAppAuth,
   request,
-  skipTokenRevoke,
+  skipTokenRevoke
 ) {
   let parsedOwner = "";
   let parsedRepositoryNames = [];
@@ -33,7 +33,7 @@ export async function main(
     parsedRepositoryNames = [repo];
 
     core.info(
-      `owner and repositories not set, creating token for the current repository ("${repo}")`,
+      `Inputs 'owner' and 'repositories' are not set. Creating token for this repository (${owner}/${repo}).`
     );
   }
 
@@ -42,7 +42,7 @@ export async function main(
     parsedOwner = owner;
 
     core.info(
-      `repositories not set, creating token for all repositories for given owner "${owner}"`,
+      `Input 'repositories' is not set. Creating token for all repositories owned by ${owner}.`
     );
   }
 
@@ -52,9 +52,9 @@ export async function main(
     parsedRepositoryNames = repositories;
 
     core.info(
-      `owner not set, creating owner for given repositories "${repositories.join(
-        ",",
-      )}" in current owner ("${parsedOwner}")`,
+      `No 'owner' input provided. Using default owner '${parsedOwner}' to create token for the following repositories:${repositories
+        .map((repo) => `\n- ${parsedOwner}/${repo}`)
+        .join("")}`
     );
   }
 
@@ -64,9 +64,8 @@ export async function main(
     parsedRepositoryNames = repositories;
 
     core.info(
-      `owner and repositories set, creating token for repositories "${repositories.join(
-        ",",
-      )}" owned by "${owner}"`,
+      `Inputs 'owner' and 'repositories' are set. Creating token for the following repositories:
+      ${repositories.map((repo) => `\n- ${parsedOwner}/${repo}`).join("")}`
     );
   }
 
@@ -87,31 +86,32 @@ export async function main(
           auth,
           parsedOwner,
           parsedRepositoryNames,
-          permissions,
+          permissions
         ),
       {
-        onFailedAttempt: (error) => {
+        shouldRetry: ({ error }) => error.status >= 500,
+        onFailedAttempt: (context) => {
           core.info(
             `Failed to create token for "${parsedRepositoryNames.join(
-              ",",
-            )}" (attempt ${error.attemptNumber}): ${error.message}`,
+              ","
+            )}" (attempt ${context.attemptNumber}): ${context.error.message}`
           );
         },
         retries: 3,
-      },
+      }
     ));
   } else {
     // Otherwise get the installation for the owner, which can either be an organization or a user account
     ({ authentication, installationId, appSlug } = await pRetry(
       () => getTokenFromOwner(request, auth, parsedOwner, permissions),
       {
-        onFailedAttempt: (error) => {
+        onFailedAttempt: (context) => {
           core.info(
-            `Failed to create token for "${parsedOwner}" (attempt ${error.attemptNumber}): ${error.message}`,
+            `Failed to create token for "${parsedOwner}" (attempt ${context.attemptNumber}): ${context.error.message}`
           );
         },
         retries: 3,
-      },
+      }
     ));
   }
 
@@ -157,7 +157,7 @@ async function getTokenFromRepository(
   auth,
   parsedOwner,
   parsedRepositoryNames,
-  permissions,
+  permissions
 ) {
   // https://docs.github.com/rest/apps/apps?apiVersion=2022-11-28#get-a-repository-installation-for-the-authenticated-app
   const response = await request("GET /repos/{owner}/{repo}/installation", {

lib/post.js

@@ -5,7 +5,7 @@
  * @param {import("@octokit/request").request} request
  */
 export async function post(core, request) {
-  const skipTokenRevoke = Boolean(core.getInput("skip-token-revoke"));
+  const skipTokenRevoke = core.getBooleanInput("skip-token-revoke");
 
   if (skipTokenRevoke) {
     core.info("Token revocation was skipped");

main.js

@@ -24,7 +24,7 @@ const repositories = core
   .map((s) => s.trim())
   .filter((x) => x !== "");
 
