From 37f42c53d0b4735d71328a571d5d0cc819da64c1 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Wed, 18 Mar 2026 20:32:46 +0000 Subject: [PATCH] feat: add client-id input and deprecate app-id Co-authored-by: parkerbxyz <17183625+parkerbxyz@users.noreply.github.com> --- README.md | 39 ++++++++++++-------- action.yml | 8 +++- dist/main.cjs | 5 ++- main.js | 5 ++- tests/README.md | 2 +- tests/index.js.snapshot | 17 +++++++++ tests/main-client-id.test.js | 15 +++++--- tests/main-missing-client-and-app-id.test.js | 14 +++++++ 8 files changed, 80 insertions(+), 25 deletions(-) create mode 100644 tests/main-missing-client-and-app-id.test.js diff --git a/README.md b/README.md index fc4eced..4ce91a8 100644 --- a/README.md +++ b/README.md @@ -9,10 +9,10 @@ GitHub Action for creating a GitHub App installation access token. In order to use this action, you need to: 1. [Register new GitHub App](https://docs.github.com/apps/creating-github-apps/setting-up-a-github-app/creating-a-github-app). -2. [Store the App's Client ID (recommended) or App ID in your repository environment variables](https://docs.github.com/actions/learn-github-actions/variables#defining-configuration-variables-for-multiple-workflows) (example: `APP_ID`). +2. [Store the App's Client ID in your repository environment variables](https://docs.github.com/actions/learn-github-actions/variables#defining-configuration-variables-for-multiple-workflows) (example: `APP_CLIENT_ID`). 3. [Store the App's private key in your repository secrets](https://docs.github.com/actions/security-guides/encrypted-secrets?tool=webui#creating-encrypted-secrets-for-a-repository) (example: `PRIVATE_KEY`). -Pass the App's Client ID or App ID using the `app-id` input. GitHub recommends using the Client ID when available. +Pass the App's Client ID using the `client-id` input. The legacy `app-id` input remains available for compatibility, but is deprecated. > [!IMPORTANT] > An installation access token expires after 1 hour. Please [see this comment](https://github.com/actions/create-github-app-token/issues/121#issuecomment-2043214796) for alternative approaches if you have long-running processes. @@ -33,7 +33,7 @@ jobs: - uses: actions/create-github-app-token@v3 id: app-token with: - app-id: ${{ vars.APP_ID }} + client-id: ${{ vars.APP_CLIENT_ID }} private-key: ${{ secrets.PRIVATE_KEY }} - uses: ./actions/staging-tests with: @@ -53,7 +53,7 @@ jobs: id: app-token with: # required - app-id: ${{ vars.APP_ID }} + client-id: ${{ vars.APP_CLIENT_ID }} private-key: ${{ secrets.PRIVATE_KEY }} - uses: actions/checkout@v6 with: @@ -79,7 +79,7 @@ jobs: id: app-token with: # required - app-id: ${{ vars.APP_ID }} + client-id: ${{ vars.APP_CLIENT_ID }} private-key: ${{ secrets.PRIVATE_KEY }} - name: Get GitHub App User ID id: get-user-id @@ -104,7 +104,7 @@ jobs: id: app-token with: # required - app-id: ${{ vars.APP_ID }} + client-id: ${{ vars.APP_CLIENT_ID }} private-key: ${{ secrets.PRIVATE_KEY }} - name: Get GitHub App User ID id: get-user-id @@ -140,7 +140,7 @@ jobs: - uses: actions/create-github-app-token@v3 id: app-token with: - app-id: ${{ vars.APP_ID }} + client-id: ${{ vars.APP_CLIENT_ID }} private-key: ${{ secrets.PRIVATE_KEY }} owner: ${{ github.repository_owner }} - uses: peter-evans/create-or-update-comment@v4 @@ -162,7 +162,7 @@ jobs: - uses: actions/create-github-app-token@v3 id: app-token with: - app-id: ${{ vars.APP_ID }} + client-id: ${{ vars.APP_CLIENT_ID }} private-key: ${{ secrets.PRIVATE_KEY }} owner: ${{ github.repository_owner }} repositories: | @@ -187,7 +187,7 @@ jobs: - uses: actions/create-github-app-token@v3 id: app-token with: - app-id: ${{ vars.APP_ID }} + client-id: ${{ vars.APP_CLIENT_ID }} private-key: ${{ secrets.PRIVATE_KEY }} owner: another-owner - uses: peter-evans/create-or-update-comment@v4 @@ -212,7 +212,7 @@ jobs: - uses: actions/create-github-app-token@v3 id: app-token with: - app-id: ${{ vars.APP_ID }} + client-id: ${{ vars.APP_CLIENT_ID }} private-key: ${{ secrets.PRIVATE_KEY }} owner: ${{ github.repository_owner }} permission-issues: write @@ -254,7 +254,7 @@ jobs: - uses: actions/create-github-app-token@v3 id: app-token with: - app-id: ${{ vars.APP_ID }} + client-id: ${{ vars.APP_CLIENT_ID }} private-key: ${{ secrets.PRIVATE_KEY }} owner: ${{ matrix.owners-and-repos.owner }} repositories: ${{ join(matrix.owners-and-repos.repos) }} @@ -283,7 +283,7 @@ jobs: id: create_token uses: actions/create-github-app-token@v3 with: - app-id: ${{ vars.GHES_APP_ID }} + client-id: ${{ vars.GHES_APP_CLIENT_ID }} private-key: ${{ secrets.GHES_APP_PRIVATE_KEY }} owner: ${{ vars.GHES_INSTALLATION_ORG }} github-api-url: ${{ vars.GITHUB_API_URL }} @@ -312,15 +312,24 @@ If you set `HTTP_PROXY` or `HTTPS_PROXY`, also set `NODE_USE_ENV_PROXY: "1"` on NO_PROXY: github.example.com NODE_USE_ENV_PROXY: "1" with: - app-id: ${{ vars.APP_ID }} + client-id: ${{ vars.APP_CLIENT_ID }} private-key: ${{ secrets.PRIVATE_KEY }} ``` ## Inputs +### `client-id` + +**Optional:** GitHub App Client ID. This is the recommended input. + ### `app-id` -**Required:** GitHub App Client ID or App ID. GitHub recommends using the Client ID when available. +**Optional:** GitHub App ID. + +> [!WARNING] +> `app-id` is deprecated. Use `client-id` instead. + +You must set either `client-id` or `app-id`. If both are set, `client-id` takes precedence. ### `private-key` @@ -340,7 +349,7 @@ steps: id: app-token uses: actions/create-github-app-token@v3 with: - app-id: ${{ vars.APP_ID }} + client-id: ${{ vars.APP_CLIENT_ID }} private-key: ${{ steps.decode.outputs.private-key }} ``` diff --git a/action.yml b/action.yml index e614e7e..e5b2ddd 100644 --- a/action.yml +++ b/action.yml @@ -5,9 +5,13 @@ branding: icon: "lock" color: "gray-dark" inputs: + client-id: + description: "GitHub App Client ID" + required: false app-id: - description: "GitHub App ID or Client ID" - required: true + description: "GitHub App ID" + required: false + deprecationMessage: "Use 'client-id' instead." private-key: description: "GitHub App private key" required: true diff --git a/dist/main.cjs b/dist/main.cjs index e2674f2..d2baf2c 100644 --- a/dist/main.cjs +++ b/dist/main.cjs @@ -23307,7 +23307,10 @@ if (!process.env.GITHUB_REPOSITORY_OWNER) { } async function run() { ensureNativeProxySupport(); - const appId = getInput("app-id"); + const appId = getInput("client-id") || getInput("app-id"); + if (!appId) { + throw new Error("Either 'client-id' or 'app-id' input must be set"); + } const privateKey = getInput("private-key"); const owner = getInput("owner"); const repositories = getInput("repositories").split(/[\n,]+/).map((s) => s.trim()).filter((x) => x !