dependabot[bot]
076e9480ca
feat: update permission inputs ( #358 )
...
Bumps [@octokit/openapi](https://github.com/octokit/openapi ) from 21.0.0
to 22.0.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/octokit/openapi/releases "><code>@octokit/openapi</code>'s
releases</a>.</em></p>
<blockquote>
<h2>v22.0.0</h2>
<h1><a
href="https://github.com/octokit/openapi/compare/v21.0.0...v22.0.0 ">22.0.0</a>
(2025-12-09)</h1>
<h3>Features</h3>
<ul>
<li>drop projects-classic endpoints, add GitHub API endpoints: cache
limits (retention & storage) for repos/orgs/enterprises, billing
budgets & usage, artifacts deployment metadata, and projectsV2
drafts & fields (<a
href="https://redirect.github.com/octokit/openapi/issues/518 ">#518</a>)
(<a
href="https://github.com/octokit/openapi/commit/b0c44a4ab1b07a5524890cef1e8321cfc430bebb ">b0c44a4</a>)</li>
</ul>
<h3>BREAKING CHANGES</h3>
<ul>
<li>Removed <code>/orgs/{org}/projects</code></li>
<li>Removed <code>/orgs/{org}/settings/billing/actions</code></li>
<li>Removed <code>/orgs/{org}/settings/billing/packages</code></li>
<li>Removed
<code>/orgs/{org}/settings/billing/shared-storage</code></li>
<li>Removed <code>/orgs/{org}/teams/{team_slug}/projects</code></li>
<li>Removed
<code>/orgs/{org}/teams/{team_slug}/projects/{project_id}</code></li>
<li>Removed <code>/projects/columns/{column_id}</code></li>
<li>Removed <code>/projects/columns/{column_id}/moves</code></li>
<li>Removed <code>/projects/{project_id}</code></li>
<li>Removed <code>/projects/{project_id}/collaborators</code></li>
<li>Removed
<code>/projects/{project_id}/collaborators/{username}</code></li>
<li>Removed
<code>/projects/{project_id}/collaborators/{username}/permission</code></li>
<li>Removed <code>/repos/{owner}/{repo}/projects</code></li>
<li>Removed <code>/teams/{team_id}/projects</code></li>
<li>Removed <code>/teams/{team_id}/projects/{project_id}</code></li>
<li>Removed <code>/user/projects</code></li>
<li>Removed <code>/users/{username}/projects</code></li>
<li>Removed <code>/users/{username}/settings/billing/actions</code></li>
<li>Removed
<code>/users/{username}/settings/billing/packages</code></li>
<li>Removed
<code>/users/{username}/settings/billing/shared-storage</code></li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/octokit/openapi/commit/6f63b86ab7d2057cb62574681918a34b3d43f66b "><code>6f63b86</code></a>
build(deps): lock file maintenance (<a
href="https://redirect.github.com/octokit/openapi/issues/520 ">#520</a>)</li>
<li><a
href="https://github.com/octokit/openapi/commit/b0c44a4ab1b07a5524890cef1e8321cfc430bebb "><code>b0c44a4</code></a>
feat: drop projects-classic endpoints, add GitHub API endpoints: cache
limits...</li>
<li><a
href="https://github.com/octokit/openapi/commit/a8043eb055618a1a9a779b6807bba796d9664604 "><code>a8043eb</code></a>
ci(action): update actions/checkout action to v6 (<a
href="https://redirect.github.com/octokit/openapi/issues/519 ">#519</a>)</li>
<li><a
href="https://github.com/octokit/openapi/commit/af315cd293aac70c81874623769bdb091da614be "><code>af315cd</code></a>
build(deps): lock file maintenance (<a
href="https://redirect.github.com/octokit/openapi/issues/514 ">#514</a>)</li>
<li><a
href="https://github.com/octokit/openapi/commit/170f3965b9432f4171117aacb6b88339d5c2a937 "><code>170f396</code></a>
build(deps-dev): bump js-yaml from 4.1.0 to 4.1.1 (<a
href="https://redirect.github.com/octokit/openapi/issues/516 ">#516</a>)</li>
<li><a
href="https://github.com/octokit/openapi/commit/077a1b94a2e77bf56fa07ed8dc112055958b97ab "><code>077a1b9</code></a>
build(deps): lock file maintenance (<a
href="https://redirect.github.com/octokit/openapi/issues/508 ">#508</a>)</li>
<li><a
href="https://github.com/octokit/openapi/commit/cfca956d308018be25c1405b52c6a4b8c924bdd6 "><code>cfca956</code></a>
ci(action): update github/codeql-action action to v4 (<a
