build(release): 3.0.0-beta.4 [skip ci]

# [3.0.0-beta.4](https://github.com/actions/create-github-app-token/compare/v3.0.0-beta.3...v3.0.0-beta.4) (2026-03-13)

### Bug Fixes

* **deps:** bump @octokit/auth-app from 7.2.1 to 8.0.1 ([#257](https://github.com/actions/create-github-app-token/issues/257)) ([bef1eaf](https://github.com/actions/create-github-app-token/commit/bef1eaf1c0ac2b148ee2a0a74c65fbe6db0631f1))
* **deps:** bump @octokit/request from 9.2.3 to 10.0.2 ([#256](https://github.com/actions/create-github-app-token/issues/256)) ([5d7307b](https://github.com/actions/create-github-app-token/commit/5d7307be63501c0070c634b0ae8fec74e8208130))
* **deps:** bump glob from 10.4.5 to 10.5.0 ([#305](https://github.com/actions/create-github-app-token/issues/305)) ([5480f43](https://github.com/actions/create-github-app-token/commit/5480f4325a18c025ee16d7e081413854624e9edc))
* **deps:** bump p-retry from 6.2.1 to 7.1.0 ([#294](https://github.com/actions/create-github-app-token/issues/294)) ([dce3be8](https://github.com/actions/create-github-app-token/commit/dce3be8b284f45e65caed11a610e2bef738d15b4))
* **deps:** bump the production-dependencies group with 2 updates ([#292](https://github.com/actions/create-github-app-token/issues/292)) ([55e2a4b](https://github.com/actions/create-github-app-token/commit/55e2a4b2ccaaa8364303e6ab9f77e31ad02298e5))
* **deps:** bump the production-dependencies group with 2 updates ([#311](https://github.com/actions/create-github-app-token/issues/311)) ([b212e6a](https://github.com/actions/create-github-app-token/commit/b212e6a739dec02d8488610fbaf8f049f82ee999))
* **deps:** bump undici from 7.8.0 to 7.10.0 in the production-dependencies group ([#254](https://github.com/actions/create-github-app-token/issues/254)) ([f3d5ec2](https://github.com/actions/create-github-app-token/commit/f3d5ec20739b0cf6f0d52e5a051b65484c378ec9))

### Features

* update permission inputs ([#296](https://github.com/actions/create-github-app-token/issues/296)) ([d90aa53](https://github.com/actions/create-github-app-token/commit/d90aa532332d33f6dc9656fd4491a98441595a37))

.github/workflows/publish-immutable-action.yml

@@ -0,0 +1,17 @@
+name: 'Publish Immutable Action'
+
+on:
+  release:
+    types: [published]
+
+jobs:
+  publish:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      id-token: write
+      packages: write
+    steps:
+      - uses: actions/checkout@v6
+      - name: Publish Immutable Action
+        uses: actions/publish-immutable-action@v0.0.4

.github/workflows/test.yml

@@ -56,13 +56,13 @@ jobs:
       - run: echo '${{ steps.get-repository.outputs.data }}'
 
   end-to-end-proxy:
-    name: end-to-end with unreachable proxy
+    name: End-to-End with unreachable proxy
     runs-on: ubuntu-latest
     # do not run from forks, as forks don’t have access to repository secrets
     if: github.event_name != 'pull_request' || github.event.pull_request.head.repo.owner.login == github.event.pull_request.base.repo.owner.login
     steps:
-      - uses: actions/checkout@v6
-      - uses: actions/setup-node@v6
+      - uses: actions/checkout@v5
+      - uses: actions/setup-node@v4
         with:
           node-version-file: package.json
           cache: 'npm'

README.md

@@ -9,8 +9,8 @@ GitHub Action for creating a GitHub App installation access token.
 In order to use this action, you need to:
 
 1. [Register new GitHub App](https://docs.github.com/apps/creating-github-apps/setting-up-a-github-app/creating-a-github-app).
-2. [Store the App's Client ID in your repository environment variables](https://docs.github.com/actions/how-tos/write-workflows/choose-what-workflows-do/use-variables#defining-configuration-variables-for-multiple-workflows) (example: `GITHUB_APP_CLIENT_ID`).
-3. [Store the App's private key in your repository secrets](https://docs.github.com/actions/how-tos/write-workflows/choose-what-workflows-do/use-secrets?tool=webui#creating-secrets-for-a-repository) (example: `GITHUB_APP_PRIVATE_KEY`).
+2. [Store the App's ID or Client ID in your repository environment variables](https://docs.github.com/actions/learn-github-actions/variables#defining-configuration-variables-for-multiple-workflows) (example: `APP_ID`).
+3. [Store the App's private key in your repository secrets](https://docs.github.com/actions/security-guides/encrypted-secrets?tool=webui#creating-encrypted-secrets-for-a-repository) (example: `PRIVATE_KEY`).
 
