feat: add proxy support via child process spawning

When proxy environment variables (https_proxy, HTTPS_PROXY, http_proxy,
HTTP_PROXY) are detected and NODE_USE_ENV_PROXY is not already set to
"1", the action spawns a child process with NODE_USE_ENV_PROXY=1 to
enable Node.js native proxy support.

- Add lib/run-with-proxy.js shared utility for both main.js and post.js
- Update main.js and post.js to use runWithProxy() wrapper
- Add tests for proxy spawning, child error handling, and already-enabled path
- 100% code coverage maintained

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

.github/workflows/release.yml

@@ -26,6 +26,7 @@ jobs:
         with:
           node-version-file: package.json
 
+
       - run: npm ci
       - run: npm run build
       - uses: ./

.github/workflows/test.yml

@@ -4,7 +4,6 @@ on:
   push:
     branches:
       - main
-      - beta
   pull_request:
   merge_group:
   workflow_dispatch:
@@ -34,7 +33,7 @@ jobs:
     name: end-to-end
     runs-on: ubuntu-latest
     # do not run from forks, as forks don’t have access to repository secrets
-    if: github.event_name != 'pull_request' || github.event.pull_request.head.repo.owner.login == github.event.pull_request.base.repo.owner.login
+    if: github.event_name == 'merge_group' || github.event.pull_request.head.repo.owner.login == github.event.pull_request.base.repo.owner.login
     steps:
       - uses: actions/checkout@v6
       - uses: actions/setup-node@v6
@@ -54,28 +53,3 @@ jobs:
         with:
           route: GET /installation/repositories
       - run: echo '${{ steps.get-repository.outputs.data }}'
-
-  end-to-end-proxy:
-    name: end-to-end with unreachable proxy
-    runs-on: ubuntu-latest
-    # do not run from forks, as forks don’t have access to repository secrets
-    if: github.event_name != 'pull_request' || github.event.pull_request.head.repo.owner.login == github.event.pull_request.base.repo.owner.login
-    steps:
-      - uses: actions/checkout@v6
-      - uses: actions/setup-node@v6
-        with:
-          node-version-file: package.json
-          cache: 'npm'
-      - run: npm ci
-      - run: npm run build
-      - uses: ./ # Uses the action in the root directory
-        continue-on-error: true
-        id: test
-        env:
-          NODE_USE_ENV_PROXY: "1"
-          https_proxy: http://127.0.0.1:9
-        with:
-          app-id: ${{ vars.TEST_APP_ID }}
-          private-key: ${{ secrets.TEST_APP_PRIVATE_KEY }}
-      - name: Assert action failed through unreachable proxy
-        run: test "${{ steps.test.outcome }}" = "failure"

.github/workflows/update-permission-inputs.yml

@@ -31,7 +31,7 @@ jobs:
         run: node scripts/update-permission-inputs.js
       - name: Commit changes
         id: auto-commit
-        uses: stefanzweifel/git-auto-commit-action@04702edda442b2e678b25b537cec683a1493fcb9 # v7.1.0
+        uses: stefanzweifel/git-auto-commit-action@778341af668090896ca464160c2def5d1d1a3eb0 # v6.0.1
         with:
           commit_message: ${{ env.COMMIT_MESSAGE }}
       - name: Update PR title

README.md

@@ -28,7 +28,7 @@ jobs:
   hello-world:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/create-github-app-token@v3
+      - uses: actions/create-github-app-token@v2
         id: app-token
         with:
           app-id: ${{ vars.APP_ID }}
@@ -47,19 +47,19 @@ jobs:
   auto-format:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/create-github-app-token@v3
+      - uses: actions/create-github-app-token@v2
         id: app-token
         with:
           # required
           app-id: ${{ vars.APP_ID }}
           private-key: ${{ secrets.PRIVATE_KEY }}
-      - uses: actions/checkout@v6
+      - uses: actions/checkout@v4
         with:
           token: ${{ steps.app-token.outputs.token }}
           ref: ${{ github.head_ref }}
           # Make sure the value of GITHUB_TOKEN will not be persisted in repo's config
           persist-credentials: false
-      - uses: creyD/prettier_action@v6
+      - uses: creyD/prettier_action@v4.3
         with:
           github_token: ${{ steps.app-token.outputs.token }}
 ```
@@ -73,7 +73,7 @@ jobs:
   auto-format:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/create-github-app-token@v3
+      - uses: actions/create-github-app-token@v2
         id: app-token
         with:
           # required
@@ -98,7 +98,7 @@ jobs:
   auto-format:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/create-github-app-token@v3
+      - uses: actions/create-github-app-token@v2
         id: app-token
         with:
           # required
@@ -135,13 +135,13 @@ jobs:
   hello-world:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/create-github-app-token@v3
+      - uses: actions/create-github-app-token@v2
         id: app-token
         with:
           app-id: ${{ vars.APP_ID }}
           private-key: ${{ secrets.PRIVATE_KEY }}
           owner: ${{ github.repository_owner }}
-      - uses: peter-evans/create-or-update-comment@v4
+      - uses: peter-evans/create-or-update-comment@v3
         with:
           token: ${{ steps.app-token.outputs.token }}
           issue-number: ${{ github.event.issue.number }}
@@ -157,7 +157,7 @@ jobs:
   hello-world:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/create-github-app-token@v3
+      - uses: actions/create-github-app-token@v2
         id: app-token
         with:
           app-id: ${{ vars.APP_ID }}
@@ -166,7 +166,7 @@ jobs:
           repositories: |
             repo1
             repo2
-      - uses: peter-evans/create-or-update-comment@v4
+      - uses: peter-evans/create-or-update-comment@v3
         with:
           token: ${{ steps.app-token.outputs.token }}
           issue-number: ${{ github.event.issue.number }}
@@ -182,13 +182,13 @@ jobs:
   hello-world:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/create-github-app-token@v3
+      - uses: actions/create-github-app-token@v2
         id: app-token
         with:
           app-id: ${{ vars.APP_ID }}
           private-key: ${{ secrets.PRIVATE_KEY }}
           owner: another-owner
-      - uses: peter-evans/create-or-update-comment@v4
+      - uses: peter-evans/create-or-update-comment@v3
         with:
           token: ${{ steps.app-token.outputs.token }}
           issue-number: ${{ github.event.issue.number }}
@@ -207,14 +207,14 @@ jobs:
   hello-world:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/create-github-app-token@v3
+      - uses: actions/create-github-app-token@v2
         id: app-token
         with:
           app-id: ${{ vars.APP_ID }}
           private-key: ${{ secrets.PRIVATE_KEY }}
           owner: ${{ github.repository_owner }}
           permission-issues: write
-      - uses: peter-evans/create-or-update-comment@v4
+      - uses: peter-evans/create-or-update-comment@v3
         with:
           token: ${{ steps.app-token.outputs.token }}
           issue-number: ${{ github.event.issue.number }}
@@ -249,7 +249,7 @@ jobs:
         owners-and-repos: ${{ fromJson(needs.set-matrix.outputs.matrix) }}
 
     steps:
-      - uses: actions/create-github-app-token@v3
+      - uses: actions/create-github-app-token@v2
         id: app-token
         with:
           app-id: ${{ vars.APP_ID }}
@@ -279,7 +279,7 @@ jobs:
     steps:
       - name: Create GitHub App token
         id: create_token
-        uses: actions/create-github-app-token@v3
+        uses: actions/create-github-app-token@v2
         with:
           app-id: ${{ vars.GHES_APP_ID }}
           private-key: ${{ secrets.GHES_APP_PRIVATE_KEY }}
@@ -296,24 +296,6 @@ jobs:
           GITHUB_TOKEN: ${{ steps.create_token.outputs.token }}
 ```
 
