Compare commits
15 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
| ea0d3155e4 | |||
| 37f42c53d0 | |||
| 8204e76db8 | |||
| e9da44231a | |||
| f8d387b68d | |||
| d2129bd463 | |||
| 77b94efc3e | |||
| 3ab4c66898 | |||
| 739cf66feb | |||
| db40289976 | |||
| 496a7ac4eb | |||
| 3870dc3051 | |||
| 4451bcbc13 | |||
| dce0ab05f3 | |||
| 2e564a0bb8 |
@@ -26,7 +26,6 @@ jobs:
|
||||
with:
|
||||
node-version-file: package.json
|
||||
|
||||
|
||||
- run: npm ci
|
||||
- run: npm run build
|
||||
- uses: ./
|
||||
|
||||
@@ -4,6 +4,7 @@ on:
|
||||
push:
|
||||
branches:
|
||||
- main
|
||||
- beta
|
||||
pull_request:
|
||||
merge_group:
|
||||
workflow_dispatch:
|
||||
@@ -33,7 +34,7 @@ jobs:
|
||||
name: end-to-end
|
||||
runs-on: ubuntu-latest
|
||||
# do not run from forks, as forks don’t have access to repository secrets
|
||||
if: github.event_name == 'merge_group' || github.event.pull_request.head.repo.owner.login == github.event.pull_request.base.repo.owner.login
|
||||
if: github.event_name != 'pull_request' || github.event.pull_request.head.repo.owner.login == github.event.pull_request.base.repo.owner.login
|
||||
steps:
|
||||
- uses: actions/checkout@v6
|
||||
- uses: actions/setup-node@v6
|
||||
@@ -53,3 +54,28 @@ jobs:
|
||||
with:
|
||||
route: GET /installation/repositories
|
||||
- run: echo '${{ steps.get-repository.outputs.data }}'
|
||||
|
||||
end-to-end-proxy:
|
||||
name: end-to-end with unreachable proxy
|
||||
runs-on: ubuntu-latest
|
||||
# do not run from forks, as forks don’t have access to repository secrets
|
||||
if: github.event_name != 'pull_request' || github.event.pull_request.head.repo.owner.login == github.event.pull_request.base.repo.owner.login
|
||||
steps:
|
||||
- uses: actions/checkout@v6
|
||||
- uses: actions/setup-node@v6
|
||||
with:
|
||||
node-version-file: package.json
|
||||
cache: 'npm'
|
||||
- run: npm ci
|
||||
- run: npm run build
|
||||
- uses: ./ # Uses the action in the root directory
|
||||
continue-on-error: true
|
||||
id: test
|
||||
env:
|
||||
NODE_USE_ENV_PROXY: "1"
|
||||
https_proxy: http://127.0.0.1:9
|
||||
with:
|
||||
app-id: ${{ vars.TEST_APP_ID }}
|
||||
private-key: ${{ secrets.TEST_APP_PRIVATE_KEY }}
|
||||
- name: Assert action failed through unreachable proxy
|
||||
run: test "${{ steps.test.outcome }}" = "failure"
|
||||
|
||||
@@ -1,4 +1,3 @@
|
||||
.env
|
||||
coverage
|
||||
node_modules/
|
||||
.DS_Store
|
||||
@@ -9,9 +9,11 @@ GitHub Action for creating a GitHub App installation access token.
|
||||
In order to use this action, you need to:
|
||||
|
||||
1. [Register new GitHub App](https://docs.github.com/apps/creating-github-apps/setting-up-a-github-app/creating-a-github-app).
|
||||
2. [Store the App's ID or Client ID in your repository environment variables](https://docs.github.com/actions/learn-github-actions/variables#defining-configuration-variables-for-multiple-workflows) (example: `APP_ID`).
|
||||
2. [Store the App's Client ID in your repository environment variables](https://docs.github.com/actions/learn-github-actions/variables#defining-configuration-variables-for-multiple-workflows) (example: `APP_CLIENT_ID`).
|
||||
3. [Store the App's private key in your repository secrets](https://docs.github.com/actions/security-guides/encrypted-secrets?tool=webui#creating-encrypted-secrets-for-a-repository) (example: `PRIVATE_KEY`).
|
||||
|
||||
Pass the App's Client ID using the `client-id` input. The legacy `app-id` input remains available for compatibility, but is deprecated.
|
||||
|
||||
> [!IMPORTANT]
|
||||
> An installation access token expires after 1 hour. Please [see this comment](https://github.com/actions/create-github-app-token/issues/121#issuecomment-2043214796) for alternative approaches if you have long-running processes.
|
||||
|
||||
@@ -28,10 +30,10 @@ jobs:
|
||||
hello-world:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- uses: actions/create-github-app-token@v2
|
||||
- uses: actions/create-github-app-token@v3
|
||||
id: app-token
|
||||
with:
|
||||
app-id: ${{ vars.APP_ID }}
|
||||
client-id: ${{ vars.APP_CLIENT_ID }}
|
||||
private-key: ${{ secrets.PRIVATE_KEY }}
|
||||
- uses: ./actions/staging-tests
|
||||
with:
|
||||
@@ -47,19 +49,19 @@ jobs:
|
||||
auto-format:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- uses: actions/create-github-app-token@v2
|
||||
- uses: actions/create-github-app-token@v3
|
||||
id: app-token
|
||||
with:
|
||||
# required
|
||||
app-id: ${{ vars.APP_ID }}
|
||||
client-id: ${{ vars.APP_CLIENT_ID }}
|
||||
private-key: ${{ secrets.PRIVATE_KEY }}
|
||||
- uses: actions/checkout@v4
|
||||
- uses: actions/checkout@v6
|
||||
with:
|
||||
token: ${{ steps.app-token.outputs.token }}
|
||||
ref: ${{ github.head_ref }}
|
||||
# Make sure the value of GITHUB_TOKEN will not be persisted in repo's config
|
||||
persist-credentials: false
|
||||
- uses: creyD/prettier_action@v4.3
|
||||
- uses: creyD/prettier_action@v6
|
||||
with:
|
||||
github_token: ${{ steps.app-token.outputs.token }}
|
||||
```
|
||||
@@ -73,11 +75,11 @@ jobs:
|
||||
auto-format:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- uses: actions/create-github-app-token@v2
|
||||
- uses: actions/create-github-app-token@v3
|
||||
id: app-token
|
||||
with:
|
||||
# required
|
||||
app-id: ${{ vars.APP_ID }}
|
||||
client-id: ${{ vars.APP_CLIENT_ID }}
|
||||
private-key: ${{ secrets.PRIVATE_KEY }}
|
||||
- name: Get GitHub App User ID
|
||||
id: get-user-id
|
||||
@@ -98,11 +100,11 @@ jobs:
|
||||
auto-format:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- uses: actions/create-github-app-token@v2
|
||||
- uses: actions/create-github-app-token@v3
|
||||
id: app-token
|
||||
with:
|
||||
# required
|
||||
app-id: ${{ vars.APP_ID }}
|
||||
client-id: ${{ vars.APP_CLIENT_ID }}
|
||||
private-key: ${{ secrets.PRIVATE_KEY }}
|
||||
- name: Get GitHub App User ID
|
||||
id: get-user-id
|
||||
@@ -135,13 +137,13 @@ jobs:
|
||||
hello-world:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- uses: actions/create-github-app-token@v2
|
||||
- uses: actions/create-github-app-token@v3
|
||||
id: app-token
|
||||
with:
|
||||
app-id: ${{ vars.APP_ID }}
|
||||
client-id: ${{ vars.APP_CLIENT_ID }}
|
||||
private-key: ${{ secrets.PRIVATE_KEY }}
|
||||
owner: ${{ github.repository_owner }}
|
||||
- uses: peter-evans/create-or-update-comment@v3
|
||||
- uses: peter-evans/create-or-update-comment@v4
|
||||
with:
|
||||
token: ${{ steps.app-token.outputs.token }}
|
||||
issue-number: ${{ github.event.issue.number }}
|
||||
@@ -157,16 +159,16 @@ jobs:
|
||||
hello-world:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- uses: actions/create-github-app-token@v2
|
||||
- uses: actions/create-github-app-token@v3
|
||||
id: app-token
|
||||
with:
|
||||
app-id: ${{ vars.APP_ID }}
|
||||
client-id: ${{ vars.APP_CLIENT_ID }}
|
||||
private-key: ${{ secrets.PRIVATE_KEY }}
|
||||
owner: ${{ github.repository_owner }}
|
||||
repositories: |
|
||||
repo1
|
||||
repo2
|
||||
- uses: peter-evans/create-or-update-comment@v3
|
||||
- uses: peter-evans/create-or-update-comment@v4
|
||||
with:
|
||||
token: ${{ steps.app-token.outputs.token }}
|
||||
issue-number: ${{ github.event.issue.number }}
|
||||
@@ -182,41 +184,19 @@ jobs:
|
||||
hello-world:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- uses: actions/create-github-app-token@v2
|
||||
- uses: actions/create-github-app-token@v3
|
||||
id: app-token
|
||||
with:
|
||||
app-id: ${{ vars.APP_ID }}
|
||||
client-id: ${{ vars.APP_CLIENT_ID }}
|
||||
private-key: ${{ secrets.PRIVATE_KEY }}
|
||||
owner: another-owner
|
||||
- uses: peter-evans/create-or-update-comment@v3
|
||||
- uses: peter-evans/create-or-update-comment@v4
|
||||
with:
|
||||
token: ${{ steps.app-token.outputs.token }}
|
||||
issue-number: ${{ github.event.issue.number }}
|
||||
body: "Hello, World!"
