build(release): 3.0.0-beta.5 [skip ci]

# [3.0.0-beta.5](https://github.com/actions/create-github-app-token/compare/v3.0.0-beta.4...v3.0.0-beta.5) (2026-03-13)

* fix!: require `NODE_USE_ENV_PROXY` for proxy support ([#342](https://github.com/actions/create-github-app-token/issues/342)) ([d53a1cd](https://github.com/actions/create-github-app-token/commit/d53a1cdfde844c958786293adcaf739ecb8b5eb9))

### BREAKING CHANGES

* Custom proxy handling has been removed. If you use HTTP_PROXY or HTTPS_PROXY, you must now also set NODE_USE_ENV_PROXY=1 on the action step.

.github/workflows/publish-immutable-action.yml

@@ -12,6 +12,6 @@ jobs:
       id-token: write
       packages: write
     steps:
-      - uses: actions/checkout@v5
+      - uses: actions/checkout@v6
       - name: Publish Immutable Action
         uses: actions/publish-immutable-action@v0.0.4

.github/workflows/release.yml

@@ -18,14 +18,13 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       # build local version to create token
-      - uses: actions/checkout@v5
+      - uses: actions/checkout@v6
         with:
           persist-credentials: false
 
-      - uses: actions/setup-node@v4
+      - uses: actions/setup-node@v6
         with:
           node-version-file: package.json
-          cache: 'npm'
 
       - run: npm ci
       - run: npm run build

.github/workflows/stale.yml

@@ -0,0 +1,34 @@
+# This workflow warns and then closes issues that have had no activity for a specified amount of time.
+# https://github.com/actions/stale
+
+name: Stale
+
+on:
+  workflow_dispatch:
+  schedule:
+    # 00:00 UTC on Mondays
+    - cron: '0 0 * * 1'
+
+permissions:
+  issues: write
+  pull-requests: write
+
+env:
+  DAYS_BEFORE_STALE: 180
+  DAYS_BEFORE_CLOSE: 60
+  STALE_LABEL: 'stale'
+  STALE_LABEL_URL: ${{github.server_url}}/${{github.repository}}/labels/stale
+
+jobs:
+  stale:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/stale@v10
+        with:
+          operations-per-run: 100
+          days-before-stale: ${{ env.DAYS_BEFORE_STALE }}
+          days-before-close: ${{ env.DAYS_BEFORE_CLOSE }}
+          stale-issue-label: ${{ env.STALE_LABEL }}
+          stale-pr-label: ${{ env.STALE_LABEL }}
+          stale-issue-message: 'This issue has been marked ${{ env.STALE_LABEL_URL }} because it has been open for ${{ env.DAYS_BEFORE_STALE }} days with no activity. Please close this issue if it is no longer needed. If this issue is still relevant and you would like it to remain open, simply update it within the next ${{ env.DAYS_BEFORE_CLOSE }} days.'
+          stale-pr-message: 'This pull request has been marked ${{ env.STALE_LABEL_URL }} because it has been open for ${{ env.DAYS_BEFORE_STALE }} days with no activity. Please close this pull request if it is no longer needed. If this pull request is still relevant and you would like it to remain open, simply update it within the next ${{ env.DAYS_BEFORE_CLOSE }} days.'

.github/workflows/test.yml

@@ -6,6 +6,7 @@ on:
       - main
       - beta
   pull_request:
+  merge_group:
   workflow_dispatch:
 
 concurrency:
@@ -17,30 +18,28 @@ permissions:
 
 jobs:
   integration:
-    name: Integration
+    name: integration
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v5
+      - uses: actions/checkout@v6
 
-      - uses: actions/setup-node@v4
+      - uses: actions/setup-node@v6
         with:
           node-version-file: package.json
-          cache: 'npm'
 
       - run: npm ci
       - run: npm test
 
   end-to-end:
-    name: End-to-End
+    name: end-to-end
     runs-on: ubuntu-latest
     # do not run from forks, as forks don’t have access to repository secrets
     if: github.event_name != 'pull_request' || github.event.pull_request.head.repo.owner.login == github.event.pull_request.base.repo.owner.login
     steps:
-      - uses: actions/checkout@v5
-      - uses: actions/setup-node@v4
+      - uses: actions/checkout@v6
+      - uses: actions/setup-node@v6
         with:
           node-version-file: package.json
-          cache: 'npm'
       - run: npm ci
       - run: npm run build
       - uses: ./ # Uses the action in the root directory
@@ -57,7 +56,7 @@ jobs:
       - run: echo '${{ steps.get-repository.outputs.data }}'
 
   end-to-end-proxy:
-    name: End-to-End with unreachable proxy
+    name: end-to-end with unreachable proxy
     runs-on: ubuntu-latest
     # do not run from forks, as forks don’t have access to repository secrets
     if: github.event_name != 'pull_request' || github.event.pull_request.head.repo.owner.login == github.event.pull_request.base.repo.owner.login

.github/workflows/update-permission-inputs.yml

@@ -13,21 +13,30 @@ concurrency:
 
 permissions:
   contents: write
+  pull-requests: write
 
 jobs:
   update-permission-inputs:
     runs-on: ubuntu-latest
+    env:
+      COMMIT_MESSAGE: 'feat: update permission inputs'
     steps:
-      - uses: actions/checkout@v5
-      - uses: actions/setup-node@v4
+      - uses: actions/checkout@v6
+      - uses: actions/setup-node@v6
         with:
           node-version-file: package.json
-          cache: 'npm'
       - name: Install dependencies
         run: npm ci
       - name: Run permission inputs update script
         run: node scripts/update-permission-inputs.js
       - name: Commit changes
-        uses: stefanzweifel/git-auto-commit-action@b863ae1933cb653a53c021fe36dbb774e1fb9403 # v5.2.0
+        id: auto-commit
+        uses: stefanzweifel/git-auto-commit-action@04702edda442b2e678b25b537cec683a1493fcb9 # v7.1.0
         with:
-          commit_message: 'feat: update permission inputs'
+          commit_message: ${{ env.COMMIT_MESSAGE }}
+      - name: Update PR title
+        if: github.event_name == 'pull_request' && steps.auto-commit.outputs.changes_detected == 'true'
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: |
+          gh pr edit ${{ github.event.pull_request.number }} --title "${{ env.COMMIT_MESSAGE }}"

action.yml

@@ -37,12 +37,16 @@ inputs:
     description: "The level of permission to grant the access token to create, edit, delete, and list Codespaces. Can be set to 'read' or 'write'."
   permission-contents:
     description: "The level of permission to grant the access token for repository contents, commits, branches, downloads, releases, and merges. Can be set to 'read' or 'write'."
+  permission-custom-properties-for-organizations:
+    description: "The level of permission to grant the access token to view and edit custom properties for an organization, when allowed by the property. Can be set to 'read' or 'write'."
   permission-dependabot-secrets:
     description: "The level of permission to grant the access token to manage Dependabot secrets. Can be set to 'read' or 'write'."
   permission-deployments:
     description: "The level of permission to grant the access token for deployments and deployment statuses. Can be set to 'read' or 'write'."
   permission-email-addresses:
     description: "The level of permission to grant the access token to manage the email addresses belonging to a user. Can be set to 'read' or 'write'."
+  permission-enterprise-custom-properties-for-organizations:
+    description: "The level of permission to grant the access token for organization custom properties management at the enterprise level. Can be set to 'read', 'write', or 'admin'."
   permission-environments:
     description: "The level of permission to grant the access token for managing repository environments. Can be set to 'read' or 'write'."
   permission-followers:
@@ -68,7 +72,7 @@ inputs:
   permission-organization-custom-org-roles:
     description: "The level of permission to grant the access token for custom organization roles management. Can be set to 'read' or 'write'."
   permission-organization-custom-properties:
-    description: "The level of permission to grant the access token for custom property management. Can be set to 'read', 'write', or 'admin'."
+    description: "The level of permission to grant the access token for repository custom properties management at the organization level. Can be set to 'read', 'write', or 'admin'."
   permission-organization-custom-roles:
     description: "The level of permission to grant the access token for custom repository roles management. Can be set to 'read' or 'write'."
   permission-organization-events:

dist/post.cjs

@@ -227,10 +227,10 @@ var require_proxy = __commonJS({
       })();
       if (proxyVar) {
         try {
-          return new DecodedURL(proxyVar);
+          return new URL(proxyVar);
         } catch (_a) {
           if (!proxyVar.startsWith("http://") && !proxyVar.startsWith("https://"))
-            return new DecodedURL(`http://${proxyVar}`);
+            return new URL(`http://${proxyVar}`);
         }
       } else {
         return void 0;
@@ -273,19 +273,6 @@ var require_proxy = __commonJS({
       const hostLower = host.toLowerCase();
       return hostLower === "localhost" || hostLower.startsWith("127.") || hostLower.startsWith("[::1]") || hostLower.startsWith("[0:0:0:0:0:0:0:1]");
     }
-    var DecodedURL = class extends URL {
-      constructor(url, base) {
-        super(url, base);
-        this._decodedUsername = decodeURIComponent(super.username);
-        this._decodedPassword = decodeURIComponent(super.password);
-      }
-      get username() {
-        return this._decodedUsername;
-      }
-      get password() {
-        return this._decodedPassword;
-      }
-    };
   }
 });
 