-### Proxy support
-
-This action relies on Node.js native proxy support.
-
-If you set `HTTP_PROXY` or `HTTPS_PROXY`, also set `NODE_USE_ENV_PROXY: "1"` on the action step so Node.js honors those variables. If you need proxy bypass rules, set `NO_PROXY` alongside them.
-
-```yaml
-- uses: actions/create-github-app-token@v3
-  id: app-token
-  env:
-    HTTPS_PROXY: http://proxy.example.com:8080
-    NO_PROXY: github.example.com
-    NODE_USE_ENV_PROXY: "1"
-  with:
-    app-id: ${{ vars.APP_ID }}
-    private-key: ${{ secrets.PRIVATE_KEY }}
-```
-
 ## Inputs
 
 ### `app-id`
@@ -336,7 +318,7 @@ steps:
       echo "private-key=$private_key" >> "$GITHUB_OUTPUT"
   - name: Generate GitHub App Token
     id: app-token
-    uses: actions/create-github-app-token@v3
+    uses: actions/create-github-app-token@v2
     with:
       app-id: ${{ vars.APP_ID }}
       private-key: ${{ steps.decode.outputs.private-key }}

action.yml

@@ -136,6 +136,6 @@ outputs:
   app-slug:
     description: "GitHub App slug"
 runs:
-  using: "node24"
+  using: "node20"
   main: "dist/main.cjs"
   post: "dist/post.cjs"

lib/request.js

@@ -1,36 +1,41 @@
-import * as core from "@actions/core";
+import core from "@actions/core";
 import { request } from "@octokit/request";
+import { ProxyAgent, fetch as undiciFetch } from "undici";
 
-// Get the GitHub API URL from the action input and remove any trailing slash
 const baseUrl = core.getInput("github-api-url").replace(/\/$/, "");
 
-const proxyEnvironmentKeys = [
-  "https_proxy",
-  "HTTPS_PROXY",
-  "http_proxy",
-  "HTTP_PROXY",
-];
+// https://docs.github.com/actions/hosting-your-own-runners/managing-self-hosted-runners/using-a-proxy-server-with-self-hosted-runners
+const proxyUrl =
+  process.env.https_proxy ||
+  process.env.HTTPS_PROXY ||
+  process.env.http_proxy ||
+  process.env.HTTP_PROXY;
 
-function proxyEnvironmentConfigured() {
-  return proxyEnvironmentKeys.some((key) => process.env[key]);
-}
+/* c8 ignore start */
+// Native support for proxies in Undici is under consideration: https://github.com/nodejs/undici/issues/1650
+// Until then, we need to use a custom fetch function to add proxy support.
+const proxyFetch = (url, options) => {
+  const urlHost = new URL(url).hostname;
+  const noProxy = (process.env.no_proxy || process.env.NO_PROXY || "").split(
+    ",",
+  );
 
-function nativeProxySupportEnabled() {
-  return process.env.NODE_USE_ENV_PROXY === "1";
-}
-
-export function ensureNativeProxySupport() {
-  if (!proxyEnvironmentConfigured() || nativeProxySupportEnabled()) {
-    return;
+  if (!noProxy.includes(urlHost)) {
+    options = {
+      ...options,
+      dispatcher: new ProxyAgent(String(proxyUrl)),
+    };
   }
 
-  throw new Error(
-    "A proxy environment variable is set, but Node.js native proxy support is not enabled. Set NODE_USE_ENV_PROXY=1 for this action step.",
-  );
-}
+  return undiciFetch(url, options);
+};
+/* c8 ignore stop */
 
-// Configure the default settings for GitHub API requests
 export default request.defaults({
-  headers: { "user-agent": "actions/create-github-app-token" },
+  headers: {
+    "user-agent": "actions/create-github-app-token",
+  },
   baseUrl,
+  /* c8 ignore next */
+  request: proxyUrl ? { fetch: proxyFetch } : {},
 });

lib/run-with-proxy.js

@@ -0,0 +1,44 @@
+// @ts-check
+
+import { spawn } from "node:child_process";
+
+/**
+ * Wraps a function to automatically enable Node.js proxy support when proxy
+ * environment variables are detected. If proxy env vars are set but
+ * `NODE_USE_ENV_PROXY` is not `"1"`, spawns a child process with
+ * `NODE_USE_ENV_PROXY=1` to enable native proxy support.
+ *
+ * @param {() => Promise<void>} run
+ * @returns {Promise<void>}
+ *
+ * @see https://github.com/nodejs/node/blob/4612c793cb9007a91cb3fd82afe518440473826e/lib/internal/process/pre_execution.js#L168-L187
+ */
+export async function runWithProxy(run) {
+  const httpProxyEnvVars = [
+    "https_proxy",
+    "HTTPS_PROXY",
+    "http_proxy",
+    "HTTP_PROXY",
+  ];
+  const nodeHasProxySupportEnabled = process.env.NODE_USE_ENV_PROXY === "1";
+  const shouldUseProxy = httpProxyEnvVars.some((v) => process.env[v]);
+
+  if (!nodeHasProxySupportEnabled && shouldUseProxy) {
+    return new Promise((resolve, reject) => {
+      const child = spawn(process.execPath, process.argv.slice(1), {
+        env: { ...process.env, NODE_USE_ENV_PROXY: "1" },
+        stdio: "inherit",
+      });
+      child.on("exit", (code) => {
+        process.exitCode = code;
+        if (code !== 0) {
+          reject(new Error(`Child process exited with code ${code}`));
+        } else {
+          resolve();
+        }
+      });
+    });
+  }
+
+  return run();
+}