-const skipTokenRevoke = Boolean(core.getInput("skip-token-revoke"));
+const skipTokenRevoke = core.getBooleanInput("skip-token-revoke");
 
 const permissions = getPermissionsFromInputs(process.env);
 

package.json

@@ -2,8 +2,12 @@
   "name": "create-github-app-token",
   "private": true,
   "type": "module",
-  "version": "2.0.0",
+  "version": "2.2.0",
   "description": "GitHub Action for creating a GitHub App Installation Access Token",
+  "engines": {
+    "node": ">=20"
+  },
+  "packageManager": "npm@10.9.4",
   "scripts": {
     "build": "esbuild main.js post.js --bundle --outdir=dist --out-extension:.js=.cjs --platform=node --target=node20.0.0 --packages=bundle",
     "test": "c8 --100 ava tests/index.js",
@@ -13,26 +17,30 @@
   "license": "MIT",
   "dependencies": {
     "@actions/core": "^1.11.1",
-    "@octokit/auth-app": "^7.1.5",
-    "@octokit/request": "^9.2.2",
-    "p-retry": "^6.2.1",
-    "undici": "^7.5.0"
+    "@octokit/auth-app": "^8.1.1",
+    "@octokit/request": "^10.0.3",
+    "p-retry": "^7.1.0",
+    "undici": "^7.16.0"
   },
   "devDependencies": {
-    "@octokit/openapi": "^18.0.0",
-    "@sinonjs/fake-timers": "^14.0.0",
-    "ava": "^6.2.0",
+    "@octokit/openapi": "^21.0.0",
+    "@sinonjs/fake-timers": "^15.0.0",
+    "ava": "^6.4.1",
     "c8": "^10.1.3",
-    "dotenv": "^16.4.7",
-    "esbuild": "^0.25.0",
-    "execa": "^9.5.2",
+    "dotenv": "^17.2.3",
+    "esbuild": "^0.25.10",
+    "execa": "^9.6.0",
     "open-cli": "^8.0.0",
-    "yaml": "^2.7.0"
+    "yaml": "^2.8.1"
   },
   "release": {
     "branches": [
       "+([0-9]).x",
-      "main"
+      "main",
+      {
+        "name": "beta",
+        "prerelease": true
+      }
     ],
     "plugins": [
       "@semantic-release/commit-analyzer",

scripts/generated/app-permissions.json

@@ -45,7 +45,7 @@
     },
     "dependabot_secrets": {
       "type": "string",
-      "description": "The leve of permission to grant the access token to manage Dependabot secrets.",
+      "description": "The level of permission to grant the access token to manage Dependabot secrets.",
       "enum": [
         "read",
         "write"
@@ -187,6 +187,14 @@
         "write"
       ]
     },
+    "custom_properties_for_organizations": {
+      "type": "string",
+      "description": "The level of permission to grant the access token to view and edit custom properties for an organization, when allowed by the property.",
+      "enum": [
+        "read",
+        "write"
+      ]
+    },
     "members": {
       "type": "string",
       "description": "The level of permission to grant the access token for organization teams and members.",
@@ -221,7 +229,7 @@
     },
     "organization_custom_properties": {
       "type": "string",
-      "description": "The level of permission to grant the access token for custom property management.",
+      "description": "The level of permission to grant the access token for repository custom properties management at the organization level.",
       "enum": [
         "read",
         "write",
@@ -384,6 +392,15 @@
         "read",
         "write"
       ]
+    },
+    "enterprise_custom_properties_for_organizations": {
+      "type": "string",
+      "description": "The level of permission to grant the access token for organization custom properties management at the enterprise level.",
+      "enum": [
+        "read",
+        "write",
+        "admin"
+      ]
     }
   },
   "example": {

tests/main-token-permissions-set.test.js

@@ -2,6 +2,6 @@ import { test } from "./main.js";
 
 // Verify `main` successfully sets permissions
 await test(() => {
-  process.env.INPUT_PERMISSION_ISSUES = `write`;
-  process.env.INPUT_PERMISSION_PULL_REQUESTS = `read`;
+  process.env["INPUT_PERMISSION-ISSUES"] = `write`;
+  process.env["INPUT_PERMISSION-PULL-REQUESTS"] = `read`;
 });

tests/main.js

@@ -8,6 +8,7 @@ export const DEFAULT_ENV = {
   // inputs are set as environment variables with the prefix INPUT_
   // https://docs.github.com/actions/creating-actions/metadata-syntax-for-github-actions#example-specifying-inputs
   "INPUT_GITHUB-API-URL": "https://api.github.com",
+  "INPUT_SKIP-TOKEN-REVOKE": "false",
   "INPUT_APP-ID": "123456",
   // This key is invalidated. It’s from https://github.com/octokit/auth-app.js/issues/465#issuecomment-1564998327.
   "INPUT_PRIVATE-KEY": `-----BEGIN RSA PRIVATE KEY-----
@@ -37,6 +38,8 @@ so0tiQKBgGQXZaxaXhYUcxYHuCkQ3V4Vsj3ezlM92xXlP32SGFm3KgFhYy9kATxw
 Cax1ytZzvlrKLQyQFVK1COs2rHt7W4cJ7op7C8zXfsigXCiejnS664oAuX8sQZID
 x3WQZRiXlWejSMUAHuMwXrhGlltF3lw83+xAjnqsVp75kGS6OH61
 -----END RSA PRIVATE KEY-----`,
+  // The Actions runner sets all inputs to empty strings if not set.
+  "INPUT_PERMISSION-ADMINISTRATION": "",
 };
 