 > [!IMPORTANT]  
 > An installation access token expires after 1 hour. Please [see this comment](https://github.com/actions/create-github-app-token/issues/121#issuecomment-2043214796) for alternative approaches if you have long-running processes.
@@ -31,8 +31,8 @@ jobs:
       - uses: actions/create-github-app-token@v3
         id: app-token
         with:
-          client-id: ${{ vars.GITHUB_APP_CLIENT_ID }}
-          private-key: ${{ secrets.GITHUB_APP_PRIVATE_KEY }}
+          app-id: ${{ vars.APP_ID }}
+          private-key: ${{ secrets.PRIVATE_KEY }}
       - uses: ./actions/staging-tests
         with:
           token: ${{ steps.app-token.outputs.token }}
@@ -51,15 +51,15 @@ jobs:
         id: app-token
         with:
           # required
-          client-id: ${{ vars.GITHUB_APP_CLIENT_ID }}
-          private-key: ${{ secrets.GITHUB_APP_PRIVATE_KEY }}
-      - uses: actions/checkout@v6
+          app-id: ${{ vars.APP_ID }}
+          private-key: ${{ secrets.PRIVATE_KEY }}
+      - uses: actions/checkout@v5
         with:
           token: ${{ steps.app-token.outputs.token }}
           ref: ${{ github.head_ref }}
           # Make sure the value of GITHUB_TOKEN will not be persisted in repo's config
           persist-credentials: false
-      - uses: creyD/prettier_action@v6
+      - uses: creyD/prettier_action@v4.3
         with:
           github_token: ${{ steps.app-token.outputs.token }}
 ```
@@ -77,8 +77,8 @@ jobs:
         id: app-token
         with:
           # required
-          client-id: ${{ vars.GITHUB_APP_CLIENT_ID }}
-          private-key: ${{ secrets.GITHUB_APP_PRIVATE_KEY }}
+          app-id: ${{ vars.APP_ID }}
+          private-key: ${{ secrets.PRIVATE_KEY }}
       - name: Get GitHub App User ID
         id: get-user-id
         run: echo "user-id=$(gh api "/users/${{ steps.app-token.outputs.app-slug }}[bot]" --jq .id)" >> "$GITHUB_OUTPUT"
@@ -102,8 +102,8 @@ jobs:
         id: app-token
         with:
           # required
-          client-id: ${{ vars.GITHUB_APP_CLIENT_ID }}
-          private-key: ${{ secrets.GITHUB_APP_PRIVATE_KEY }}
+          app-id: ${{ vars.APP_ID }}
+          private-key: ${{ secrets.PRIVATE_KEY }}
       - name: Get GitHub App User ID
         id: get-user-id
         run: echo "user-id=$(gh api "/users/${{ steps.app-token.outputs.app-slug }}[bot]" --jq .id)" >> "$GITHUB_OUTPUT"
@@ -138,10 +138,10 @@ jobs:
       - uses: actions/create-github-app-token@v3
         id: app-token
         with:
-          client-id: ${{ vars.GITHUB_APP_CLIENT_ID }}
-          private-key: ${{ secrets.GITHUB_APP_PRIVATE_KEY }}
+          app-id: ${{ vars.APP_ID }}
+          private-key: ${{ secrets.PRIVATE_KEY }}
           owner: ${{ github.repository_owner }}
-      - uses: peter-evans/create-or-update-comment@v4
+      - uses: peter-evans/create-or-update-comment@v3
         with:
           token: ${{ steps.app-token.outputs.token }}
           issue-number: ${{ github.event.issue.number }}
@@ -160,13 +160,13 @@ jobs:
       - uses: actions/create-github-app-token@v3
         id: app-token
         with:
-          client-id: ${{ vars.GITHUB_APP_CLIENT_ID }}
-          private-key: ${{ secrets.GITHUB_APP_PRIVATE_KEY }}
+          app-id: ${{ vars.APP_ID }}
+          private-key: ${{ secrets.PRIVATE_KEY }}
           owner: ${{ github.repository_owner }}
           repositories: |
             repo1
             repo2
-      - uses: peter-evans/create-or-update-comment@v4
+      - uses: peter-evans/create-or-update-comment@v3
         with:
           token: ${{ steps.app-token.outputs.token }}
           issue-number: ${{ github.event.issue.number }}
@@ -185,10 +185,10 @@ jobs:
       - uses: actions/create-github-app-token@v3
         id: app-token
         with:
-          client-id: ${{ vars.GITHUB_APP_CLIENT_ID }}
-          private-key: ${{ secrets.GITHUB_APP_PRIVATE_KEY }}
+          app-id: ${{ vars.APP_ID }}
+          private-key: ${{ secrets.PRIVATE_KEY }}
           owner: another-owner
-      - uses: peter-evans/create-or-update-comment@v4
+      - uses: peter-evans/create-or-update-comment@v3
         with:
           token: ${{ steps.app-token.outputs.token }}
           issue-number: ${{ github.event.issue.number }}
@@ -210,11 +210,11 @@ jobs:
       - uses: actions/create-github-app-token@v3
         id: app-token
         with:
-          client-id: ${{ vars.GITHUB_APP_CLIENT_ID }}
-          private-key: ${{ secrets.GITHUB_APP_PRIVATE_KEY }}
+          app-id: ${{ vars.APP_ID }}
+          private-key: ${{ secrets.PRIVATE_KEY }}
           owner: ${{ github.repository_owner }}
           permission-issues: write
-      - uses: peter-evans/create-or-update-comment@v4
+      - uses: peter-evans/create-or-update-comment@v3
         with:
           token: ${{ steps.app-token.outputs.token }}
           issue-number: ${{ github.event.issue.number }}
@@ -252,8 +252,8 @@ jobs:
       - uses: actions/create-github-app-token@v3
         id: app-token
         with:
-          client-id: ${{ vars.GITHUB_APP_CLIENT_ID }}
-          private-key: ${{ secrets.GITHUB_APP_PRIVATE_KEY }}
+          app-id: ${{ vars.APP_ID }}
+          private-key: ${{ secrets.PRIVATE_KEY }}
           owner: ${{ matrix.owners-and-repos.owner }}
           repositories: ${{ join(matrix.owners-and-repos.repos) }}
       - uses: octokit/request-action@v2.x
@@ -281,7 +281,7 @@ jobs:
         id: create_token
         uses: actions/create-github-app-token@v3
         with:
-          client-id: ${{ vars.GHES_APP_CLIENT_ID }}
+          app-id: ${{ vars.GHES_APP_ID }}
           private-key: ${{ secrets.GHES_APP_PRIVATE_KEY }}
           owner: ${{ vars.GHES_INSTALLATION_ORG }}
           github-api-url: ${{ vars.GITHUB_API_URL }}
@@ -310,18 +310,15 @@ If you set `HTTP_PROXY` or `HTTPS_PROXY`, also set `NODE_USE_ENV_PROXY: "1"` on
     NO_PROXY: github.example.com
     NODE_USE_ENV_PROXY: "1"
   with:
-    client-id: ${{ vars.GITHUB_APP_CLIENT_ID }}
-    private-key: ${{ secrets.GITHUB_APP_PRIVATE_KEY }}
+    app-id: ${{ vars.APP_ID }}
+    private-key: ${{ secrets.PRIVATE_KEY }}
 ```
 
 ## Inputs
 
-### `client-id` or `app-id`
+### `app-id`
 
-**Required:** GitHub App Client ID.
-
-> [!NOTE]
-> The legacy `app-id` input is also accepted, but `client-id` is recommended.
+**Required:** GitHub App ID.
 