href="https://redirect.github.com/octokit/openapi/issues/510 ">#510</a>)</li>
<li><a
href="https://github.com/octokit/openapi/commit/f15da93d54d4de07c1025b0984c5613a8ddd8acd "><code>f15da93</code></a>
ci(action): update peter-evans/create-or-update-comment action to v5 (<a
href="https://redirect.github.com/octokit/openapi/issues/509 ">#509</a>)</li>
<li><a
href="https://github.com/octokit/openapi/commit/64bef332f5e1b11ead74082d8aaf0376409de9d0 "><code>64bef33</code></a>
chore(deps): update dependency map-obj to v6 (<a
href="https://redirect.github.com/octokit/openapi/issues/507 ">#507</a>)</li>
<li><a
href="https://github.com/octokit/openapi/commit/4e8e223e564f467a455d7f39de15a0fb233f189e "><code>4e8e223</code></a>
chore(deps): update dependency github-enterprise-server-versions to v3
(<a
href="https://redirect.github.com/octokit/openapi/issues/511 ">#511</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/octokit/openapi/compare/v21.0.0...v22.0.0 ">compare
view</a></li>
</ul>
</details>
<details>
<summary>Maintainer changes</summary>
<p>This version was pushed to npm by [GitHub Actions](<a
href="https://www.npmjs.com/~GitHub ">https://www.npmjs.com/~GitHub </a>
Actions), a new releaser for <code>@octokit/openapi</code> since your
current version.</p>
</details>
<br />
Resolves https://github.com/github/gh-aw/issues/18921 .
---------
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-04-10 17:35:53 -07:00
Salman Chishti
2e564a0bb8
feat!: node 24 support ( #275 )
...
BREAKING CHANGE: Requires [Actions Runner v2.327.1](https://github.com/actions/runner/releases/tag/v2.327.1 ) or later if you are using a self-hosted runner.
---------
Co-authored-by: Parker Brown <17183625+parkerbxyz@users.noreply.github.com >
(cherry picked from commit 61789386cb )
2026-03-13 17:21:42 -07:00
dependabot[bot]
d90aa53233
feat: update permission inputs ( #296 )
...
Bumps [@octokit/openapi](https://github.com/octokit/openapi ) from 19.1.0
to 21.0.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/octokit/openapi/releases "><code>@octokit/openapi</code>'s
releases</a>.</em></p>
<blockquote>
<h2>v20.0.0</h2>
<h1><a
href="https://github.com/octokit/openapi/compare/v19.1.0...v20.0.0 ">20.0.0</a>
(2025-09-16)</h1>
<h3>chore</h3>
<ul>
<li><strong>deps:</strong> update dependency sort-keys to v6 (<a
href="https://redirect.github.com/octokit/openapi/issues/500 ">#500</a>)
(<a
href="https://github.com/octokit/openapi/commit/262f87fe9825559a2c6edb2bf6534eab4622ee28 ">262f87f</a>)</li>
</ul>
<h3>Features</h3>
<ul>
<li>new Projects v2 endpoints, new code scanning dismissal endpoints,
many other endpoints (<a
href="https://redirect.github.com/octokit/openapi/issues/503 ">#503</a>)
(<a
href="https://github.com/octokit/openapi/commit/0b92729176bd70d4d5274a765fa00107dfd5017d ">0b92729</a>)</li>
</ul>
<h3>BREAKING CHANGES</h3>
<ul>
<li><strong>deps:</strong> Remove GHES 3.13</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/octokit/openapi/commit/262f87fe9825559a2c6edb2bf6534eab4622ee28 "><code>262f87f</code></a>
chore(deps): update dependency sort-keys to v6 (<a
href="https://redirect.github.com/octokit/openapi/issues/500 ">#500</a>)</li>
<li><a
href="https://github.com/octokit/openapi/commit/0b92729176bd70d4d5274a765fa00107dfd5017d "><code>0b92729</code></a>
feat: new Projects v2 endpoints, new code scanning dismissal endpoints,
many ...</li>
<li><a
href="https://github.com/octokit/openapi/commit/a74dd44fb2a8c3c20e7143eb71ddaf86b9b0e639 "><code>a74dd44</code></a>
chore(deps): update dependency <code>@octokit/core</code> to v7 (<a
href="https://redirect.github.com/octokit/openapi/issues/496 ">#496</a>)</li>
<li><a
href="https://github.com/octokit/openapi/commit/3a7a9ea8cc65a3f7fa27436a2072080b565ab207 "><code>3a7a9ea</code></a>
build(deps): lock file maintenance (<a
href="https://redirect.github.com/octokit/openapi/issues/498 ">#498</a>)</li>
<li><a
