build(release): 2.1.1 [skip ci]

## [2.1.1](https://github.com/actions/create-github-app-token/compare/v2.1.0...v2.1.1) (2025-08-11)

### Bug Fixes

* revert "use `node24` as runner" ([#278](https://github.com/actions/create-github-app-token/issues/278)) ([5204204](https://github.com/actions/create-github-app-token/commit/5204204e81cbd981afcdf714413410ba8697fd67)), closes [actions/create-github-app-token#267](https://github.com/actions/create-github-app-token/issues/267)

.github/workflows/test.yml

@@ -11,6 +11,9 @@ concurrency:
   group: ${{ github.workflow }}-${{ github.ref }}
   cancel-in-progress: true
 
+permissions:
+  contents: read
+
 jobs:
   integration:
     name: Integration

.github/workflows/update-permission-inputs.yml

@@ -28,6 +28,6 @@ jobs:
       - name: Run permission inputs update script
         run: node scripts/update-permission-inputs.js
       - name: Commit changes
-        uses: stefanzweifel/git-auto-commit-action@e348103e9026cc0eee72ae06630dbe30c8bf7a79 # v5.1.0
+        uses: stefanzweifel/git-auto-commit-action@b863ae1933cb653a53c021fe36dbb774e1fb9403 # v5.2.0
         with:
           commit_message: 'feat: update permission inputs'

README.md

@@ -8,9 +8,9 @@ GitHub Action for creating a GitHub App installation access token.
 
 In order to use this action, you need to:
 
-1. [Register new GitHub App](https://docs.github.com/apps/creating-github-apps/setting-up-a-github-app/creating-a-github-app)
-2. [Store the App's ID in your repository environment variables](https://docs.github.com/actions/learn-github-actions/variables#defining-configuration-variables-for-multiple-workflows) (example: `APP_ID`)
-3. [Store the App's private key in your repository secrets](https://docs.github.com/actions/security-guides/encrypted-secrets?tool=webui#creating-encrypted-secrets-for-a-repository) (example: `PRIVATE_KEY`)
+1. [Register new GitHub App](https://docs.github.com/apps/creating-github-apps/setting-up-a-github-app/creating-a-github-app).
+2. [Store the App's ID or Client ID in your repository environment variables](https://docs.github.com/actions/learn-github-actions/variables#defining-configuration-variables-for-multiple-workflows) (example: `APP_ID`).
+3. [Store the App's private key in your repository secrets](https://docs.github.com/actions/security-guides/encrypted-secrets?tool=webui#creating-encrypted-secrets-for-a-repository) (example: `PRIVATE_KEY`).
 
 > [!IMPORTANT]  
 > An installation access token expires after 1 hour. Please [see this comment](https://github.com/actions/create-github-app-token/issues/121#issuecomment-2043214796) for alternative approaches if you have long-running processes.

dist/main.cjs

@@ -33638,6 +33638,11 @@ var require_sqlite_cache_store = __commonJS({
         }
         this.#db = new DatabaseSync(opts?.location ?? ":memory:");
         this.#db.exec(`
+      PRAGMA journal_mode = WAL;
+      PRAGMA synchronous = NORMAL;
+      PRAGMA temp_store = memory;
+      PRAGMA optimize;
+
       CREATE TABLE IF NOT EXISTS cacheInterceptorV${VERSION7} (
         -- Data specific to us
         id INTEGER PRIMARY KEY AUTOINCREMENT,
@@ -33657,9 +33662,8 @@ var require_sqlite_cache_store = __commonJS({
         staleAt INTEGER NOT NULL
       );
 