main.js

@@ -1,11 +1,12 @@
 // @ts-check
 
-import * as core from "@actions/core";
+import core from "@actions/core";
 import { createAppAuth } from "@octokit/auth-app";
 
 import { getPermissionsFromInputs } from "./lib/get-permissions-from-inputs.js";
 import { main } from "./lib/main.js";
-import request, { ensureNativeProxySupport } from "./lib/request.js";
+import request from "./lib/request.js";
+import { runWithProxy } from "./lib/run-with-proxy.js";
 
 if (!process.env.GITHUB_REPOSITORY) {
   throw new Error("GITHUB_REPOSITORY missing, must be set to '<owner>/<repo>'");
@@ -15,9 +16,8 @@ if (!process.env.GITHUB_REPOSITORY_OWNER) {
   throw new Error("GITHUB_REPOSITORY_OWNER missing, must be set to '<owner>'");
 }
 
-async function run() {
-  ensureNativeProxySupport();
-
+// Export promise for testing
+export default runWithProxy(async () => {
   const appId = core.getInput("app-id");
   const privateKey = core.getInput("private-key");
   const owner = core.getInput("owner");
@@ -41,12 +41,9 @@ async function run() {
     createAppAuth,
     request,
     skipTokenRevoke,
-  );
-}
-
-// Export promise for testing
-export default run().catch((error) => {
-  /* c8 ignore next 3 */
-  console.error(error);
-  core.setFailed(error.message);
+  ).catch((error) => {
+    /* c8 ignore next 3 */
+    console.error(error);
+    core.setFailed(error.message);
+  });
 });

package.json

@@ -2,32 +2,36 @@
   "name": "create-github-app-token",
   "private": true,
   "type": "module",
-  "version": "3.0.0",
+  "version": "2.2.1",
   "description": "GitHub Action for creating a GitHub App Installation Access Token",
   "engines": {
-    "node": ">=24.4.0"
+    "node": ">=20"
   },
   "packageManager": "npm@10.9.4",
   "scripts": {
-    "build": "esbuild main.js post.js --bundle --outdir=dist --out-extension:.js=.cjs --platform=node --packages=bundle",
-    "test": "c8 --100 node --test tests/index.js",
+    "build": "esbuild main.js post.js --bundle --outdir=dist --out-extension:.js=.cjs --platform=node --target=node20.0.0 --packages=bundle",
+    "test": "c8 --100 ava tests/index.js",
     "coverage": "c8 report --reporter html",
     "postcoverage": "open-cli coverage/index.html"
   },
   "license": "MIT",
   "dependencies": {
-    "@actions/core": "^3.0.0",
-    "@octokit/auth-app": "^8.2.0",
-    "@octokit/request": "^10.0.8",
-    "p-retry": "^7.1.1"
+    "@actions/core": "^1.11.1",
+    "@octokit/auth-app": "^8.1.2",
+    "@octokit/request": "^10.0.3",
+    "p-retry": "^7.1.0",
+    "undici": "^7.16.0"
   },
   "devDependencies": {
     "@octokit/openapi": "^21.0.0",
+    "@sinonjs/fake-timers": "^15.0.0",
+    "ava": "^6.4.1",
     "c8": "^10.1.3",
-    "esbuild": "^0.27.3",
+    "dotenv": "^17.2.3",
+    "esbuild": "^0.25.10",
+    "execa": "^9.6.0",
     "open-cli": "^8.0.0",
-    "undici": "^7.24.1",
-    "yaml": "^2.8.2"
+    "yaml": "^2.8.1"
   },
   "release": {
     "branches": [

post.js

@@ -1,18 +1,16 @@
 // @ts-check
 
-import * as core from "@actions/core";
+import core from "@actions/core";
 
 import { post } from "./lib/post.js";
-import request, { ensureNativeProxySupport } from "./lib/request.js";
+import request from "./lib/request.js";
+import { runWithProxy } from "./lib/run-with-proxy.js";
 
-async function run() {
-  ensureNativeProxySupport();
-
-  return post(core, request);
-}
-
-run().catch((error) => {
-  /* c8 ignore next 3 */
-  console.error(error);
-  core.setFailed(error.message);
+// Export promise for testing
+export default runWithProxy(async () => {
+  return post(core, request).catch((error) => {
+    /* c8 ignore next 3 */
+    console.error(error);
+    core.setFailed(error.message);
+  });
 });

tests/README.md

@@ -2,14 +2,14 @@
 
 Add one test file per scenario. You can run them in isolation with:
 
-```
+```bash
 node tests/post-token-set.test.js
 ```
 
-All tests are run together in [tests/index.js](index.js), which can be executed with Node's built-in test runner
+All tests are run together in [tests/index.js](index.js), which can be executed with ava
 