@@ -530,67 +517,67 @@ var require_tunnel2 = __commonJS({
 var require_symbols = __commonJS({
   "node_modules/@actions/http-client/node_modules/undici/lib/core/symbols.js"(exports2, module2) {
     module2.exports = {
-      kClose: Symbol("close"),
-      kDestroy: Symbol("destroy"),
-      kDispatch: Symbol("dispatch"),
-      kUrl: Symbol("url"),
-      kWriting: Symbol("writing"),
-      kResuming: Symbol("resuming"),
-      kQueue: Symbol("queue"),
-      kConnect: Symbol("connect"),
-      kConnecting: Symbol("connecting"),
-      kHeadersList: Symbol("headers list"),
-      kKeepAliveDefaultTimeout: Symbol("default keep alive timeout"),
-      kKeepAliveMaxTimeout: Symbol("max keep alive timeout"),
-      kKeepAliveTimeoutThreshold: Symbol("keep alive timeout threshold"),
-      kKeepAliveTimeoutValue: Symbol("keep alive timeout"),
-      kKeepAlive: Symbol("keep alive"),
-      kHeadersTimeout: Symbol("headers timeout"),
-      kBodyTimeout: Symbol("body timeout"),
-      kServerName: Symbol("server name"),
-      kLocalAddress: Symbol("local address"),
-      kHost: Symbol("host"),
-      kNoRef: Symbol("no ref"),
-      kBodyUsed: Symbol("used"),
-      kRunning: Symbol("running"),
-      kBlocking: Symbol("blocking"),
-      kPending: Symbol("pending"),
-      kSize: Symbol("size"),
-      kBusy: Symbol("busy"),
-      kQueued: Symbol("queued"),
-      kFree: Symbol("free"),
-      kConnected: Symbol("connected"),
-      kClosed: Symbol("closed"),
-      kNeedDrain: Symbol("need drain"),
-      kReset: Symbol("reset"),
-      kDestroyed: Symbol.for("nodejs.stream.destroyed"),
-      kMaxHeadersSize: Symbol("max headers size"),
-      kRunningIdx: Symbol("running index"),
-      kPendingIdx: Symbol("pending index"),
-      kError: Symbol("error"),
-      kClients: Symbol("clients"),
-      kClient: Symbol("client"),
-      kParser: Symbol("parser"),
-      kOnDestroyed: Symbol("destroy callbacks"),
-      kPipelining: Symbol("pipelining"),
-      kSocket: Symbol("socket"),
-      kHostHeader: Symbol("host header"),
-      kConnector: Symbol("connector"),
-      kStrictContentLength: Symbol("strict content length"),
-      kMaxRedirections: Symbol("maxRedirections"),
-      kMaxRequests: Symbol("maxRequestsPerClient"),
-      kProxy: Symbol("proxy agent options"),
-      kCounter: Symbol("socket request counter"),
-      kInterceptors: Symbol("dispatch interceptors"),
-      kMaxResponseSize: Symbol("max response size"),
-      kHTTP2Session: Symbol("http2Session"),
-      kHTTP2SessionState: Symbol("http2Session state"),
-      kHTTP2BuildRequest: Symbol("http2 build request"),
-      kHTTP1BuildRequest: Symbol("http1 build request"),
-      kHTTP2CopyHeaders: Symbol("http2 copy headers"),
-      kHTTPConnVersion: Symbol("http connection version"),
-      kRetryHandlerDefaultRetry: Symbol("retry agent default retry"),
-      kConstruct: Symbol("constructable")
+      kClose: /* @__PURE__ */ Symbol("close"),
+      kDestroy: /* @__PURE__ */ Symbol("destroy"),
+      kDispatch: /* @__PURE__ */ Symbol("dispatch"),
+      kUrl: /* @__PURE__ */ Symbol("url"),
+      kWriting: /* @__PURE__ */ Symbol("writing"),
+      kResuming: /* @__PURE__ */ Symbol("resuming"),
+      kQueue: /* @__PURE__ */ Symbol("queue"),
+      kConnect: /* @__PURE__ */ Symbol("connect"),
+      kConnecting: /* @__PURE__ */ Symbol("connecting"),
+      kHeadersList: /* @__PURE__ */ Symbol("headers list"),
+      kKeepAliveDefaultTimeout: /* @__PURE__ */ Symbol("default keep alive timeout"),
+      kKeepAliveMaxTimeout: /* @__PURE__ */ Symbol("max keep alive timeout"),
+      kKeepAliveTimeoutThreshold: /* @__PURE__ */ Symbol("keep alive timeout threshold"),
+      kKeepAliveTimeoutValue: /* @__PURE__ */ Symbol("keep alive timeout"),
+      kKeepAlive: /* @__PURE__ */ Symbol("keep alive"),
+      kHeadersTimeout: /* @__PURE__ */ Symbol("headers timeout"),
+      kBodyTimeout: /* @__PURE__ */ Symbol("body timeout"),
+      kServerName: /* @__PURE__ */ Symbol("server name"),
+      kLocalAddress: /* @__PURE__ */ Symbol("local address"),
+      kHost: /* @__PURE__ */ Symbol("host"),
+      kNoRef: /* @__PURE__ */ Symbol("no ref"),
+      kBodyUsed: /* @__PURE__ */ Symbol("used"),
+      kRunning: /* @__PURE__ */ Symbol("running"),
+      kBlocking: /* @__PURE__ */ Symbol("blocking"),
+      kPending: /* @__PURE__ */ Symbol("pending"),
+      kSize: /* @__PURE__ */ Symbol("size"),
+      kBusy: /* @__PURE__ */ Symbol("busy"),
+      kQueued: /* @__PURE__ */ Symbol("queued"),
+      kFree: /* @__PURE__ */ Symbol("free"),
+      kConnected: /* @__PURE__ */ Symbol("connected"),
+      kClosed: /* @__PURE__ */ Symbol("closed"),
+      kNeedDrain: /* @__PURE__ */ Symbol("need drain"),
+      kReset: /* @__PURE__ */ Symbol("reset"),
+      kDestroyed: /* @__PURE__ */ Symbol.for("nodejs.stream.destroyed"),
+      kMaxHeadersSize: /* @__PURE__ */ Symbol("max headers size"),
+      kRunningIdx: /* @__PURE__ */ Symbol("running index"),
+      kPendingIdx: /* @__PURE__ */ Symbol("pending index"),
+      kError: /* @__PURE__ */ Symbol("error"),
+      kClients: /* @__PURE__ */ Symbol("clients"),
+      kClient: /* @__PURE__ */ Symbol("client"),
+      kParser: /* @__PURE__ */ Symbol("parser"),
+      kOnDestroyed: /* @__PURE__ */ Symbol("destroy callbacks"),
+      kPipelining: /* @__PURE__ */ Symbol("pipelining"),
+      kSocket: /* @__PURE__ */ Symbol("socket"),
+      kHostHeader: /* @__PURE__ */ Symbol("host header"),
+      kConnector: /* @__PURE__ */ Symbol("connector"),
+      kStrictContentLength: /* @__PURE__ */ Symbol("strict content length"),
+      kMaxRedirections: /* @__PURE__ */ Symbol("maxRedirections"),
+      kMaxRequests: /* @__PURE__ */ Symbol("maxRequestsPerClient"),
+      kProxy: /* @__PURE__ */ Symbol("proxy agent options"),
+      kCounter: /* @__PURE__ */ Symbol("socket request counter"),
+      kInterceptors: /* @__PURE__ */ Symbol("dispatch interceptors"),
+      kMaxResponseSize: /* @__PURE__ */ Symbol("max response size"),
+      kHTTP2Session: /* @__PURE__ */ Symbol("http2Session"),
+      kHTTP2SessionState: /* @__PURE__ */ Symbol("http2Session state"),
+      kHTTP2BuildRequest: /* @__PURE__ */ Symbol("http2 build request"),
+      kHTTP1BuildRequest: /* @__PURE__ */ Symbol("http1 build request"),
+      kHTTP2CopyHeaders: /* @__PURE__ */ Symbol("http2 copy headers"),
+      kHTTPConnVersion: /* @__PURE__ */ Symbol("http connection version"),
+      kRetryHandlerDefaultRetry: /* @__PURE__ */ Symbol("retry agent default retry"),
+      kConstruct: /* @__PURE__ */ Symbol("constructable")
     };
   }
 });
@@ -3585,7 +3572,7 @@ var require_constants2 = __commonJS({
 var require_global = __commonJS({
   "node_modules/@actions/http-client/node_modules/undici/lib/fetch/global.js"(exports2, module2) {
     "use strict";
-    var globalOrigin = Symbol.for("undici.globalOrigin.1");
+    var globalOrigin = /* @__PURE__ */ Symbol.for("undici.globalOrigin.1");
     function getGlobalOrigin() {
       return globalThis[globalOrigin];
     }
@@ -4237,12 +4224,12 @@ var require_symbols2 = __commonJS({
   "node_modules/@actions/http-client/node_modules/undici/lib/fetch/symbols.js"(exports2, module2) {
     "use strict";
     module2.exports = {
-      kUrl: Symbol("url"),
-      kHeaders: Symbol("headers"),
-      kSignal: Symbol("signal"),
-      kState: Symbol("state"),
-      kGuard: Symbol("guard"),
-      kRealm: Symbol("realm")
+      kUrl: /* @__PURE__ */ Symbol("url"),
+      kHeaders: /* @__PURE__ */ Symbol("headers"),
+      kSignal: /* @__PURE__ */ Symbol("signal"),
+      kState: /* @__PURE__ */ Symbol("state"),
+      kGuard: /* @__PURE__ */ Symbol("guard"),
+      kRealm: /* @__PURE__ */ Symbol("realm")
     };
   }
 });
@@ -5635,7 +5622,7 @@ var require_request = __commonJS({
     var tokenRegExp = /^[\^_`a-zA-Z\-0-9!#$%&'*+.|~]+$/;
     var headerCharRegex = /[^\t\x20-\x7e\x80-\xff]/;
     var invalidPathRegex = /[^\u0021-\u00ff]/;
-    var kHandler = Symbol("handler");
+    var kHandler = /* @__PURE__ */ Symbol("handler");
     var channels = {};
     var extractBody;
     try {
@@ -6022,11 +6009,11 @@ var require_dispatcher_base = __commonJS({
       InvalidArgumentError
     } = require_errors();
     var { kDestroy, kClose, kDispatch, kInterceptors } = require_symbols();
-    var kDestroyed = Symbol("destroyed");
-    var kClosed = Symbol("closed");
-    var kOnDestroyed = Symbol("onDestroyed");
-    var kOnClosed = Symbol("onClosed");
-    var kInterceptedDispatch = Symbol("Intercepted Dispatch");
+    var kDestroyed = /* @__PURE__ */ Symbol("destroyed");
+    var kClosed = /* @__PURE__ */ Symbol("closed");
+    var kOnDestroyed = /* @__PURE__ */ Symbol("onDestroyed");
+    var kOnClosed = /* @__PURE__ */ Symbol("onClosed");
+    var kInterceptedDispatch = /* @__PURE__ */ Symbol("Intercepted Dispatch");
     var DispatcherBase = class extends Dispatcher {
       constructor() {
         super();
@@ -6681,7 +6668,7 @@ var require_RedirectHandler = __commonJS({
     var { InvalidArgumentError } = require_errors();
     var EE = require("events");
     var redirectableStatusCodes = [300, 301, 302, 303, 307, 308];
-    var kBody = Symbol("body");
+    var kBody = /* @__PURE__ */ Symbol("body");
     var BodyAsyncIterable = class {
       constructor(body) {
         this[kBody] = body;
@@ -6955,7 +6942,7 @@ var require_client = __commonJS({
     } = http2;
     var h2ExperimentalWarned = false;
     var FastBuffer = Buffer[Symbol.species];
-    var kClosedResolve = Symbol("kClosedResolve");
+    var kClosedResolve = /* @__PURE__ */ Symbol("kClosedResolve");
     var channels = {};
     try {
       const diagnosticsChannel = require("diagnostics_channel");
@@ -8625,7 +8612,7 @@ var require_fixed_queue = __commonJS({
 var require_pool_stats = __commonJS({
   "node_modules/@actions/http-client/node_modules/undici/lib/pool-stats.js"(exports2, module2) {
     var { kFree, kConnected, kPending, kQueued, kRunning, kSize } = require_symbols();
-    var kPool = Symbol("pool");
+    var kPool = /* @__PURE__ */ Symbol("pool");
     var PoolStats = class {
       constructor(pool) {
         this[kPool] = pool;
@@ -8661,18 +8648,18 @@ var require_pool_base = __commonJS({
     var FixedQueue = require_fixed_queue();
     var { kConnected, kSize, kRunning, kPending, kQueued, kBusy, kFree, kUrl, kClose, kDestroy, kDispatch } = require_symbols();
     var PoolStats = require_pool_stats();
-    var kClients = Symbol("clients");
-    var kNeedDrain = Symbol("needDrain");
-    var kQueue = Symbol("queue");
-    var kClosedResolve = Symbol("closed resolve");
-    var kOnDrain = Symbol("onDrain");
-    var kOnConnect = Symbol("onConnect");
-    var kOnDisconnect = Symbol("onDisconnect");
-    var kOnConnectionError = Symbol("onConnectionError");
-    var kGetDispatcher = Symbol("get dispatcher");
-    var kAddClient = Symbol("add client");
-    var kRemoveClient = Symbol("remove client");
-    var kStats = Symbol("stats");
+    var kClients = /* @__PURE__ */ Symbol("clients");
+    var kNeedDrain = /* @__PURE__ */ Symbol("needDrain");
+    var kQueue = /* @__PURE__ */ Symbol("queue");
+    var kClosedResolve = /* @__PURE__ */ Symbol("closed resolve");
+    var kOnDrain = /* @__PURE__ */ Symbol("onDrain");
+    var kOnConnect = /* @__PURE__ */ Symbol("onConnect");
+    var kOnDisconnect = /* @__PURE__ */ Symbol("onDisconnect");
+    var kOnConnectionError = /* @__PURE__ */ Symbol("onConnectionError");
+    var kGetDispatcher = /* @__PURE__ */ Symbol("get dispatcher");
+    var kAddClient = /* @__PURE__ */ Symbol("add client");
+    var kRemoveClient = /* @__PURE__ */ Symbol("remove client");
+    var kStats = /* @__PURE__ */ Symbol("stats");
     var PoolBase = class extends DispatcherBase {
       constructor() {
         super();
@@ -8826,9 +8813,9 @@ var require_pool = __commonJS({
     var util = require_util();
     var { kUrl, kInterceptors } = require_symbols();
     var buildConnector = require_connect();
-    var kOptions = Symbol("options");
-    var kConnections = Symbol("connections");
-    var kFactory = Symbol("factory");
+    var kOptions = /* @__PURE__ */ Symbol("options");
+    var kConnections = /* @__PURE__ */ Symbol("connections");
+    var kFactory = /* @__PURE__ */ Symbol("factory");
     function defaultFactory(origin, opts) {
       return new Client(origin, opts);
     }
@@ -8917,14 +8904,14 @@ var require_balanced_pool = __commonJS({
     var Pool = require_pool();
     var { kUrl, kInterceptors } = require_symbols();
     var { parseOrigin } = require_util();
-    var kFactory = Symbol("factory");
-    var kOptions = Symbol("options");
-    var kGreatestCommonDivisor = Symbol("kGreatestCommonDivisor");
-    var kCurrentWeight = Symbol("kCurrentWeight");
-    var kIndex = Symbol("kIndex");
-    var kWeight = Symbol("kWeight");
-    var kMaxWeightPerServer = Symbol("kMaxWeightPerServer");
-    var kErrorPenalty = Symbol("kErrorPenalty");
+    var kFactory = /* @__PURE__ */ Symbol("factory");
+    var kOptions = /* @__PURE__ */ Symbol("options");
+    var kGreatestCommonDivisor = /* @__PURE__ */ Symbol("kGreatestCommonDivisor");