|
||||
```
|
||||
|
||||
### Create a token for an enterprise installation
|
||||
|
||||
```yaml
|
||||
on: [workflow_dispatch]
|
||||
|
||||
jobs:
|
||||
hello-world:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- uses: actions/create-github-app-token@v2
|
||||
id: app-token
|
||||
with:
|
||||
app-id: ${{ vars.APP_ID }}
|
||||
private-key: ${{ secrets.PRIVATE_KEY }}
|
||||
enterprise-slug: my-enterprise-slug
|
||||
- name: Call enterprise management REST API with gh
|
||||
run: |
|
||||
gh api /enterprises/my-enterprise-slug/apps/installable_organizations
|
||||
env:
|
||||
GH_TOKEN: ${{ steps.app-token.outputs.token }}
|
||||
```
|
||||
|
||||
### Create a token with specific permissions
|
||||
|
||||
> [!NOTE]
|
||||
@@ -229,14 +209,14 @@ jobs:
|
||||
hello-world:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- uses: actions/create-github-app-token@v2
|
||||
- uses: actions/create-github-app-token@v3
|
||||
id: app-token
|
||||
with:
|
||||
app-id: ${{ vars.APP_ID }}
|
||||
client-id: ${{ vars.APP_CLIENT_ID }}
|
||||
private-key: ${{ secrets.PRIVATE_KEY }}
|
||||
owner: ${{ github.repository_owner }}
|
||||
permission-issues: write
|
||||
- uses: peter-evans/create-or-update-comment@v3
|
||||
- uses: peter-evans/create-or-update-comment@v4
|
||||
with:
|
||||
token: ${{ steps.app-token.outputs.token }}
|
||||
issue-number: ${{ github.event.issue.number }}
|
||||
@@ -271,10 +251,10 @@ jobs:
|
||||
owners-and-repos: ${{ fromJson(needs.set-matrix.outputs.matrix) }}
|
||||
|
||||
steps:
|
||||
- uses: actions/create-github-app-token@v2
|
||||
- uses: actions/create-github-app-token@v3
|
||||
id: app-token
|
||||
with:
|
||||
app-id: ${{ vars.APP_ID }}
|
||||
client-id: ${{ vars.APP_CLIENT_ID }}
|
||||
private-key: ${{ secrets.PRIVATE_KEY }}
|
||||
owner: ${{ matrix.owners-and-repos.owner }}
|
||||
repositories: ${{ join(matrix.owners-and-repos.repos) }}
|
||||
@@ -301,9 +281,9 @@ jobs:
|
||||
steps:
|
||||
- name: Create GitHub App token
|
||||
id: create_token
|
||||
uses: actions/create-github-app-token@v2
|
||||
uses: actions/create-github-app-token@v3
|
||||
with:
|
||||
app-id: ${{ vars.GHES_APP_ID }}
|
||||
client-id: ${{ vars.GHES_APP_CLIENT_ID }}
|
||||
private-key: ${{ secrets.GHES_APP_PRIVATE_KEY }}
|
||||
owner: ${{ vars.GHES_INSTALLATION_ORG }}
|
||||
github-api-url: ${{ vars.GITHUB_API_URL }}
|
||||
@@ -318,11 +298,38 @@ jobs:
|
||||
GITHUB_TOKEN: ${{ steps.create_token.outputs.token }}
|
||||
```
|
||||
|
||||
### Proxy support
|
||||
|
||||
This action relies on Node.js native proxy support.
|
||||
|
||||
If you set `HTTP_PROXY` or `HTTPS_PROXY`, also set `NODE_USE_ENV_PROXY: "1"` on the action step so Node.js honors those variables. If you need proxy bypass rules, set `NO_PROXY` alongside them.
|
||||
|
||||
```yaml
|
||||
- uses: actions/create-github-app-token@v3
|
||||
id: app-token
|
||||
env:
|
||||
HTTPS_PROXY: http://proxy.example.com:8080
|
||||
NO_PROXY: github.example.com
|
||||
NODE_USE_ENV_PROXY: "1"
|
||||
with:
|
||||
client-id: ${{ vars.APP_CLIENT_ID }}
|
||||
private-key: ${{ secrets.PRIVATE_KEY }}
|
||||
```
|
||||
|
||||
## Inputs
|
||||
|
||||
### `client-id`
|
||||
|
||||
**Optional:** GitHub App Client ID. This is the recommended input.
|
||||
|
||||
### `app-id`
|
||||
|
||||
**Required:** GitHub App ID.
|
||||
**Optional:** GitHub App ID.
|
||||
|
||||
> [!WARNING]
|
||||
> `app-id` is deprecated. Use `client-id` instead.
|
||||
|
||||
You must set either `client-id` or `app-id`. If both are set, `client-id` takes precedence.
|
||||
|
||||
### `private-key`
|
||||
|
||||
@@ -340,9 +347,9 @@ steps:
|
||||
echo "private-key=$private_key" >> "$GITHUB_OUTPUT"
|
||||
- name: Generate GitHub App Token
|
||||
id: app-token
|
||||
uses: actions/create-github-app-token@v2
|
||||
uses: actions/create-github-app-token@v3
|
||||
with:
|
||||
app-id: ${{ vars.APP_ID }}
|
||||
client-id: ${{ vars.APP_CLIENT_ID }}
|
||||
private-key: ${{ steps.decode.outputs.private-key }}
|
||||
```
|
||||
|
||||
@@ -357,13 +364,6 @@ steps:
|
||||
> [!NOTE]
|
||||
> If `owner` is set and `repositories` is empty, access will be scoped to all repositories in the provided repository owner's installation. If `owner` and `repositories` are empty, access will be scoped to only the current repository.
|
||||
|
||||
### `enterprise-slug`
|
||||
|
||||
**Optional:** The slug of the enterprise to generate a token for enterprise-level app installations.
|
||||
|
||||
> [!NOTE]
|
||||
> The `enterprise-slug` input is mutually exclusive with `owner` and `repositories`. GitHub Apps can be installed on enterprise accounts with permissions that let them call enterprise management APIs. Enterprise installations do not grant access to organization or repository resources.
|
||||
|
||||
### `permission-<permission name>`
|
||||
|
||||
**Optional:** The permissions to grant to the token. By default, the token inherits all of the installation's permissions. We recommend to explicitly list the permissions that are required for a use case. This follows GitHub's own recommendation to [control permissions of `GITHUB_TOKEN` in workflows](https://docs.github.com/en/actions/writing-workflows/choosing-what-your-workflow-does/controlling-permissions-for-github_token). The documentation also lists all available permissions, just prefix the permission key with `permission-` (e.g., `pull-requests` → `permission-pull-requests`).
|
||||
|
||||
+6
-5
@@ -5,9 +5,13 @@ branding:
|
||||
icon: "lock"
|
||||
color: "gray-dark"
|
||||
inputs:
|
||||
client-id:
|
||||
description: "GitHub App Client ID"
|
||||
required: false
|
||||
app-id:
|
||||
description: "GitHub App ID"
|
||||
required: true
|
||||
required: false
|
||||
deprecationMessage: "Use 'client-id' instead."
|
||||
private-key:
|
||||
description: "GitHub App private key"
|
||||
required: true
|
||||
@@ -17,9 +21,6 @@ inputs:
|
||||
repositories:
|
||||
description: "Comma or newline-separated list of repositories to install the GitHub App on (defaults to current repository if owner is unset)"
|
||||
required: false
|
||||
enterprise-slug:
|
||||
description: "Enterprise slug for enterprise-level app installations (cannot be used with 'owner' or 'repositories')"
|
||||
required: false
|
||||
skip-token-revoke:
|
||||
description: "If true, the token will not be revoked when the current job is complete"
|
||||
required: false
|
||||
@@ -139,6 +140,6 @@ outputs:
|
||||
app-slug:
|
||||
description: "GitHub App slug"
|
||||
runs:
|
||||
using: "node20"
|
||||
using: "node24"
|
||||
main: "dist/main.cjs"
|
||||
post: "dist/post.cjs"
|
||||
|
||||
Vendored
+142
-24902
File diff suppressed because one or more lines are too long
Vendored
+59
-24822
File diff suppressed because one or more lines are too long
+40
-101
@@ -2,9 +2,8 @@ import pRetry from "p-retry";
|
||||
// @ts-check
|
||||
|
||||
/**
|
||||
* @param {string} appId
|
||||
* @param {string} clientId
|
||||
* @param {string} privateKey
|
||||
* @param {string} enterpriseSlug
|
||||
* @param {string} owner
|
||||
* @param {string[]} repositories
|
||||
* @param {undefined | Record<string, string>} permissions
|
||||
@@ -14,97 +13,72 @@ import pRetry from "p-retry";
|
||||
* @param {boolean} skipTokenRevoke
|
||||
*/
|
||||
export async function main(
|
||||
appId,
|
||||
clientId,
|
||||
privateKey,
|
||||
enterpriseSlug,
|
||||
owner,
|
||||
repositories,
|
||||
permissions,
|
||||
core,
|
||||
createAppAuth,
|
||||
request,
|
||||
skipTokenRevoke,
|
||||
|
||||
skipTokenRevoke
|
||||
) {
|
||||
// Validate mutual exclusivity of enterprise-slug with owner/repositories
|
||||
if (enterpriseSlug && (owner || repositories.length > 0)) {
|
||||
throw new Error("Cannot use 'enterprise-slug' input with 'owner' or 'repositories' inputs");
|
||||
}
|
||||
|
||||
let parsedOwner = "";
|
||||
let parsedRepositoryNames = [];
|
||||
|
||||
// Skip owner/repository parsing if enterprise-slug is set
|
||||
if (!enterpriseSlug) {
|
||||
// If neither owner nor repositories are set, default to current repository
|
||||
if (!owner && repositories.length === 0) {
|
||||
const [owner, repo] = String(process.env.GITHUB_REPOSITORY).split("/");
|
||||
parsedOwner = owner;
|
||||
parsedRepositoryNames = [repo];
|
||||
// If neither owner nor repositories are set, default to current repository
|
||||
if (!owner && repositories.length === 0) {
|
||||
const [owner, repo] = String(process.env.GITHUB_REPOSITORY).split("/");
|
||||
parsedOwner = owner;
|
||||
parsedRepositoryNames = [repo];
|
||||
|
||||
core.info(
|
||||
`Inputs 'owner' and 'repositories' are not set. Creating token for this repository (${owner}/${repo}).`
|
||||
);
|
||||
}
|
||||
core.info(
|
||||
`Inputs 'owner' and 'repositories' are not set. Creating token for this repository (${owner}/${repo}).`
|
||||
);
|
||||
}
|
||||
|
||||
// If only an owner is set, default to all repositories from that owner
|
||||
if (owner && repositories.length === 0) {
|
||||
parsedOwner = owner;
|
||||
// If only an owner is set, default to all repositories from that owner
|
||||
if (owner && repositories.length === 0) {
|
||||
parsedOwner = owner;
|
||||
|
||||
core.info(
|
||||
`Input 'repositories' is not set. Creating token for all repositories owned by ${owner}.`
|
||||
);
|
||||
}
|
||||
core.info(
|
||||
`Input 'repositories' is not set. Creating token for all repositories owned by ${owner}.`
|
||||
);
|
||||
}
|
||||
|
||||
// If repositories are set, but no owner, default to `GITHUB_REPOSITORY_OWNER`
|
||||
if (!owner && repositories.length > 0) {
|
||||
parsedOwner = String(process.env.GITHUB_REPOSITORY_OWNER);
|
||||
parsedRepositoryNames = repositories;
|
||||
// If repositories are set, but no owner, default to `GITHUB_REPOSITORY_OWNER`
|
||||
if (!owner && repositories.length > 0) {
|
||||
parsedOwner = String(process.env.GITHUB_REPOSITORY_OWNER);
|
||||
parsedRepositoryNames = repositories;
|
||||
|
||||
core.info(
|
||||
`No 'owner' input provided. Using default owner '${parsedOwner}' to create token for the following repositories:${repositories
|
||||
.map((repo) => `\n- ${parsedOwner}/${repo}`)
|
||||
.join("")}`
|
||||
);
|
||||
}
|
||||
core.info(
|
||||
`No 'owner' input provided. Using default owner '${parsedOwner}' to create token for the following repositories:${repositories
|
||||
.map((repo) => `\n- ${parsedOwner}/${repo}`)
|
||||
.join("")}`
|
||||
);
|
||||
}
|
||||
|
||||
// If both owner and repositories are set, use those values
|
||||
if (owner && repositories.length > 0) {
|
||||
parsedOwner = owner;
|
||||
parsedRepositoryNames = repositories;
|
||||
// If both owner and repositories are set, use those values
|
||||
if (owner && repositories.length > 0) {
|
||||
parsedOwner = owner;
|
||||
parsedRepositoryNames = repositories;
|
||||
|
||||
core.info(
|
||||
`Inputs 'owner' and 'repositories' are set. Creating token for the following repositories:
|
||||
core.info(
|
||||
`Inputs 'owner' and 'repositories' are set. Creating token for the following repositories:
|
||||
${repositories.map((repo) => `\n- ${parsedOwner}/${repo}`).join("")}`
|
||||
);
|
||||
}
|
||||
} else {
|
||||
core.info(`Creating enterprise installation token for enterprise "${enterpriseSlug}".`);
|
||||
);
|
||||
}
|
||||
|
||||
const auth = createAppAuth({
|
||||
appId,
|
||||
appId: clientId,
|
||||
privateKey,
|
||||
request,
|
||||
});
|
||||
|
||||
let authentication, installationId, appSlug;
|
||||
|
||||
// If enterprise-slug is set, get installation ID from the enterprise
|
||||
if (enterpriseSlug) {
|
||||
({ authentication, installationId, appSlug } = await pRetry(
|
||||
() => getTokenFromEnterprise(request, auth, enterpriseSlug, permissions),
|
||||
{
|
||||
shouldRetry: (error) => error.status >= 500,
|
||||
onFailedAttempt: (error) => {
|
||||
core.info(
|
||||
`Failed to create token for enterprise "${enterpriseSlug}" (attempt ${error.attemptNumber}): ${error.message}`
|
||||
);
|
||||
},
|
||||
retries: 3,
|
||||
}
|
||||
));
|
||||
} else if (parsedRepositoryNames.length > 0) {
|
||||
// If at least one repository is set, get installation ID from that repository
|
||||
|
||||
if (parsedRepositoryNames.length > 0) {
|
||||
({ authentication, installationId, appSlug } = await pRetry(
|
||||
() =>
|
||||
getTokenFromRepository(
|
||||
@@ -207,38 +181,3 @@ async function getTokenFromRepository(
|
||||
|
||||
return { authentication, installationId, appSlug };
|
||||
}
|
||||
|
||||
async function getTokenFromEnterprise(request, auth, enterpriseSlug, permissions) {
|
||||
// Get all installations and find the enterprise one
|
||||
// https://docs.github.com/rest/apps/apps#list-installations-for-the-authenticated-app
|
||||
// Note: Currently we do not have a way to get the installation for an enterprise directly,
|
||||
// so as a workaround we need to list all installations and filter for the enterprise one.