 ```
-node --test tests/index.js
+npx ava tests/index.js
 ```
 
 or with npm
@@ -20,13 +20,7 @@ npm test
 
 ## How the tests work
 
-The output from the tests is captured into a snapshot ([tests/index.js.snapshot](index.js.snapshot)). It includes all requests sent by our scripts to verify it's working correctly and to prevent regressions.
-
-To update snapshots after an intentional change:
-
-```
-node --test --test-update-snapshots tests/index.js
-```
+The output from the tests is captured into a snapshot ([tests/snapshots/index.js.md](snapshots/index.js.md)). It includes all requests sent by our scripts to verify it's working correctly and to prevent regressions.
 
 ## How to add a new test
 

tests/index.js

@@ -1,23 +1,15 @@
 import { readdirSync } from "node:fs";
-import { execFile } from "node:child_process";
-import { promisify } from "node:util";
 
-import { snapshot, test } from "node:test";
-
-const execFileAsync = promisify(execFile);
-
-// Serialize strings as-is so multiline output is human-readable in snapshots
-snapshot.setDefaultSnapshotSerializers([
-  (value) => (typeof value === "string" ? value : undefined),
-]);
+import test from "ava";
+import { execa } from "execa";
 
 // Get all files in tests directory
 const files = readdirSync("tests");
 
 // Files to ignore
-const ignore = ["index.js", "index.js.snapshot", "main.js", "README.md"];
+const ignore = ["index.js", "main.js", "README.md", "snapshots"];
 
-const testFiles = files.filter((file) => !ignore.includes(file)).sort();
+const testFiles = files.filter((file) => !ignore.includes(file));
 
 // Throw an error if there is a file that does not end with test.js in the tests directory
 for (const file of testFiles) {
@@ -26,31 +18,20 @@ for (const file of testFiles) {
   }
   test(file, async (t) => {
     // Override Actions environment variables that change `core`’s behavior
-    const {
-      GITHUB_OUTPUT,
-      GITHUB_STATE,
-      HTTP_PROXY,
-      HTTPS_PROXY,
-      http_proxy,
-      https_proxy,
-      NO_PROXY,
-      no_proxy,
-      NODE_OPTIONS,
-      NODE_USE_ENV_PROXY,
-      ...env
-    } = process.env;
-    const { stderr, stdout } = await execFileAsync("node", [`tests/${file}`], {
-      env,
-    });
-    const trimmedStderr = stderr.replace(/\r?\n$/, "");
-    const trimmedStdout = stdout.replace(/\r?\n$/, "");
-    await t.test("stderr", (t) => {
-      if (trimmedStderr) t.assert.snapshot(trimmedStderr);
-      else t.assert.strictEqual(trimmedStderr, "");
-    });
-    await t.test("stdout", (t) => {
-      if (trimmedStdout) t.assert.snapshot(trimmedStdout);
-      else t.assert.strictEqual(trimmedStdout, "");
-    });
+    const env = {
+      GITHUB_OUTPUT: undefined,
+      GITHUB_STATE: undefined,
+    };
+    const { stderr, stdout } = await execa(
+      "node",
+      [
+        "--experimental-test-module-mocks",
+        "--disable-warning=ExperimentalWarning",
+        `tests/${file}`,
+      ],
+      { env },
+    );
+    t.snapshot(stderr, "stderr");
+    t.snapshot(stdout, "stdout");
   });
 }

tests/index.js.snapshot

@@ -1,274 +0,0 @@
-exports[`main-custom-github-api-url.test.js > stdout 1`] = `
-Inputs 'owner' and 'repositories' are set. Creating token for the following repositories:
-      
-- actions/create-github-app-token
-::add-mask::ghs_16C7e42F292c6912E7710c838347Ae178B4a
-
-::set-output name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a
-
-::set-output name=installation-id::123456
-
-::set-output name=app-slug::github-actions
-::save-state name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a
-::save-state name=expiresAt::2016-07-11T22:14:10Z
---- REQUESTS ---
-GET /api/v3/repos/actions/create-github-app-token/installation
-POST /api/v3/app/installations/123456/access_tokens
-{"repositories":["create-github-app-token"]}
-`;
-
-exports[`main-missing-owner.test.js > stderr 1`] = `
-GITHUB_REPOSITORY_OWNER missing, must be set to '<owner>'
-`;
-
-exports[`main-missing-repository.test.js > stderr 1`] = `
-GITHUB_REPOSITORY missing, must be set to '<owner>/<repo>'
-`;
-
-exports[`main-private-key-with-escaped-newlines.test.js > stdout 1`] = `
-Inputs 'owner' and 'repositories' are not set. Creating token for this repository (actions/create-github-app-token).
-::add-mask::ghs_16C7e42F292c6912E7710c838347Ae178B4a
-
-::set-output name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a
-
-::set-output name=installation-id::123456
-
-::set-output name=app-slug::github-actions
-::save-state name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a
-::save-state name=expiresAt::2016-07-11T22:14:10Z
---- REQUESTS ---
-GET /repos/actions/create-github-app-token/installation
-POST /app/installations/123456/access_tokens
-{"repositories":["create-github-app-token"]}
-`;
-
-exports[`main-proxy-requires-native-support.test.js > stderr 1`] = `
-A proxy environment variable is set, but Node.js native proxy support is not enabled. Set NODE_USE_ENV_PROXY=1 for this action step.
-`;
-
-exports[`main-proxy-requires-native-support.test.js > stdout 1`] = `
-::error::A proxy environment variable is set, but Node.js native proxy support is not enabled. Set NODE_USE_ENV_PROXY=1 for this action step.
-`;
-
-exports[`main-repo-skew.test.js > stderr 1`] = `
-'Issued at' claim ('iat') must be an Integer representing the time that the assertion was issued.
-[@octokit/auth-app] GitHub API time and system time are different by 30 seconds. Retrying request with the difference accounted for.
-`;
-
-exports[`main-repo-skew.test.js > stdout 1`] = `
-Inputs 'owner' and 'repositories' are set. Creating token for the following repositories:
-      
-- actions/failed-repo
-::add-mask::ghs_16C7e42F292c6912E7710c838347Ae178B4a
-
-::set-output name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a
-
-::set-output name=installation-id::123456
-
-::set-output name=app-slug::github-actions
-::save-state name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a
-::save-state name=expiresAt::2016-07-11T22:14:10Z
---- REQUESTS ---
-GET /repos/actions/failed-repo/installation
-GET /repos/actions/failed-repo/installation
-POST /app/installations/123456/access_tokens
-{"repositories":["failed-repo"]}
-`;
-
-exports[`main-token-get-owner-set-fail-response.test.js > stdout 1`] = `
