feat: add client-id input and deprecate app-id
Co-authored-by: parkerbxyz <17183625+parkerbxyz@users.noreply.github.com>
This commit is contained in:
@@ -9,10 +9,10 @@ GitHub Action for creating a GitHub App installation access token.
|
||||
In order to use this action, you need to:
|
||||
|
||||
1. [Register new GitHub App](https://docs.github.com/apps/creating-github-apps/setting-up-a-github-app/creating-a-github-app).
|
||||
2. [Store the App's Client ID (recommended) or App ID in your repository environment variables](https://docs.github.com/actions/learn-github-actions/variables#defining-configuration-variables-for-multiple-workflows) (example: `APP_ID`).
|
||||
2. [Store the App's Client ID in your repository environment variables](https://docs.github.com/actions/learn-github-actions/variables#defining-configuration-variables-for-multiple-workflows) (example: `APP_CLIENT_ID`).
|
||||
3. [Store the App's private key in your repository secrets](https://docs.github.com/actions/security-guides/encrypted-secrets?tool=webui#creating-encrypted-secrets-for-a-repository) (example: `PRIVATE_KEY`).
|
||||
|
||||
Pass the App's Client ID or App ID using the `app-id` input. GitHub recommends using the Client ID when available.
|
||||
Pass the App's Client ID using the `client-id` input. The legacy `app-id` input remains available for compatibility, but is deprecated.
|
||||
|
||||
> [!IMPORTANT]
|
||||
> An installation access token expires after 1 hour. Please [see this comment](https://github.com/actions/create-github-app-token/issues/121#issuecomment-2043214796) for alternative approaches if you have long-running processes.
|
||||
@@ -33,7 +33,7 @@ jobs:
|
||||
- uses: actions/create-github-app-token@v3
|
||||
id: app-token
|
||||
with:
|
||||
app-id: ${{ vars.APP_ID }}
|
||||
client-id: ${{ vars.APP_CLIENT_ID }}
|
||||
private-key: ${{ secrets.PRIVATE_KEY }}
|
||||
- uses: ./actions/staging-tests
|
||||
with:
|
||||
@@ -53,7 +53,7 @@ jobs:
|
||||
id: app-token
|
||||
with:
|
||||
# required
|
||||
app-id: ${{ vars.APP_ID }}
|
||||
client-id: ${{ vars.APP_CLIENT_ID }}
|
||||
private-key: ${{ secrets.PRIVATE_KEY }}
|
||||
- uses: actions/checkout@v6
|
||||
with:
|
||||
@@ -79,7 +79,7 @@ jobs:
|
||||
id: app-token
|
||||
with:
|
||||
# required
|
||||
app-id: ${{ vars.APP_ID }}
|
||||
client-id: ${{ vars.APP_CLIENT_ID }}
|
||||
private-key: ${{ secrets.PRIVATE_KEY }}
|
||||
- name: Get GitHub App User ID
|
||||
id: get-user-id
|
||||
@@ -104,7 +104,7 @@ jobs:
|
||||
id: app-token
|
||||
with:
|
||||
# required
|
||||
app-id: ${{ vars.APP_ID }}
|
||||
client-id: ${{ vars.APP_CLIENT_ID }}
|
||||
private-key: ${{ secrets.PRIVATE_KEY }}
|
||||
- name: Get GitHub App User ID
|
||||
id: get-user-id
|
||||
@@ -140,7 +140,7 @@ jobs:
|
||||
- uses: actions/create-github-app-token@v3
|
||||
id: app-token
|
||||
with:
|
||||
app-id: ${{ vars.APP_ID }}
|
||||
client-id: ${{ vars.APP_CLIENT_ID }}
|
||||
private-key: ${{ secrets.PRIVATE_KEY }}
|
||||
owner: ${{ github.repository_owner }}
|
||||
- uses: peter-evans/create-or-update-comment@v4
|
||||
@@ -162,7 +162,7 @@ jobs:
|
||||
- uses: actions/create-github-app-token@v3
|
||||
id: app-token
|
||||
with:
|
||||
app-id: ${{ vars.APP_ID }}
|
||||
client-id: ${{ vars.APP_CLIENT_ID }}
|
||||
private-key: ${{ secrets.PRIVATE_KEY }}
|
||||
owner: ${{ github.repository_owner }}
|
||||
repositories: |
|
||||
@@ -187,7 +187,7 @@ jobs:
|
||||
- uses: actions/create-github-app-token@v3
|
||||
id: app-token
|
||||
with:
|
||||
app-id: ${{ vars.APP_ID }}
|
||||
client-id: ${{ vars.APP_CLIENT_ID }}
|
||||
private-key: ${{ secrets.PRIVATE_KEY }}
|
||||
owner: another-owner
|
||||
- uses: peter-evans/create-or-update-comment@v4
|
||||
@@ -212,7 +212,7 @@ jobs:
|
||||
- uses: actions/create-github-app-token@v3
|
||||
id: app-token