 ### `private-key`
 
@@ -334,14 +331,14 @@ steps:
   - name: Decode the GitHub App Private Key
     id: decode
     run: |
-      private_key=$(echo "${{ secrets.GITHUB_APP_PRIVATE_KEY }}" | base64 -d | awk 'BEGIN {ORS="\\n"} {print}' | head -c -2) &> /dev/null
+      private_key=$(echo "${{ secrets.PRIVATE_KEY }}" | base64 -d | awk 'BEGIN {ORS="\\n"} {print}' | head -c -2) &> /dev/null
       echo "::add-mask::$private_key"
       echo "private-key=$private_key" >> "$GITHUB_OUTPUT"
   - name: Generate GitHub App Token
     id: app-token
     uses: actions/create-github-app-token@v3
     with:
-      client-id: ${{ vars.GITHUB_APP_CLIENT_ID }}
+      app-id: ${{ vars.APP_ID }}
       private-key: ${{ steps.decode.outputs.private-key }}
 ```
 

action.yml

@@ -5,13 +5,9 @@ branding:
   icon: "lock"
   color: "gray-dark"
 inputs:
-  client-id:
-    description: "GitHub App Client ID"
-    required: false
   app-id:
     description: "GitHub App ID"
-    required: false
-    deprecationMessage: "Use 'client-id' instead."
+    required: true
   private-key:
     description: "GitHub App private key"
     required: true
@@ -35,10 +31,6 @@ inputs:
     description: "The level of permission to grant the access token for GitHub Actions workflows, workflow runs, and artifacts. Can be set to 'read' or 'write'."
   permission-administration:
     description: "The level of permission to grant the access token for repository creation, deletion, settings, teams, and collaborators creation. Can be set to 'read' or 'write'."
-  permission-artifact-metadata:
-    description: "The level of permission to grant the access token to create and retrieve build artifact metadata records. Can be set to 'read' or 'write'."
-  permission-attestations:
-    description: "The level of permission to create and retrieve the access token for repository attestations. Can be set to 'read' or 'write'."
   permission-checks:
     description: "The level of permission to grant the access token for checks on code. Can be set to 'read' or 'write'."
   permission-codespaces:
@@ -51,8 +43,6 @@ inputs:
     description: "The level of permission to grant the access token to manage Dependabot secrets. Can be set to 'read' or 'write'."
   permission-deployments:
     description: "The level of permission to grant the access token for deployments and deployment statuses. Can be set to 'read' or 'write'."
-  permission-discussions:
-    description: "The level of permission to grant the access token for discussions and related comments and labels. Can be set to 'read' or 'write'."
   permission-email-addresses:
     description: "The level of permission to grant the access token to manage the email addresses belonging to a user. Can be set to 'read' or 'write'."
   permission-enterprise-custom-properties-for-organizations:
@@ -71,8 +61,6 @@ inputs:
     description: "The level of permission to grant the access token for issues and related comments, assignees, labels, and milestones. Can be set to 'read' or 'write'."
   permission-members:
     description: "The level of permission to grant the access token for organization teams and members. Can be set to 'read' or 'write'."
-  permission-merge-queues:
-    description: "The level of permission to grant the access token to manage the merge queues for a repository. Can be set to 'read' or 'write'."
   permission-metadata:
     description: "The level of permission to grant the access token to search repositories, list collaborators, and access repository metadata. Can be set to 'read' or 'write'."
   permission-organization-administration:

lib/main.js

@@ -2,7 +2,7 @@ import pRetry from "p-retry";
 // @ts-check
 
 /**
- * @param {string} clientId
+ * @param {string} appId
  * @param {string} privateKey
  * @param {string} owner
  * @param {string[]} repositories
@@ -13,7 +13,7 @@ import pRetry from "p-retry";
  * @param {boolean} skipTokenRevoke
  */
 export async function main(
-  clientId,
+  appId,
   privateKey,
   owner,
   repositories,
@@ -70,7 +70,7 @@ export async function main(
   }
 
   const auth = createAppAuth({
-    appId: clientId,
+    appId,
     privateKey,
     request,
   });

lib/request.js

@@ -1,4 +1,4 @@
-import * as core from "@actions/core";
+import core from "@actions/core";
 import { request } from "@octokit/request";
 
 // Get the GitHub API URL from the action input and remove any trailing slash

main.js

@@ -1,6 +1,6 @@
 // @ts-check
 
-import * as core from "@actions/core";
+import core from "@actions/core";
 import { createAppAuth } from "@octokit/auth-app";
 
 import { getPermissionsFromInputs } from "./lib/get-permissions-from-inputs.js";
@@ -18,10 +18,7 @@ if (!process.env.GITHUB_REPOSITORY_OWNER) {
 async function run() {
   ensureNativeProxySupport();
 
-  const clientId = core.getInput("client-id") || core.getInput("app-id");
-  if (!clientId) {
-    throw new Error("The 'client-id' (or deprecated 'app-id') input must be set to a non-empty string. If using a secret or variable, ensure it is available in this workflow context.");
-  }
+  const appId = core.getInput("app-id");
   const privateKey = core.getInput("private-key");
   const owner = core.getInput("owner");
   const repositories = core
@@ -35,7 +32,7 @@ async function run() {
   const permissions = getPermissionsFromInputs(process.env);
 
   return main(
-    clientId,
+    appId,
     privateKey,
     owner,
     repositories,

package.json

@@ -2,7 +2,7 @@
   "name": "create-github-app-token",
   "private": true,
   "type": "module",
-  "version": "3.1.1",
+  "version": "3.0.0-beta.4",
   "description": "GitHub Action for creating a GitHub App Installation Access Token",
   "engines": {
     "node": ">=24.4.0"
@@ -10,24 +10,28 @@
   "packageManager": "npm@10.9.4",
   "scripts": {
     "build": "esbuild main.js post.js --bundle --outdir=dist --out-extension:.js=.cjs --platform=node --packages=bundle",
-    "test": "c8 --100 node --test tests/index.js",
+    "test": "c8 --100 ava tests/index.js",
     "coverage": "c8 report --reporter html",
     "postcoverage": "open-cli coverage/index.html"
   },
   "license": "MIT",
   "dependencies": {
-    "@actions/core": "^3.0.0",
-    "@octokit/auth-app": "^8.2.0",
-    "@octokit/request": "^10.0.8",
-    "p-retry": "^8.0.0"
+    "@actions/core": "^1.11.1",
+    "@octokit/auth-app": "^8.1.2",
+    "@octokit/request": "^10.0.3",
+    "p-retry": "^7.1.0",
+    "undici": "^7.16.0"
   },
   "devDependencies": {
-    "@octokit/openapi": "^22.0.0",
-    "c8": "^11.0.0",
-    "esbuild": "^0.27.4",
-    "open-cli": "^9.0.0",
-    "undici": "^7.24.6",
-    "yaml": "^2.8.3"
+    "@octokit/openapi": "^21.0.0",
+    "@sinonjs/fake-timers": "^15.1.0",
+    "ava": "^6.4.1",
+    "c8": "^10.1.3",
+    "dotenv": "^17.3.1",
+    "esbuild": "^0.27.3",
+    "execa": "^9.6.1",
+    "open-cli": "^8.0.0",
+    "yaml": "^2.8.2"
   },
   "release": {
     "branches": [
@@ -43,7 +47,6 @@
       "@semantic-release/release-notes-generator",
       "@semantic-release/github",
       "@semantic-release/npm",
-      "semantic-release-plugin-github-breaking-version-tag",
       [
         "@semantic-release/git",
         {

post.js

@@ -1,6 +1,6 @@
 // @ts-check
 
-import * as core from "@actions/core";
+import core from "@actions/core";
 
 import { post } from "./lib/post.js";
 import request, { ensureNativeProxySupport } from "./lib/request.js";

scripts/generated/app-permissions.json

@@ -19,22 +19,6 @@
         "write"
       ]
     },
-    "artifact_metadata": {
-      "type": "string",
-      "description": "The level of permission to grant the access token to create and retrieve build artifact metadata records.",
-      "enum": [
-        "read",
-        "write"
-      ]
-    },
-    "attestations": {
-      "type": "string",
-      "description": "The level of permission to create and retrieve the access token for repository attestations.",
-      "enum": [
-        "read",
-        "write"
-      ]
-    },
     "checks": {
       "type": "string",
       "description": "The level of permission to grant the access token for checks on code.",
@@ -75,14 +59,6 @@
         "write"
       ]
     },
-    "discussions": {
-      "type": "string",
-      "description": "The level of permission to grant the access token for discussions and related comments and labels.",
-      "enum": [
-        "read",
-        "write"
-      ]
-    },
     "environments": {
       "type": "string",
       "description": "The level of permission to grant the access token for managing repository environments.",
@@ -99,14 +75,6 @@
         "write"
       ]
     },
-    "merge_queues": {
-      "type": "string",
-      "description": "The level of permission to grant the access token to manage the merge queues for a repository.",
-      "enum": [
-        "read",
-        "write"
-      ]
-    },
     "metadata": {
       "type": "string",
       "description": "The level of permission to grant the access token to search repositories, list collaborators, and access repository metadata.",

tests/README.md

@@ -2,14 +2,14 @@
 
 Add one test file per scenario. You can run them in isolation with:
 
-```
+```bash
 node tests/post-token-set.test.js
 ```
 