+    var kCurrentWeight = /* @__PURE__ */ Symbol("kCurrentWeight");
+    var kIndex = /* @__PURE__ */ Symbol("kIndex");
+    var kWeight = /* @__PURE__ */ Symbol("kWeight");
+    var kMaxWeightPerServer = /* @__PURE__ */ Symbol("kMaxWeightPerServer");
+    var kErrorPenalty = /* @__PURE__ */ Symbol("kErrorPenalty");
     function getGreatestCommonDivisor(a, b) {
       if (b === 0) return a;
       return getGreatestCommonDivisor(b, a % b);
@@ -9087,14 +9074,14 @@ var require_agent = __commonJS({
     var util = require_util();
     var createRedirectInterceptor = require_redirectInterceptor();
     var { WeakRef: WeakRef2, FinalizationRegistry } = require_dispatcher_weakref()();
-    var kOnConnect = Symbol("onConnect");
-    var kOnDisconnect = Symbol("onDisconnect");
-    var kOnConnectionError = Symbol("onConnectionError");
-    var kMaxRedirections = Symbol("maxRedirections");
-    var kOnDrain = Symbol("onDrain");
-    var kFactory = Symbol("factory");
-    var kFinalizer = Symbol("finalizer");
-    var kOptions = Symbol("options");
+    var kOnConnect = /* @__PURE__ */ Symbol("onConnect");
+    var kOnDisconnect = /* @__PURE__ */ Symbol("onDisconnect");
+    var kOnConnectionError = /* @__PURE__ */ Symbol("onConnectionError");
+    var kMaxRedirections = /* @__PURE__ */ Symbol("maxRedirections");
+    var kOnDrain = /* @__PURE__ */ Symbol("onDrain");
+    var kFactory = /* @__PURE__ */ Symbol("factory");
+    var kFinalizer = /* @__PURE__ */ Symbol("finalizer");
+    var kOptions = /* @__PURE__ */ Symbol("options");
     function defaultFactory(origin, opts) {
       return opts && opts.connections === 1 ? new Client(origin, opts) : new Pool(origin, opts);
     }
@@ -9203,12 +9190,12 @@ var require_readable = __commonJS({
     var util = require_util();
     var { ReadableStreamFrom, toUSVString } = require_util();
     var Blob2;
-    var kConsume = Symbol("kConsume");
-    var kReading = Symbol("kReading");
-    var kBody = Symbol("kBody");
-    var kAbort = Symbol("abort");
-    var kContentType = Symbol("kContentType");
-    var noop = () => {
+    var kConsume = /* @__PURE__ */ Symbol("kConsume");
+    var kReading = /* @__PURE__ */ Symbol("kReading");
+    var kBody = /* @__PURE__ */ Symbol("kBody");
+    var kAbort = /* @__PURE__ */ Symbol("abort");
+    var kContentType = /* @__PURE__ */ Symbol("kContentType");
+    var noop2 = () => {
     };
     module2.exports = class BodyReadable extends Readable {
       constructor({
@@ -9330,7 +9317,7 @@ var require_readable = __commonJS({
         return new Promise((resolve, reject) => {
           const signalListenerCleanup = signal ? util.addAbortListener(signal, () => {
             this.destroy();
-          }) : noop;
+          }) : noop2;
           this.on("close", function() {
             signalListenerCleanup();
             if (signal && signal.aborted) {
@@ -9338,7 +9325,7 @@ var require_readable = __commonJS({
             } else {
               resolve(null);
             }
-          }).on("error", noop).on("data", function(chunk) {
+          }).on("error", noop2).on("data", function(chunk) {
             limit -= chunk.length;
             if (limit <= 0) {
               this.destroy();
@@ -9493,8 +9480,8 @@ var require_abort_signal = __commonJS({
   "node_modules/@actions/http-client/node_modules/undici/lib/api/abort-signal.js"(exports2, module2) {
     var { addAbortListener } = require_util();
     var { RequestAbortedError } = require_errors();
-    var kListener = Symbol("kListener");
-    var kSignal = Symbol("kSignal");
+    var kListener = /* @__PURE__ */ Symbol("kListener");
+    var kSignal = /* @__PURE__ */ Symbol("kSignal");
     function abort(self) {
       if (self.abort) {
         self.abort();
@@ -9883,7 +9870,7 @@ var require_api_pipeline = __commonJS({
     var { AsyncResource } = require("async_hooks");
     var { addSignal, removeSignal } = require_abort_signal();
     var assert = require("assert");
-    var kResume = Symbol("resume");
+    var kResume = /* @__PURE__ */ Symbol("resume");
     var PipelineRequest = class extends Readable {
       constructor() {
         super({ autoDestroy: true });
@@ -10277,25 +10264,25 @@ var require_mock_symbols = __commonJS({
   "node_modules/@actions/http-client/node_modules/undici/lib/mock/mock-symbols.js"(exports2, module2) {
     "use strict";
     module2.exports = {
-      kAgent: Symbol("agent"),
-      kOptions: Symbol("options"),
-      kFactory: Symbol("factory"),
-      kDispatches: Symbol("dispatches"),
-      kDispatchKey: Symbol("dispatch key"),
-      kDefaultHeaders: Symbol("default headers"),
-      kDefaultTrailers: Symbol("default trailers"),
-      kContentLength: Symbol("content length"),
-      kMockAgent: Symbol("mock agent"),
-      kMockAgentSet: Symbol("mock agent set"),
-      kMockAgentGet: Symbol("mock agent get"),
-      kMockDispatch: Symbol("mock dispatch"),
-      kClose: Symbol("close"),
-      kOriginalClose: Symbol("original agent close"),
-      kOrigin: Symbol("origin"),
-      kIsMockActive: Symbol("is mock active"),
-      kNetConnect: Symbol("net connect"),
-      kGetNetConnect: Symbol("get net connect"),
-      kConnected: Symbol("connected")
+      kAgent: /* @__PURE__ */ Symbol("agent"),
+      kOptions: /* @__PURE__ */ Symbol("options"),
+      kFactory: /* @__PURE__ */ Symbol("factory"),
+      kDispatches: /* @__PURE__ */ Symbol("dispatches"),
+      kDispatchKey: /* @__PURE__ */ Symbol("dispatch key"),
+      kDefaultHeaders: /* @__PURE__ */ Symbol("default headers"),
+      kDefaultTrailers: /* @__PURE__ */ Symbol("default trailers"),
+      kContentLength: /* @__PURE__ */ Symbol("content length"),
+      kMockAgent: /* @__PURE__ */ Symbol("mock agent"),
+      kMockAgentSet: /* @__PURE__ */ Symbol("mock agent set"),
+      kMockAgentGet: /* @__PURE__ */ Symbol("mock agent get"),
+      kMockDispatch: /* @__PURE__ */ Symbol("mock dispatch"),
+      kClose: /* @__PURE__ */ Symbol("close"),
+      kOriginalClose: /* @__PURE__ */ Symbol("original agent close"),
+      kOrigin: /* @__PURE__ */ Symbol("origin"),
+      kIsMockActive: /* @__PURE__ */ Symbol("is mock active"),
+      kNetConnect: /* @__PURE__ */ Symbol("net connect"),
+      kGetNetConnect: /* @__PURE__ */ Symbol("get net connect"),
+      kConnected: /* @__PURE__ */ Symbol("connected")
     };
   }
 });
@@ -11067,12 +11054,12 @@ var require_proxy_agent = __commonJS({
     var DispatcherBase = require_dispatcher_base();
     var { InvalidArgumentError, RequestAbortedError } = require_errors();
     var buildConnector = require_connect();
-    var kAgent = Symbol("proxy agent");
-    var kClient = Symbol("proxy client");
-    var kProxyHeaders = Symbol("proxy headers");
-    var kRequestTls = Symbol("request tls settings");
-    var kProxyTls = Symbol("proxy tls settings");
-    var kConnectEndpoint = Symbol("connect endpoint function");
+    var kAgent = /* @__PURE__ */ Symbol("proxy agent");
+    var kClient = /* @__PURE__ */ Symbol("proxy client");
+    var kProxyHeaders = /* @__PURE__ */ Symbol("proxy headers");
+    var kRequestTls = /* @__PURE__ */ Symbol("request tls settings");
+    var kProxyTls = /* @__PURE__ */ Symbol("proxy tls settings");
+    var kConnectEndpoint = /* @__PURE__ */ Symbol("connect endpoint function");
     function defaultProtocolPort(protocol) {
       return protocol === "https:" ? 443 : 80;
     }
@@ -11479,7 +11466,7 @@ var require_RetryHandler = __commonJS({
 var require_global2 = __commonJS({
   "node_modules/@actions/http-client/node_modules/undici/lib/global.js"(exports2, module2) {
     "use strict";
-    var globalDispatcher = Symbol.for("undici.globalDispatcher.1");
+    var globalDispatcher = /* @__PURE__ */ Symbol.for("undici.globalDispatcher.1");
     var { InvalidArgumentError } = require_errors();
     var Agent = require_agent();
     if (getGlobalDispatcher() === void 0) {
@@ -11554,8 +11541,8 @@ var require_headers = __commonJS({
     var util = require("util");
     var { webidl } = require_webidl();
     var assert = require("assert");
-    var kHeadersMap = Symbol("headers map");
-    var kHeadersSortedMap = Symbol("headers map sorted");
+    var kHeadersMap = /* @__PURE__ */ Symbol("headers map");
+    var kHeadersSortedMap = /* @__PURE__ */ Symbol("headers map sorted");
     function isHTTPWhiteSpaceCharCode(code) {
       return code === 10 || code === 13 || code === 9 || code === 32;
     }
@@ -11882,7 +11869,7 @@ var require_headers = __commonJS({
           callbackFn.apply(thisArg, [value, key, this]);
         }
       }
-      [Symbol.for("nodejs.util.inspect.custom")]() {
+      [/* @__PURE__ */ Symbol.for("nodejs.util.inspect.custom")]() {
         webidl.brandCheck(this, _Headers);
         return this[kHeadersList];
       }
@@ -12342,7 +12329,7 @@ var require_request2 = __commonJS({
     var assert = require("assert");
     var { getMaxListeners, setMaxListeners, getEventListeners, defaultMaxListeners } = require("events");
     var TransformStream = globalThis.TransformStream;
-    var kAbortController = Symbol("abortController");
+    var kAbortController = /* @__PURE__ */ Symbol("abortController");
     var requestFinalizer = new FinalizationRegistry(({ signal, abort }) => {
       signal.removeEventListener("abort", abort);
     });
@@ -13988,12 +13975,12 @@ var require_symbols3 = __commonJS({
   "node_modules/@actions/http-client/node_modules/undici/lib/fileapi/symbols.js"(exports2, module2) {
     "use strict";
     module2.exports = {
-      kState: Symbol("FileReader state"),
-      kResult: Symbol("FileReader result"),
-      kError: Symbol("FileReader error"),
-      kLastProgressEventFired: Symbol("FileReader last progress event fired timestamp"),
-      kEvents: Symbol("FileReader events"),
-      kAborted: Symbol("FileReader aborted")
+      kState: /* @__PURE__ */ Symbol("FileReader state"),
+      kResult: /* @__PURE__ */ Symbol("FileReader result"),
+      kError: /* @__PURE__ */ Symbol("FileReader error"),
+      kLastProgressEventFired: /* @__PURE__ */ Symbol("FileReader last progress event fired timestamp"),
+      kEvents: /* @__PURE__ */ Symbol("FileReader events"),
+      kAborted: /* @__PURE__ */ Symbol("FileReader aborted")
     };
   }
 });
@@ -14003,7 +13990,7 @@ var require_progressevent = __commonJS({
   "node_modules/@actions/http-client/node_modules/undici/lib/fileapi/progressevent.js"(exports2, module2) {
     "use strict";
     var { webidl } = require_webidl();
-    var kState = Symbol("ProgressEvent state");
+    var kState = /* @__PURE__ */ Symbol("ProgressEvent state");
     var ProgressEvent = class _ProgressEvent extends Event {
       constructor(type, eventInitDict = {}) {
         type = webidl.converters.DOMString(type);
@@ -15953,14 +15940,14 @@ var require_symbols5 = __commonJS({
   "node_modules/@actions/http-client/node_modules/undici/lib/websocket/symbols.js"(exports2, module2) {
     "use strict";
     module2.exports = {
-      kWebSocketURL: Symbol("url"),
-      kReadyState: Symbol("ready state"),
-      kController: Symbol("controller"),
-      kResponse: Symbol("response"),
-      kBinaryType: Symbol("binary type"),
-      kSentClose: Symbol("sent close"),
-      kReceivedClose: Symbol("received close"),
-      kByteParser: Symbol("byte parser")
+      kWebSocketURL: /* @__PURE__ */ Symbol("url"),
+      kReadyState: /* @__PURE__ */ Symbol("ready state"),
+      kController: /* @__PURE__ */ Symbol("controller"),
+      kResponse: /* @__PURE__ */ Symbol("response"),
+      kBinaryType: /* @__PURE__ */ Symbol("binary type"),
+      kSentClose: /* @__PURE__ */ Symbol("sent close"),
+      kReceivedClose: /* @__PURE__ */ Symbol("received close"),
+      kByteParser: /* @__PURE__ */ Symbol("byte parser")
     };
   }
 });
@@ -17825,7 +17812,7 @@ var require_lib = __commonJS({
         }
         const usingSsl = parsedUrl.protocol === "https:";
         proxyAgent = new undici_1.ProxyAgent(Object.assign({ uri: proxyUrl.href, pipelining: !this._keepAlive ? 0 : 1 }, (proxyUrl.username || proxyUrl.password) && {
-          token: `Basic ${Buffer.from(`${proxyUrl.username}:${proxyUrl.password}`).toString("base64")}`
+          token: `${proxyUrl.username}:${proxyUrl.password}`
         }));
         this._proxyAgentDispatcher = proxyAgent;
         if (usingSsl && this._ignoreSslError) {
@@ -20089,7 +20076,7 @@ function isKeyOperator(operator) {
 function getValues(context, operator, key, modifier) {
   var value = context[key], result = [];
   if (isDefined(value) && value !== "") {
-    if (typeof value === "string" || typeof value === "number" || typeof value === "boolean") {
+    if (typeof value === "string" || typeof value === "number" || typeof value === "bigint" || typeof value === "boolean") {
       value = value.toString();
       if (modifier && modifier !== "*") {
         value = value.substring(0, parseInt(modifier, 10));
@@ -20270,6 +20257,92 @@ var endpoint = withDefaults(null, DEFAULTS);
 // node_modules/@octokit/request/dist-bundle/index.js
 var import_fast_content_type_parse = __toESM(require_fast_content_type_parse(), 1);
 