|
||||
with:
|
||||
app-id: ${{ vars.APP_ID }}
|
||||
client-id: ${{ vars.APP_CLIENT_ID }}
|
||||
private-key: ${{ secrets.PRIVATE_KEY }}
|
||||
owner: ${{ github.repository_owner }}
|
||||
permission-issues: write
|
||||
@@ -254,7 +254,7 @@ jobs:
|
||||
- uses: actions/create-github-app-token@v3
|
||||
id: app-token
|
||||
with:
|
||||
app-id: ${{ vars.APP_ID }}
|
||||
client-id: ${{ vars.APP_CLIENT_ID }}
|
||||
private-key: ${{ secrets.PRIVATE_KEY }}
|
||||
owner: ${{ matrix.owners-and-repos.owner }}
|
||||
repositories: ${{ join(matrix.owners-and-repos.repos) }}
|
||||
@@ -283,7 +283,7 @@ jobs:
|
||||
id: create_token
|
||||
uses: actions/create-github-app-token@v3
|
||||
with:
|
||||
app-id: ${{ vars.GHES_APP_ID }}
|
||||
client-id: ${{ vars.GHES_APP_CLIENT_ID }}
|
||||
private-key: ${{ secrets.GHES_APP_PRIVATE_KEY }}
|
||||
owner: ${{ vars.GHES_INSTALLATION_ORG }}
|
||||
github-api-url: ${{ vars.GITHUB_API_URL }}
|
||||
@@ -312,15 +312,24 @@ If you set `HTTP_PROXY` or `HTTPS_PROXY`, also set `NODE_USE_ENV_PROXY: "1"` on
|
||||
NO_PROXY: github.example.com
|
||||
NODE_USE_ENV_PROXY: "1"
|
||||
with:
|
||||
app-id: ${{ vars.APP_ID }}
|
||||
client-id: ${{ vars.APP_CLIENT_ID }}
|
||||
private-key: ${{ secrets.PRIVATE_KEY }}
|
||||
```
|
||||
|
||||
## Inputs
|
||||
|
||||
### `client-id`
|
||||
|
||||
**Optional:** GitHub App Client ID. This is the recommended input.
|
||||
|
||||
### `app-id`
|
||||
|
||||
**Required:** GitHub App Client ID or App ID. GitHub recommends using the Client ID when available.
|
||||
**Optional:** GitHub App ID.
|
||||
|
||||
> [!WARNING]
|
||||
> `app-id` is deprecated. Use `client-id` instead.
|
||||
|
||||
You must set either `client-id` or `app-id`. If both are set, `client-id` takes precedence.
|
||||
|
||||
### `private-key`
|
||||
|
||||
@@ -340,7 +349,7 @@ steps:
|
||||
id: app-token
|
||||
uses: actions/create-github-app-token@v3
|
||||
with:
|
||||
app-id: ${{ vars.APP_ID }}
|
||||
client-id: ${{ vars.APP_CLIENT_ID }}
|
||||
private-key: ${{ steps.decode.outputs.private-key }}
|
||||
```
|
||||
|
||||
|
||||
+6
-2
@@ -5,9 +5,13 @@ branding:
|
||||
icon: "lock"
|
||||
color: "gray-dark"
|
||||
inputs:
|
||||
client-id:
|
||||
description: "GitHub App Client ID"
|
||||
required: false
|
||||
app-id:
|
||||
description: "GitHub App ID or Client ID"
|
||||
required: true
|
||||
description: "GitHub App ID"
|
||||
required: false
|
||||
deprecationMessage: "Use 'client-id' instead."
|
||||
private-key:
|
||||
description: "GitHub App private key"
|
||||
required: true
|
||||
|
||||
Vendored
+4
-1
@@ -23307,7 +23307,10 @@ if (!process.env.GITHUB_REPOSITORY_OWNER) {
|
||||
}
|
||||
async function run() {
|
||||
ensureNativeProxySupport();
|
||||
const appId = getInput("app-id");
|
||||
const appId = getInput("client-id") || getInput("app-id");
|
||||
if (!appId) {
|
||||
throw new Error("Either 'client-id' or 'app-id' input must be set");
|
||||
}
|
||||
const privateKey = getInput("private-key");
|
||||
const owner = getInput("owner");
|
||||
const repositories = getInput("repositories").split(/[\n,]+/).map((s) => s.trim()).filter((x) => x !== "");
|
||||
|
||||
@@ -18,7 +18,10 @@ if (!process.env.GITHUB_REPOSITORY_OWNER) {
|
||||
async function run() {
|
||||
ensureNativeProxySupport();
|
||||
|
||||
const appId = core.getInput("app-id");
|
||||
const appId = core.getInput("client-id") || core.getInput("app-id");
|
||||
if (!appId) {
|
||||
throw new Error("Either 'client-id' or 'app-id' input must be set");
|
||||
}
|
||||
const privateKey = core.getInput("private-key");
|
||||
const owner = core.getInput("owner");
|
||||
const repositories = core
|
||||
|
||||
+1
-1
@@ -33,4 +33,4 @@ node --test --test-update-snapshots tests/index.js
|
||||
We have tests both for the `main.js` and `post.js` scripts.