|
||||
const response = await request("GET /app/installations", {
|
||||
request: {
|
||||
hook: auth.hook,
|
||||
},
|
||||
});
|
||||
|
||||
// Find the enterprise installation
|
||||
const enterpriseInstallation = response.data.find(
|
||||
installation => installation.target_type === "Enterprise" &&
|
||||
installation.account?.slug === enterpriseSlug
|
||||
);
|
||||
|
||||
/* c8 ignore next 3 */
|
||||
if (!enterpriseInstallation) {
|
||||
throw new Error(`No enterprise installation found matching the name ${enterpriseSlug}. Available installations: ${response.data.map(i => `${i.target_type}:${i.account?.login || 'N/A'}`).join(', ')}`);
|
||||
}
|
||||
|
||||
// Get token for the enterprise installation
|
||||
const authentication = await auth({
|
||||
type: "installation",
|
||||
installationId: enterpriseInstallation.id,
|
||||
permissions,
|
||||
});
|
||||
|
||||
const installationId = enterpriseInstallation.id;
|
||||
const appSlug = enterpriseInstallation["app_slug"];
|
||||
|
||||
return { authentication, installationId, appSlug };
|
||||
}
|
||||
|
||||
+23
-28
@@ -1,41 +1,36 @@
|
||||
import * as core from "@actions/core";
|
||||
import { request } from "@octokit/request";
|
||||
import { ProxyAgent, fetch as undiciFetch } from "undici";
|
||||
|
||||
// Get the GitHub API URL from the action input and remove any trailing slash
|
||||
const baseUrl = core.getInput("github-api-url").replace(/\/$/, "");
|
||||
|
||||
// https://docs.github.com/actions/hosting-your-own-runners/managing-self-hosted-runners/using-a-proxy-server-with-self-hosted-runners
|
||||
const proxyUrl =
|
||||
process.env.https_proxy ||
|
||||
process.env.HTTPS_PROXY ||
|
||||
process.env.http_proxy ||
|
||||
process.env.HTTP_PROXY;
|
||||
const proxyEnvironmentKeys = [
|
||||
"https_proxy",
|
||||
"HTTPS_PROXY",
|
||||
"http_proxy",
|
||||
"HTTP_PROXY",
|
||||
];
|
||||
|
||||
/* c8 ignore start */
|
||||
// Native support for proxies in Undici is under consideration: https://github.com/nodejs/undici/issues/1650
|
||||
// Until then, we need to use a custom fetch function to add proxy support.
|
||||
const proxyFetch = (url, options) => {
|
||||
const urlHost = new URL(url).hostname;
|
||||
const noProxy = (process.env.no_proxy || process.env.NO_PROXY || "").split(
|
||||
",",
|
||||
);
|
||||
function proxyEnvironmentConfigured() {
|
||||
return proxyEnvironmentKeys.some((key) => process.env[key]);
|
||||
}
|
||||
|
||||
if (!noProxy.includes(urlHost)) {
|
||||
options = {
|
||||
...options,
|
||||
dispatcher: new ProxyAgent(String(proxyUrl)),
|
||||
};
|
||||
function nativeProxySupportEnabled() {
|
||||
return process.env.NODE_USE_ENV_PROXY === "1";
|
||||
}
|
||||
|
||||
export function ensureNativeProxySupport() {
|
||||
if (!proxyEnvironmentConfigured() || nativeProxySupportEnabled()) {
|
||||
return;
|
||||
}
|
||||
|
||||
return undiciFetch(url, options);
|
||||
};
|
||||
/* c8 ignore stop */
|
||||
throw new Error(
|
||||
"A proxy environment variable is set, but Node.js native proxy support is not enabled. Set NODE_USE_ENV_PROXY=1 for this action step.",
|
||||
);
|
||||
}
|
||||
|
||||
// Configure the default settings for GitHub API requests
|
||||
export default request.defaults({
|
||||
headers: {
|
||||
"user-agent": "actions/create-github-app-token",
|
||||
},
|
||||
headers: { "user-agent": "actions/create-github-app-token" },
|
||||
baseUrl,
|
||||
/* c8 ignore next */
|
||||
request: proxyUrl ? { fetch: proxyFetch } : {},
|
||||
});
|
||||
|
||||
@@ -5,7 +5,7 @@ import { createAppAuth } from "@octokit/auth-app";
|
||||
|
||||
import { getPermissionsFromInputs } from "./lib/get-permissions-from-inputs.js";
|
||||
import { main } from "./lib/main.js";
|
||||
import request from "./lib/request.js";
|
||||
import request, { ensureNativeProxySupport } from "./lib/request.js";
|
||||
|
||||
if (!process.env.GITHUB_REPOSITORY) {
|
||||
throw new Error("GITHUB_REPOSITORY missing, must be set to '<owner>/<repo>'");
|
||||
@@ -15,37 +15,41 @@ if (!process.env.GITHUB_REPOSITORY_OWNER) {
|
||||
throw new Error("GITHUB_REPOSITORY_OWNER missing, must be set to '<owner>'");
|
||||
}
|
||||
|
||||
const appId = core.getInput("app-id");
|
||||
const privateKey = core.getInput("private-key");
|
||||
const enterpriseSlug = core.getInput("enterprise-slug");
|
||||
const owner = core.getInput("owner");
|
||||
const repositories = core
|
||||
.getInput("repositories")
|
||||
.split(/[\n,]+/)
|
||||
.map((s) => s.trim())
|
||||
.filter((x) => x !== "");
|
||||
async function run() {
|
||||
ensureNativeProxySupport();
|
||||
|
||||
const skipTokenRevoke = core.getBooleanInput("skip-token-revoke");
|
||||
const clientId = core.getInput("client-id") || core.getInput("app-id");
|
||||
if (!clientId) {
|
||||
throw new Error("Either 'client-id' or 'app-id' input must be set");
|
||||
}
|
||||
const privateKey = core.getInput("private-key");
|
||||
const owner = core.getInput("owner");
|
||||
const repositories = core
|
||||
.getInput("repositories")
|
||||
.split(/[\n,]+/)
|
||||
.map((s) => s.trim())
|
||||
.filter((x) => x !== "");
|
||||
|
||||
const permissions = getPermissionsFromInputs(process.env);
|
||||
const skipTokenRevoke = core.getBooleanInput("skip-token-revoke");
|
||||
|
||||
const permissions = getPermissionsFromInputs(process.env);
|
||||
|
||||
return main(
|
||||
clientId,
|
||||
privateKey,
|
||||
owner,
|
||||
repositories,
|
||||
permissions,
|
||||
core,
|
||||
createAppAuth,
|
||||
request,
|
||||
skipTokenRevoke,
|
||||
);
|
||||
}
|
||||
|
||||
// Export promise for testing
|
||||
export default main(
|
||||
appId,
|
||||
privateKey,
|
||||
enterpriseSlug,
|
||||
owner,
|
||||
repositories,
|
||||
permissions,
|
||||
core,
|
||||
createAppAuth,
|
||||
request,
|
||||
skipTokenRevoke,
|
||||
).catch((error) => {
|
||||
/* c8 ignore next 5 */
|
||||
export default run().catch((error) => {
|
||||
/* c8 ignore next 3 */
|
||||
console.error(error);
|
||||
// Don't set failed in test mode (when GITHUB_OUTPUT is undefined)
|
||||
if (process.env.GITHUB_OUTPUT !== undefined) {
|
||||
core.setFailed(error.message);
|
||||
}
|
||||
core.setFailed(error.message);
|
||||
});
|
||||
|
||||
Generated
+6
-1686
File diff suppressed because it is too large
Load Diff
+6
-10
@@ -2,15 +2,15 @@
|
||||
"name": "create-github-app-token",
|
||||
"private": true,
|
||||
"type": "module",
|
||||
"version": "2.2.2",
|
||||
"version": "3.0.0",
|
||||
"description": "GitHub Action for creating a GitHub App Installation Access Token",
|
||||
"engines": {
|
||||
"node": ">=20"
|
||||
"node": ">=24.4.0"
|
||||
},
|
||||
"packageManager": "npm@10.9.4",
|
||||
"scripts": {
|
||||
"build": "esbuild main.js post.js --bundle --outdir=dist --out-extension:.js=.cjs --platform=node --target=node20.0.0 --packages=bundle",
|
||||
"test": "c8 --100 ava tests/index.js",
|
||||
"build": "esbuild main.js post.js --bundle --outdir=dist --out-extension:.js=.cjs --platform=node --packages=bundle",
|
||||
"test": "c8 --100 node --test tests/index.js",
|
||||
"coverage": "c8 report --reporter html",
|
||||
"postcoverage": "open-cli coverage/index.html"
|
||||
},
|
||||
@@ -19,18 +19,14 @@
|
||||
"@actions/core": "^3.0.0",
|
||||
"@octokit/auth-app": "^8.2.0",
|
||||
"@octokit/request": "^10.0.8",
|
||||
"p-retry": "^7.1.1",
|
||||
"undici": "^7.24.1"
|
||||
"p-retry": "^7.1.1"
|
||||
},
|
||||
"devDependencies": {
|
||||
"@octokit/openapi": "^21.0.0",
|
||||
"@sinonjs/fake-timers": "^15.1.0",
|
||||
"ava": "^6.4.1",
|
||||
"c8": "^10.1.3",
|
||||
"dotenv": "^17.3.1",
|
||||
"esbuild": "^0.27.3",
|
||||
"execa": "^9.6.1",
|
||||
"open-cli": "^8.0.0",
|
||||
"undici": "^7.24.1",
|
||||
"yaml": "^2.8.2"
|
||||
},
|
||||
"release": {
|
||||
|
||||
@@ -3,9 +3,15 @@
|
||||
import * as core from "@actions/core";