+// node_modules/json-with-bigint/json-with-bigint.js
+var intRegex = /^-?\d+$/;
+var noiseValue = /^-?\d+n+$/;
+var originalStringify = JSON.stringify;
+var originalParse = JSON.parse;
+var customFormat = /^-?\d+n$/;
+var bigIntsStringify = /([\[:])?"(-?\d+)n"($|([\\n]|\s)*(\s|[\\n])*[,\}\]])/g;
+var noiseStringify = /([\[:])?("-?\d+n+)n("$|"([\\n]|\s)*(\s|[\\n])*[,\}\]])/g;
+var JSONStringify = (value, replacer, space) => {
+  if ("rawJSON" in JSON) {
+    return originalStringify(
+      value,
+      (key, value2) => {
+        if (typeof value2 === "bigint") return JSON.rawJSON(value2.toString());
+        if (typeof replacer === "function") return replacer(key, value2);
+        if (Array.isArray(replacer) && replacer.includes(key)) return value2;
+        return value2;
+      },
+      space
+    );
+  }
+  if (!value) return originalStringify(value, replacer, space);
+  const convertedToCustomJSON = originalStringify(
+    value,
+    (key, value2) => {
+      const isNoise = typeof value2 === "string" && Boolean(value2.match(noiseValue));
+      if (isNoise) return value2.toString() + "n";
+      if (typeof value2 === "bigint") return value2.toString() + "n";
+      if (typeof replacer === "function") return replacer(key, value2);
+      if (Array.isArray(replacer) && replacer.includes(key)) return value2;
+      return value2;
+    },
+    space
+  );
+  const processedJSON = convertedToCustomJSON.replace(
+    bigIntsStringify,
+    "$1$2$3"
+  );
+  const denoisedJSON = processedJSON.replace(noiseStringify, "$1$2$3");
+  return denoisedJSON;
+};
+var isContextSourceSupported = () => JSON.parse("1", (_, __, context) => !!context && context.source === "1");
+var convertMarkedBigIntsReviver = (key, value, context, userReviver) => {
+  const isCustomFormatBigInt = typeof value === "string" && value.match(customFormat);
+  if (isCustomFormatBigInt) return BigInt(value.slice(0, -1));
+  const isNoiseValue = typeof value === "string" && value.match(noiseValue);
+  if (isNoiseValue) return value.slice(0, -1);
+  if (typeof userReviver !== "function") return value;
+  return userReviver(key, value, context);
+};
+var JSONParseV2 = (text, reviver) => {
+  return JSON.parse(text, (key, value, context) => {
+    const isBigNumber = typeof value === "number" && (value > Number.MAX_SAFE_INTEGER || value < Number.MIN_SAFE_INTEGER);
+    const isInt = context && intRegex.test(context.source);
+    const isBigInt = isBigNumber && isInt;
+    if (isBigInt) return BigInt(context.source);
+    if (typeof reviver !== "function") return value;
+    return reviver(key, value, context);
+  });
+};
+var MAX_INT = Number.MAX_SAFE_INTEGER.toString();
+var MAX_DIGITS = MAX_INT.length;
+var stringsOrLargeNumbers = /"(?:\\.|[^"])*"|-?(0|[1-9][0-9]*)(\.[0-9]+)?([eE][+-]?[0-9]+)?/g;
+var noiseValueWithQuotes = /^"-?\d+n+"$/;
+var JSONParse = (text, reviver) => {
+  if (!text) return originalParse(text, reviver);
+  if (isContextSourceSupported()) return JSONParseV2(text, reviver);
+  const serializedData = text.replace(
+    stringsOrLargeNumbers,
+    (text2, digits, fractional, exponential) => {
+      const isString = text2[0] === '"';
+      const isNoise = isString && Boolean(text2.match(noiseValueWithQuotes));
+      if (isNoise) return text2.substring(0, text2.length - 1) + 'n"';
+      const isFractionalOrExponential = fractional || exponential;
+      const isLessThanMaxSafeInt = digits && (digits.length < MAX_DIGITS || digits.length === MAX_DIGITS && digits <= MAX_INT);
+      if (isString || isFractionalOrExponential || isLessThanMaxSafeInt)
+        return text2;
+      return '"' + text2 + 'n"';
+    }
+  );
+  return originalParse(
+    serializedData,
+    (key, value, context) => convertMarkedBigIntsReviver(key, value, context, reviver)
+  );
+};
+
 // node_modules/@octokit/request-error/dist-src/index.js
 var RequestError = class extends Error {
   name;
@@ -20286,7 +20359,7 @@ var RequestError = class extends Error {
    */
   response;
   constructor(message, statusCode, options) {
-    super(message);
+    super(message, { cause: options.cause });
     this.name = "HttpError";
     this.status = Number.parseInt(statusCode);
     if (Number.isNaN(this.status)) {
@@ -20310,7 +20383,7 @@ var RequestError = class extends Error {
 };
 
