build(release): 3.0.0-beta.6 [skip ci]

# [3.0.0-beta.6](https://github.com/actions/create-github-app-token/compare/v3.0.0-beta.5...v3.0.0-beta.6) (2026-03-13) ### Bug Fixes * **deps:** bump @actions/core from 1.11.1 to 3.0.0 ([#337](https://github.com/actions/create-github-app-token/issues/337)) ([b044133](https://github.com/actions/create-github-app-token/commit/b04413352d4644ac2131b9a90c074f5e93ca18a1)) * **deps:** bump minimatch from 9.0.5 to 9.0.9 ([#335](https://github.com/actions/create-github-app-token/issues/335)) ([5cbc656](https://github.com/actions/create-github-app-token/commit/5cbc65624c9ddc4589492bda7c8b146223e8c3e4)) * **deps:** bump the production-dependencies group with 4 updates ([#336](https://github.com/actions/create-github-app-token/issues/336)) ([6bda5bc](https://github.com/actions/create-github-app-token/commit/6bda5bc1410576b9a0879ce6076d53345485bba9)) * **deps:** bump undici from 7.16.0 to 7.18.2 ([#323](https://github.com/actions/create-github-app-token/issues/323)) ([b4f638f](https://github.com/actions/create-github-app-token/commit/b4f638f48ee0dcdbb0bc646c48e4cb2a2de847fe))
Merge remote-tracking branch 'origin/main' into pr-345
2026-03-13 23:02:39 +00:00 · 2026-03-13 15:57:54 -07:00 · 2026-03-13 21:50:56 +00:00 · 2026-03-13 14:49:57 -07:00 · 2026-03-13 09:05:29 -07:00 · 2026-03-13 09:00:25 -07:00
4 changed files with 30 additions and 17 deletions
@@ -61,8 +61,8 @@ jobs:
    # do not run from forks, as forks don’t have access to repository secrets
    if: github.event_name != 'pull_request' || github.event.pull_request.head.repo.owner.login == github.event.pull_request.base.repo.owner.login
    steps:
-      - uses: actions/checkout@v6
-      - uses: actions/setup-node@v6
+      - uses: actions/checkout@v5
+      - uses: actions/setup-node@v4
        with:
          node-version-file: package.json
          cache: 'npm'
@@ -53,13 +53,13 @@ jobs:
          # required
          app-id: ${{ vars.APP_ID }}
          private-key: ${{ secrets.PRIVATE_KEY }}
-      - uses: actions/checkout@v6
+      - uses: actions/checkout@v5
        with:
          token: ${{ steps.app-token.outputs.token }}
          ref: ${{ github.head_ref }}
          # Make sure the value of GITHUB_TOKEN will not be persisted in repo's config
          persist-credentials: false
-      - uses: creyD/prettier_action@v6
+      - uses: creyD/prettier_action@v4.3
        with:
          github_token: ${{ steps.app-token.outputs.token }}
 ```
@@ -141,7 +141,7 @@ jobs:
          app-id: ${{ vars.APP_ID }}
          private-key: ${{ secrets.PRIVATE_KEY }}
          owner: ${{ github.repository_owner }}
-      - uses: peter-evans/create-or-update-comment@v4
+      - uses: peter-evans/create-or-update-comment@v3
        with:
          token: ${{ steps.app-token.outputs.token }}
          issue-number: ${{ github.event.issue.number }}
@@ -166,7 +166,7 @@ jobs:
          repositories: |
            repo1
            repo2
-      - uses: peter-evans/create-or-update-comment@v4
+      - uses: peter-evans/create-or-update-comment@v3
        with:
          token: ${{ steps.app-token.outputs.token }}
          issue-number: ${{ github.event.issue.number }}
@@ -188,7 +188,7 @@ jobs:
          app-id: ${{ vars.APP_ID }}
          private-key: ${{ secrets.PRIVATE_KEY }}
          owner: another-owner
-      - uses: peter-evans/create-or-update-comment@v4
+      - uses: peter-evans/create-or-update-comment@v3
        with:
          token: ${{ steps.app-token.outputs.token }}
          issue-number: ${{ github.event.issue.number }}
@@ -214,7 +214,7 @@ jobs:
          private-key: ${{ secrets.PRIVATE_KEY }}
          owner: ${{ github.repository_owner }}
          permission-issues: write
-      - uses: peter-evans/create-or-update-comment@v4
+      - uses: peter-evans/create-or-update-comment@v3
        with:
          token: ${{ steps.app-token.outputs.token }}
          issue-number: ${{ github.event.issue.number }}
@@ -1,25 +1,26 @@
 {
  "name": "create-github-app-token",