-All tests are run together in [tests/index.js](index.js), which can be executed with Node's built-in test runner
+All tests are run together in [tests/index.js](index.js), which can be executed with ava
 
 ```
-node --test tests/index.js
+npx ava tests/index.js
 ```
 
 or with npm
@@ -20,17 +20,11 @@ npm test
 
 ## How the tests work
 
-The output from the tests is captured into a snapshot ([tests/index.js.snapshot](index.js.snapshot)). It includes all requests sent by our scripts to verify it's working correctly and to prevent regressions.
-
-To update snapshots after an intentional change:
-
-```
-node --test --test-update-snapshots tests/index.js
-```
+The output from the tests is captured into a snapshot ([tests/snapshots/index.js.md](snapshots/index.js.md)). It includes all requests sent by our scripts to verify it's working correctly and to prevent regressions.
 
 ## How to add a new test
 
 We have tests both for the `main.js` and `post.js` scripts.
 
-- If you do not expect an error, take [main-token-permissions-set.test.js](main-token-permissions-set.test.js) as a starting point.
-- If your test has an expected error, take [main-missing-client-and-app-id.test.js](main-missing-client-and-app-id.test.js) as a starting point.
+- If you do not expect an error, take [main-token-permissions-set.test.js](tests/main-token-permissions-set.test.js) as a starting point.
+- If your test has an expected error, take [main-missing-app-id.test.js](tests/main-missing-app-id.test.js) as a starting point.

tests/index.js

@@ -1,23 +1,15 @@
 import { readdirSync } from "node:fs";
-import { execFile } from "node:child_process";
-import { promisify } from "node:util";
 
-import { snapshot, test } from "node:test";
-
-const execFileAsync = promisify(execFile);
-
-// Serialize strings as-is so multiline output is human-readable in snapshots
-snapshot.setDefaultSnapshotSerializers([
-  (value) => (typeof value === "string" ? value : undefined),
-]);
+import test from "ava";
+import { execa } from "execa";
 
 // Get all files in tests directory
 const files = readdirSync("tests");
 
 // Files to ignore
-const ignore = ["index.js", "index.js.snapshot", "main.js", "README.md"];
+const ignore = ["index.js", "main.js", "README.md", "snapshots"];
 
-const testFiles = files.filter((file) => !ignore.includes(file)).sort();
+const testFiles = files.filter((file) => !ignore.includes(file));
 
 // Throw an error if there is a file that does not end with test.js in the tests directory
 for (const file of testFiles) {
@@ -26,31 +18,20 @@ for (const file of testFiles) {
   }
   test(file, async (t) => {
     // Override Actions environment variables that change `core`’s behavior
-    const {
-      GITHUB_OUTPUT,
-      GITHUB_STATE,
-      HTTP_PROXY,
-      HTTPS_PROXY,
-      http_proxy,
-      https_proxy,
-      NO_PROXY,
-      no_proxy,
-      NODE_OPTIONS,
-      NODE_USE_ENV_PROXY,
-      ...env
-    } = process.env;
-    const { stderr, stdout } = await execFileAsync("node", [`tests/${file}`], {
-      env,
-    });
-    const trimmedStderr = stderr.replace(/\r?\n$/, "");
-    const trimmedStdout = stdout.replace(/\r?\n$/, "");
-    await t.test("stderr", (t) => {
-      if (trimmedStderr) t.assert.snapshot(trimmedStderr);
-      else t.assert.strictEqual(trimmedStderr, "");
-    });
-    await t.test("stdout", (t) => {
-      if (trimmedStdout) t.assert.snapshot(trimmedStdout);
-      else t.assert.strictEqual(trimmedStdout, "");
-    });
+    const env = {
+      GITHUB_OUTPUT: undefined,
+      GITHUB_STATE: undefined,
+      HTTP_PROXY: undefined,
+      HTTPS_PROXY: undefined,
+      http_proxy: undefined,
+      https_proxy: undefined,
+      NO_PROXY: undefined,
+      no_proxy: undefined,
+      NODE_OPTIONS: undefined,
+      NODE_USE_ENV_PROXY: undefined,
+    };
+    const { stderr, stdout } = await execa("node", [`tests/${file}`], { env });
+    t.snapshot(stderr, "stderr");
+    t.snapshot(stdout, "stdout");
   });
 }