 // node_modules/@octokit/request/dist-bundle/index.js
-var VERSION2 = "9.2.4";
+var VERSION2 = "10.0.8";
 var defaults_default = {
   headers: {
     "user-agent": `octokit-request.js/${VERSION2} ${getUserAgent()}`
@@ -20324,6 +20397,7 @@ function isPlainObject2(value) {
   const Ctor = Object.prototype.hasOwnProperty.call(proto, "constructor") && proto.constructor;
   return typeof Ctor === "function" && Ctor instanceof Ctor && Function.prototype.call(Ctor) === Function.prototype.call(value);
 }
+var noop = () => "";
 async function fetchWrapper(requestOptions) {
   const fetch = requestOptions.request?.fetch || globalThis.fetch;
   if (!fetch) {
@@ -20333,7 +20407,7 @@ async function fetchWrapper(requestOptions) {
   }
   const log = requestOptions.request?.log || console;
   const parseSuccessResponseBody = requestOptions.request?.parseSuccessResponseBody !== false;
-  const body = isPlainObject2(requestOptions.body) || Array.isArray(requestOptions.body) ? JSON.stringify(requestOptions.body) : requestOptions.body;
+  const body = isPlainObject2(requestOptions.body) || Array.isArray(requestOptions.body) ? JSONStringify(requestOptions.body) : requestOptions.body;
   const requestHeaders = Object.fromEntries(
     Object.entries(requestOptions.headers).map(([name, value]) => [
       name,
@@ -20425,21 +20499,24 @@ async function fetchWrapper(requestOptions) {
 async function getResponseData(response) {
   const contentType = response.headers.get("content-type");
   if (!contentType) {
-    return response.text().catch(() => "");
+    return response.text().catch(noop);
   }
   const mimetype = (0, import_fast_content_type_parse.safeParse)(contentType);
   if (isJSONResponse(mimetype)) {
     let text = "";
     try {
       text = await response.text();
-      return JSON.parse(text);
+      return JSONParse(text);
     } catch (err) {
       return text;
     }
   } else if (mimetype.type.startsWith("text/") || mimetype.parameters.charset?.toLowerCase() === "utf-8") {
-    return response.text().catch(() => "");
+    return response.text().catch(noop);
   } else {
-    return response.arrayBuffer().catch(() => new ArrayBuffer(0));
+    return response.arrayBuffer().catch(
+      /* v8 ignore next -- @preserve */
+      () => new ArrayBuffer(0)
+    );
   }
 }
 function isJSONResponse(mimetype) {
@@ -20526,4 +20603,11 @@ undici/lib/fetch/body.js:
 