-  "version": "3.0.0",
+  "version": "3.0.0-beta.6",
  "lockfileVersion": 3,
  "requires": true,
  "packages": {
    "": {
      "name": "create-github-app-token",
-      "version": "3.0.0",
+      "version": "3.0.0-beta.6",
      "license": "MIT",
      "dependencies": {
        "@actions/core": "^3.0.0",
        "@octokit/auth-app": "^8.2.0",
        "@octokit/request": "^10.0.8",
-        "p-retry": "^7.1.1"
+        "p-retry": "^7.1.1",
+        "undici": "^7.24.1"
      },
      "devDependencies": {
        "@octokit/openapi": "^21.0.0",
        "c8": "^10.1.3",
+        "dotenv": "^17.3.1",
        "esbuild": "^0.27.3",
        "open-cli": "^8.0.0",
-        "undici": "^7.24.1",
        "yaml": "^2.8.2"
      },
      "engines": {
@@ -1050,6 +1051,19 @@
        "url": "https://github.com/sponsors/sindresorhus"
      }
    },
+    "node_modules/dotenv": {
+      "version": "17.3.1",
+      "resolved": "https://registry.npmjs.org/dotenv/-/dotenv-17.3.1.tgz",
+      "integrity": "sha512-IO8C/dzEb6O3F9/twg6ZLXz164a2fhTnEWb95H23Dm4OuN+92NmEAlTrupP9VW6Jm3sO26tQlqyvyi4CsnY9GA==",
+      "dev": true,
+      "license": "BSD-2-Clause",
+      "engines": {
+        "node": ">=12"
+      },
+      "funding": {
+        "url": "https://dotenvx.com"
+      }
+    },
    "node_modules/eastasianwidth": {
      "version": "0.2.0",
      "resolved": "https://registry.npmjs.org/eastasianwidth/-/eastasianwidth-0.2.0.tgz",
@@ -1954,7 +1968,6 @@
      "version": "7.24.1",
      "resolved": "https://registry.npmjs.org/undici/-/undici-7.24.1.tgz",
      "integrity": "sha512-5xoBibbmnjlcR3jdqtY2Lnx7WbrD/tHlT01TmvqZUFVc9Q1w4+j5hbnapTqbcXITMH1ovjq/W7BkqBilHiVAaA==",
-      "dev": true,
      "license": "MIT",
      "engines": {
        "node": ">=20.18.1"
@@ -2,7 +2,7 @@
  "name": "create-github-app-token",
  "private": true,
  "type": "module",
-  "version": "3.0.0",
+  "version": "3.0.0-beta.6",
  "description": "GitHub Action for creating a GitHub App Installation Access Token",
  "engines": {
    "node": ">=24.4.0"
@@ -19,14 +19,15 @@
    "@actions/core": "^3.0.0",
    "@octokit/auth-app": "^8.2.0",
    "@octokit/request": "^10.0.8",
-    "p-retry": "^7.1.1"
+    "p-retry": "^7.1.1",
+    "undici": "^7.24.1"
  },
  "devDependencies": {
    "@octokit/openapi": "^21.0.0",
    "c8": "^10.1.3",
+    "dotenv": "^17.3.1",
    "esbuild": "^0.27.3",
    "open-cli": "^8.0.0",
-    "undici": "^7.24.1",
    "yaml": "^2.8.2"
  },
  "release": {
@@ -43,7 +44,6 @@
      "@semantic-release/release-notes-generator",
      "@semantic-release/github",
      "@semantic-release/npm",
-      "semantic-release-plugin-github-breaking-version-tag",
      [
        "@semantic-release/git",
        {
Author	SHA1	Message	Date
semantic-release-bot	a0d050558c	build(release): 3.0.0-beta.6 [skip ci] # [3.0.0-beta.6](https://github.com/actions/create-github-app-token/compare/v3.0.0-beta.5...v3.0.0-beta.6) (2026-03-13) ### Bug Fixes * deps: bump @actions/core from 1.11.1 to 3.0.0 ([#337](https://github.com/actions/create-github-app-token/issues/337)) ([`b044133`](https://github.com/actions/create-github-app-token/commit/b04413352d4644ac2131b9a90c074f5e93ca18a1)) * deps: bump minimatch from 9.0.5 to 9.0.9 ([#335](https://github.com/actions/create-github-app-token/issues/335)) ([`5cbc656`](https://github.com/actions/create-github-app-token/commit/5cbc65624c9ddc4589492bda7c8b146223e8c3e4)) * deps: bump the production-dependencies group with 4 updates ([#336](https://github.com/actions/create-github-app-token/issues/336)) ([`6bda5bc`](https://github.com/actions/create-github-app-token/commit/6bda5bc1410576b9a0879ce6076d53345485bba9)) * deps: bump undici from 7.16.0 to 7.18.2 ([#323](https://github.com/actions/create-github-app-token/issues/323)) ([`b4f638f`](https://github.com/actions/create-github-app-token/commit/b4f638f48ee0dcdbb0bc646c48e4cb2a2de847fe))	2026-03-13 23:02:39 +00:00
Parker Brown	6d13b5ae0d	Merge remote-tracking branch 'origin/main' into pr-345 # Conflicts: # dist/main.cjs # dist/post.cjs # package-lock.json # package.json	2026-03-13 15:57:54 -07:00