|
||||
|
||||
import { post } from "./lib/post.js";
|
||||
import request from "./lib/request.js";
|
||||
import request, { ensureNativeProxySupport } from "./lib/request.js";
|
||||
|
||||
post(core, request).catch((error) => {
|
||||
async function run() {
|
||||
ensureNativeProxySupport();
|
||||
|
||||
return post(core, request);
|
||||
}
|
||||
|
||||
run().catch((error) => {
|
||||
/* c8 ignore next 3 */
|
||||
console.error(error);
|
||||
core.setFailed(error.message);
|
||||
|
||||
+11
-5
@@ -2,14 +2,14 @@
|
||||
|
||||
Add one test file per scenario. You can run them in isolation with:
|
||||
|
||||
```bash
|
||||
```
|
||||
node tests/post-token-set.test.js
|
||||
```
|
||||
|
||||
All tests are run together in [tests/index.js](index.js), which can be executed with ava
|
||||
All tests are run together in [tests/index.js](index.js), which can be executed with Node's built-in test runner
|
||||
|
||||
```
|
||||
npx ava tests/index.js
|
||||
node --test tests/index.js
|
||||
```
|
||||
|
||||
or with npm
|
||||
@@ -20,11 +20,17 @@ npm test
|
||||
|
||||
## How the tests work
|
||||
|
||||
The output from the tests is captured into a snapshot ([tests/snapshots/index.js.md](snapshots/index.js.md)). It includes all requests sent by our scripts to verify it's working correctly and to prevent regressions.
|
||||
The output from the tests is captured into a snapshot ([tests/index.js.snapshot](index.js.snapshot)). It includes all requests sent by our scripts to verify it's working correctly and to prevent regressions.
|
||||
|
||||
To update snapshots after an intentional change:
|
||||
|
||||
```
|
||||
node --test --test-update-snapshots tests/index.js
|
||||
```
|
||||
|
||||
## How to add a new test
|
||||
|
||||
We have tests both for the `main.js` and `post.js` scripts.
|
||||
|
||||
- If you do not expect an error, take [main-token-permissions-set.test.js](tests/main-token-permissions-set.test.js) as a starting point.
|
||||
- If your test has an expected error, take [main-missing-app-id.test.js](tests/main-missing-app-id.test.js) as a starting point.
|
||||
- If your test has an expected error, take [main-missing-client-and-app-id.test.js](tests/main-missing-client-and-app-id.test.js) as a starting point.
|
||||
|
||||
+38
-11
@@ -1,15 +1,23 @@
|
||||
import { readdirSync } from "node:fs";
|
||||
import { execFile } from "node:child_process";
|
||||
import { promisify } from "node:util";
|
||||
|
||||
import test from "ava";
|
||||
import { execa } from "execa";
|
||||
import { snapshot, test } from "node:test";
|
||||
|
||||
const execFileAsync = promisify(execFile);
|
||||
|
||||
// Serialize strings as-is so multiline output is human-readable in snapshots
|
||||
snapshot.setDefaultSnapshotSerializers([
|
||||
(value) => (typeof value === "string" ? value : undefined),
|
||||
]);
|
||||
|
||||
// Get all files in tests directory
|
||||
const files = readdirSync("tests");
|
||||
|
||||
// Files to ignore
|
||||
const ignore = ["index.js", "main.js", "README.md", "snapshots"];
|
||||
const ignore = ["index.js", "index.js.snapshot", "main.js", "README.md"];
|
||||
|
||||
const testFiles = files.filter((file) => !ignore.includes(file));
|
||||
const testFiles = files.filter((file) => !ignore.includes(file)).sort();
|
||||
|
||||
// Throw an error if there is a file that does not end with test.js in the tests directory
|
||||
for (const file of testFiles) {
|
||||
@@ -18,12 +26,31 @@ for (const file of testFiles) {
|
||||
}
|
||||
test(file, async (t) => {
|
||||
// Override Actions environment variables that change `core`’s behavior
|
||||
const env = {
|
||||
GITHUB_OUTPUT: undefined,
|
||||
GITHUB_STATE: undefined,
|
||||
};
|
||||
const { stderr, stdout } = await execa("node", [`tests/${file}`], { env });
|
||||
t.snapshot(stderr, "stderr");
|
||||
t.snapshot(stdout, "stdout");
|
||||
const {
|
||||
GITHUB_OUTPUT,
|
||||
GITHUB_STATE,
|
||||
HTTP_PROXY,
|
||||
HTTPS_PROXY,
|
||||
http_proxy,
|
||||
https_proxy,
|
||||
NO_PROXY,
|
||||
no_proxy,
|
||||
NODE_OPTIONS,
|
||||
NODE_USE_ENV_PROXY,
|
||||
...env
|
||||
} = process.env;
|
||||
const { stderr, stdout } = await execFileAsync("node", [`tests/${file}`], {
|
||||
env,
|
||||
});
|
||||
const trimmedStderr = stderr.replace(/\r?\n$/, "");
|
||||
const trimmedStdout = stdout.replace(/\r?\n$/, "");
|
||||
await t.test("stderr", (t) => {
|
||||
if (trimmedStderr) t.assert.snapshot(trimmedStderr);
|
||||
else t.assert.strictEqual(trimmedStderr, "");
|
||||
});
|
||||
await t.test("stdout", (t) => {
|
||||
if (trimmedStdout) t.assert.snapshot(trimmedStdout);
|
||||
else t.assert.strictEqual(trimmedStdout, "");
|
||||
});
|
||||
});
|
||||
}
|
||||
|
||||
@@ -0,0 +1,308 @@
|
||||
exports[`action-deprecated-inputs.test.js > stdout 1`] = `
|
||||
app-id — Use 'client-id' instead.
|
||||
`;
|
||||
|
||||
exports[`main-client-id.test.js > stdout 1`] = `
|
||||
Inputs 'owner' and 'repositories' are not set. Creating token for this repository (actions/create-github-app-token).
|
||||
::add-mask::ghs_16C7e42F292c6912E7710c838347Ae178B4a
|
||||
|
||||
::set-output name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a
|
||||
|
||||
::set-output name=installation-id::123456
|
||||
|
||||
::set-output name=app-slug::github-actions
|
||||
::save-state name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a
|
||||
::save-state name=expiresAt::2016-07-11T22:14:10Z
|
||||
--- REQUESTS ---
|
||||
GET /repos/actions/create-github-app-token/installation
|
||||
POST /app/installations/123456/access_tokens
|
||||
{"repositories":["create-github-app-token"]}
|
||||
`;
|
||||
|
||||
exports[`main-custom-github-api-url.test.js > stdout 1`] = `
|
||||
Inputs 'owner' and 'repositories' are set. Creating token for the following repositories:
|
||||
|
||||
- actions/create-github-app-token
|
||||
::add-mask::ghs_16C7e42F292c6912E7710c838347Ae178B4a
|
||||
|
||||
::set-output name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a
|
||||
|
||||
::set-output name=installation-id::123456
|
||||
|
||||
::set-output name=app-slug::github-actions
|
||||
::save-state name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a
|
||||
::save-state name=expiresAt::2016-07-11T22:14:10Z
|
||||
--- REQUESTS ---
|
||||
GET /api/v3/repos/actions/create-github-app-token/installation
|
||||
POST /api/v3/app/installations/123456/access_tokens
|
||||
{"repositories":["create-github-app-token"]}
|
||||
`;
|
||||
|
||||
exports[`main-missing-client-and-app-id.test.js > stderr 1`] = `
|
||||
Error: Either 'client-id' or 'app-id' input must be set
|
||||
at run [90m(file:///home/runner/work/create-github-app-token/create-github-app-token/[39mmain.js:23:11[90m)[39m
|
||||
at [90mfile:///home/runner/work/create-github-app-token/create-github-app-token/[39mmain.js:51:16
|
||||
[90m at ModuleJob.run (node:internal/modules/esm/module_job:430:25)[39m
|
||||
[90m at async onImport.tracePromise.__proto__ (node:internal/modules/esm/loader:661:26)[39m
|
||||
at async [90mfile:///home/runner/work/create-github-app-token/create-github-app-token/[39mtests/main-missing-client-and-app-id.test.js:12:30
|
||||
`;
|
||||
|
||||
exports[`main-missing-client-and-app-id.test.js > stdout 1`] = `
|
||||
::error::Either 'client-id' or 'app-id' input must be set
|
||||
`;
|
||||
|
||||
exports[`main-missing-owner.test.js > stderr 1`] = `
|
||||
GITHUB_REPOSITORY_OWNER missing, must be set to '<owner>'
|
||||
`;
|
||||
|
||||
exports[`main-missing-repository.test.js > stderr 1`] = `
|
||||
GITHUB_REPOSITORY missing, must be set to '<owner>/<repo>'
|
||||
`;
|
||||
|
||||
exports[`main-private-key-with-escaped-newlines.test.js > stdout 1`] = `
|
||||
Inputs 'owner' and 'repositories' are not set. Creating token for this repository (actions/create-github-app-token).
