Yuta Kasai
c3c17c79cc
This PR switches from evaluating values passed to `skip-token-revoke` as true if they are truthy in JavaScript, to using `getBooleanInput`. This change ensures that only proper YAML boolean values are recognized, preventing unintended evaluations to true. - The definition of `getBooleanInput` is here: definition of `core#getBooealnInput` is here: https://github.com/actions/toolkit/blob/930c89072712a3aac52d74b23338f00bb0cfcb24/packages/core/src/core.ts#L188-L208 The documentation states, `"If truthy, the token will not be revoked when the current job is complete"`, so this change could be considered a breaking change. This means that if there are users who rely on `truthy` and expect values like whitespace or `"false"` to be evaluated as true (though this is likely rare), it would be a breaking change. - `Boolean(" ")` and `Boolean("false")` are both evaluated as true. Alternatively, it can simply be considered a fix. How to handle this is up to the maintainer. Resolves https://github.com/actions/create-github-app-token/issues/216
Tests
Add one test file per scenario. You can run them in isolation with:
node tests/post-token-set.test.js
All tests are run together in tests/index.js, which can be executed with ava
npx ava tests/index.js
or with npm
npm test
How the tests work
The output from the tests is captured into a snapshot (tests/snapshots/index.js.md). It includes all requests sent by our scripts to verify it's working correctly and to prevent regressions.
How to add a new test
We have tests both for the main.js and post.js scripts.
- If you do not expect an error, take main-token-permissions-set.test.js as a starting point.
- If your test has an expected error, take main-missing-app-id.test.js as a starting point.