tests/index.js.snapshot

@@ -1,320 +0,0 @@
-exports[`action-deprecated-inputs.test.js > stdout 1`] = `
-app-id — Use 'client-id' instead.
-`;
-
-exports[`main-app-id-fallback.test.js > stdout 1`] = `
-Inputs 'owner' and 'repositories' are not set. Creating token for this repository (actions/create-github-app-token).
-::add-mask::ghs_16C7e42F292c6912E7710c838347Ae178B4a
-
-::set-output name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a
-
-::set-output name=installation-id::123456
-
-::set-output name=app-slug::github-actions
-::save-state name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a
-::save-state name=expiresAt::2016-07-11T22:14:10Z
---- REQUESTS ---
-GET /repos/actions/create-github-app-token/installation
-POST /app/installations/123456/access_tokens
-{"repositories":["create-github-app-token"]}
-`;
-
-exports[`main-client-id-precedence.test.js > stdout 1`] = `
-Inputs 'owner' and 'repositories' are not set. Creating token for this repository (actions/create-github-app-token).
-::add-mask::ghs_16C7e42F292c6912E7710c838347Ae178B4a
-
-::set-output name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a
-
-::set-output name=installation-id::123456
-
-::set-output name=app-slug::github-actions
-::save-state name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a
-::save-state name=expiresAt::2016-07-11T22:14:10Z
---- REQUESTS ---
-GET /repos/actions/create-github-app-token/installation
-POST /app/installations/123456/access_tokens
-{"repositories":["create-github-app-token"]}
-`;
-
-exports[`main-custom-github-api-url.test.js > stdout 1`] = `
-Inputs 'owner' and 'repositories' are set. Creating token for the following repositories:
-      
-- actions/create-github-app-token
-::add-mask::ghs_16C7e42F292c6912E7710c838347Ae178B4a
-
-::set-output name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a
-
-::set-output name=installation-id::123456
-
-::set-output name=app-slug::github-actions
-::save-state name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a
-::save-state name=expiresAt::2016-07-11T22:14:10Z
---- REQUESTS ---
-GET /api/v3/repos/actions/create-github-app-token/installation
-POST /api/v3/app/installations/123456/access_tokens
-{"repositories":["create-github-app-token"]}
-`;
-
-exports[`main-missing-client-and-app-id.test.js > stderr 1`] = `
-The 'client-id' (or deprecated 'app-id') input must be set to a non-empty string. If using a secret or variable, ensure it is available in this workflow context.
-`;
-
-exports[`main-missing-client-and-app-id.test.js > stdout 1`] = `
-::error::The 'client-id' (or deprecated 'app-id') input must be set to a non-empty string. If using a secret or variable, ensure it is available in this workflow context.
-`;
-
-exports[`main-missing-owner.test.js > stderr 1`] = `
-GITHUB_REPOSITORY_OWNER missing, must be set to '<owner>'
-`;
-
-exports[`main-missing-repository.test.js > stderr 1`] = `
-GITHUB_REPOSITORY missing, must be set to '<owner>/<repo>'
-`;
-
-exports[`main-private-key-with-escaped-newlines.test.js > stdout 1`] = `
-Inputs 'owner' and 'repositories' are not set. Creating token for this repository (actions/create-github-app-token).
-::add-mask::ghs_16C7e42F292c6912E7710c838347Ae178B4a
-
-::set-output name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a
-
-::set-output name=installation-id::123456
-
-::set-output name=app-slug::github-actions
-::save-state name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a
-::save-state name=expiresAt::2016-07-11T22:14:10Z
---- REQUESTS ---
-GET /repos/actions/create-github-app-token/installation
-POST /app/installations/123456/access_tokens
-{"repositories":["create-github-app-token"]}
-`;
-
-exports[`main-proxy-requires-native-support.test.js > stderr 1`] = `
-A proxy environment variable is set, but Node.js native proxy support is not enabled. Set NODE_USE_ENV_PROXY=1 for this action step.
-`;
-
-exports[`main-proxy-requires-native-support.test.js > stdout 1`] = `
-::error::A proxy environment variable is set, but Node.js native proxy support is not enabled. Set NODE_USE_ENV_PROXY=1 for this action step.
-`;
-
-exports[`main-repo-skew.test.js > stderr 1`] = `
-'Issued at' claim ('iat') must be an Integer representing the time that the assertion was issued.
-[@octokit/auth-app] GitHub API time and system time are different by 30 seconds. Retrying request with the difference accounted for.
-`;
-
-exports[`main-repo-skew.test.js > stdout 1`] = `
-Inputs 'owner' and 'repositories' are set. Creating token for the following repositories:
-      
-- actions/failed-repo
-::add-mask::ghs_16C7e42F292c6912E7710c838347Ae178B4a
-
-::set-output name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a
-
-::set-output name=installation-id::123456
-
-::set-output name=app-slug::github-actions
-::save-state name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a
-::save-state name=expiresAt::2016-07-11T22:14:10Z
---- REQUESTS ---
-GET /repos/actions/failed-repo/installation
-GET /repos/actions/failed-repo/installation
-POST /app/installations/123456/access_tokens
-{"repositories":["failed-repo"]}
-`;
-
-exports[`main-token-get-owner-set-fail-response.test.js > stdout 1`] = `
-Input 'repositories' is not set. Creating token for all repositories owned by smockle.
-Failed to create token for "smockle" (attempt 1): GitHub API not available
-::add-mask::ghs_16C7e42F292c6912E7710c838347Ae178B4a
-
-::set-output name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a
-
-::set-output name=installation-id::123456
-
-::set-output name=app-slug::github-actions
-::save-state name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a
-::save-state name=expiresAt::2016-07-11T22:14:10Z
---- REQUESTS ---
-GET /users/smockle/installation
-GET /users/smockle/installation
-POST /app/installations/123456/access_tokens
-null
-`;
-
-exports[`main-token-get-owner-set-repo-fail-response.test.js > stdout 1`] = `
-Inputs 'owner' and 'repositories' are set. Creating token for the following repositories:
-      
-- actions/failed-repo
-Failed to create token for "failed-repo" (attempt 1): GitHub API not available
-::add-mask::ghs_16C7e42F292c6912E7710c838347Ae178B4a
-
-::set-output name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a
-
-::set-output name=installation-id::123456
-
-::set-output name=app-slug::github-actions
-::save-state name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a
-::save-state name=expiresAt::2016-07-11T22:14:10Z
---- REQUESTS ---
-GET /repos/actions/failed-repo/installation
-GET /repos/actions/failed-repo/installation
-POST /app/installations/123456/access_tokens
-{"repositories":["failed-repo"]}
-`;
-
-exports[`main-token-get-owner-set-repo-set-to-many-newline.test.js > stdout 1`] = `
-Inputs 'owner' and 'repositories' are set. Creating token for the following repositories:
-      
-- actions/create-github-app-token
-- actions/toolkit
-- actions/checkout
-::add-mask::ghs_16C7e42F292c6912E7710c838347Ae178B4a
-
-::set-output name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a
-
-::set-output name=installation-id::123456
-
-::set-output name=app-slug::github-actions
-::save-state name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a
-::save-state name=expiresAt::2016-07-11T22:14:10Z
---- REQUESTS ---
-GET /repos/actions/create-github-app-token/installation
-POST /app/installations/123456/access_tokens
-{"repositories":["create-github-app-token","toolkit","checkout"]}
-`;
-
-exports[`main-token-get-owner-set-repo-set-to-many.test.js > stdout 1`] = `
-Inputs 'owner' and 'repositories' are set. Creating token for the following repositories:
-      
-- actions/create-github-app-token
-- actions/toolkit
-- actions/checkout
-::add-mask::ghs_16C7e42F292c6912E7710c838347Ae178B4a
-
-::set-output name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a
-
-::set-output name=installation-id::123456
-
-::set-output name=app-slug::github-actions
-::save-state name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a
-::save-state name=expiresAt::2016-07-11T22:14:10Z
---- REQUESTS ---
-GET /repos/actions/create-github-app-token/installation
-POST /app/installations/123456/access_tokens
-{"repositories":["create-github-app-token","toolkit","checkout"]}
-`;
-
-exports[`main-token-get-owner-set-repo-set-to-one.test.js > stdout 1`] = `
-Inputs 'owner' and 'repositories' are set. Creating token for the following repositories:
-      
-- actions/create-github-app-token
-::add-mask::ghs_16C7e42F292c6912E7710c838347Ae178B4a
-
-::set-output name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a
-
-::set-output name=installation-id::123456
-
-::set-output name=app-slug::github-actions
-::save-state name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a
-::save-state name=expiresAt::2016-07-11T22:14:10Z
---- REQUESTS ---
-GET /repos/actions/create-github-app-token/installation
-POST /app/installations/123456/access_tokens
-{"repositories":["create-github-app-token"]}
-`;
-
-exports[`main-token-get-owner-set-repo-unset.test.js > stdout 1`] = `
-Input 'repositories' is not set. Creating token for all repositories owned by actions.
-::add-mask::ghs_16C7e42F292c6912E7710c838347Ae178B4a
-
-::set-output name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a
-
-::set-output name=installation-id::123456
-
-::set-output name=app-slug::github-actions
-::save-state name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a
-::save-state name=expiresAt::2016-07-11T22:14:10Z
---- REQUESTS ---
-GET /users/actions/installation
-POST /app/installations/123456/access_tokens
-null
-`;
-
-exports[`main-token-get-owner-unset-repo-set.test.js > stdout 1`] = `
-No 'owner' input provided. Using default owner 'actions' to create token for the following repositories:
-- actions/create-github-app-token
-::add-mask::ghs_16C7e42F292c6912E7710c838347Ae178B4a
-
-::set-output name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a
-
-::set-output name=installation-id::123456
-
-::set-output name=app-slug::github-actions
-::save-state name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a
-::save-state name=expiresAt::2016-07-11T22:14:10Z
---- REQUESTS ---
-GET /repos/actions/create-github-app-token/installation
-POST /app/installations/123456/access_tokens
-{"repositories":["create-github-app-token"]}
-`;
-
-exports[`main-token-get-owner-unset-repo-unset.test.js > stdout 1`] = `
-Inputs 'owner' and 'repositories' are not set. Creating token for this repository (actions/create-github-app-token).
-::add-mask::ghs_16C7e42F292c6912E7710c838347Ae178B4a
-
-::set-output name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a
-
-::set-output name=installation-id::123456
-
-::set-output name=app-slug::github-actions
-::save-state name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a
-::save-state name=expiresAt::2016-07-11T22:14:10Z
---- REQUESTS ---
-GET /repos/actions/create-github-app-token/installation
-POST /app/installations/123456/access_tokens
-{"repositories":["create-github-app-token"]}
-`;
-
-exports[`main-token-permissions-set.test.js > stdout 1`] = `
-Inputs 'owner' and 'repositories' are not set. Creating token for this repository (actions/create-github-app-token).
-::add-mask::ghs_16C7e42F292c6912E7710c838347Ae178B4a
-
-::set-output name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a
-
-::set-output name=installation-id::123456
-
-::set-output name=app-slug::github-actions
-::save-state name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a
-::save-state name=expiresAt::2016-07-11T22:14:10Z
---- REQUESTS ---
-GET /repos/actions/create-github-app-token/installation
-POST /app/installations/123456/access_tokens
-{"repositories":["create-github-app-token"],"permissions":{"issues":"write","pull_requests":"read"}}
-`;
-
-exports[`post-proxy-requires-native-support.test.js > stderr 1`] = `
-A proxy environment variable is set, but Node.js native proxy support is not enabled. Set NODE_USE_ENV_PROXY=1 for this action step.
-`;
-
-exports[`post-proxy-requires-native-support.test.js > stdout 1`] = `
-::error::A proxy environment variable is set, but Node.js native proxy support is not enabled. Set NODE_USE_ENV_PROXY=1 for this action step.
-`;
-
-exports[`post-revoke-token-fail-response.test.js > stdout 1`] = `
-::warning::Token revocation failed: 
-`;
-
-exports[`post-token-expired.test.js > stdout 1`] = `
-Token expired, skipping token revocation
-`;
-
-exports[`post-token-set.test.js > stdout 1`] = `
-Token revoked
-`;
-
-exports[`post-token-skipped.test.js > stdout 1`] = `
-Token revocation was skipped
-`;
-
-exports[`post-token-unset.test.js > stdout 1`] = `
-Token is not set
-`;