 undici/lib/websocket/frame.js:
   (*! ws. MIT License. Einar Otto Stangvik <einaros@gmail.com> *)
+
+@octokit/request-error/dist-src/index.js:
+  (* v8 ignore else -- @preserve -- Bug with vitest coverage where it sees an else branch that doesn't exist *)
+
+@octokit/request/dist-bundle/index.js:
+  (* v8 ignore next -- @preserve *)
+  (* v8 ignore else -- @preserve *)
 */

lib/main.js

@@ -89,12 +89,12 @@ export async function main(
           permissions
         ),
       {
-        shouldRetry: (error) => error.status >= 500,
-        onFailedAttempt: (error) => {
+        shouldRetry: ({ error }) => error.status >= 500,
+        onFailedAttempt: (context) => {
           core.info(
             `Failed to create token for "${parsedRepositoryNames.join(
               ","
-            )}" (attempt ${error.attemptNumber}): ${error.message}`
+            )}" (attempt ${context.attemptNumber}): ${context.error.message}`
           );
         },
         retries: 3,
@@ -105,9 +105,9 @@ export async function main(
     ({ authentication, installationId, appSlug } = await pRetry(
       () => getTokenFromOwner(request, auth, parsedOwner, permissions),
       {
-        onFailedAttempt: (error) => {
+        onFailedAttempt: (context) => {
           core.info(
-            `Failed to create token for "${parsedOwner}" (attempt ${error.attemptNumber}): ${error.message}`
+            `Failed to create token for "${parsedOwner}" (attempt ${context.attemptNumber}): ${context.error.message}`
           );
         },
         retries: 3,