|
||||
::add-mask::ghs_16C7e42F292c6912E7710c838347Ae178B4a
|
||||
|
||||
::set-output name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a
|
||||
|
||||
::set-output name=installation-id::123456
|
||||
|
||||
::set-output name=app-slug::github-actions
|
||||
::save-state name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a
|
||||
::save-state name=expiresAt::2016-07-11T22:14:10Z
|
||||
--- REQUESTS ---
|
||||
GET /repos/actions/create-github-app-token/installation
|
||||
POST /app/installations/123456/access_tokens
|
||||
{"repositories":["create-github-app-token"]}
|
||||
`;
|
||||
|
||||
exports[`main-proxy-requires-native-support.test.js > stderr 1`] = `
|
||||
A proxy environment variable is set, but Node.js native proxy support is not enabled. Set NODE_USE_ENV_PROXY=1 for this action step.
|
||||
`;
|
||||
|
||||
exports[`main-proxy-requires-native-support.test.js > stdout 1`] = `
|
||||
::error::A proxy environment variable is set, but Node.js native proxy support is not enabled. Set NODE_USE_ENV_PROXY=1 for this action step.
|
||||
`;
|
||||
|
||||
exports[`main-repo-skew.test.js > stderr 1`] = `
|
||||
'Issued at' claim ('iat') must be an Integer representing the time that the assertion was issued.
|
||||
[@octokit/auth-app] GitHub API time and system time are different by 30 seconds. Retrying request with the difference accounted for.
|
||||
`;
|
||||
|
||||
exports[`main-repo-skew.test.js > stdout 1`] = `
|
||||
Inputs 'owner' and 'repositories' are set. Creating token for the following repositories:
|
||||
|
||||
- actions/failed-repo
|
||||
::add-mask::ghs_16C7e42F292c6912E7710c838347Ae178B4a
|
||||
|
||||
::set-output name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a
|
||||
|
||||
::set-output name=installation-id::123456
|
||||
|
||||
::set-output name=app-slug::github-actions
|
||||
::save-state name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a
|
||||
::save-state name=expiresAt::2016-07-11T22:14:10Z
|
||||
--- REQUESTS ---
|
||||
GET /repos/actions/failed-repo/installation
|
||||
GET /repos/actions/failed-repo/installation
|
||||
POST /app/installations/123456/access_tokens
|
||||
{"repositories":["failed-repo"]}
|
||||
`;
|
||||
|
||||
exports[`main-token-get-owner-set-fail-response.test.js > stdout 1`] = `
|
||||
Input 'repositories' is not set. Creating token for all repositories owned by smockle.
|
||||
Failed to create token for "smockle" (attempt 1): GitHub API not available
|
||||
::add-mask::ghs_16C7e42F292c6912E7710c838347Ae178B4a
|
||||
|
||||
::set-output name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a
|
||||
|
||||
::set-output name=installation-id::123456
|
||||
|
||||
::set-output name=app-slug::github-actions
|
||||
::save-state name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a
|
||||
::save-state name=expiresAt::2016-07-11T22:14:10Z
|
||||
--- REQUESTS ---
|
||||
GET /users/smockle/installation
|
||||
GET /users/smockle/installation
|
||||
POST /app/installations/123456/access_tokens
|
||||
null
|
||||
`;
|
||||
|
||||
exports[`main-token-get-owner-set-repo-fail-response.test.js > stdout 1`] = `
|
||||
Inputs 'owner' and 'repositories' are set. Creating token for the following repositories:
|
||||
|
||||
- actions/failed-repo
|
||||
Failed to create token for "failed-repo" (attempt 1): GitHub API not available
|
||||
::add-mask::ghs_16C7e42F292c6912E7710c838347Ae178B4a
|
||||
|
||||
::set-output name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a
|
||||
|
||||
::set-output name=installation-id::123456
|
||||
|
||||
::set-output name=app-slug::github-actions
|
||||
::save-state name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a
|
||||
::save-state name=expiresAt::2016-07-11T22:14:10Z
|
||||
--- REQUESTS ---
|
||||
GET /repos/actions/failed-repo/installation
|
||||
GET /repos/actions/failed-repo/installation
|
||||
POST /app/installations/123456/access_tokens
|
||||
{"repositories":["failed-repo"]}
|
||||
`;
|
||||
|
||||
exports[`main-token-get-owner-set-repo-set-to-many-newline.test.js > stdout 1`] = `
|
||||
Inputs 'owner' and 'repositories' are set. Creating token for the following repositories:
|
||||
|
||||
- actions/create-github-app-token
|
||||
- actions/toolkit
|
||||
- actions/checkout
|
||||
::add-mask::ghs_16C7e42F292c6912E7710c838347Ae178B4a
|
||||
|
||||
::set-output name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a
|
||||
|
||||
::set-output name=installation-id::123456
|
||||
|
||||
::set-output name=app-slug::github-actions
|
||||
::save-state name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a
|
||||
::save-state name=expiresAt::2016-07-11T22:14:10Z
|
||||
--- REQUESTS ---
|
||||
GET /repos/actions/create-github-app-token/installation
|
||||
POST /app/installations/123456/access_tokens
|
||||
{"repositories":["create-github-app-token","toolkit","checkout"]}
|
||||
`;
|
||||
|
||||
exports[`main-token-get-owner-set-repo-set-to-many.test.js > stdout 1`] = `
|
||||
Inputs 'owner' and 'repositories' are set. Creating token for the following repositories:
|
||||
|
||||
- actions/create-github-app-token
|
||||
- actions/toolkit
|
||||
- actions/checkout
|
||||
::add-mask::ghs_16C7e42F292c6912E7710c838347Ae178B4a
|
||||
|
||||
::set-output name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a
|
||||
|
||||
::set-output name=installation-id::123456
|
||||
|
||||
::set-output name=app-slug::github-actions
|
||||
::save-state name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a
|
||||
::save-state name=expiresAt::2016-07-11T22:14:10Z
|
||||
--- REQUESTS ---
|
||||
GET /repos/actions/create-github-app-token/installation
|
||||
POST /app/installations/123456/access_tokens
|
||||
{"repositories":["create-github-app-token","toolkit","checkout"]}
|
||||
`;
|
||||
|
||||
exports[`main-token-get-owner-set-repo-set-to-one.test.js > stdout 1`] = `
|
||||
Inputs 'owner' and 'repositories' are set. Creating token for the following repositories:
|
||||
|
||||
- actions/create-github-app-token
|
||||
::add-mask::ghs_16C7e42F292c6912E7710c838347Ae178B4a
|
||||
|
||||
::set-output name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a
|
||||
|
||||
::set-output name=installation-id::123456
|
||||
|
||||
::set-output name=app-slug::github-actions
|
||||
::save-state name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a
|
||||
::save-state name=expiresAt::2016-07-11T22:14:10Z
|
||||
--- REQUESTS ---
|
||||
GET /repos/actions/create-github-app-token/installation
|
||||
POST /app/installations/123456/access_tokens
|
||||
{"repositories":["create-github-app-token"]}
|
||||
`;
|
||||
|
||||
exports[`main-token-get-owner-set-repo-unset.test.js > stdout 1`] = `
|
||||
Input 'repositories' is not set. Creating token for all repositories owned by actions.
|
||||
::add-mask::ghs_16C7e42F292c6912E7710c838347Ae178B4a
|
||||
|
||||
::set-output name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a
|
||||
|
||||
::set-output name=installation-id::123456
|
||||
|
||||
::set-output name=app-slug::github-actions
|
||||
::save-state name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a
|
||||
::save-state name=expiresAt::2016-07-11T22:14:10Z
|
||||
--- REQUESTS ---
|
||||
GET /users/actions/installation
|
||||
POST /app/installations/123456/access_tokens
|
||||
null
|
||||
`;
|
||||
|
||||
exports[`main-token-get-owner-unset-repo-set.test.js > stdout 1`] = `
|
||||
No 'owner' input provided. Using default owner 'actions' to create token for the following repositories:
|
||||
- actions/create-github-app-token
|
||||
::add-mask::ghs_16C7e42F292c6912E7710c838347Ae178B4a
|
||||
|
||||
::set-output name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a
|
||||
|
||||
::set-output name=installation-id::123456
|
||||
|
||||
::set-output name=app-slug::github-actions
|
||||
::save-state name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a
|
||||
::save-state name=expiresAt::2016-07-11T22:14:10Z
|
||||
--- REQUESTS ---
|
||||
GET /repos/actions/create-github-app-token/installation
|
||||
POST /app/installations/123456/access_tokens
|
||||
{"repositories":["create-github-app-token"]}
|
||||
`;
|
||||
|
||||
exports[`main-token-get-owner-unset-repo-unset.test.js > stdout 1`] = `
|
||||
Inputs 'owner' and 'repositories' are not set. Creating token for this repository (actions/create-github-app-token).
|
||||
::add-mask::ghs_16C7e42F292c6912E7710c838347Ae178B4a
|
||||
|
||||
::set-output name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a
|
||||
|
||||
::set-output name=installation-id::123456
|
||||
|
||||
::set-output name=app-slug::github-actions
|
||||
::save-state name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a
|
||||
::save-state name=expiresAt::2016-07-11T22:14:10Z
|
||||
--- REQUESTS ---
|
||||
GET /repos/actions/create-github-app-token/installation
|
||||
POST /app/installations/123456/access_tokens
|
||||
{"repositories":["create-github-app-token"]}
|
||||
`;
|
||||
|
||||
exports[`main-token-permissions-set.test.js > stdout 1`] = `
|
||||
Inputs 'owner' and 'repositories' are not set. Creating token for this repository (actions/create-github-app-token).
|
||||
::add-mask::ghs_16C7e42F292c6912E7710c838347Ae178B4a
|
||||
|
||||
::set-output name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a
|
||||
|
||||
::set-output name=installation-id::123456
|
||||
|
||||
::set-output name=app-slug::github-actions
|
||||
::save-state name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a
|
||||
::save-state name=expiresAt::2016-07-11T22:14:10Z
|
||||
--- REQUESTS ---
|
||||
GET /repos/actions/create-github-app-token/installation
|
||||
POST /app/installations/123456/access_tokens
|
||||
{"repositories":["create-github-app-token"],"permissions":{"issues":"write","pull_requests":"read"}}
|
||||
`;
|
||||
|
||||
exports[`post-proxy-requires-native-support.test.js > stderr 1`] = `
|
||||
A proxy environment variable is set, but Node.js native proxy support is not enabled. Set NODE_USE_ENV_PROXY=1 for this action step.
|
||||
`;
|
||||
|
||||
exports[`post-proxy-requires-native-support.test.js > stdout 1`] = `
|
||||
::error::A proxy environment variable is set, but Node.js native proxy support is not enabled. Set NODE_USE_ENV_PROXY=1 for this action step.