tests/main-app-id-fallback.test.js

@@ -1,11 +0,0 @@
-import { DEFAULT_ENV, test } from "./main.js";
-
-// Verify `main` falls back to `app-id` when `client-id` is not set
-await test(
-  () => {},
-  {
-    ...DEFAULT_ENV,
-    "INPUT_CLIENT-ID": "",
-    "INPUT_APP-ID": "123456",
-  }
-);

tests/main-client-id-precedence.test.js

@@ -1,11 +0,0 @@
-import { DEFAULT_ENV, test } from "./main.js";
-
-// Verify `client-id` takes precedence when both `client-id` and `app-id` are set
-await test(
-  () => {},
-  {
-    ...DEFAULT_ENV,
-    "INPUT_CLIENT-ID": "Iv1.0123456789abcdef",
-    "INPUT_APP-ID": "123456",
-  }
-);

tests/main-missing-client-and-app-id.test.js

@@ -1,20 +0,0 @@
-import { DEFAULT_ENV } from "./main.js";
-
-for (const [key, value] of Object.entries({
-  ...DEFAULT_ENV,
-  "INPUT_CLIENT-ID": "",
-  "INPUT_APP-ID": "",
-})) {
-  process.env[key] = value;
-}
-
-// Log only the error message, not the full stack trace, because the stack
-// trace contains environment-specific paths and ANSI codes that differ
-// between local and CI environments.
-const _error = console.error;
-console.error = (err) => _error(err?.message ?? err);
-
-// Verify `main` exits with an error when neither `client-id` nor `app-id` is set.
-const { default: promise } = await import("../main.js");
-await promise;
-process.exitCode = 0;

tests/main-repo-skew.test.js

@@ -1,7 +1,7 @@
-import { mock } from "node:test";
-
 import { test } from "./main.js";
 