package.json

@@ -2,35 +2,33 @@
   "name": "create-github-app-token",
   "private": true,
   "type": "module",
-  "version": "3.0.0-beta.3",
+  "version": "3.0.0-beta.5",
   "description": "GitHub Action for creating a GitHub App Installation Access Token",
   "engines": {
     "node": ">=24.4.0"
   },
+  "packageManager": "npm@10.9.4",
   "scripts": {
     "build": "esbuild main.js post.js --bundle --outdir=dist --out-extension:.js=.cjs --platform=node --packages=bundle",
-    "test": "c8 --100 ava tests/index.js",
+    "test": "c8 --100 node --test tests/index.js",
     "coverage": "c8 report --reporter html",
     "postcoverage": "open-cli coverage/index.html"
   },
   "license": "MIT",
   "dependencies": {
     "@actions/core": "^1.11.1",
-    "@octokit/auth-app": "^7.2.1",
-    "@octokit/request": "^9.2.2",
-    "p-retry": "^6.2.1"
+    "@octokit/auth-app": "^8.1.2",
+    "@octokit/request": "^10.0.3",
+    "p-retry": "^7.1.0",
+    "undici": "^7.16.0"
   },
   "devDependencies": {
-    "@octokit/openapi": "^19.1.0",
-    "@sinonjs/fake-timers": "^14.0.0",
-    "ava": "^6.4.1",
+    "@octokit/openapi": "^21.0.0",
     "c8": "^10.1.3",
-    "dotenv": "^17.2.1",
-    "esbuild": "^0.25.8",
-    "execa": "^9.6.0",
+    "dotenv": "^17.3.1",
+    "esbuild": "^0.27.3",
     "open-cli": "^8.0.0",
-    "undici": "^7.13.0",
-    "yaml": "^2.8.1"
+    "yaml": "^2.8.2"
   },
   "release": {
     "branches": [

scripts/generated/app-permissions.json

@@ -187,6 +187,14 @@
         "write"
       ]
     },
+    "custom_properties_for_organizations": {
+      "type": "string",
+      "description": "The level of permission to grant the access token to view and edit custom properties for an organization, when allowed by the property.",
+      "enum": [
+        "read",
+        "write"
+      ]
+    },
     "members": {
       "type": "string",
       "description": "The level of permission to grant the access token for organization teams and members.",
@@ -221,7 +229,7 @@
     },
     "organization_custom_properties": {
       "type": "string",
-      "description": "The level of permission to grant the access token for custom property management.",
+      "description": "The level of permission to grant the access token for repository custom properties management at the organization level.",
       "enum": [
         "read",
         "write",
@@ -384,6 +392,15 @@
         "read",
         "write"
       ]
+    },
+    "enterprise_custom_properties_for_organizations": {
+      "type": "string",
+      "description": "The level of permission to grant the access token for organization custom properties management at the enterprise level.",
+      "enum": [
+        "read",
+        "write",
+        "admin"
+      ]
     }
   },
   "example": {

tests/README.md

@@ -2,14 +2,14 @@
 
 Add one test file per scenario. You can run them in isolation with:
 
-```bash
+```
 node tests/post-token-set.test.js
 ```
 
-All tests are run together in [tests/index.js](index.js), which can be executed with ava
+All tests are run together in [tests/index.js](index.js), which can be executed with Node's built-in test runner
 