|
||||
`;
|
||||
|
||||
exports[`post-revoke-token-fail-response.test.js > stdout 1`] = `
|
||||
::warning::Token revocation failed:
|
||||
`;
|
||||
|
||||
exports[`post-token-expired.test.js > stdout 1`] = `
|
||||
Token expired, skipping token revocation
|
||||
`;
|
||||
|
||||
exports[`post-token-set.test.js > stdout 1`] = `
|
||||
Token revoked
|
||||
`;
|
||||
|
||||
exports[`post-token-skipped.test.js > stdout 1`] = `
|
||||
Token revocation was skipped
|
||||
`;
|
||||
|
||||
exports[`post-token-unset.test.js > stdout 1`] = `
|
||||
Token is not set
|
||||
`;
|
||||
@@ -0,0 +1,11 @@
|
||||
import { DEFAULT_ENV, test } from "./main.js";
|
||||
|
||||
// Verify `main` accepts a GitHub App client ID via the `client-id` input
|
||||
await test(
|
||||
() => {},
|
||||
{
|
||||
...DEFAULT_ENV,
|
||||
"INPUT_CLIENT-ID": "Iv1.0123456789abcdef",
|
||||
"INPUT_APP-ID": "",
|
||||
}
|
||||
);
|
||||
@@ -1,40 +0,0 @@
|
||||
import { test } from "./main.js";
|
||||
|
||||
|
||||
// Verify `main` handles when no enterprise installation is found.
|
||||
await test((mockPool) => {
|
||||
delete process.env.INPUT_OWNER;
|
||||
delete process.env.INPUT_REPOSITORIES;
|
||||
process.env["INPUT_ENTERPRISE-SLUG"] = "test-enterprise";
|
||||
|
||||
|
||||
// Mock the /app/installations endpoint to return only non-enterprise installations
|
||||
mockPool
|
||||
.intercept({
|
||||
path: "/app/installations",
|
||||
method: "GET",
|
||||
headers: {
|
||||
accept: "application/vnd.github.v3+json",
|
||||
"user-agent": "actions/create-github-app-token",
|
||||
// Intentionally omitting the `authorization` header, since JWT creation is not idempotent.
|
||||
},
|
||||
})
|
||||
.reply(
|
||||
200,
|
||||
[
|
||||
{
|
||||
id: "111111",
|
||||
app_slug: "github-actions",
|
||||
target_type: "Organization",
|
||||
account: { login: "some-org" }
|
||||
},
|
||||
{
|
||||
id: "222222",
|
||||
app_slug: "github-actions",
|
||||
target_type: "User",
|
||||
account: { login: "some-user" }
|
||||
}
|
||||
],
|
||||
{ headers: { "content-type": "application/json" } }
|
||||
);
|
||||
});
|
||||
@@ -1,16 +0,0 @@
|
||||
import { DEFAULT_ENV } from "./main.js";
|
||||
|
||||
// Verify `main` exits with an error when `enterprise-slug` is used with both `owner` and `repositories` inputs.
|
||||
try {
|
||||
// Set up environment with enterprise-slug, owner, and repositories all set
|
||||
for (const [key, value] of Object.entries(DEFAULT_ENV)) {
|
||||
process.env[key] = value;
|
||||
}
|
||||
process.env["INPUT_ENTERPRISE-SLUG"] = "test-enterprise";
|
||||
process.env.INPUT_OWNER = "test-owner";
|
||||
process.env.INPUT_REPOSITORIES = "repo1,repo2";
|
||||
|
||||
await import("../main.js");
|
||||
} catch (error) {
|
||||
console.error(error.message);
|
||||
}
|
||||
@@ -1,15 +0,0 @@
|
||||
import { DEFAULT_ENV } from "./main.js";
|
||||
|
||||
// Verify `main` exits with an error when `enterprise-slug` is used with `owner` input.
|
||||
try {
|
||||
// Set up environment with enterprise-slug and owner set
|
||||
for (const [key, value] of Object.entries(DEFAULT_ENV)) {
|
||||
process.env[key] = value;
|
||||
}
|
||||
process.env["INPUT_ENTERPRISE-SLUG"] = "test-enterprise";
|
||||
process.env.INPUT_OWNER = "test-owner";
|
||||
|
||||
await import("../main.js");
|
||||
} catch (error) {
|
||||
console.error(error.message);
|
||||
}
|
||||
@@ -1,15 +0,0 @@
|
||||
import { DEFAULT_ENV } from "./main.js";
|
||||
|
||||
// Verify `main` exits with an error when `enterprise-slug` is used with `repositories` input.
|
||||
try {
|
||||
// Set up environment with enterprise-slug and repositories set
|
||||
for (const [key, value] of Object.entries(DEFAULT_ENV)) {
|
||||
process.env[key] = value;
|
||||
}
|
||||
process.env["INPUT_ENTERPRISE-SLUG"] = "test-enterprise";
|
||||
process.env.INPUT_REPOSITORIES = "repo1,repo2";
|
||||
|
||||
await import("../main.js");
|
||||
} catch (error) {
|
||||
console.error(error.message);
|
||||
}
|
||||
@@ -1,34 +0,0 @@
|
||||
import { test } from "./main.js";
|
||||
|
||||
// Verify `main` successfully obtains a token when only the `enterprise-slug` input is set.
|
||||
await test((mockPool) => {
|
||||
process.env["INPUT_ENTERPRISE-SLUG"] = "test-enterprise";
|
||||
delete process.env.INPUT_OWNER;
|
||||
delete process.env.INPUT_REPOSITORIES;
|
||||
|
||||
// Mock the /app/installations endpoint to return an enterprise installation
|
||||
const mockInstallationId = "123456";
|
||||
const mockAppSlug = "github-actions";
|
||||
mockPool
|
||||
.intercept({
|
||||
path: "/app/installations",
|
||||
method: "GET",
|
||||
headers: {
|
||||
accept: "application/vnd.github.v3+json",
|
||||
"user-agent": "actions/create-github-app-token",
|
||||
// Intentionally omitting the `authorization` header, since JWT creation is not idempotent.
|
||||
},
|
||||
})
|
||||
.reply(
|
||||
200,
|
||||
[
|
||||
{
|
||||
id: mockInstallationId,
|
||||
app_slug: mockAppSlug,
|
||||
target_type: "Enterprise",
|
||||
account: { login: "test-enterprise", slug: "test-enterprise" }
|
||||
}
|
||||
],
|
||||
{ headers: { "content-type": "application/json" } }
|
||||
);
|
||||
});
|
||||
@@ -1,34 +0,0 @@
|
||||
import { test } from "./main.js";
|
||||
|
||||
// Verify `main` successfully generates enterprise token with basic functionality.
|
||||
await test((mockPool) => {
|
||||
process.env["INPUT_ENTERPRISE-SLUG"] = "test-enterprise";
|
||||
delete process.env.INPUT_OWNER;
|
||||
delete process.env.INPUT_REPOSITORIES;
|
||||
|
||||
// Mock the /app/installations endpoint to return an enterprise installation
|
||||
const mockInstallationId = "123456";
|
||||
const mockAppSlug = "github-actions";
|
||||
mockPool
|
||||
.intercept({
|
||||
path: "/app/installations",
|
||||
method: "GET",
|
||||
headers: {
|
||||
accept: "application/vnd.github.v3+json",
|
||||
"user-agent": "actions/create-github-app-token",
|
||||
// Intentionally omitting the `authorization` header, since JWT creation is not idempotent.
|
||||
},
|
||||
})
|
||||
.reply(
|
||||
200,
|
||||
[
|
||||
{
|
||||
id: mockInstallationId,
|
||||
app_slug: mockAppSlug,
|
||||
target_type: "Enterprise",
|
||||
account: { login: "test-enterprise", slug: "test-enterprise" }
|
||||
}
|
||||
],
|
||||
{ headers: { "content-type": "application/json" } }
|
||||
);
|
||||
});
|
||||
@@ -1,36 +0,0 @@
|
||||
import { test } from "./main.js";
|
||||
|
||||
// Verify `main` successfully generates enterprise token with specific permissions.
|
||||
await test((mockPool) => {
|
||||
process.env["INPUT_ENTERPRISE-SLUG"] = "test-enterprise";
|
||||
delete process.env.INPUT_OWNER;
|
||||
delete process.env.INPUT_REPOSITORIES;
|
||||
process.env["INPUT_PERMISSION-ENTERPRISE-ORGANIZATIONS"] = "read";
|
||||
process.env["INPUT_PERMISSION-ENTERPRISE-PEOPLE"] = "write";
|
||||
|
||||
// Mock the /app/installations endpoint to return an enterprise installation
|
||||
const mockInstallationId = "123456";
|
||||
const mockAppSlug = "github-actions";
|
||||
mockPool
|
||||
.intercept({
|
||||
path: "/app/installations",
|
||||
method: "GET",
|
||||
headers: {
|
||||
accept: "application/vnd.github.v3+json",
|
||||
"user-agent": "actions/create-github-app-token",
|
||||
// Intentionally omitting the `authorization` header, since JWT creation is not idempotent.
|
||||
},
|
||||
})
|
||||
.reply(
|
||||
200,
|
||||
[
|
||||
{
|
||||
id: mockInstallationId,
|
||||
app_slug: mockAppSlug,
|
||||
target_type: "Enterprise",
|
||||
account: { login: "test-enterprise", slug: "test-enterprise" }
|
||||
}
|
||||
],
|
||||
{ headers: { "content-type": "application/json" } }
|
||||
);
|
||||
});
|
||||
@@ -0,0 +1,14 @@
|
||||
import { DEFAULT_ENV } from "./main.js";
|
||||
|
||||
for (const [key, value] of Object.entries({
|
||||
...DEFAULT_ENV,
|
||||
"INPUT_CLIENT-ID": "",
|
||||
"INPUT_APP-ID": "",
|
||||
})) {
|
||||
process.env[key] = value;
|
||||
}
|
||||
|
||||
// Verify `main` exits with an error when neither `client-id` nor `app-id` is set.
|
||||
const { default: promise } = await import("../main.js");
|
||||
await promise;
|
||||
process.exitCode = 0;
|
||||
@@ -0,0 +1,14 @@
|
||||
process.env.GITHUB_REPOSITORY = "actions/create-github-app-token";
|
||||
process.env.GITHUB_REPOSITORY_OWNER = "actions";
|
||||
process.env.HTTPS_PROXY = "http://127.0.0.1:3128";
|
||||
|
||||
const originalConsoleError = console.error;
|
||||
console.error = (...args) => {
|
||||
originalConsoleError(
|
||||
...args.map((arg) => (arg instanceof Error ? arg.message : arg)),
|
||||
);
|
||||
};
|
||||
|
||||
await import("../main.js");
|
||||
await new Promise((resolve) => setImmediate(resolve));
|
||||
process.exitCode = 0;
|
||||
@@ -1,6 +1,6 @@
|
||||
import { test } from "./main.js";
|
||||
import { mock } from "node:test";
|
||||
|
||||
import { install } from "@sinonjs/fake-timers";
|
||||
import { test } from "./main.js";
|
||||
|
||||
// Verify `main` retry when the clock has drifted.