-Input 'repositories' is not set. Creating token for all repositories owned by smockle.
-Failed to create token for "smockle" (attempt 1): GitHub API not available
-::add-mask::ghs_16C7e42F292c6912E7710c838347Ae178B4a
-
-::set-output name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a
-
-::set-output name=installation-id::123456
-
-::set-output name=app-slug::github-actions
-::save-state name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a
-::save-state name=expiresAt::2016-07-11T22:14:10Z
---- REQUESTS ---
-GET /users/smockle/installation
-GET /users/smockle/installation
-POST /app/installations/123456/access_tokens
-null
-`;
-
-exports[`main-token-get-owner-set-repo-fail-response.test.js > stdout 1`] = `
-Inputs 'owner' and 'repositories' are set. Creating token for the following repositories:
-      
-- actions/failed-repo
-Failed to create token for "failed-repo" (attempt 1): GitHub API not available
-::add-mask::ghs_16C7e42F292c6912E7710c838347Ae178B4a
-
-::set-output name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a
-
-::set-output name=installation-id::123456
-
-::set-output name=app-slug::github-actions
-::save-state name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a
-::save-state name=expiresAt::2016-07-11T22:14:10Z
---- REQUESTS ---
-GET /repos/actions/failed-repo/installation
-GET /repos/actions/failed-repo/installation
-POST /app/installations/123456/access_tokens
-{"repositories":["failed-repo"]}
-`;
-
-exports[`main-token-get-owner-set-repo-set-to-many-newline.test.js > stdout 1`] = `
-Inputs 'owner' and 'repositories' are set. Creating token for the following repositories:
-      
-- actions/create-github-app-token
-- actions/toolkit
-- actions/checkout
-::add-mask::ghs_16C7e42F292c6912E7710c838347Ae178B4a
-
-::set-output name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a
-
-::set-output name=installation-id::123456
-
-::set-output name=app-slug::github-actions
-::save-state name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a
-::save-state name=expiresAt::2016-07-11T22:14:10Z
---- REQUESTS ---
-GET /repos/actions/create-github-app-token/installation
-POST /app/installations/123456/access_tokens
-{"repositories":["create-github-app-token","toolkit","checkout"]}
-`;
-
-exports[`main-token-get-owner-set-repo-set-to-many.test.js > stdout 1`] = `
-Inputs 'owner' and 'repositories' are set. Creating token for the following repositories:
-      
-- actions/create-github-app-token
-- actions/toolkit
-- actions/checkout
-::add-mask::ghs_16C7e42F292c6912E7710c838347Ae178B4a
-
-::set-output name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a
-
-::set-output name=installation-id::123456
-
-::set-output name=app-slug::github-actions
-::save-state name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a
-::save-state name=expiresAt::2016-07-11T22:14:10Z
---- REQUESTS ---
-GET /repos/actions/create-github-app-token/installation
-POST /app/installations/123456/access_tokens
-{"repositories":["create-github-app-token","toolkit","checkout"]}
-`;
-
-exports[`main-token-get-owner-set-repo-set-to-one.test.js > stdout 1`] = `
-Inputs 'owner' and 'repositories' are set. Creating token for the following repositories:
-      
-- actions/create-github-app-token
-::add-mask::ghs_16C7e42F292c6912E7710c838347Ae178B4a
-
-::set-output name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a
-
-::set-output name=installation-id::123456
-
-::set-output name=app-slug::github-actions
-::save-state name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a
-::save-state name=expiresAt::2016-07-11T22:14:10Z
---- REQUESTS ---
-GET /repos/actions/create-github-app-token/installation
-POST /app/installations/123456/access_tokens
-{"repositories":["create-github-app-token"]}
-`;
-
-exports[`main-token-get-owner-set-repo-unset.test.js > stdout 1`] = `
-Input 'repositories' is not set. Creating token for all repositories owned by actions.
-::add-mask::ghs_16C7e42F292c6912E7710c838347Ae178B4a
-
-::set-output name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a
-
-::set-output name=installation-id::123456
-
-::set-output name=app-slug::github-actions
-::save-state name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a
-::save-state name=expiresAt::2016-07-11T22:14:10Z
---- REQUESTS ---
-GET /users/actions/installation
-POST /app/installations/123456/access_tokens
-null
-`;
-
-exports[`main-token-get-owner-unset-repo-set.test.js > stdout 1`] = `
-No 'owner' input provided. Using default owner 'actions' to create token for the following repositories:
-- actions/create-github-app-token
-::add-mask::ghs_16C7e42F292c6912E7710c838347Ae178B4a
-
-::set-output name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a
-
-::set-output name=installation-id::123456
-
-::set-output name=app-slug::github-actions
-::save-state name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a
-::save-state name=expiresAt::2016-07-11T22:14:10Z
---- REQUESTS ---
-GET /repos/actions/create-github-app-token/installation
-POST /app/installations/123456/access_tokens
-{"repositories":["create-github-app-token"]}
-`;
-
-exports[`main-token-get-owner-unset-repo-unset.test.js > stdout 1`] = `
-Inputs 'owner' and 'repositories' are not set. Creating token for this repository (actions/create-github-app-token).
-::add-mask::ghs_16C7e42F292c6912E7710c838347Ae178B4a
-
-::set-output name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a
-
-::set-output name=installation-id::123456
-
-::set-output name=app-slug::github-actions
-::save-state name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a
-::save-state name=expiresAt::2016-07-11T22:14:10Z
---- REQUESTS ---
-GET /repos/actions/create-github-app-token/installation
-POST /app/installations/123456/access_tokens
-{"repositories":["create-github-app-token"]}
-`;
-
-exports[`main-token-permissions-set.test.js > stdout 1`] = `
-Inputs 'owner' and 'repositories' are not set. Creating token for this repository (actions/create-github-app-token).
-::add-mask::ghs_16C7e42F292c6912E7710c838347Ae178B4a
-
-::set-output name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a
-
-::set-output name=installation-id::123456
-
-::set-output name=app-slug::github-actions
-::save-state name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a
-::save-state name=expiresAt::2016-07-11T22:14:10Z