-      CREATE INDEX IF NOT EXISTS idx_cacheInterceptorV${VERSION7}_url ON cacheInterceptorV${VERSION7}(url);
-      CREATE INDEX IF NOT EXISTS idx_cacheInterceptorV${VERSION7}_method ON cacheInterceptorV${VERSION7}(method);
-      CREATE INDEX IF NOT EXISTS idx_cacheInterceptorV${VERSION7}_deleteAt ON cacheInterceptorV${VERSION7}(deleteAt);
+      CREATE INDEX IF NOT EXISTS idx_cacheInterceptorV${VERSION7}_getValuesQuery ON cacheInterceptorV${VERSION7}(url, method, deleteAt);
+      CREATE INDEX IF NOT EXISTS idx_cacheInterceptorV${VERSION7}_deleteByUrlQuery ON cacheInterceptorV${VERSION7}(deleteAt);
     `);
         this.#getValuesQuery = this.#db.prepare(`
       SELECT
@@ -33836,7 +33840,7 @@ var require_sqlite_cache_store = __commonJS({
         this.#deleteByUrlQuery.run(this.#makeValueUrl(key));
       }
       #prune() {
-        if (this.size <= this.#maxCount) {
+        if (Number.isFinite(this.#maxCount) && this.size <= this.#maxCount) {
           return 0;
         }
         {
@@ -41375,7 +41379,7 @@ async function waitForAccessToken(request2, clientId, clientType, verification)
       return waitForAccessToken(request2, clientId, clientType, verification);
     }
     if (errorType === "slow_down") {
-      await wait(verification.interval + 5);
+      await wait(verification.interval + 7);
       return waitForAccessToken(request2, clientId, clientType, verification);
     }
     throw error;
@@ -42345,7 +42349,7 @@ async function sendRequestWithRetries(state, request2, options, createdAt, retri
     return sendRequestWithRetries(state, request2, options, createdAt, retries);
   }
 }
-var VERSION6 = "7.2.0";
+var VERSION6 = "7.2.1";
 function createAppAuth(options) {
   if (!options.appId) {
     throw new Error("[@octokit/auth-app] appId option is required");
@@ -42396,7 +42400,7 @@ function getPermissionsFromInputs(env) {
   return Object.entries(env).reduce((permissions2, [key, value]) => {
     if (!key.startsWith("INPUT_PERMISSION-")) return permissions2;
     if (!value) return permissions2;
-    const permission = key.slice("INPUT_PERMISSION-".length).toLowerCase();
+    const permission = key.slice("INPUT_PERMISSION-".length).toLowerCase().replaceAll(/-/g, "_");
     if (permissions2 === void 0) {
       return { [permission]: value };
     }
@@ -42694,14 +42698,10 @@ var main_default = main(
 /*! Bundled license information:
 
 undici/lib/fetch/body.js:
-  (*! formdata-polyfill. MIT License. Jimmy Wärting <https://jimmy.warting.se/opensource> *)
-
-undici/lib/websocket/frame.js:
-  (*! ws. MIT License. Einar Otto Stangvik <einaros@gmail.com> *)
-
 undici/lib/web/fetch/body.js:
   (*! formdata-polyfill. MIT License. Jimmy Wärting <https://jimmy.warting.se/opensource> *)
 
+undici/lib/websocket/frame.js:
 undici/lib/web/websocket/frame.js:
   (*! ws. MIT License. Einar Otto Stangvik <einaros@gmail.com> *)
 

dist/post.cjs

@@ -33404,6 +33404,11 @@ var require_sqlite_cache_store = __commonJS({
         }
         this.#db = new DatabaseSync(opts?.location ?? ":memory:");
         this.#db.exec(`
+      PRAGMA journal_mode = WAL;
+      PRAGMA synchronous = NORMAL;
+      PRAGMA temp_store = memory;
+      PRAGMA optimize;
+
       CREATE TABLE IF NOT EXISTS cacheInterceptorV${VERSION3} (
         -- Data specific to us
         id INTEGER PRIMARY KEY AUTOINCREMENT,
@@ -33423,9 +33428,8 @@ var require_sqlite_cache_store = __commonJS({
         staleAt INTEGER NOT NULL
       );
 