|
||||
await test((mockPool) => {
|
||||
@@ -11,7 +11,7 @@ await test((mockPool) => {
|
||||
const mockInstallationId = "123456";
|
||||
const mockAppSlug = "github-actions";
|
||||
|
||||
install({ now: 0, toFake: ["Date"] });
|
||||
mock.timers.enable({ apis: ["Date"], now: 0 });
|
||||
|
||||
mockPool
|
||||
.intercept({
|
||||
@@ -59,4 +59,6 @@ await test((mockPool) => {
|
||||
};
|
||||
})
|
||||
.times(2);
|
||||
}).finally(() => {
|
||||
mock.timers.reset();
|
||||
});
|
||||
|
||||
@@ -0,0 +1,13 @@
|
||||
process.env["INPUT_GITHUB-API-URL"] = "https://api.github.com";
|
||||
process.env.HTTPS_PROXY = "http://127.0.0.1:3128";
|
||||
|
||||
const originalConsoleError = console.error;
|
||||
console.error = (...args) => {
|
||||
originalConsoleError(
|
||||
...args.map((arg) => (arg instanceof Error ? arg.message : arg)),
|
||||
);
|
||||
};
|
||||
|
||||
await import("../post.js");
|
||||
await new Promise((resolve) => setImmediate(resolve));
|
||||
process.exitCode = 0;
|
||||
@@ -1,517 +0,0 @@
|
||||
# Snapshot report for `tests/index.js`
|
||||
|
||||
The actual snapshot is saved in `index.js.snap`.
|
||||
|
||||
Generated by [AVA](https://avajs.dev).
|
||||
|
||||
## action-deprecated-inputs.test.js
|
||||
|
||||
> stderr
|
||||
|
||||
''
|
||||
|
||||
> stdout
|
||||
|
||||
''
|
||||
|
||||
## main-custom-github-api-url.test.js
|
||||
|
||||
> stderr
|
||||
|
||||
''
|
||||
|
||||
> stdout
|
||||
|
||||
`Inputs 'owner' and 'repositories' are set. Creating token for the following repositories:␊
|
||||
␊
|
||||
- actions/create-github-app-token␊
|
||||
::add-mask::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
|
||||
␊
|
||||
::set-output name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
|
||||
␊
|
||||
::set-output name=installation-id::123456␊
|
||||
␊
|
||||
::set-output name=app-slug::github-actions␊
|
||||
::save-state name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
|
||||
::save-state name=expiresAt::2016-07-11T22:14:10Z␊
|
||||
--- REQUESTS ---␊
|
||||
GET /api/v3/repos/actions/create-github-app-token/installation␊
|
||||
POST /api/v3/app/installations/123456/access_tokens␊
|
||||
{"repositories":["create-github-app-token"]}`
|
||||
|
||||
## main-enterprise-installation-not-found.test.js
|
||||
|
||||
> stderr
|
||||
|
||||
`Error: No enterprise installation found matching the name test-enterprise. Available installations: Organization:some-org, User:some-user␊
|
||||
at getTokenFromEnterprise (file:///Users/parkerbxyz/.copilot/worktrees/create-github-app-token/pr-263/lib/main.js:230:11)␊
|
||||
at process.processTicksAndRejections (node:internal/process/task_queues:104:5)␊
|
||||
at async pRetry (file:///Users/parkerbxyz/.copilot/worktrees/create-github-app-token/pr-263/node_modules/p-retry/index.js:197:19)␊
|
||||
at async main (file:///Users/parkerbxyz/.copilot/worktrees/create-github-app-token/pr-263/lib/main.js:95:52)␊
|
||||
at async test (file:///Users/parkerbxyz/.copilot/worktrees/create-github-app-token/pr-263/tests/main.js:111:3)␊
|
||||
at async file:///Users/parkerbxyz/.copilot/worktrees/create-github-app-token/pr-263/tests/main-enterprise-installation-not-found.test.js:5:1`
|
||||
|
||||
> stdout
|
||||
|
||||
`Creating enterprise installation token for enterprise "test-enterprise".␊
|
||||
Failed to create token for enterprise "test-enterprise" (attempt 1): undefined␊
|
||||
--- REQUESTS ---␊
|
||||
GET /app/installations`
|
||||
|
||||
## main-enterprise-mutual-exclusivity-both.test.js
|
||||
|
||||
> stderr
|
||||
|
||||
`Error: Cannot use 'enterprise-slug' input with 'owner' or 'repositories' inputs␊
|
||||
at main (file:///Users/parkerbxyz/.copilot/worktrees/create-github-app-token/pr-263/lib/main.js:31:11)␊
|
||||
at file:///Users/parkerbxyz/.copilot/worktrees/create-github-app-token/pr-263/main.js:33:16␊
|
||||
at ModuleJob.run (node:internal/modules/esm/module_job:430:25)␊
|
||||
at async onImport.tracePromise.__proto__ (node:internal/modules/esm/loader:639:26)␊
|
||||
at async file:///Users/parkerbxyz/.copilot/worktrees/create-github-app-token/pr-263/tests/main-enterprise-mutual-exclusivity-both.test.js:13:3`
|
||||
|
||||
> stdout
|
||||
|
||||
''
|
||||
|
||||
## main-enterprise-mutual-exclusivity-owner.test.js
|
||||
|
||||
> stderr
|
||||
|
||||
`Error: Cannot use 'enterprise-slug' input with 'owner' or 'repositories' inputs␊
|
||||
at main (file:///Users/parkerbxyz/.copilot/worktrees/create-github-app-token/pr-263/lib/main.js:31:11)␊
|
||||
at file:///Users/parkerbxyz/.copilot/worktrees/create-github-app-token/pr-263/main.js:33:16␊
|
||||
at ModuleJob.run (node:internal/modules/esm/module_job:430:25)␊
|
||||
at async onImport.tracePromise.__proto__ (node:internal/modules/esm/loader:639:26)␊
|
||||
at async file:///Users/parkerbxyz/.copilot/worktrees/create-github-app-token/pr-263/tests/main-enterprise-mutual-exclusivity-owner.test.js:12:3`
|
||||
|
||||
> stdout
|
||||
|
||||
''
|
||||
|
||||
## main-enterprise-mutual-exclusivity-repositories.test.js
|
||||
|
||||
> stderr
|
||||
|
||||
`Error: Cannot use 'enterprise-slug' input with 'owner' or 'repositories' inputs␊
|
||||
at main (file:///Users/parkerbxyz/.copilot/worktrees/create-github-app-token/pr-263/lib/main.js:31:11)␊
|
||||
at file:///Users/parkerbxyz/.copilot/worktrees/create-github-app-token/pr-263/main.js:33:16␊
|
||||
at ModuleJob.run (node:internal/modules/esm/module_job:430:25)␊
|
||||
at async onImport.tracePromise.__proto__ (node:internal/modules/esm/loader:639:26)␊
|
||||
at async file:///Users/parkerbxyz/.copilot/worktrees/create-github-app-token/pr-263/tests/main-enterprise-mutual-exclusivity-repositories.test.js:12:3`
|
||||
|
||||
> stdout
|
||||
|
||||
''
|
||||
|
||||
## main-enterprise-only-success.test.js
|
||||
|
||||
> stderr
|
||||
|
||||
''
|
||||
|
||||
> stdout
|
||||
|
||||
`Creating enterprise installation token for enterprise "test-enterprise".␊
|
||||
::add-mask::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
|
||||
␊
|
||||
::set-output name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
|
||||
␊
|
||||
::set-output name=installation-id::123456␊
|
||||
␊
|
||||
::set-output name=app-slug::github-actions␊
|
||||
::save-state name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
|
||||
::save-state name=expiresAt::2016-07-11T22:14:10Z␊
|
||||
--- REQUESTS ---␊
|
||||
GET /app/installations␊
|
||||
POST /app/installations/123456/access_tokens␊
|
||||
null`
|
||||
|
||||
## main-enterprise-token-success.test.js
|
||||
|
||||
> stderr
|
||||
|
||||
''
|
||||
|
||||
> stdout
|
||||
|
||||
`Creating enterprise installation token for enterprise "test-enterprise".␊
|
||||
::add-mask::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
|
||||
␊
|
||||
::set-output name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
|
||||
␊
|
||||
::set-output name=installation-id::123456␊
|
||||
␊
|
||||
::set-output name=app-slug::github-actions␊
|
||||
::save-state name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
|
||||
::save-state name=expiresAt::2016-07-11T22:14:10Z␊
|
||||
--- REQUESTS ---␊
|
||||
GET /app/installations␊
|
||||
POST /app/installations/123456/access_tokens␊
|
||||
null`
|
||||
|
||||
## main-enterprise-token-with-permissions.test.js
|
||||
|
||||
> stderr
|
||||
|
||||
''
|
||||
|
||||
> stdout
|
||||
|
||||
`Creating enterprise installation token for enterprise "test-enterprise".␊
|
||||
::add-mask::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
|
||||
␊
|
||||
::set-output name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
|
||||
␊
|
||||
::set-output name=installation-id::123456␊
|
||||
␊
|
||||
::set-output name=app-slug::github-actions␊
|
||||
::save-state name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
|
||||
::save-state name=expiresAt::2016-07-11T22:14:10Z␊
|
||||
--- REQUESTS ---␊
|
||||
GET /app/installations␊
|
||||
POST /app/installations/123456/access_tokens␊
|
||||
{"permissions":{"enterprise_organizations":"read","enterprise_people":"write"}}`
|
||||
|
||||
## main-missing-owner.test.js
|
||||
|
||||
> stderr
|
||||
|
||||
'GITHUB_REPOSITORY_OWNER missing, must be set to \'<owner>\''
|
||||
|
||||
> stdout
|
||||
|
||||
''
|
||||
|
||||
## main-missing-repository.test.js
|
||||
|
||||
> stderr
|
||||
|
||||
'GITHUB_REPOSITORY missing, must be set to \'<owner>/<repo>\''
|
||||
|
||||
> stdout
|
||||
|
||||
''
|
||||
|
||||
## main-private-key-with-escaped-newlines.test.js
|
||||
|
||||
> stderr
|
||||
|
||||
''
|
||||
|
||||
> stdout
|
||||
|
||||
`Inputs 'owner' and 'repositories' are not set. Creating token for this repository (actions/create-github-app-token).␊
|
||||
::add-mask::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
|
||||
␊
|
||||
::set-output name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
|
||||
␊
|
||||
::set-output name=installation-id::123456␊
|
||||
␊
|
||||
::set-output name=app-slug::github-actions␊
|
||||
::save-state name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
|
||||
::save-state name=expiresAt::2016-07-11T22:14:10Z␊
|
||||
--- REQUESTS ---␊
|
||||
GET /repos/actions/create-github-app-token/installation␊
|
||||
POST /app/installations/123456/access_tokens␊
|
||||
{"repositories":["create-github-app-token"]}`
|
||||
|
||||
## main-repo-skew.test.js
|
||||
|
||||
> stderr
|
||||
|
||||
`'Issued at' claim ('iat') must be an Integer representing the time that the assertion was issued.␊
|
||||
[@octokit/auth-app] GitHub API time and system time are different by 30 seconds. Retrying request with the difference accounted for.`
|
||||
|
||||
> stdout
|
||||
|
||||
`Inputs 'owner' and 'repositories' are set. Creating token for the following repositories:␊