---- REQUESTS ---
-GET /repos/actions/create-github-app-token/installation
-POST /app/installations/123456/access_tokens
-{"repositories":["create-github-app-token"],"permissions":{"issues":"write","pull_requests":"read"}}
-`;
-
-exports[`post-proxy-requires-native-support.test.js > stderr 1`] = `
-A proxy environment variable is set, but Node.js native proxy support is not enabled. Set NODE_USE_ENV_PROXY=1 for this action step.
-`;
-
-exports[`post-proxy-requires-native-support.test.js > stdout 1`] = `
-::error::A proxy environment variable is set, but Node.js native proxy support is not enabled. Set NODE_USE_ENV_PROXY=1 for this action step.
-`;
-
-exports[`post-revoke-token-fail-response.test.js > stdout 1`] = `
-::warning::Token revocation failed: 
-`;
-
-exports[`post-token-expired.test.js > stdout 1`] = `
-Token expired, skipping token revocation
-`;
-
-exports[`post-token-set.test.js > stdout 1`] = `
-Token revoked
-`;
-
-exports[`post-token-skipped.test.js > stdout 1`] = `
-Token revocation was skipped
-`;
-
-exports[`post-token-unset.test.js > stdout 1`] = `
-Token is not set
-`;

tests/main-proxy-already-enabled.test.js

@@ -0,0 +1,20 @@
+// Verify that `runWithProxy()` calls the callback directly (no child process)
+// when `NODE_USE_ENV_PROXY` is already set to `"1"`, even with proxy env vars set.
+import assert from "node:assert";
+import { runWithProxy } from "../lib/run-with-proxy.js";
+
+process.env.https_proxy = "http://proxy.example.com";
+process.env.NODE_USE_ENV_PROXY = "1";
+
+let callbackCalled = false;
+
+await runWithProxy(async () => {
+  callbackCalled = true;
+});
+
+assert(callbackCalled, "callback was called directly without spawning");
+
+delete process.env.NODE_USE_ENV_PROXY;
+delete process.env.https_proxy;
+
+

tests/main-proxy-child-error.test.js

@@ -0,0 +1,30 @@
+// Verify that `main.js` rejects when the child process exits with a non-zero code.
+import assert from "node:assert";
+import { mock } from "node:test";
+
+mock.module("node:child_process", {
+  namedExports: {
+    spawn() {
+      return {
+        on(event, callback) {
+          if (event === "exit") callback(1);
+        },
+      };
+    },
+  },
+});
+
+process.env.GITHUB_REPOSITORY = "actions/create-github-app-token";
+process.env.GITHUB_REPOSITORY_OWNER = "actions";
+process.env.https_proxy = "http://proxy.example.com";
+delete process.env.NODE_USE_ENV_PROXY;
+
+const { default: runPromise } = await import("../main.js");
+
+await assert.rejects(runPromise, {
+  message: "Child process exited with code 1",
+});
+assert.equal(process.exitCode, 1, "process exit code is 1");
+
+// Reset for other tests
+process.exitCode = 0;

tests/main-proxy-requires-native-support.test.js

@@ -1,14 +0,0 @@
-process.env.GITHUB_REPOSITORY = "actions/create-github-app-token";
-process.env.GITHUB_REPOSITORY_OWNER = "actions";
-process.env.HTTPS_PROXY = "http://127.0.0.1:3128";
-
-const originalConsoleError = console.error;
-console.error = (...args) => {
-  originalConsoleError(
-    ...args.map((arg) => (arg instanceof Error ? arg.message : arg)),
-  );
-};
-
-await import("../main.js");
-await new Promise((resolve) => setImmediate(resolve));
-process.exitCode = 0;

tests/main-proxy-spawns-child.test.js

@@ -0,0 +1,36 @@
+// Verify that `main.js` spawns a child process when a proxy env var is set
+// and `NODE_USE_ENV_PROXY` is not set.
+import assert from "node:assert";
+import { mock } from "node:test";
+
+let spawnArgs;
+
+mock.module("node:child_process", {
+  namedExports: {
+    spawn(command, args, options) {
+      spawnArgs = { command, args, options };
+      return {
+        on(event, callback) {
+          if (event === "exit") callback(0);
+        },
+      };
+    },
+  },
+});
+
+process.env.GITHUB_REPOSITORY = "actions/create-github-app-token";
+process.env.GITHUB_REPOSITORY_OWNER = "actions";
+process.env.https_proxy = "http://proxy.example.com";
+delete process.env.NODE_USE_ENV_PROXY;
+
+const { default: runPromise } = await import("../main.js");
+await runPromise;
+
+assert(spawnArgs, "spawn was called");
+assert.equal(
+  spawnArgs.options.env.NODE_USE_ENV_PROXY,
+  "1",
+  "NODE_USE_ENV_PROXY is set to '1' in child env",
+);
+assert.equal(spawnArgs.options.stdio, "inherit", "stdio is inherited");
+assert.equal(process.exitCode, 0, "process exit code is 0");

tests/main-repo-skew.test.js

@@ -1,7 +1,7 @@
-import { mock } from "node:test";
-
 import { test } from "./main.js";
 
+import { install } from "@sinonjs/fake-timers";
+
 // Verify `main` retry when the clock has drifted.
 await test((mockPool) => {
   process.env.INPUT_OWNER = "actions";
@@ -11,7 +11,7 @@ await test((mockPool) => {
   const mockInstallationId = "123456";
   const mockAppSlug = "github-actions";
 
-  mock.timers.enable({ apis: ["Date"], now: 0 });
+  install({ now: 0, toFake: ["Date"] });
 
   mockPool
     .intercept({
@@ -59,6 +59,4 @@ await test((mockPool) => {
       };
     })
     .times(2);
-}).finally(() => {
-  mock.timers.reset();
 });

tests/post-proxy-already-enabled.test.js

@@ -0,0 +1,21 @@
+// Verify that `runWithProxy()` calls the callback directly (no child process)
+// when `NODE_USE_ENV_PROXY` is already set to `"1"`, even with proxy env vars set.
+// This ensures post.js would also follow the callback path.
+import assert from "node:assert";
+import { runWithProxy } from "../lib/run-with-proxy.js";
+
+process.env.HTTP_PROXY = "http://proxy.example.com";
+process.env.NODE_USE_ENV_PROXY = "1";
+
+let callbackCalled = false;
+
+await runWithProxy(async () => {
+  callbackCalled = true;
+});
+
+assert(callbackCalled, "callback was called directly without spawning");
+
+delete process.env.NODE_USE_ENV_PROXY;
+delete process.env.HTTP_PROXY;
+
+

tests/post-proxy-requires-native-support.test.js

@@ -1,13 +0,0 @@
-process.env["INPUT_GITHUB-API-URL"] = "https://api.github.com";
-process.env.HTTPS_PROXY = "http://127.0.0.1:3128";
-
-const originalConsoleError = console.error;
-console.error = (...args) => {
-  originalConsoleError(
-    ...args.map((arg) => (arg instanceof Error ? arg.message : arg)),
-  );
-};
-
-await import("../post.js");
-await new Promise((resolve) => setImmediate(resolve));
-process.exitCode = 0;

tests/post-proxy-spawns-child.test.js

@@ -0,0 +1,34 @@