 export async function test(cb = (_mockPool) => {}, env = DEFAULT_ENV) {
@@ -60,7 +63,7 @@ export async function test(cb = (_mockPool) => {}, env = DEFAULT_ENV) {
   const owner = env.INPUT_OWNER ?? env.GITHUB_REPOSITORY_OWNER;
   const currentRepoName = env.GITHUB_REPOSITORY.split("/")[1];
   const repo = encodeURIComponent(
-    (env.INPUT_REPOSITORIES ?? currentRepoName).split(",")[0],
+    (env.INPUT_REPOSITORIES ?? currentRepoName).split(",")[0]
   );
 
   mockPool
@@ -76,7 +79,7 @@ export async function test(cb = (_mockPool) => {}, env = DEFAULT_ENV) {
     .reply(
       200,
       { id: mockInstallationId, app_slug: mockAppSlug },
-      { headers: { "content-type": "application/json" } },
+      { headers: { "content-type": "application/json" } }
     );
 
   // Mock installation access token request
@@ -97,7 +100,7 @@ export async function test(cb = (_mockPool) => {}, env = DEFAULT_ENV) {
     .reply(
       201,
       { token: mockInstallationAccessToken, expires_at: mockExpiresAt },
-      { headers: { "content-type": "application/json" } },
+      { headers: { "content-type": "application/json" } }
     );
 
   // Run the callback

tests/post-revoke-token-fail-response.test.js

@@ -7,6 +7,7 @@ process.env.STATE_token = "secret123";
 // inputs are set as environment variables with the prefix INPUT_
 // https://docs.github.com/en/actions/creating-actions/metadata-syntax-for-github-actions#example-specifying-inputs
 process.env["INPUT_GITHUB-API-URL"] = "https://api.github.com";
+process.env["INPUT_SKIP-TOKEN-REVOKE"] = "false";
 
 // 1 hour in the future, not expired
 process.env.STATE_expiresAt = new Date(

tests/post-token-expired.test.js

@@ -7,6 +7,10 @@ process.env.STATE_token = "secret123";
 // 1 hour in the past, expired
 process.env.STATE_expiresAt = new Date(Date.now() - 1000 * 60 * 60).toISOString();
 
+// inputs are set as environment variables with the prefix INPUT_
+// https://docs.github.com/en/actions/creating-actions/metadata-syntax-for-github-actions#example-specifying-inputs
+process.env["INPUT_SKIP-TOKEN-REVOKE"] = "false";
+
 const mockAgent = new MockAgent();
 
 setGlobalDispatcher(mockAgent);

tests/post-token-set.test.js

@@ -7,6 +7,7 @@ process.env.STATE_token = "secret123";
 // inputs are set as environment variables with the prefix INPUT_
 // https://docs.github.com/en/actions/creating-actions/metadata-syntax-for-github-actions#example-specifying-inputs
 process.env["INPUT_GITHUB-API-URL"] = "https://api.github.com";
+process.env["INPUT_SKIP-TOKEN-REVOKE"] = "false";
 
 // 1 hour in the future, not expired
 process.env.STATE_expiresAt = new Date(Date.now() + 1000 * 60 * 60).toISOString();

tests/post-token-unset.test.js

@@ -2,4 +2,8 @@
 // https://docs.github.com/en/actions/using-workflows/workflow-commands-for-github-actions#sending-values-to-the-pre-and-post-actions
 delete process.env.STATE_token;
 
+// inputs are set as environment variables with the prefix INPUT_
+// https://docs.github.com/en/actions/creating-actions/metadata-syntax-for-github-actions#example-specifying-inputs
+process.env["INPUT_SKIP-TOKEN-REVOKE"] = "false";
+
 await import("../post.js");

tests/snapshots/index.js.md

@@ -22,7 +22,9 @@ Generated by [AVA](https://avajs.dev).
 
 > stdout
 
-    `owner and repositories set, creating token for repositories "create-github-app-token" owned by "actions"␊
+    `Inputs 'owner' and 'repositories' are set. Creating token for the following repositories:␊
+          ␊
+    - actions/create-github-app-token␊
     ::add-mask::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
     ␊
     ::set-output name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
@@ -65,7 +67,7 @@ Generated by [AVA](https://avajs.dev).
 