href="https://github.com/octokit/openapi/commit/d6be26fc7e8cd0eb798a512c5107d16ccb2aacb4 "><code>d6be26f</code></a>
ci(action): update actions/checkout action to v5 (<a
href="https://redirect.github.com/octokit/openapi/issues/499 ">#499</a>)</li>
<li><a
href="https://github.com/octokit/openapi/commit/6ae358ed6fb0a184cc75e2dab1f06079ff20d66b "><code>6ae358e</code></a>
ci(action): update actions/setup-node action to v5 (<a
href="https://redirect.github.com/octokit/openapi/issues/502 ">#502</a>)</li>
<li><a
href="https://github.com/octokit/openapi/commit/f02c5e21bac37e778aedac8ba39b4d62c4b6a7a5 "><code>f02c5e2</code></a>
ci(action): update gr2m/release-notifier-action action to v2 (<a
href="https://redirect.github.com/octokit/openapi/issues/501 ">#501</a>)</li>
<li>See full diff in <a
href="https://github.com/octokit/openapi/compare/v19.1.0...v20.0.0 ">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores )
You can trigger a rebase of this PR by commenting `@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
> **Note**
> Automatic rebases have been disabled on this pull request as it has
been open for over 30 days.
---------
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Parker Brown <17183625+parkerbxyz@users.noreply.github.com >
2025-11-21 15:49:50 -08:00
Parker Brown
5204204e81
fix: revert "use node24 as runner" ( #278 )
...
Reverts actions/create-github-app-token#267 and fixes
https://github.com/actions/create-github-app-token/issues/274 .
2025-08-11 08:29:29 -07:00
Salman Chishti
a1cbe0fa3c
feat: use node24 as runner ( #267 )
...
Upgrade to node 24 as runners have node 24 support: https://github.com/actions/runner/pull/3940
2025-08-08 16:08:23 -07:00
Yuta Kasai
c3c17c79cc
fix: use core.getBooleanInput() to retrieve boolean input values ( #223 )
...
This PR switches from evaluating values passed to `skip-token-revoke` as
true if they are truthy in JavaScript, to using `getBooleanInput`. This
change ensures that only proper YAML boolean values are recognized,
preventing unintended evaluations to true.
- The definition of `getBooleanInput` is here: definition of
`core#getBooealnInput` is here:
https://github.com/actions/toolkit/blob/930c89072712a3aac52d74b23338f00bb0cfcb24/packages/core/src/core.ts#L188-L208
The documentation states, `"If truthy, the token will not be revoked
when the current job is complete"`, so this change could be considered a
breaking change. This means that if there are users who rely on `truthy`
and expect values like whitespace or `"false"` to be evaluated as true
(though this is likely rare), it would be a breaking change.
- `Boolean(" ")` and `Boolean("false")` are both evaluated as true.
Alternatively, it can simply be considered a fix. How to handle this is
up to the maintainer.
Resolves https://github.com/actions/create-github-app-token/issues/216
2025-04-25 11:59:34 -07:00
dependabot[bot]
f17d09a7b5
build(deps-dev): bump the development-dependencies group with 3 updates ( #225 )
...
Bumps the development-dependencies group with 3 updates: [@octokit/openapi](https://github.com/octokit/openapi ),
[esbuild](https://github.com/evanw/esbuild ), and [yaml](https://github.com/eemeli/yaml ).
2025-04-03 15:30:01 -07:00
Parker Brown
5cc811bc40
feat!: remove deprecated inputs ( #213 )
...
BREAKING CHANGE: Removed deprecated inputs (`app_id`, `private_key`, `skip_token_revoke`) and made `app-id` and `private-key` required in the action configuration.
2025-04-03 12:09:57 -07:00
Gregor Martynus
0e0aa99a86
feat: permissions ( #168 )
...
- Load `app-permissions` from schema exported by `@octokit/openapi`
- Update documentation in README.md
- Implement the `permissions_*` inputs in the action code
---------
Co-authored-by: Parker Brown <17183625+parkerbxyz@users.noreply.github.com >
2025-03-27 19:00:54 +00:00
Peter Evans
796b88dc58
feat: allow repositories input to be comma or newline-separated ( #169 )
...