+// Verify that `post.js` spawns a child process when a proxy env var is set
+// and `NODE_USE_ENV_PROXY` is not set.
+import assert from "node:assert";
+import { mock } from "node:test";
+
+let spawnArgs;
+
+mock.module("node:child_process", {
+  namedExports: {
+    spawn(command, args, options) {
+      spawnArgs = { command, args, options };
+      return {
+        on(event, callback) {
+          if (event === "exit") callback(0);
+        },
+      };
+    },
+  },
+});
+
+process.env.https_proxy = "http://proxy.example.com";
+delete process.env.NODE_USE_ENV_PROXY;
+
+const { default: runPromise } = await import("../post.js");
+await runPromise;
+
+assert(spawnArgs, "spawn was called");
+assert.equal(
+  spawnArgs.options.env.NODE_USE_ENV_PROXY,
+  "1",
+  "NODE_USE_ENV_PROXY is set to '1' in child env",
+);
+assert.equal(spawnArgs.options.stdio, "inherit", "stdio is inherited");
+assert.equal(process.exitCode, 0, "process exit code is 0");

tests/snapshots/index.js.md

@@ -0,0 +1,434 @@
+# Snapshot report for `tests/index.js`
+
+The actual snapshot is saved in `index.js.snap`.
+
+Generated by [AVA](https://avajs.dev).
+
+## action-deprecated-inputs.test.js
+
+> stderr
+
+    ''
+
+> stdout
+
+    ''
+
+## main-custom-github-api-url.test.js
+
+> stderr
+
+    ''
+
+> stdout
+
+    `Inputs 'owner' and 'repositories' are set. Creating token for the following repositories:␊
+          ␊
+    - actions/create-github-app-token␊
+    ::add-mask::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
+    ␊
+    ::set-output name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
+    ␊
+    ::set-output name=installation-id::123456␊
+    ␊
+    ::set-output name=app-slug::github-actions␊
+    ::save-state name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
+    ::save-state name=expiresAt::2016-07-11T22:14:10Z␊
+    --- REQUESTS ---␊
+    GET /api/v3/repos/actions/create-github-app-token/installation␊
+    POST /api/v3/app/installations/123456/access_tokens␊
+    {"repositories":["create-github-app-token"]}`
+
+## main-missing-owner.test.js
+
+> stderr
+
+    'GITHUB_REPOSITORY_OWNER missing, must be set to \'<owner>\''
+
+> stdout
+
+    ''
+
+## main-missing-repository.test.js
+
+> stderr
+
+    'GITHUB_REPOSITORY missing, must be set to \'<owner>/<repo>\''
+
+> stdout
+
+    ''
+
+## main-private-key-with-escaped-newlines.test.js
+
+> stderr
+
+    ''
+
+> stdout
+
+    `Inputs 'owner' and 'repositories' are not set. Creating token for this repository (actions/create-github-app-token).␊
+    ::add-mask::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
+    ␊
+    ::set-output name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
+    ␊
+    ::set-output name=installation-id::123456␊
+    ␊
+    ::set-output name=app-slug::github-actions␊
+    ::save-state name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
+    ::save-state name=expiresAt::2016-07-11T22:14:10Z␊
+    --- REQUESTS ---␊
+    GET /repos/actions/create-github-app-token/installation␊
+    POST /app/installations/123456/access_tokens␊
+    {"repositories":["create-github-app-token"]}`
+
+## main-proxy-already-enabled.test.js
+
+> stderr
+
+    ''
+
+> stdout
+
+    ''
+
+## main-proxy-child-error.test.js
+
+> stderr
+
+    ''
+
+> stdout
+
+    ''
+
+## main-proxy-spawns-child.test.js
+
+> stderr
+
+    ''
+
+> stdout
+
+    ''
+
+## main-repo-skew.test.js
+
+> stderr
+
+    `'Issued at' claim ('iat') must be an Integer representing the time that the assertion was issued.␊
+    [@octokit/auth-app] GitHub API time and system time are different by 30 seconds. Retrying request with the difference accounted for.`
+
+> stdout
+
+    `Inputs 'owner' and 'repositories' are set. Creating token for the following repositories:␊
+          ␊
+    - actions/failed-repo␊
+    ::add-mask::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
+    ␊
+    ::set-output name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
+    ␊
+    ::set-output name=installation-id::123456␊
+    ␊
+    ::set-output name=app-slug::github-actions␊
+    ::save-state name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
+    ::save-state name=expiresAt::2016-07-11T22:14:10Z␊
+    --- REQUESTS ---␊
+    GET /repos/actions/failed-repo/installation␊
+    GET /repos/actions/failed-repo/installation␊
+    POST /app/installations/123456/access_tokens␊
+    {"repositories":["failed-repo"]}`
+
+## main-token-get-owner-set-fail-response.test.js
+
+> stderr
+
+    ''
+
+> stdout
+
+    `Input 'repositories' is not set. Creating token for all repositories owned by smockle.␊
+    Failed to create token for "smockle" (attempt 1): GitHub API not available␊
+    ::add-mask::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
+    ␊
+    ::set-output name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
+    ␊
+    ::set-output name=installation-id::123456␊
+    ␊
+    ::set-output name=app-slug::github-actions␊
+    ::save-state name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
+    ::save-state name=expiresAt::2016-07-11T22:14:10Z␊
+    --- REQUESTS ---␊
+    GET /users/smockle/installation␊
+    GET /users/smockle/installation␊
+    POST /app/installations/123456/access_tokens␊
+    null`
+
+## main-token-get-owner-set-repo-fail-response.test.js
+
+> stderr
+
+    ''
+
+> stdout
+
+    `Inputs 'owner' and 'repositories' are set. Creating token for the following repositories:␊
+          ␊
+    - actions/failed-repo␊
+    Failed to create token for "failed-repo" (attempt 1): GitHub API not available␊
+    ::add-mask::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
+    ␊
+    ::set-output name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
+    ␊
+    ::set-output name=installation-id::123456␊
+    ␊
+    ::set-output name=app-slug::github-actions␊
+    ::save-state name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
+    ::save-state name=expiresAt::2016-07-11T22:14:10Z␊
+    --- REQUESTS ---␊
+    GET /repos/actions/failed-repo/installation␊
+    GET /repos/actions/failed-repo/installation␊
+    POST /app/installations/123456/access_tokens␊
+    {"repositories":["failed-repo"]}`
+
+## main-token-get-owner-set-repo-set-to-many-newline.test.js
+
+> stderr
+
+    ''
+
+> stdout
+
+    `Inputs 'owner' and 'repositories' are set. Creating token for the following repositories:␊