 ```
-npx ava tests/index.js
+node --test tests/index.js
 ```
 
 or with npm
@@ -20,7 +20,13 @@ npm test
 
 ## How the tests work
 
-The output from the tests is captured into a snapshot ([tests/snapshots/index.js.md](snapshots/index.js.md)). It includes all requests sent by our scripts to verify it's working correctly and to prevent regressions.
+The output from the tests is captured into a snapshot ([tests/index.js.snapshot](index.js.snapshot)). It includes all requests sent by our scripts to verify it's working correctly and to prevent regressions.
+
+To update snapshots after an intentional change:
+
+```
+node --test --test-update-snapshots tests/index.js
+```
 
 ## How to add a new test
 

tests/index.js

@@ -1,15 +1,23 @@
 import { readdirSync } from "node:fs";
+import { execFile } from "node:child_process";
+import { promisify } from "node:util";
 
-import test from "ava";
-import { execa } from "execa";
+import { snapshot, test } from "node:test";
+
+const execFileAsync = promisify(execFile);
+
+// Serialize strings as-is so multiline output is human-readable in snapshots
+snapshot.setDefaultSnapshotSerializers([
+  (value) => (typeof value === "string" ? value : undefined),
+]);
 
 // Get all files in tests directory
 const files = readdirSync("tests");
 
 // Files to ignore
-const ignore = ["index.js", "main.js", "README.md", "snapshots"];
+const ignore = ["index.js", "index.js.snapshot", "main.js", "README.md"];
 
-const testFiles = files.filter((file) => !ignore.includes(file));
+const testFiles = files.filter((file) => !ignore.includes(file)).sort();
 
 // Throw an error if there is a file that does not end with test.js in the tests directory
 for (const file of testFiles) {
@@ -18,20 +26,31 @@ for (const file of testFiles) {
   }
   test(file, async (t) => {
     // Override Actions environment variables that change `core`’s behavior
-    const env = {
-      GITHUB_OUTPUT: undefined,
-      GITHUB_STATE: undefined,
-      HTTP_PROXY: undefined,
-      HTTPS_PROXY: undefined,
-      http_proxy: undefined,
-      https_proxy: undefined,
-      NO_PROXY: undefined,
-      no_proxy: undefined,
-      NODE_OPTIONS: undefined,
-      NODE_USE_ENV_PROXY: undefined,
-    };
-    const { stderr, stdout } = await execa("node", [`tests/${file}`], { env });
-    t.snapshot(stderr, "stderr");
-    t.snapshot(stdout, "stdout");
+    const {
+      GITHUB_OUTPUT,
+      GITHUB_STATE,
+      HTTP_PROXY,
+      HTTPS_PROXY,
+      http_proxy,
+      https_proxy,
+      NO_PROXY,
+      no_proxy,
+      NODE_OPTIONS,
+      NODE_USE_ENV_PROXY,
+      ...env
+    } = process.env;
+    const { stderr, stdout } = await execFileAsync("node", [`tests/${file}`], {
+      env,
+    });
+    const trimmedStderr = stderr.replace(/\r?\n$/, "");
+    const trimmedStdout = stdout.replace(/\r?\n$/, "");
+    await t.test("stderr", (t) => {
+      if (trimmedStderr) t.assert.snapshot(trimmedStderr);
+      else t.assert.strictEqual(trimmedStderr, "");
+    });
+    await t.test("stdout", (t) => {
+      if (trimmedStdout) t.assert.snapshot(trimmedStdout);
+      else t.assert.strictEqual(trimmedStdout, "");
+    });
   });
 }

tests/index.js.snapshot

@@ -0,0 +1,274 @@
+exports[`main-custom-github-api-url.test.js > stdout 1`] = `
+Inputs 'owner' and 'repositories' are set. Creating token for the following repositories:
+      
+- actions/create-github-app-token
+::add-mask::ghs_16C7e42F292c6912E7710c838347Ae178B4a
+
+::set-output name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a
+
+::set-output name=installation-id::123456
+
+::set-output name=app-slug::github-actions
+::save-state name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a
+::save-state name=expiresAt::2016-07-11T22:14:10Z
+--- REQUESTS ---
+GET /api/v3/repos/actions/create-github-app-token/installation
+POST /api/v3/app/installations/123456/access_tokens
+{"repositories":["create-github-app-token"]}
+`;
+
+exports[`main-missing-owner.test.js > stderr 1`] = `
+GITHUB_REPOSITORY_OWNER missing, must be set to '<owner>'
+`;
+
+exports[`main-missing-repository.test.js > stderr 1`] = `
+GITHUB_REPOSITORY missing, must be set to '<owner>/<repo>'
+`;
+
+exports[`main-private-key-with-escaped-newlines.test.js > stdout 1`] = `
+Inputs 'owner' and 'repositories' are not set. Creating token for this repository (actions/create-github-app-token).
+::add-mask::ghs_16C7e42F292c6912E7710c838347Ae178B4a
+
+::set-output name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a
+
+::set-output name=installation-id::123456
+
+::set-output name=app-slug::github-actions
+::save-state name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a
+::save-state name=expiresAt::2016-07-11T22:14:10Z
+--- REQUESTS ---
+GET /repos/actions/create-github-app-token/installation
+POST /app/installations/123456/access_tokens
+{"repositories":["create-github-app-token"]}
+`;
+
+exports[`main-proxy-requires-native-support.test.js > stderr 1`] = `
+A proxy environment variable is set, but Node.js native proxy support is not enabled. Set NODE_USE_ENV_PROXY=1 for this action step.
+`;
+
+exports[`main-proxy-requires-native-support.test.js > stdout 1`] = `
+::error::A proxy environment variable is set, but Node.js native proxy support is not enabled. Set NODE_USE_ENV_PROXY=1 for this action step.
+`;
+
+exports[`main-repo-skew.test.js > stderr 1`] = `
+'Issued at' claim ('iat') must be an Integer representing the time that the assertion was issued.
+[@octokit/auth-app] GitHub API time and system time are different by 30 seconds. Retrying request with the difference accounted for.
+`;
+
+exports[`main-repo-skew.test.js > stdout 1`] = `
+Inputs 'owner' and 'repositories' are set. Creating token for the following repositories:
+      
+- actions/failed-repo
+::add-mask::ghs_16C7e42F292c6912E7710c838347Ae178B4a
+
+::set-output name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a
+
+::set-output name=installation-id::123456
+
+::set-output name=app-slug::github-actions
+::save-state name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a
+::save-state name=expiresAt::2016-07-11T22:14:10Z
+--- REQUESTS ---
+GET /repos/actions/failed-repo/installation
+GET /repos/actions/failed-repo/installation
+POST /app/installations/123456/access_tokens
+{"repositories":["failed-repo"]}
+`;
+
+exports[`main-token-get-owner-set-fail-response.test.js > stdout 1`] = `
+Input 'repositories' is not set. Creating token for all repositories owned by smockle.
+Failed to create token for "smockle" (attempt 1): GitHub API not available
+::add-mask::ghs_16C7e42F292c6912E7710c838347Ae178B4a
+
+::set-output name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a
+
+::set-output name=installation-id::123456
+
+::set-output name=app-slug::github-actions
+::save-state name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a
+::save-state name=expiresAt::2016-07-11T22:14:10Z
+--- REQUESTS ---
+GET /users/smockle/installation
+GET /users/smockle/installation
+POST /app/installations/123456/access_tokens
+null
+`;
+
+exports[`main-token-get-owner-set-repo-fail-response.test.js > stdout 1`] = `
+Inputs 'owner' and 'repositories' are set. Creating token for the following repositories:
+      
+- actions/failed-repo
+Failed to create token for "failed-repo" (attempt 1): GitHub API not available
+::add-mask::ghs_16C7e42F292c6912E7710c838347Ae178B4a
+
+::set-output name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a
+
+::set-output name=installation-id::123456
+
+::set-output name=app-slug::github-actions
+::save-state name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a
+::save-state name=expiresAt::2016-07-11T22:14:10Z
+--- REQUESTS ---
+GET /repos/actions/failed-repo/installation
+GET /repos/actions/failed-repo/installation
+POST /app/installations/123456/access_tokens
+{"repositories":["failed-repo"]}
+`;
+
+exports[`main-token-get-owner-set-repo-set-to-many-newline.test.js > stdout 1`] = `
+Inputs 'owner' and 'repositories' are set. Creating token for the following repositories:
+      
+- actions/create-github-app-token
+- actions/toolkit
+- actions/checkout
+::add-mask::ghs_16C7e42F292c6912E7710c838347Ae178B4a
+
+::set-output name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a
+
+::set-output name=installation-id::123456
+
+::set-output name=app-slug::github-actions
+::save-state name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a
+::save-state name=expiresAt::2016-07-11T22:14:10Z
+--- REQUESTS ---
+GET /repos/actions/create-github-app-token/installation
+POST /app/installations/123456/access_tokens
+{"repositories":["create-github-app-token","toolkit","checkout"]}
+`;
+
+exports[`main-token-get-owner-set-repo-set-to-many.test.js > stdout 1`] = `
+Inputs 'owner' and 'repositories' are set. Creating token for the following repositories:
+      
+- actions/create-github-app-token
+- actions/toolkit
+- actions/checkout
+::add-mask::ghs_16C7e42F292c6912E7710c838347Ae178B4a
+
+::set-output name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a
+
+::set-output name=installation-id::123456
+
+::set-output name=app-slug::github-actions
+::save-state name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a
+::save-state name=expiresAt::2016-07-11T22:14:10Z
+--- REQUESTS ---
+GET /repos/actions/create-github-app-token/installation
+POST /app/installations/123456/access_tokens
+{"repositories":["create-github-app-token","toolkit","checkout"]}
+`;
+
+exports[`main-token-get-owner-set-repo-set-to-one.test.js > stdout 1`] = `
+Inputs 'owner' and 'repositories' are set. Creating token for the following repositories:
+      
+- actions/create-github-app-token
+::add-mask::ghs_16C7e42F292c6912E7710c838347Ae178B4a
+
+::set-output name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a
+
+::set-output name=installation-id::123456
+
+::set-output name=app-slug::github-actions
+::save-state name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a
+::save-state name=expiresAt::2016-07-11T22:14:10Z
+--- REQUESTS ---
+GET /repos/actions/create-github-app-token/installation
+POST /app/installations/123456/access_tokens
+{"repositories":["create-github-app-token"]}
+`;
+
+exports[`main-token-get-owner-set-repo-unset.test.js > stdout 1`] = `
+Input 'repositories' is not set. Creating token for all repositories owned by actions.
+::add-mask::ghs_16C7e42F292c6912E7710c838347Ae178B4a
+
+::set-output name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a
+
+::set-output name=installation-id::123456
+
+::set-output name=app-slug::github-actions
+::save-state name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a
+::save-state name=expiresAt::2016-07-11T22:14:10Z
+--- REQUESTS ---
+GET /users/actions/installation
+POST /app/installations/123456/access_tokens
+null
+`;
+
+exports[`main-token-get-owner-unset-repo-set.test.js > stdout 1`] = `
+No 'owner' input provided. Using default owner 'actions' to create token for the following repositories:
+- actions/create-github-app-token
+::add-mask::ghs_16C7e42F292c6912E7710c838347Ae178B4a
+
+::set-output name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a
+
+::set-output name=installation-id::123456
+
+::set-output name=app-slug::github-actions
+::save-state name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a
+::save-state name=expiresAt::2016-07-11T22:14:10Z
+--- REQUESTS ---
+GET /repos/actions/create-github-app-token/installation
+POST /app/installations/123456/access_tokens
+{"repositories":["create-github-app-token"]}
+`;
+
+exports[`main-token-get-owner-unset-repo-unset.test.js > stdout 1`] = `
+Inputs 'owner' and 'repositories' are not set. Creating token for this repository (actions/create-github-app-token).
+::add-mask::ghs_16C7e42F292c6912E7710c838347Ae178B4a
+
+::set-output name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a
+
+::set-output name=installation-id::123456
+
+::set-output name=app-slug::github-actions
+::save-state name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a
+::save-state name=expiresAt::2016-07-11T22:14:10Z
+--- REQUESTS ---
+GET /repos/actions/create-github-app-token/installation
+POST /app/installations/123456/access_tokens
+{"repositories":["create-github-app-token"]}
+`;
+
+exports[`main-token-permissions-set.test.js > stdout 1`] = `
+Inputs 'owner' and 'repositories' are not set. Creating token for this repository (actions/create-github-app-token).
+::add-mask::ghs_16C7e42F292c6912E7710c838347Ae178B4a
+
+::set-output name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a
+
+::set-output name=installation-id::123456
+
+::set-output name=app-slug::github-actions
+::save-state name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a
+::save-state name=expiresAt::2016-07-11T22:14:10Z
+--- REQUESTS ---
+GET /repos/actions/create-github-app-token/installation
+POST /app/installations/123456/access_tokens
+{"repositories":["create-github-app-token"],"permissions":{"issues":"write","pull_requests":"read"}}
+`;
+
+exports[`post-proxy-requires-native-support.test.js > stderr 1`] = `
+A proxy environment variable is set, but Node.js native proxy support is not enabled. Set NODE_USE_ENV_PROXY=1 for this action step.
+`;
+
+exports[`post-proxy-requires-native-support.test.js > stdout 1`] = `
+::error::A proxy environment variable is set, but Node.js native proxy support is not enabled. Set NODE_USE_ENV_PROXY=1 for this action step.
+`;
+
+exports[`post-revoke-token-fail-response.test.js > stdout 1`] = `
+::warning::Token revocation failed: 
+`;
+
+exports[`post-token-expired.test.js > stdout 1`] = `
+Token expired, skipping token revocation
+`;
+
+exports[`post-token-set.test.js > stdout 1`] = `
+Token revoked
+`;
+
+exports[`post-token-skipped.test.js > stdout 1`] = `
+Token revocation was skipped
+`;
+
+exports[`post-token-unset.test.js > stdout 1`] = `
+Token is not set
+`;

tests/main-repo-skew.test.js

@@ -1,6 +1,6 @@
-import { test } from "./main.js";
+import { mock } from "node:test";
 
-import { install } from "@sinonjs/fake-timers";
+import { test } from "./main.js";
 
 // Verify `main` retry when the clock has drifted.
 await test((mockPool) => {
@@ -11,7 +11,7 @@ await test((mockPool) => {
   const mockInstallationId = "123456";
   const mockAppSlug = "github-actions";
 
-  install({ now: 0, toFake: ["Date"] });
+  mock.timers.enable({ apis: ["Date"], now: 0 });
 
   mockPool
     .intercept({
@@ -59,4 +59,6 @@ await test((mockPool) => {
       };
     })
     .times(2);
+}).finally(() => {
+  mock.timers.reset();
 });

tests/snapshots/index.js.md

@@ -1,404 +0,0 @@
-# Snapshot report for `tests/index.js`
-
-The actual snapshot is saved in `index.js.snap`.
-
-Generated by [AVA](https://avajs.dev).
-
-## action-deprecated-inputs.test.js
-
-> stderr
-
-    ''
-
-> stdout
-
-    ''
-
-## main-custom-github-api-url.test.js
-
-> stderr
-
-    ''
-
-> stdout
-
-    `Inputs 'owner' and 'repositories' are set. Creating token for the following repositories:␊
-          ␊
-    - actions/create-github-app-token␊
-    ::add-mask::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
-    ␊
-    ::set-output name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
-    ␊
-    ::set-output name=installation-id::123456␊
-    ␊
-    ::set-output name=app-slug::github-actions␊
-    ::save-state name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
-    ::save-state name=expiresAt::2016-07-11T22:14:10Z␊
-    --- REQUESTS ---␊
-    GET /api/v3/repos/actions/create-github-app-token/installation␊
-    POST /api/v3/app/installations/123456/access_tokens␊
-    {"repositories":["create-github-app-token"]}`
-
-## main-missing-owner.test.js
-
-> stderr
-
-    'GITHUB_REPOSITORY_OWNER missing, must be set to \'<owner>\''
-
-> stdout
-
-    ''
-
-## main-missing-repository.test.js
-
-> stderr
-
-    'GITHUB_REPOSITORY missing, must be set to \'<owner>/<repo>\''
-
-> stdout
-
-    ''
-
-## main-private-key-with-escaped-newlines.test.js
-
-> stderr
-
-    ''
-
-> stdout
-
-    `Inputs 'owner' and 'repositories' are not set. Creating token for this repository (actions/create-github-app-token).␊
-    ::add-mask::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
-    ␊
-    ::set-output name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
-    ␊
-    ::set-output name=installation-id::123456␊
-    ␊
-    ::set-output name=app-slug::github-actions␊
-    ::save-state name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
-    ::save-state name=expiresAt::2016-07-11T22:14:10Z␊
-    --- REQUESTS ---␊
-    GET /repos/actions/create-github-app-token/installation␊
-    POST /app/installations/123456/access_tokens␊
-    {"repositories":["create-github-app-token"]}`
-
-## main-proxy-requires-native-support.test.js
-
-> stderr
-
-    'A proxy environment variable is set, but Node.js native proxy support is not enabled. Set NODE_USE_ENV_PROXY=1 for this action step.'
-
-> stdout
-
-    '::error::A proxy environment variable is set, but Node.js native proxy support is not enabled. Set NODE_USE_ENV_PROXY=1 for this action step.'
-
-## main-repo-skew.test.js
-
-> stderr
-
-    `'Issued at' claim ('iat') must be an Integer representing the time that the assertion was issued.␊
-    [@octokit/auth-app] GitHub API time and system time are different by 30 seconds. Retrying request with the difference accounted for.`
-
-> stdout
-
-    `Inputs 'owner' and 'repositories' are set. Creating token for the following repositories:␊
-          ␊
-    - actions/failed-repo␊
-    ::add-mask::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
-    ␊
-    ::set-output name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
-    ␊
-    ::set-output name=installation-id::123456␊
-    ␊
-    ::set-output name=app-slug::github-actions␊
-    ::save-state name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
-    ::save-state name=expiresAt::2016-07-11T22:14:10Z␊
-    --- REQUESTS ---␊
-    GET /repos/actions/failed-repo/installation␊
-    GET /repos/actions/failed-repo/installation␊
-    POST /app/installations/123456/access_tokens␊
-    {"repositories":["failed-repo"]}`
-
-## main-token-get-owner-set-fail-response.test.js
-
-> stderr
-
-    ''
-
-> stdout
-
-    `Input 'repositories' is not set. Creating token for all repositories owned by smockle.␊
-    Failed to create token for "smockle" (attempt 1): GitHub API not available␊
-    ::add-mask::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
-    ␊
-    ::set-output name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
-    ␊
-    ::set-output name=installation-id::123456␊
-    ␊
-    ::set-output name=app-slug::github-actions␊
-    ::save-state name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
-    ::save-state name=expiresAt::2016-07-11T22:14:10Z␊
-    --- REQUESTS ---␊
-    GET /users/smockle/installation␊
-    GET /users/smockle/installation␊
-    POST /app/installations/123456/access_tokens␊
-    null`
-
-## main-token-get-owner-set-repo-fail-response.test.js
-
-> stderr
-
-    ''
-
-> stdout
-
-    `Inputs 'owner' and 'repositories' are set. Creating token for the following repositories:␊
-          ␊
-    - actions/failed-repo␊
-    Failed to create token for "failed-repo" (attempt 1): GitHub API not available␊
-    ::add-mask::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
-    ␊
-    ::set-output name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
-    ␊
-    ::set-output name=installation-id::123456␊
-    ␊
-    ::set-output name=app-slug::github-actions␊
-    ::save-state name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
-    ::save-state name=expiresAt::2016-07-11T22:14:10Z␊
-    --- REQUESTS ---␊
-    GET /repos/actions/failed-repo/installation␊
-    GET /repos/actions/failed-repo/installation␊
-    POST /app/installations/123456/access_tokens␊
-    {"repositories":["failed-repo"]}`
-
-## main-token-get-owner-set-repo-set-to-many-newline.test.js
-
-> stderr
-
-    ''
-
-> stdout
-
-    `Inputs 'owner' and 'repositories' are set. Creating token for the following repositories:␊
-          ␊
-    - actions/create-github-app-token␊
-    - actions/toolkit␊
-    - actions/checkout␊
-    ::add-mask::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
-    ␊
-    ::set-output name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
-    ␊
-    ::set-output name=installation-id::123456␊
-    ␊
-    ::set-output name=app-slug::github-actions␊
-    ::save-state name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
-    ::save-state name=expiresAt::2016-07-11T22:14:10Z␊
-    --- REQUESTS ---␊
-    GET /repos/actions/create-github-app-token/installation␊
-    POST /app/installations/123456/access_tokens␊
-    {"repositories":["create-github-app-token","toolkit","checkout"]}`
-
-## main-token-get-owner-set-repo-set-to-many.test.js
-
-> stderr
-
-    ''
-
-> stdout
-
-    `Inputs 'owner' and 'repositories' are set. Creating token for the following repositories:␊
-          ␊
-    - actions/create-github-app-token␊
-    - actions/toolkit␊
-    - actions/checkout␊
-    ::add-mask::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
-    ␊
-    ::set-output name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
-    ␊
-    ::set-output name=installation-id::123456␊
-    ␊
-    ::set-output name=app-slug::github-actions␊
-    ::save-state name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
-    ::save-state name=expiresAt::2016-07-11T22:14:10Z␊
-    --- REQUESTS ---␊
-    GET /repos/actions/create-github-app-token/installation␊
-    POST /app/installations/123456/access_tokens␊
-    {"repositories":["create-github-app-token","toolkit","checkout"]}`
-
-## main-token-get-owner-set-repo-set-to-one.test.js
-
-> stderr
-
-    ''
-
-> stdout
-
-    `Inputs 'owner' and 'repositories' are set. Creating token for the following repositories:␊
-          ␊
-    - actions/create-github-app-token␊
-    ::add-mask::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
-    ␊
-    ::set-output name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
-    ␊
-    ::set-output name=installation-id::123456␊
-    ␊
-    ::set-output name=app-slug::github-actions␊
-    ::save-state name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
-    ::save-state name=expiresAt::2016-07-11T22:14:10Z␊
-    --- REQUESTS ---␊
-    GET /repos/actions/create-github-app-token/installation␊
-    POST /app/installations/123456/access_tokens␊
-    {"repositories":["create-github-app-token"]}`
-
-## main-token-get-owner-set-repo-unset.test.js
-
-> stderr
-
-    ''
-
-> stdout
-
-    `Input 'repositories' is not set. Creating token for all repositories owned by actions.␊
-    ::add-mask::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
-    ␊
-    ::set-output name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
-    ␊
-    ::set-output name=installation-id::123456␊
-    ␊
-    ::set-output name=app-slug::github-actions␊
-    ::save-state name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
-    ::save-state name=expiresAt::2016-07-11T22:14:10Z␊
-    --- REQUESTS ---␊
-    GET /users/actions/installation␊
-    POST /app/installations/123456/access_tokens␊
-    null`
-
-## main-token-get-owner-unset-repo-set.test.js
-
-> stderr
-
-    ''
-
-> stdout
-
-    `No 'owner' input provided. Using default owner 'actions' to create token for the following repositories:␊
-    - actions/create-github-app-token␊
-    ::add-mask::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
-    ␊
-    ::set-output name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
-    ␊
-    ::set-output name=installation-id::123456␊
-    ␊
-    ::set-output name=app-slug::github-actions␊
-    ::save-state name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
-    ::save-state name=expiresAt::2016-07-11T22:14:10Z␊
-    --- REQUESTS ---␊
-    GET /repos/actions/create-github-app-token/installation␊
-    POST /app/installations/123456/access_tokens␊
-    {"repositories":["create-github-app-token"]}`
-
-## main-token-get-owner-unset-repo-unset.test.js
-
-> stderr
-
-    ''
-
-> stdout
-
-    `Inputs 'owner' and 'repositories' are not set. Creating token for this repository (actions/create-github-app-token).␊
-    ::add-mask::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
-    ␊
-    ::set-output name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
-    ␊
-    ::set-output name=installation-id::123456␊
-    ␊
-    ::set-output name=app-slug::github-actions␊
-    ::save-state name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
-    ::save-state name=expiresAt::2016-07-11T22:14:10Z␊
-    --- REQUESTS ---␊
-    GET /repos/actions/create-github-app-token/installation␊
-    POST /app/installations/123456/access_tokens␊
-    {"repositories":["create-github-app-token"]}`
-
-## main-token-permissions-set.test.js
-
-> stderr
-
-    ''
-
-> stdout
-
-    `Inputs 'owner' and 'repositories' are not set. Creating token for this repository (actions/create-github-app-token).␊
-    ::add-mask::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
-    ␊
-    ::set-output name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
-    ␊
-    ::set-output name=installation-id::123456␊
-    ␊
-    ::set-output name=app-slug::github-actions␊
-    ::save-state name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
-    ::save-state name=expiresAt::2016-07-11T22:14:10Z␊
-    --- REQUESTS ---␊
-    GET /repos/actions/create-github-app-token/installation␊
-    POST /app/installations/123456/access_tokens␊
-    {"repositories":["create-github-app-token"],"permissions":{"issues":"write","pull_requests":"read"}}`
-
-## post-proxy-requires-native-support.test.js
-
-> stderr
-
-    'A proxy environment variable is set, but Node.js native proxy support is not enabled. Set NODE_USE_ENV_PROXY=1 for this action step.'
-
-> stdout
-
-    '::error::A proxy environment variable is set, but Node.js native proxy support is not enabled. Set NODE_USE_ENV_PROXY=1 for this action step.'
-
-## post-revoke-token-fail-response.test.js
-
-> stderr
-
-    ''
-
-> stdout
-
-    '::warning::Token revocation failed: '
-
-## post-token-expired.test.js
-
-> stderr
-
-    ''
-
-> stdout
-
-    'Token expired, skipping token revocation'
-
-## post-token-set.test.js
-
-> stderr
-
-    ''
-
-> stdout
-
-    'Token revoked'
-
-## post-token-skipped.test.js
-
-> stderr
-
-    ''
-
-> stdout
-
-    'Token revocation was skipped'
-
-## post-token-unset.test.js
-
-> stderr
-
-    ''
-
-> stdout
-
-    'Token is not set'