+import { install } from "@sinonjs/fake-timers";
+
 // Verify `main` retry when the clock has drifted.
 await test((mockPool) => {
   process.env.INPUT_OWNER = "actions";
@@ -11,7 +11,7 @@ await test((mockPool) => {
   const mockInstallationId = "123456";
   const mockAppSlug = "github-actions";
 
-  mock.timers.enable({ apis: ["Date"], now: 0 });
+  install({ now: 0, toFake: ["Date"] });
 
   mockPool
     .intercept({
@@ -59,6 +59,4 @@ await test((mockPool) => {
       };
     })
     .times(2);
-}).finally(() => {
-  mock.timers.reset();
 });

tests/main.js

@@ -9,7 +9,7 @@ export const DEFAULT_ENV = {
   // https://docs.github.com/actions/creating-actions/metadata-syntax-for-github-actions#example-specifying-inputs
   "INPUT_GITHUB-API-URL": "https://api.github.com",
   "INPUT_SKIP-TOKEN-REVOKE": "false",
-  "INPUT_CLIENT-ID": "Iv1.0123456789abcdef",
+  "INPUT_APP-ID": "123456",
   // This key is invalidated. It’s from https://github.com/octokit/auth-app.js/issues/465#issuecomment-1564998327.
   "INPUT_PRIVATE-KEY": `-----BEGIN RSA PRIVATE KEY-----
 MIIEowIBAAKCAQEA280nfuUM9w00Ib9E2rvZJ6Qu3Ua3IqR34ZlK53vn/Iobn2EL