semantic-release-bot	28bdc1ab05	build(release): 3.0.0-beta.5 [skip ci] # [3.0.0-beta.5](https://github.com/actions/create-github-app-token/compare/v3.0.0-beta.4...v3.0.0-beta.5) (2026-03-13) * fix!: require `NODE_USE_ENV_PROXY` for proxy support ([#342](https://github.com/actions/create-github-app-token/issues/342)) ([`d53a1cd`](https://github.com/actions/create-github-app-token/commit/d53a1cdfde844c958786293adcaf739ecb8b5eb9)) ### BREAKING CHANGES * Custom proxy handling has been removed. If you use HTTP_PROXY or HTTPS_PROXY, you must now also set NODE_USE_ENV_PROXY=1 on the action step.	2026-03-13 21:50:56 +00:00
Parker Brown	d53a1cdfde	fix!: require `NODE_USE_ENV_PROXY` for proxy support (#342 ) BREAKING CHANGE: Custom proxy handling has been removed. If you use HTTP_PROXY or HTTPS_PROXY, you must now also set NODE_USE_ENV_PROXY=1 on the action step.	2026-03-13 14:49:57 -07:00
Parker Brown	f863ba5554	test: migrate from AVA to Node.js native test runner (#346 ) AVA stores snapshots in a binary format (`.snap`), which produces no meaningful diffs and bloats Git history. This replaces AVA with the built-in `node:test` module, whose snapshot support generates human-readable text files that are easy to diff and review in pull requests. The migration also replaces `@sinonjs/fake-timers` and `execa` with Node.js built-ins (`node:test` mock timers and `node:child_process`), removing three dev dependencies total. ### Changes - `tests/index.js`: Rewritten to use `node:test` with a custom snapshot serializer that renders strings with actual newlines. Uses subtests for labeled `stderr`/`stdout` snapshots, and only snapshots non-empty output. - `tests/main-repo-skew.test.js`: Replace `@sinonjs/fake-timers` with `mock.timers.enable()` from `node:test`. - `tests/README.md`: Updated documentation to reflect `node --test` and the new snapshot file. - `package.json`: Remove `ava`, `@sinonjs/fake-timers`, and `execa` from devDependencies. Update test script to `c8 --100 node --test tests/index.js`. - `tests/index.js.snapshot`: New text-based snapshot file replacing binary `tests/snapshots/index.js.snap`. - `tests/snapshots/`: Deleted. All 22 test scenarios (66 subtests) pass with 100% code coverage. Closes #344 --------- Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>	2026-03-13 09:05:29 -07:00
Parker Brown	c2937b00bd	Rename end-to-end proxy job in test workflow	2026-03-13 09:00:25 -07:00
semantic-release-bot	a7f885bf45	build(release): 3.0.0-beta.4 [skip ci] # [3.0.0-beta.4](https://github.com/actions/create-github-app-token/compare/v3.0.0-beta.3...v3.0.0-beta.4) (2026-03-13) ### Bug Fixes * deps: bump @octokit/auth-app from 7.2.1 to 8.0.1 ([#257](https://github.com/actions/create-github-app-token/issues/257)) ([`bef1eaf`](https://github.com/actions/create-github-app-token/commit/bef1eaf1c0ac2b148ee2a0a74c65fbe6db0631f1)) * deps: bump @octokit/request from 9.2.3 to 10.0.2 ([#256](https://github.com/actions/create-github-app-token/issues/256)) ([`5d7307b`](https://github.com/actions/create-github-app-token/commit/5d7307be63501c0070c634b0ae8fec74e8208130)) * deps: bump glob from 10.4.5 to 10.5.0 ([#305](https://github.com/actions/create-github-app-token/issues/305)) ([`5480f43`](https://github.com/actions/create-github-app-token/commit/5480f4325a18c025ee16d7e081413854624e9edc)) * deps: bump p-retry from 6.2.1 to 7.1.0 ([#294](https://github.com/actions/create-github-app-token/issues/294)) ([`dce3be8`](https://github.com/actions/create-github-app-token/commit/dce3be8b284f45e65caed11a610e2bef738d15b4)) * deps: bump the production-dependencies group with 2 updates ([#292](https://github.com/actions/create-github-app-token/issues/292)) ([`55e2a4b`](https://github.com/actions/create-github-app-token/commit/55e2a4b2ccaaa8364303e6ab9f77e31ad02298e5)) * deps: bump the production-dependencies group with 2 updates ([#311](https://github.com/actions/create-github-app-token/issues/311)) ([`b212e6a`](https://github.com/actions/create-github-app-token/commit/b212e6a739dec02d8488610fbaf8f049f82ee999)) * deps: bump undici from 7.8.0 to 7.10.0 in the production-dependencies group ([#254](https://github.com/actions/create-github-app-token/issues/254)) ([`f3d5ec2`](https://github.com/actions/create-github-app-token/commit/f3d5ec20739b0cf6f0d52e5a051b65484c378ec9)) ### Features * update permission inputs ([#296](https://github.com/actions/create-github-app-token/issues/296)) ([`d90aa53`](https://github.com/actions/create-github-app-token/commit/d90aa532332d33f6dc9656fd4491a98441595a37))	2026-03-13 06:27:07 +00:00
Parker Brown	b60ed23e06	Merge branch 'main' into beta	2026-03-12 23:26:03 -07:00
semantic-release-bot	d28ad69b67	build(release): 3.0.0-beta.3 [skip ci] # [3.0.0-beta.3](https://github.com/actions/create-github-app-token/compare/v3.0.0-beta.2...v3.0.0-beta.3) (2026-03-13) ### Bug Fixes * require `NODE_USE_ENV_PROXY` for proxy support ([#342](https://github.com/actions/create-github-app-token/issues/342)) ([`54e58b6`](https://github.com/actions/create-github-app-token/commit/54e58b612c0c4e52564c3c87486532017ad95b22))	2026-03-13 06:19:27 +00:00
Parker Brown	54e58b612c	fix: require `NODE_USE_ENV_PROXY` for proxy support (#342 ) This PR switches proxy support to Node's native env-proxy handling and makes the required configuration explicit. ## What changed - fail fast in both `main` and `post` when proxy configuration is present without `NODE_USE_ENV_PROXY=1` - document the supported proxy configuration in `README.md` - add regression tests for the proxy guard in both entrypoints - keep the existing successful end-to-end coverage and add a smaller proxy-specific workflow check that enables native proxy support, points `https_proxy` at an unreachable proxy, and asserts the action fails - update the test workflow so the same checks also run on pushes to `beta` ## Proxy configuration When using `HTTP_PROXY` or `HTTPS_PROXY`, set `NODE_USE_ENV_PROXY=1` on the action step. If you need bypass rules, set `NO_PROXY` alongside them. --------- Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>	2026-03-12 23:18:56 -07:00
semantic-release-bot	bf559f8544	build(release): 3.0.0-beta.2 [skip ci] # [3.0.0-beta.2](https://github.com/actions/create-github-app-token/compare/v3.0.0-beta.1...v3.0.0-beta.2) (2025-08-22) ### Bug Fixes * remove custom proxy handling ([#143](https://github.com/actions/create-github-app-token/issues/143)) ([`cda91bf`](https://github.com/actions/create-github-app-token/commit/cda91bf2b93cf1d3306b458b2a4f7fcd9de9175f)), closes [#134](https://github.com/actions/create-github-app-token/issues/134)	2025-08-22 19:16:51 +00:00
Parker Brown	cda91bf2b9	fix: remove custom proxy handling (#143 ) Undici has added native support for proxy handling, so it is no longer necessary for us to have our own custom proxy handling. Reverts #102 and resolves #134.	2025-08-22 12:16:16 -07:00
Parker Brown	2ae58da528	Disable semantic-release-plugin-github-breaking-version-tag https://github.com/gr2m/semantic-release-plugin-update-version-in-files/issues/52	2025-08-15 13:03:02 -07:00
semantic-release-bot	fb1c7fda2b	build(release): 3.0.0-beta.1 [skip ci] # [3.0.0-beta.1](https://github.com/actions/create-github-app-token/compare/v2.1.1...v3.0.0-beta.1) (2025-08-15) * feat!: node 24 support ([#275](https://github.com/actions/create-github-app-token/issues/275)) ([`6178938`](https://github.com/actions/create-github-app-token/commit/61789386cb26150ab580cab449a9ae053bb9fd24)) ### BREAKING CHANGES * Requires [Actions Runner v2.327.1](https://github.com/actions/runner/releases/tag/v2.327.1) or later if you are using a self-hosted runner.	2025-08-15 19:55:36 +00:00
Salman Chishti	61789386cb	feat!: node 24 support (#275 ) BREAKING CHANGE: Requires [Actions Runner v2.327.1](https://github.com/actions/runner/releases/tag/v2.327.1) or later if you are using a self-hosted runner. --------- Co-authored-by: Parker Brown <17183625+parkerbxyz@users.noreply.github.com>	2025-08-15 12:55:04 -07:00