|
||||
␊
|
||||
- actions/failed-repo␊
|
||||
::add-mask::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
|
||||
␊
|
||||
::set-output name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
|
||||
␊
|
||||
::set-output name=installation-id::123456␊
|
||||
␊
|
||||
::set-output name=app-slug::github-actions␊
|
||||
::save-state name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
|
||||
::save-state name=expiresAt::2016-07-11T22:14:10Z␊
|
||||
--- REQUESTS ---␊
|
||||
GET /repos/actions/failed-repo/installation␊
|
||||
GET /repos/actions/failed-repo/installation␊
|
||||
POST /app/installations/123456/access_tokens␊
|
||||
{"repositories":["failed-repo"]}`
|
||||
|
||||
## main-token-get-owner-set-fail-response.test.js
|
||||
|
||||
> stderr
|
||||
|
||||
''
|
||||
|
||||
> stdout
|
||||
|
||||
`Input 'repositories' is not set. Creating token for all repositories owned by smockle.␊
|
||||
Failed to create token for "smockle" (attempt 1): GitHub API not available␊
|
||||
::add-mask::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
|
||||
␊
|
||||
::set-output name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
|
||||
␊
|
||||
::set-output name=installation-id::123456␊
|
||||
␊
|
||||
::set-output name=app-slug::github-actions␊
|
||||
::save-state name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
|
||||
::save-state name=expiresAt::2016-07-11T22:14:10Z␊
|
||||
--- REQUESTS ---␊
|
||||
GET /users/smockle/installation␊
|
||||
GET /users/smockle/installation␊
|
||||
POST /app/installations/123456/access_tokens␊
|
||||
null`
|
||||
|
||||
## main-token-get-owner-set-repo-fail-response.test.js
|
||||
|
||||
> stderr
|
||||
|
||||
''
|
||||
|
||||
> stdout
|
||||
|
||||
`Inputs 'owner' and 'repositories' are set. Creating token for the following repositories:␊
|
||||
␊
|
||||
- actions/failed-repo␊
|
||||
Failed to create token for "failed-repo" (attempt 1): GitHub API not available␊
|
||||
::add-mask::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
|
||||
␊
|
||||
::set-output name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
|
||||
␊
|
||||
::set-output name=installation-id::123456␊
|
||||
␊
|
||||
::set-output name=app-slug::github-actions␊
|
||||
::save-state name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
|
||||
::save-state name=expiresAt::2016-07-11T22:14:10Z␊
|
||||
--- REQUESTS ---␊
|
||||
GET /repos/actions/failed-repo/installation␊
|
||||
GET /repos/actions/failed-repo/installation␊
|
||||
POST /app/installations/123456/access_tokens␊
|
||||
{"repositories":["failed-repo"]}`
|
||||
|
||||
## main-token-get-owner-set-repo-set-to-many-newline.test.js
|
||||
|
||||
> stderr
|
||||
|
||||
''
|
||||
|
||||
> stdout
|
||||
|
||||
`Inputs 'owner' and 'repositories' are set. Creating token for the following repositories:␊
|
||||
␊
|
||||
- actions/create-github-app-token␊
|
||||
- actions/toolkit␊
|
||||
- actions/checkout␊
|
||||
::add-mask::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
|
||||
␊
|
||||
::set-output name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
|
||||
␊
|
||||
::set-output name=installation-id::123456␊
|
||||
␊
|
||||
::set-output name=app-slug::github-actions␊
|
||||
::save-state name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
|
||||
::save-state name=expiresAt::2016-07-11T22:14:10Z␊
|
||||
--- REQUESTS ---␊
|
||||
GET /repos/actions/create-github-app-token/installation␊
|
||||
POST /app/installations/123456/access_tokens␊
|
||||
{"repositories":["create-github-app-token","toolkit","checkout"]}`
|
||||
|
||||
## main-token-get-owner-set-repo-set-to-many.test.js
|
||||
|
||||
> stderr
|
||||
|
||||
''
|
||||
|
||||
> stdout
|
||||
|
||||
`Inputs 'owner' and 'repositories' are set. Creating token for the following repositories:␊
|
||||
␊
|
||||
- actions/create-github-app-token␊
|
||||
- actions/toolkit␊
|
||||
- actions/checkout␊
|
||||
::add-mask::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
|
||||
␊
|
||||
::set-output name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
|
||||
␊
|
||||
::set-output name=installation-id::123456␊
|
||||
␊
|
||||
::set-output name=app-slug::github-actions␊
|
||||
::save-state name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
|
||||
::save-state name=expiresAt::2016-07-11T22:14:10Z␊
|
||||
--- REQUESTS ---␊
|
||||
GET /repos/actions/create-github-app-token/installation␊
|
||||
POST /app/installations/123456/access_tokens␊
|
||||
{"repositories":["create-github-app-token","toolkit","checkout"]}`
|
||||
|
||||
## main-token-get-owner-set-repo-set-to-one.test.js
|
||||
|
||||
> stderr
|
||||
|
||||
''
|
||||
|
||||
> stdout
|
||||
|
||||
`Inputs 'owner' and 'repositories' are set. Creating token for the following repositories:␊
|
||||
␊
|
||||
- actions/create-github-app-token␊
|
||||
::add-mask::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
|
||||
␊
|
||||
::set-output name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
|
||||
␊
|
||||
::set-output name=installation-id::123456␊
|
||||
␊
|
||||
::set-output name=app-slug::github-actions␊
|
||||
::save-state name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
|
||||
::save-state name=expiresAt::2016-07-11T22:14:10Z␊
|
||||
--- REQUESTS ---␊
|
||||
GET /repos/actions/create-github-app-token/installation␊
|
||||
POST /app/installations/123456/access_tokens␊
|
||||
{"repositories":["create-github-app-token"]}`
|
||||
|
||||
## main-token-get-owner-set-repo-unset.test.js
|
||||
|
||||
> stderr
|
||||
|
||||
''
|
||||
|
||||
> stdout
|
||||
|
||||
`Input 'repositories' is not set. Creating token for all repositories owned by actions.␊
|
||||
::add-mask::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
|
||||
␊
|
||||
::set-output name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
|
||||
␊
|
||||
::set-output name=installation-id::123456␊
|
||||
␊
|
||||
::set-output name=app-slug::github-actions␊
|
||||
::save-state name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
|
||||
::save-state name=expiresAt::2016-07-11T22:14:10Z␊
|
||||
--- REQUESTS ---␊
|
||||
GET /users/actions/installation␊
|
||||
POST /app/installations/123456/access_tokens␊
|
||||
null`
|
||||
|
||||
## main-token-get-owner-unset-repo-set.test.js
|
||||
|
||||
> stderr
|
||||
|
||||
''
|
||||
|
||||
> stdout
|
||||
|
||||
`No 'owner' input provided. Using default owner 'actions' to create token for the following repositories:␊
|
||||
- actions/create-github-app-token␊
|
||||
::add-mask::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
|
||||
␊
|
||||
::set-output name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
|
||||
␊
|
||||
::set-output name=installation-id::123456␊
|
||||
␊
|
||||
::set-output name=app-slug::github-actions␊
|
||||
::save-state name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
|
||||
::save-state name=expiresAt::2016-07-11T22:14:10Z␊
|
||||
--- REQUESTS ---␊
|
||||
GET /repos/actions/create-github-app-token/installation␊
|
||||
POST /app/installations/123456/access_tokens␊
|
||||
{"repositories":["create-github-app-token"]}`
|
||||
|
||||
## main-token-get-owner-unset-repo-unset.test.js
|
||||
|
||||
> stderr
|
||||
|
||||
''
|
||||
|
||||
> stdout
|
||||
|
||||
`Inputs 'owner' and 'repositories' are not set. Creating token for this repository (actions/create-github-app-token).␊
|
||||
::add-mask::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
|
||||
␊
|
||||
::set-output name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
|
||||
␊
|
||||
::set-output name=installation-id::123456␊
|
||||
␊
|
||||
::set-output name=app-slug::github-actions␊
|
||||
::save-state name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
|
||||
::save-state name=expiresAt::2016-07-11T22:14:10Z␊
|
||||
--- REQUESTS ---␊
|
||||
GET /repos/actions/create-github-app-token/installation␊
|
||||
POST /app/installations/123456/access_tokens␊
|
||||
{"repositories":["create-github-app-token"]}`
|
||||
|
||||
## main-token-permissions-set.test.js
|
||||
|
||||
> stderr
|
||||
|
||||
''
|
||||
|
||||
> stdout
|
||||
|
||||
`Inputs 'owner' and 'repositories' are not set. Creating token for this repository (actions/create-github-app-token).␊
|
||||
::add-mask::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
|
||||
␊
|
||||
::set-output name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
|
||||
␊
|
||||
::set-output name=installation-id::123456␊
|
||||
␊
|
||||
::set-output name=app-slug::github-actions␊
|
||||
::save-state name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
|
||||
::save-state name=expiresAt::2016-07-11T22:14:10Z␊
|
||||
--- REQUESTS ---␊
|
||||
GET /repos/actions/create-github-app-token/installation␊
|
||||
POST /app/installations/123456/access_tokens␊
|
||||
{"repositories":["create-github-app-token"],"permissions":{"issues":"write","pull_requests":"read"}}`
|
||||
|
||||
## post-revoke-token-fail-response.test.js
|
||||
|
||||
> stderr
|
||||
|
||||
''
|
||||
|
||||
> stdout
|
||||
|
||||
'::warning::Token revocation failed: '
|
||||
|
||||
## post-token-expired.test.js
|
||||
|
||||
> stderr
|
||||
|
||||
''
|
||||
|
||||
> stdout
|
||||
|
||||
'Token expired, skipping token revocation'
|
||||
|
||||
## post-token-set.test.js
|
||||
|
||||
> stderr
|
||||
|
||||
''
|
||||
|
||||
> stdout
|
||||
|
||||
'Token revoked'
|
||||
|
||||
## post-token-skipped.test.js
|
||||
|
||||
> stderr
|
||||
|
||||
''
|
||||
|
||||
> stdout
|
||||
|
||||
'Token revocation was skipped'
|
||||
|
||||
## post-token-unset.test.js
|
||||
|
||||
> stderr
|
||||
|
||||
''
|
||||
|
||||
> stdout
|
||||
|
||||
'Token is not set'
|
||||
Binary file not shown.
Reference in New Issue
Block a user