== ""); diff --git a/main.js b/main.js index d8ebee4..03e6330 100644 --- a/main.js +++ b/main.js @@ -18,7 +18,10 @@ if (!process.env.GITHUB_REPOSITORY_OWNER) { async function run() { ensureNativeProxySupport(); - const appId = core.getInput("app-id"); + const appId = core.getInput("client-id") || core.getInput("app-id"); + if (!appId) { + throw new Error("Either 'client-id' or 'app-id' input must be set"); + } const privateKey = core.getInput("private-key"); const owner = core.getInput("owner"); const repositories = core diff --git a/tests/README.md b/tests/README.md index 2eeeb7d..4222199 100644 --- a/tests/README.md +++ b/tests/README.md @@ -33,4 +33,4 @@ node --test --test-update-snapshots tests/index.js We have tests both for the `main.js` and `post.js` scripts. - If you do not expect an error, take [main-token-permissions-set.test.js](tests/main-token-permissions-set.test.js) as a starting point. -- If your test has an expected error, take [main-missing-app-id.test.js](tests/main-missing-app-id.test.js) as a starting point. +- If your test has an expected error, take [main-missing-client-and-app-id.test.js](tests/main-missing-client-and-app-id.test.js) as a starting point. diff --git a/tests/index.js.snapshot b/tests/index.js.snapshot index e230cee..965c139 100644 --- a/tests/index.js.snapshot +++ b/tests/index.js.snapshot @@ -1,3 +1,7 @@ +exports[`action-deprecated-inputs.test.js > stdout 1`] = ` +app-id — Use 'client-id' instead. +`; + exports[`main-client-id.test.js > stdout 1`] = ` Inputs 'owner' and 'repositories' are not set. Creating token for this repository (actions/create-github-app-token). ::add-mask::ghs_16C7e42F292c6912E7710c838347Ae178B4a @@ -34,6 +38,19 @@ POST /api/v3/app/installations/123456/access_tokens {"repositories":["create-github-app-token"]} `; +exports[`main-missing-client-and-app-id.test.js > stderr 1`] = ` +Error: Either 'client-id' or 'app-id' input must be set + at run (file:///home/runner/work/create-github-app-token/create-github-app-token/main.js:23:11) + at file:///home/runner/work/create-github-app-token/create-github-app-token/main.js:51:16 + at ModuleJob.run (node:internal/modules/esm/module_job:430:25) + at async onImport.tracePromise.__proto__ (node:internal/modules/esm/loader:661:26) + at async file:///home/runner/work/create-github-app-token/create-github-app-token/tests/main-missing-client-and-app-id.test.js:12:30 +`; + +exports[`main-missing-client-and-app-id.test.js > stdout 1`] = ` +::error::Either 'client-id' or 'app-id' input must be set +`; + exports[`main-missing-owner.test.js > stderr 1`] = ` GITHUB_REPOSITORY_OWNER missing, must be set to '' `; diff --git a/tests/main-client-id.test.js b/tests/main-client-id.test.js index 7af6c91..78d96e7 100644 --- a/tests/main-client-id.test.js +++ b/tests/main-client-id.test.js @@ -1,6 +1,11 @@ -import { test } from "./main.js"; +import { DEFAULT_ENV, test } from "./main.js"; -// Verify `main` accepts a GitHub App client ID via the `app-id` input -await test(() => { - process.env["INPUT_APP-ID"] = "Iv1.0123456789abcdef"; -}); +// Verify `main` accepts a GitHub App client ID via the `client-id` input +await test( + () => {}, + { + ...DEFAULT_ENV, + "INPUT_CLIENT-ID": "Iv1.0123456789abcdef", + "INPUT_APP-ID": "", + } +); diff --git a/tests/main-missing-client-and-app-id.test.js b/tests/main-missing-client-and-app-id.test.js new file mode 100644 index 0000000..f7a9c30 --- /dev/null +++ b/tests/main-missing-client-and-app-id.test.js @@ -0,0 +1,14 @@ +import { DEFAULT_ENV } from "./main.js"; + +for (const [key, value] of Object.entries({ + ...DEFAULT_ENV, + "INPUT_CLIENT-ID": "", + "INPUT_APP-ID": "", +})) { + process.env[key] = value; +} + +// Verify `main` exits with an error when neither `client-id` nor `app-id` is set. +const { default: promise } = await import("../main.js"); +await promise; +process.exitCode = 0;