tests/snapshots/index.js.md

@@ -0,0 +1,404 @@
+# Snapshot report for `tests/index.js`
+
+The actual snapshot is saved in `index.js.snap`.
+
+Generated by [AVA](https://avajs.dev).
+
+## action-deprecated-inputs.test.js
+
+> stderr
+
+    ''
+
+> stdout
+
+    ''
+
+## main-custom-github-api-url.test.js
+
+> stderr
+
+    ''
+
+> stdout
+
+    `Inputs 'owner' and 'repositories' are set. Creating token for the following repositories:␊
+          ␊
+    - actions/create-github-app-token␊
+    ::add-mask::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
+    ␊
+    ::set-output name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
+    ␊
+    ::set-output name=installation-id::123456␊
+    ␊
+    ::set-output name=app-slug::github-actions␊
+    ::save-state name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
+    ::save-state name=expiresAt::2016-07-11T22:14:10Z␊
+    --- REQUESTS ---␊
+    GET /api/v3/repos/actions/create-github-app-token/installation␊
+    POST /api/v3/app/installations/123456/access_tokens␊
+    {"repositories":["create-github-app-token"]}`
+
+## main-missing-owner.test.js
+
+> stderr
+
+    'GITHUB_REPOSITORY_OWNER missing, must be set to \'<owner>\''
+
+> stdout
+
+    ''
+
+## main-missing-repository.test.js
+
+> stderr
+
+    'GITHUB_REPOSITORY missing, must be set to \'<owner>/<repo>\''
+
+> stdout
+
+    ''
+
+## main-private-key-with-escaped-newlines.test.js
+
+> stderr
+
+    ''
+
+> stdout
+
+    `Inputs 'owner' and 'repositories' are not set. Creating token for this repository (actions/create-github-app-token).␊
+    ::add-mask::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
+    ␊
+    ::set-output name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
+    ␊
+    ::set-output name=installation-id::123456␊
+    ␊
+    ::set-output name=app-slug::github-actions␊
+    ::save-state name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
+    ::save-state name=expiresAt::2016-07-11T22:14:10Z␊
+    --- REQUESTS ---␊
+    GET /repos/actions/create-github-app-token/installation␊
+    POST /app/installations/123456/access_tokens␊
+    {"repositories":["create-github-app-token"]}`
+
+## main-proxy-requires-native-support.test.js
+
+> stderr
+
+    'A proxy environment variable is set, but Node.js native proxy support is not enabled. Set NODE_USE_ENV_PROXY=1 for this action step.'
+
+> stdout
+
+    '::error::A proxy environment variable is set, but Node.js native proxy support is not enabled. Set NODE_USE_ENV_PROXY=1 for this action step.'
+
+## main-repo-skew.test.js
+
+> stderr
+
+    `'Issued at' claim ('iat') must be an Integer representing the time that the assertion was issued.␊
+    [@octokit/auth-app] GitHub API time and system time are different by 30 seconds. Retrying request with the difference accounted for.`
+
+> stdout
+
+    `Inputs 'owner' and 'repositories' are set. Creating token for the following repositories:␊
+          ␊
+    - actions/failed-repo␊
+    ::add-mask::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
+    ␊
+    ::set-output name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
+    ␊
+    ::set-output name=installation-id::123456␊
+    ␊
+    ::set-output name=app-slug::github-actions␊
+    ::save-state name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
+    ::save-state name=expiresAt::2016-07-11T22:14:10Z␊
+    --- REQUESTS ---␊
+    GET /repos/actions/failed-repo/installation␊
+    GET /repos/actions/failed-repo/installation␊
+    POST /app/installations/123456/access_tokens␊
+    {"repositories":["failed-repo"]}`
+
+## main-token-get-owner-set-fail-response.test.js
+
+> stderr
+
+    ''
+
+> stdout
+
+    `Input 'repositories' is not set. Creating token for all repositories owned by smockle.␊
+    Failed to create token for "smockle" (attempt 1): GitHub API not available␊
+    ::add-mask::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
+    ␊
+    ::set-output name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
+    ␊
+    ::set-output name=installation-id::123456␊
+    ␊
+    ::set-output name=app-slug::github-actions␊
+    ::save-state name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
+    ::save-state name=expiresAt::2016-07-11T22:14:10Z␊
+    --- REQUESTS ---␊
+    GET /users/smockle/installation␊
+    GET /users/smockle/installation␊
+    POST /app/installations/123456/access_tokens␊
+    null`
+
+## main-token-get-owner-set-repo-fail-response.test.js
+
+> stderr
+
+    ''
+
+> stdout
+
+    `Inputs 'owner' and 'repositories' are set. Creating token for the following repositories:␊
+          ␊
+    - actions/failed-repo␊
+    Failed to create token for "failed-repo" (attempt 1): GitHub API not available␊
+    ::add-mask::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
+    ␊
+    ::set-output name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
+    ␊
+    ::set-output name=installation-id::123456␊
+    ␊
+    ::set-output name=app-slug::github-actions␊
+    ::save-state name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
+    ::save-state name=expiresAt::2016-07-11T22:14:10Z␊
+    --- REQUESTS ---␊
+    GET /repos/actions/failed-repo/installation␊
+    GET /repos/actions/failed-repo/installation␊
+    POST /app/installations/123456/access_tokens␊
+    {"repositories":["failed-repo"]}`
+
+## main-token-get-owner-set-repo-set-to-many-newline.test.js
+
+> stderr
+
+    ''
+
+> stdout
+
+    `Inputs 'owner' and 'repositories' are set. Creating token for the following repositories:␊
+          ␊
+    - actions/create-github-app-token␊
+    - actions/toolkit␊
+    - actions/checkout␊
+    ::add-mask::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
+    ␊
+    ::set-output name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
+    ␊
+    ::set-output name=installation-id::123456␊
+    ␊
+    ::set-output name=app-slug::github-actions␊
+    ::save-state name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
+    ::save-state name=expiresAt::2016-07-11T22:14:10Z␊
+    --- REQUESTS ---␊
+    GET /repos/actions/create-github-app-token/installation␊
+    POST /app/installations/123456/access_tokens␊
+    {"repositories":["create-github-app-token","toolkit","checkout"]}`
+
+## main-token-get-owner-set-repo-set-to-many.test.js
+
+> stderr
+
+    ''
+
+> stdout
+
+    `Inputs 'owner' and 'repositories' are set. Creating token for the following repositories:␊
+          ␊
+    - actions/create-github-app-token␊
+    - actions/toolkit␊
+    - actions/checkout␊
+    ::add-mask::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
+    ␊
+    ::set-output name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
+    ␊
+    ::set-output name=installation-id::123456␊
+    ␊
+    ::set-output name=app-slug::github-actions␊
+    ::save-state name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
+    ::save-state name=expiresAt::2016-07-11T22:14:10Z␊
+    --- REQUESTS ---␊
+    GET /repos/actions/create-github-app-token/installation␊
+    POST /app/installations/123456/access_tokens␊
+    {"repositories":["create-github-app-token","toolkit","checkout"]}`
+
+## main-token-get-owner-set-repo-set-to-one.test.js
+
+> stderr
+
+    ''
+
+> stdout
+
+    `Inputs 'owner' and 'repositories' are set. Creating token for the following repositories:␊
+          ␊
+    - actions/create-github-app-token␊
+    ::add-mask::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
+    ␊
+    ::set-output name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
+    ␊
+    ::set-output name=installation-id::123456␊
+    ␊
+    ::set-output name=app-slug::github-actions␊
+    ::save-state name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
+    ::save-state name=expiresAt::2016-07-11T22:14:10Z␊
+    --- REQUESTS ---␊
+    GET /repos/actions/create-github-app-token/installation␊
+    POST /app/installations/123456/access_tokens␊
+    {"repositories":["create-github-app-token"]}`
+
+## main-token-get-owner-set-repo-unset.test.js
+
+> stderr
+
+    ''
+
+> stdout
+
+    `Input 'repositories' is not set. Creating token for all repositories owned by actions.␊
+    ::add-mask::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
+    ␊
+    ::set-output name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
+    ␊
+    ::set-output name=installation-id::123456␊
+    ␊
+    ::set-output name=app-slug::github-actions␊
+    ::save-state name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
+    ::save-state name=expiresAt::2016-07-11T22:14:10Z␊
+    --- REQUESTS ---␊
+    GET /users/actions/installation␊
+    POST /app/installations/123456/access_tokens␊
+    null`
+
+## main-token-get-owner-unset-repo-set.test.js
+
+> stderr
+
+    ''
+
+> stdout
+
+    `No 'owner' input provided. Using default owner 'actions' to create token for the following repositories:␊
+    - actions/create-github-app-token␊
+    ::add-mask::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
+    ␊
+    ::set-output name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
+    ␊
+    ::set-output name=installation-id::123456␊
+    ␊
+    ::set-output name=app-slug::github-actions␊
+    ::save-state name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
+    ::save-state name=expiresAt::2016-07-11T22:14:10Z␊
+    --- REQUESTS ---␊
+    GET /repos/actions/create-github-app-token/installation␊
+    POST /app/installations/123456/access_tokens␊
+    {"repositories":["create-github-app-token"]}`
+
+## main-token-get-owner-unset-repo-unset.test.js
+
+> stderr
+
+    ''
+
+> stdout
+
+    `Inputs 'owner' and 'repositories' are not set. Creating token for this repository (actions/create-github-app-token).␊
+    ::add-mask::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
+    ␊
+    ::set-output name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
+    ␊
+    ::set-output name=installation-id::123456␊
+    ␊
+    ::set-output name=app-slug::github-actions␊
+    ::save-state name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
+    ::save-state name=expiresAt::2016-07-11T22:14:10Z␊
+    --- REQUESTS ---␊
+    GET /repos/actions/create-github-app-token/installation␊
+    POST /app/installations/123456/access_tokens␊
+    {"repositories":["create-github-app-token"]}`
+
+## main-token-permissions-set.test.js
+
+> stderr
+
+    ''
+
+> stdout
+
+    `Inputs 'owner' and 'repositories' are not set. Creating token for this repository (actions/create-github-app-token).␊
+    ::add-mask::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
+    ␊
+    ::set-output name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
+    ␊
+    ::set-output name=installation-id::123456␊
+    ␊
+    ::set-output name=app-slug::github-actions␊
+    ::save-state name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
+    ::save-state name=expiresAt::2016-07-11T22:14:10Z␊
+    --- REQUESTS ---␊
+    GET /repos/actions/create-github-app-token/installation␊
+    POST /app/installations/123456/access_tokens␊
+    {"repositories":["create-github-app-token"],"permissions":{"issues":"write","pull_requests":"read"}}`
+
+## post-proxy-requires-native-support.test.js
+
+> stderr
+
+    'A proxy environment variable is set, but Node.js native proxy support is not enabled. Set NODE_USE_ENV_PROXY=1 for this action step.'
+
+> stdout
+
+    '::error::A proxy environment variable is set, but Node.js native proxy support is not enabled. Set NODE_USE_ENV_PROXY=1 for this action step.'
+
+## post-revoke-token-fail-response.test.js
+
+> stderr
+
+    ''
+
+> stdout
+
+    '::warning::Token revocation failed: '
+
+## post-token-expired.test.js
+
+> stderr
+
+    ''
+
+> stdout
+
+    'Token expired, skipping token revocation'
+
+## post-token-set.test.js
+
+> stderr
+
+    ''
+
+> stdout
+
+    'Token revoked'
+
+## post-token-skipped.test.js
+
+> stderr
+
+    ''
+
+> stdout
+
+    'Token revocation was skipped'
+
+## post-token-unset.test.js
+
+> stderr
+
+    ''
+
+> stdout
+
+    'Token is not set'