+          ␊
+    - actions/create-github-app-token␊
+    - actions/toolkit␊
+    - actions/checkout␊
+    ::add-mask::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
+    ␊
+    ::set-output name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
+    ␊
+    ::set-output name=installation-id::123456␊
+    ␊
+    ::set-output name=app-slug::github-actions␊
+    ::save-state name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
+    ::save-state name=expiresAt::2016-07-11T22:14:10Z␊
+    --- REQUESTS ---␊
+    GET /repos/actions/create-github-app-token/installation␊
+    POST /app/installations/123456/access_tokens␊
+    {"repositories":["create-github-app-token","toolkit","checkout"]}`
+
+## main-token-get-owner-set-repo-set-to-many.test.js
+
+> stderr
+
+    ''
+
+> stdout
+
+    `Inputs 'owner' and 'repositories' are set. Creating token for the following repositories:␊
+          ␊
+    - actions/create-github-app-token␊
+    - actions/toolkit␊
+    - actions/checkout␊
+    ::add-mask::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
+    ␊
+    ::set-output name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
+    ␊
+    ::set-output name=installation-id::123456␊
+    ␊
+    ::set-output name=app-slug::github-actions␊
+    ::save-state name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
+    ::save-state name=expiresAt::2016-07-11T22:14:10Z␊
+    --- REQUESTS ---␊
+    GET /repos/actions/create-github-app-token/installation␊
+    POST /app/installations/123456/access_tokens␊
+    {"repositories":["create-github-app-token","toolkit","checkout"]}`
+
+## main-token-get-owner-set-repo-set-to-one.test.js
+
+> stderr
+
+    ''
+
+> stdout
+
+    `Inputs 'owner' and 'repositories' are set. Creating token for the following repositories:␊
+          ␊
+    - actions/create-github-app-token␊
+    ::add-mask::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
+    ␊
+    ::set-output name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
+    ␊
+    ::set-output name=installation-id::123456␊
+    ␊
+    ::set-output name=app-slug::github-actions␊
+    ::save-state name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
+    ::save-state name=expiresAt::2016-07-11T22:14:10Z␊
+    --- REQUESTS ---␊
+    GET /repos/actions/create-github-app-token/installation␊
+    POST /app/installations/123456/access_tokens␊
+    {"repositories":["create-github-app-token"]}`
+
+## main-token-get-owner-set-repo-unset.test.js
+
+> stderr
+
+    ''
+
+> stdout
+
+    `Input 'repositories' is not set. Creating token for all repositories owned by actions.␊
+    ::add-mask::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
+    ␊
+    ::set-output name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
+    ␊
+    ::set-output name=installation-id::123456␊
+    ␊
+    ::set-output name=app-slug::github-actions␊
+    ::save-state name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
+    ::save-state name=expiresAt::2016-07-11T22:14:10Z␊
+    --- REQUESTS ---␊
+    GET /users/actions/installation␊
+    POST /app/installations/123456/access_tokens␊
+    null`
+
+## main-token-get-owner-unset-repo-set.test.js
+
+> stderr
+
+    ''
+
+> stdout
+
+    `No 'owner' input provided. Using default owner 'actions' to create token for the following repositories:␊
+    - actions/create-github-app-token␊
+    ::add-mask::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
+    ␊
+    ::set-output name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
+    ␊
+    ::set-output name=installation-id::123456␊
+    ␊
+    ::set-output name=app-slug::github-actions␊
+    ::save-state name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
+    ::save-state name=expiresAt::2016-07-11T22:14:10Z␊
+    --- REQUESTS ---␊
+    GET /repos/actions/create-github-app-token/installation␊
+    POST /app/installations/123456/access_tokens␊
+    {"repositories":["create-github-app-token"]}`
+
+## main-token-get-owner-unset-repo-unset.test.js
+
+> stderr
+
+    ''
+
+> stdout
+
+    `Inputs 'owner' and 'repositories' are not set. Creating token for this repository (actions/create-github-app-token).␊
+    ::add-mask::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
+    ␊
+    ::set-output name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
+    ␊
+    ::set-output name=installation-id::123456␊
+    ␊
+    ::set-output name=app-slug::github-actions␊
+    ::save-state name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
+    ::save-state name=expiresAt::2016-07-11T22:14:10Z␊
+    --- REQUESTS ---␊
+    GET /repos/actions/create-github-app-token/installation␊
+    POST /app/installations/123456/access_tokens␊
+    {"repositories":["create-github-app-token"]}`
+
+## main-token-permissions-set.test.js
+
+> stderr
+
+    ''
+
+> stdout
+
+    `Inputs 'owner' and 'repositories' are not set. Creating token for this repository (actions/create-github-app-token).␊
+    ::add-mask::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
+    ␊
+    ::set-output name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
+    ␊
+    ::set-output name=installation-id::123456␊
+    ␊
+    ::set-output name=app-slug::github-actions␊
+    ::save-state name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
+    ::save-state name=expiresAt::2016-07-11T22:14:10Z␊
+    --- REQUESTS ---␊
+    GET /repos/actions/create-github-app-token/installation␊
+    POST /app/installations/123456/access_tokens␊
+    {"repositories":["create-github-app-token"],"permissions":{"issues":"write","pull_requests":"read"}}`
+
+## post-proxy-already-enabled.test.js
+
+> stderr
+
+    ''
+
+> stdout
+
+    ''
+
+## post-proxy-spawns-child.test.js
+
+> stderr
+
+    ''
+
+> stdout
+
+    ''
+
+## post-revoke-token-fail-response.test.js
+
+> stderr
+
+    ''
+
+> stdout
+
+    '::warning::Token revocation failed: '
+
+## post-token-expired.test.js
+
+> stderr
+
+    ''
+
+> stdout
+
+    'Token expired, skipping token revocation'
+
+## post-token-set.test.js
+
+> stderr
+
+    ''
+
+> stdout
+
+    'Token revoked'
+
+## post-token-skipped.test.js
+
+> stderr
+
+    ''
+
+> stdout
+
+    'Token revocation was skipped'
+
+## post-token-unset.test.js
+
+> stderr
+
+    ''
+
+> stdout
+
+    'Token is not set'