|
||||
|
||||
- If you do not expect an error, take [main-token-permissions-set.test.js](tests/main-token-permissions-set.test.js) as a starting point.
|
||||
- If your test has an expected error, take [main-missing-app-id.test.js](tests/main-missing-app-id.test.js) as a starting point.
|
||||
- If your test has an expected error, take [main-missing-client-and-app-id.test.js](tests/main-missing-client-and-app-id.test.js) as a starting point.
|
||||
|
||||
@@ -1,3 +1,7 @@
|
||||
exports[`action-deprecated-inputs.test.js > stdout 1`] = `
|
||||
app-id — Use 'client-id' instead.
|
||||
`;
|
||||
|
||||
exports[`main-client-id.test.js > stdout 1`] = `
|
||||
Inputs 'owner' and 'repositories' are not set. Creating token for this repository (actions/create-github-app-token).
|
||||
::add-mask::ghs_16C7e42F292c6912E7710c838347Ae178B4a
|
||||
@@ -34,6 +38,19 @@ POST /api/v3/app/installations/123456/access_tokens
|
||||
{"repositories":["create-github-app-token"]}
|
||||
`;
|
||||
|
||||
exports[`main-missing-client-and-app-id.test.js > stderr 1`] = `
|
||||
Error: Either 'client-id' or 'app-id' input must be set
|
||||
at run [90m(file:///home/runner/work/create-github-app-token/create-github-app-token/[39mmain.js:23:11[90m)[39m
|
||||
at [90mfile:///home/runner/work/create-github-app-token/create-github-app-token/[39mmain.js:51:16
|
||||
[90m at ModuleJob.run (node:internal/modules/esm/module_job:430:25)[39m
|
||||
[90m at async onImport.tracePromise.__proto__ (node:internal/modules/esm/loader:661:26)[39m
|
||||
at async [90mfile:///home/runner/work/create-github-app-token/create-github-app-token/[39mtests/main-missing-client-and-app-id.test.js:12:30
|
||||
`;
|
||||
|
||||
exports[`main-missing-client-and-app-id.test.js > stdout 1`] = `
|
||||
::error::Either 'client-id' or 'app-id' input must be set
|
||||
`;
|
||||
|
||||
exports[`main-missing-owner.test.js > stderr 1`] = `
|
||||
GITHUB_REPOSITORY_OWNER missing, must be set to '<owner>'
|
||||
`;
|
||||
|
||||
@@ -1,6 +1,11 @@
|
||||
import { test } from "./main.js";
|
||||
import { DEFAULT_ENV, test } from "./main.js";
|
||||
|
||||
// Verify `main` accepts a GitHub App client ID via the `app-id` input
|
||||
await test(() => {
|
||||
process.env["INPUT_APP-ID"] = "Iv1.0123456789abcdef";
|
||||
});
|
||||
// Verify `main` accepts a GitHub App client ID via the `client-id` input
|
||||
await test(
|
||||
() => {},
|
||||
{
|
||||
...DEFAULT_ENV,
|
||||
"INPUT_CLIENT-ID": "Iv1.0123456789abcdef",
|
||||
"INPUT_APP-ID": "",
|
||||
}
|
||||
);
|
||||
|
||||
@@ -0,0 +1,14 @@
|
||||
import { DEFAULT_ENV } from "./main.js";
|
||||
|
||||
for (const [key, value] of Object.entries({
|
||||
...DEFAULT_ENV,
|
||||
"INPUT_CLIENT-ID": "",
|
||||
"INPUT_APP-ID": "",
|
||||
})) {
|
||||
process.env[key] = value;
|
||||
}
|
||||
|
||||
// Verify `main` exits with an error when neither `client-id` nor `app-id` is set.
|
||||
const { default: promise } = await import("../main.js");
|
||||
await promise;
|
||||
process.exitCode = 0;
|
||||
Reference in New Issue
Block a user