-      CREATE INDEX IF NOT EXISTS idx_cacheInterceptorV${VERSION3}_url ON cacheInterceptorV${VERSION3}(url);
-      CREATE INDEX IF NOT EXISTS idx_cacheInterceptorV${VERSION3}_method ON cacheInterceptorV${VERSION3}(method);
-      CREATE INDEX IF NOT EXISTS idx_cacheInterceptorV${VERSION3}_deleteAt ON cacheInterceptorV${VERSION3}(deleteAt);
+      CREATE INDEX IF NOT EXISTS idx_cacheInterceptorV${VERSION3}_getValuesQuery ON cacheInterceptorV${VERSION3}(url, method, deleteAt);
+      CREATE INDEX IF NOT EXISTS idx_cacheInterceptorV${VERSION3}_deleteByUrlQuery ON cacheInterceptorV${VERSION3}(deleteAt);
     `);
         this.#getValuesQuery = this.#db.prepare(`
       SELECT
@@ -33602,7 +33606,7 @@ var require_sqlite_cache_store = __commonJS({
         this.#deleteByUrlQuery.run(this.#makeValueUrl(key));
       }
       #prune() {
-        if (this.size <= this.#maxCount) {
+        if (Number.isFinite(this.#maxCount) && this.size <= this.#maxCount) {
           return 0;
         }
         {
@@ -40917,14 +40921,10 @@ post(import_core2.default, request_default).catch((error) => {
 /*! Bundled license information:
 
 undici/lib/fetch/body.js:
-  (*! formdata-polyfill. MIT License. Jimmy Wärting <https://jimmy.warting.se/opensource> *)
-
-undici/lib/websocket/frame.js:
-  (*! ws. MIT License. Einar Otto Stangvik <einaros@gmail.com> *)
-
 undici/lib/web/fetch/body.js:
   (*! formdata-polyfill. MIT License. Jimmy Wärting <https://jimmy.warting.se/opensource> *)
 
+undici/lib/websocket/frame.js:
 undici/lib/web/websocket/frame.js:
   (*! ws. MIT License. Einar Otto Stangvik <einaros@gmail.com> *)
 */

lib/get-permissions-from-inputs.js

@@ -10,7 +10,8 @@ export function getPermissionsFromInputs(env) {
     if (!key.startsWith("INPUT_PERMISSION-")) return permissions;
     if (!value) return permissions;
 
-    const permission = key.slice("INPUT_PERMISSION-".length).toLowerCase();
+    const permission = key.slice("INPUT_PERMISSION-".length).toLowerCase()
+      .replaceAll(/-/g, "_");
 
     // Inherit app permissions if no permissions inputs are set
     if (permissions === undefined) {

package.json

@@ -2,7 +2,7 @@
   "name": "create-github-app-token",
   "private": true,
   "type": "module",
-  "version": "2.0.4",
+  "version": "2.1.1",
   "description": "GitHub Action for creating a GitHub App Installation Access Token",
   "scripts": {
     "build": "esbuild main.js post.js --bundle --outdir=dist --out-extension:.js=.cjs --platform=node --target=node20.0.0 --packages=bundle",
@@ -13,21 +13,21 @@
   "license": "MIT",
   "dependencies": {
     "@actions/core": "^1.11.1",
-    "@octokit/auth-app": "^7.2.0",
+    "@octokit/auth-app": "^7.2.1",
     "@octokit/request": "^9.2.2",
     "p-retry": "^6.2.1",
-    "undici": "^7.7.0"
+    "undici": "^7.8.0"
   },
   "devDependencies": {
-    "@octokit/openapi": "^18.2.0",
+    "@octokit/openapi": "^19.1.0",
     "@sinonjs/fake-timers": "^14.0.0",
-    "ava": "^6.2.0",
+    "ava": "^6.4.0",
     "c8": "^10.1.3",
-    "dotenv": "^16.4.7",
-    "esbuild": "^0.25.2",
-    "execa": "^9.5.2",
+    "dotenv": "^16.5.0",
+    "esbuild": "^0.25.6",
+    "execa": "^9.6.0",
     "open-cli": "^8.0.0",
-    "yaml": "^2.7.1"
+    "yaml": "^2.8.0"
   },
   "release": {
     "branches": [

tests/snapshots/index.js.md

@@ -331,7 +331,7 @@ Generated by [AVA](https://avajs.dev).
     --- REQUESTS ---␊
     GET /repos/actions/create-github-app-token/installation␊
     POST /app/installations/123456/access_tokens␊
-    {"repositories":["create-github-app-token"],"permissions":{"issues":"write","pull-requests":"read"}}`
+    {"repositories":["create-github-app-token"],"permissions":{"issues":"write","pull_requests":"read"}}`
 
 ## post-revoke-token-fail-response.test.js