 > stdout
 
-    `owner and repositories not set, creating token for the current repository ("create-github-app-token")␊
+    `Inputs 'owner' and 'repositories' are not set. Creating token for this repository (actions/create-github-app-token).␊
     ::add-mask::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
     ␊
     ::set-output name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
@@ -89,7 +91,9 @@ Generated by [AVA](https://avajs.dev).
 
 > stdout
 
-    `owner and repositories set, creating token for repositories "failed-repo" owned by "actions"␊
+    `Inputs 'owner' and 'repositories' are set. Creating token for the following repositories:␊
+          ␊
+    - actions/failed-repo␊
     ::add-mask::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
     ␊
     ::set-output name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
@@ -113,7 +117,7 @@ Generated by [AVA](https://avajs.dev).
 
 > stdout
 
-    `repositories not set, creating token for all repositories for given owner "smockle"␊
+    `Input 'repositories' is not set. Creating token for all repositories owned by smockle.␊
     Failed to create token for "smockle" (attempt 1): GitHub API not available␊
     ::add-mask::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
     ␊
@@ -138,7 +142,9 @@ Generated by [AVA](https://avajs.dev).
 
 > stdout
 
-    `owner and repositories set, creating token for repositories "failed-repo" owned by "actions"␊
+    `Inputs 'owner' and 'repositories' are set. Creating token for the following repositories:␊
+          ␊
+    - actions/failed-repo␊
     Failed to create token for "failed-repo" (attempt 1): GitHub API not available␊
     ::add-mask::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
     ␊
@@ -163,7 +169,11 @@ Generated by [AVA](https://avajs.dev).
 
 > stdout
 
-    `owner and repositories set, creating token for repositories "create-github-app-token,toolkit,checkout" owned by "actions"␊
+    `Inputs 'owner' and 'repositories' are set. Creating token for the following repositories:␊
+          ␊
+    - actions/create-github-app-token␊
+    - actions/toolkit␊
+    - actions/checkout␊
     ::add-mask::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
     ␊
     ::set-output name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
@@ -186,7 +196,11 @@ Generated by [AVA](https://avajs.dev).
 
 > stdout
 
-    `owner and repositories set, creating token for repositories "create-github-app-token,toolkit,checkout" owned by "actions"␊
+    `Inputs 'owner' and 'repositories' are set. Creating token for the following repositories:␊
+          ␊
+    - actions/create-github-app-token␊
+    - actions/toolkit␊
+    - actions/checkout␊
     ::add-mask::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
     ␊
     ::set-output name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
@@ -209,7 +223,9 @@ Generated by [AVA](https://avajs.dev).
 
 > stdout
 
-    `owner and repositories set, creating token for repositories "create-github-app-token" owned by "actions"␊
+    `Inputs 'owner' and 'repositories' are set. Creating token for the following repositories:␊
+          ␊
+    - actions/create-github-app-token␊
     ::add-mask::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
     ␊
     ::set-output name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
@@ -232,7 +248,7 @@ Generated by [AVA](https://avajs.dev).
 
 > stdout
 
-    `repositories not set, creating token for all repositories for given owner "actions"␊
+    `Input 'repositories' is not set. Creating token for all repositories owned by actions.␊
     ::add-mask::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
     ␊
     ::set-output name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
@@ -255,7 +271,8 @@ Generated by [AVA](https://avajs.dev).
 
 > stdout
 
-    `owner not set, creating owner for given repositories "create-github-app-token" in current owner ("actions")␊
+    `No 'owner' input provided. Using default owner 'actions' to create token for the following repositories:␊
+    - actions/create-github-app-token␊
     ::add-mask::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
     ␊
     ::set-output name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
@@ -278,7 +295,7 @@ Generated by [AVA](https://avajs.dev).
 
 > stdout
 
-    `owner and repositories not set, creating token for the current repository ("create-github-app-token")␊
+    `Inputs 'owner' and 'repositories' are not set. Creating token for this repository (actions/create-github-app-token).␊
     ::add-mask::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
     ␊
     ::set-output name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
@@ -301,7 +318,7 @@ Generated by [AVA](https://avajs.dev).
 
 > stdout
 
-    `owner and repositories not set, creating token for the current repository ("create-github-app-token")␊
+    `Inputs 'owner' and 'repositories' are not set. Creating token for this repository (actions/create-github-app-token).␊
     ::add-mask::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
     ␊
     ::set-output name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