Resolves https://github.com/actions/create-github-app-token/issues/106
- Fixes the parsing to cope with whitespace in the input string.
- Allows the input to be comma or newline-separated. (I've done this for
all array-type inputs in my own actions, but I'm happy to remove this if
you only want to support comma-separated.)
- Added tests for parsing comma and newline-separated inputs.
2024-09-11 13:54:50 -07:00
Martin Costello
d9bc16919c
fix: clarify owner input description ( #118 )
2024-03-25 09:53:54 -07:00
沙漠之子
babaff4320
feat(outputs): app-slug and installation-id ( #105 )
...
It is convenient to use `https://api.github.com/users/$app_slug[bot] ` to
obtain the corresponding account ID later.
Then build `Signed-off-by: $app_slug[bot]
<$id+$app_slug[bot]@users.noreply.github.com>`.
Currently, there is no Linux environment to build test snapshot files
2024-03-01 19:18:38 +00:00
Gregor Martynus
837e2752e0
feat: github-api-url ( #88 )
...
closes #77
---------
Co-authored-by: Parker Brown <17183625+parkerbxyz@users.noreply.github.com >
2024-01-26 10:51:16 -08:00
Clay Miller
7b1d2aef87
feat: use dash notation for inputs (deprecates underscore notation) ( #59 )
...
Fixes #57
This PR implements the 3-step plan proposed by @gr2m in
https://github.com/actions/create-github-app-token/issues/57#issuecomment-1751272252 :
> 1. Support both input types
> 2. Log a deprecation warning for the old notation
> 3. Add a test for deprecations
Although this PR supports both input formats simultaneously, I opted
_not_ to document the old format in the updated README. That’s a
decision I’m happy to revisit, if y’all would prefer to have
documentation for both the old and new formats.
2023-10-06 13:10:49 -07:00
Clay Miller
9ec88c41ee
feat: Add a skip_token_revoke input for configuring token revocation ( #54 )
...
Fixes https://github.com/actions/create-github-app-token/issues/55
Currently, `actions/create-github-app-token` always/unconditionally
revokes the installation access token in a `post` step, at the
completion of the current job. This prevents tokens from being used in
other jobs.
This PR makes this behavior configurable:
- When the `skip-token-revoke` input is not specified (i.e. by default),
the token is revoked in a `post` step (i.e. the current behavior).
- When the `skip-token-revoke` input is set to a truthy value (e.g.
`"true"`[^1]), the token is not revoked in a `post` step.
This PR adds a test for the `skip-token-revoke: "true"` case.
This is configurable in other app token actions, e.g.
[tibdex/github-app-token](https://github.com/tibdex/github-app-token/blob/3eb77c7243b85c65e84acfa93fdbac02fb6bd532/README.md?plain=1#L46-L47 )
and
[wow-actions/use-app-token](https://github.com/wow-actions/use-app-token/blob/cd772994fc762f99cf291f308797341327a49b0c/README.md?plain=1#L132 ).
[^1]: Note that `"false"` is also truthy: `Boolean("false")` is `true`.
If we think that’ll potentially confuse folks, I can require
`skip-token-revoke` to be set explicitly to `"true"`.
2023-10-06 09:10:49 -07:00
Tim Reimherr
20fd86373f
feat: support tokens scoped to multiple repositories within organization ( #46 )
...
Co-authored-by: Gregor Martynus <39992+gr2m@users.noreply.github.com >
Co-authored-by: Parker Brown <17183625+parkerbxyz@users.noreply.github.com >
2023-10-03 22:28:48 -07:00
Gregor Martynus
803e078eb5
feat: use node20 as runner ( #23 )
...
test / test (push) Has been cancelled
should be available now as per
https://github.com/actions/runner/issues/2619#issuecomment-1679003443
2023-08-22 10:24:39 -07:00
Gregor Martynus
12aa81137b
fix(action-config): prepare for release to marketplace ( #10 )
...
test / test (push) Has been cancelled
https://github.com/marketplace/actions/github-app-token is taken, hence
the rename
---------
Co-authored-by: Parker Brown <17183625+parkerbxyz@users.noreply.github.com >
2023-08-21 14:32:39 -07:00
Gregor Martynus
f45685208f
feat: initial version ( #1 )
...
/ demo (push) Has been cancelled
Co-authored-by: Parker Brown <17183625+parkerbxyz@users.noreply.github.com >
Co-authored-by: Gregor Martynus <gr2m@users.noreply.github.com >
2023-06-08 17:04:10 -07:00