Skip to content
This repository was archived by the owner on Jul 7, 2025. It is now read-only.

Commit f66c1c3

Browse files
authored
Add permissions input (#40)
1 parent c95b1c4 commit f66c1c3

File tree

6 files changed

+593
-447
lines changed

6 files changed

+593
-447
lines changed

README.md

Lines changed: 10 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -18,11 +18,20 @@ jobs:
1818
uses: tibdex/github-app-token@v1
1919
with:
2020
app_id: ${{ secrets.APP_ID }}
21-
private_key: ${{ secrets.PRIVATE_KEY }}
21+
2222
# Optional (defaults to ID of the repository's installation).
2323
# installation_id: 1337
24+
25+
# Optional (defaults to all the Github App permissions).
26+
# Using a YAML multiline string to avoid escaping the JSON quotes.
27+
# permissions: >-
28+
# {"members": "read"}
29+
30+
private_key: ${{ secrets.PRIVATE_KEY }}
31+
2432
# Optional (defaults to the current repository).
2533
# repository: "owner/repo"
34+
2635
- name: Use token
2736
env:
2837
TOKEN: ${{ steps.generate_token.outputs.token }}

action.yml

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -12,6 +12,8 @@ inputs:
1212
description: The ID of the installation for which the token will be requested (defaults to the ID of the repository's installation).
1313
repository:
1414
description: The full name of the repository for which the token will be requested (defaults to the current repository).
15+
permissions:
16+
description: The JSON-stringified permissions granted to the token (defaults to all the GitHub app permissions, see https://docs.github.com/en/rest/apps/apps#create-an-installation-access-token-for-an-app).
1517
outputs:
1618
token:
1719
description: An installation token for the GitHub App on the requested repository.

package.json

Lines changed: 10 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
{
22
"name": "github-app-token",
3-
"version": "1.5.2",
3+
"version": "1.6.0",
44
"license": "MIT",
55
"type": "module",
66
"files": [
@@ -14,26 +14,26 @@
1414
"xo": "xo"
1515
},
1616
"dependencies": {
17-
"@actions/core": "^1.6.0",
18-
"@actions/github": "^5.0.1",
19-
"@octokit/auth-app": "^3.6.1",
20-
"@octokit/request": "^5.6.3",
17+
"@actions/core": "^1.9.0",
18+
"@actions/github": "^5.0.3",
19+
"@octokit/auth-app": "^4.0.4",
20+
"@octokit/request": "^6.0.2",
2121
"ensure-error": "^4.0.0",
2222
"is-base64": "^1.1.0"
2323
},
2424
"devDependencies": {
2525
"@types/error-cause": "^1.0.1",
2626
"@types/is-base64": "^1.1.1",
2727
"@types/node": "^16.11.26",
28-
"@vercel/ncc": "^0.33.3",
28+
"@vercel/ncc": "^0.34.0",
2929
"eslint-config-prettier": "^8.5.0",
3030
"eslint-plugin-import": "^2.26.0",
3131
"eslint-plugin-sort-destructure-keys": "^1.4.0",
3232
"eslint-plugin-typescript-sort-keys": "^2.1.0",
3333
"prettier": "^2.6.2",
34-
"prettier-plugin-packagejson": "^2.2.17",
35-
"typescript": "^4.7.0-beta",
36-
"xo": "^0.48.0",
37-
"yarn-deduplicate": "^4.0.0"
34+
"prettier-plugin-packagejson": "^2.2.18",
35+
"typescript": "^4.7.4",
36+
"xo": "^0.50.0",
37+
"yarn-deduplicate": "^5.0.0"
3838
}
3939
}

src/fetch-installation-token.ts

Lines changed: 7 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -8,12 +8,14 @@ export const fetchInstallationToken = async ({
88
appId,
99
installationId,
1010
owner,
11+
permissions,
1112
privateKey,
1213
repo,
1314
}: Readonly<{
1415
appId: string;
1516
installationId?: number;
1617
owner: string;
18+
permissions?: Record<string, string>;
1719
privateKey: string;
1820
repo: string;
1921
}>): Promise<string> => {
@@ -42,6 +44,10 @@ export const fetchInstallationToken = async ({
4244
}
4345
}
4446

45-
const installation = await app({ installationId, type: "installation" });
47+
const installation = await app({
48+
installationId,
49+
permissions,
50+
type: "installation",
51+
});
4652
return installation.token;
4753
};

src/index.ts

Lines changed: 13 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -8,21 +8,32 @@ import { fetchInstallationToken } from "./fetch-installation-token.js";
88
const run = async () => {
99
try {
1010
const appId = getInput("app_id", { required: true });
11+
12+
const installationIdInput = getInput("installation_id");
13+
const installationId = installationIdInput
14+
? Number(installationIdInput)
15+
: undefined;
16+
17+
const permissionsInput = getInput("permissions");
18+
const permissions = permissionsInput
19+
? (JSON.parse(permissionsInput) as Record<string, string>)
20+
: undefined;
21+
1122
const privateKeyInput = getInput("private_key", { required: true });
1223
const privateKey = isBase64(privateKeyInput)
1324
? Buffer.from(privateKeyInput, "base64").toString("utf8")
1425
: privateKeyInput;
1526

16-
const installationId = getInput("installation_id");
1727
const repositoryInput = getInput("repository");
1828
const [owner, repo] = repositoryInput
1929
? repositoryInput.split("/")
2030
: [context.repo.owner, context.repo.repo];
2131

2232
const installationToken = await fetchInstallationToken({
2333
appId,
24-
installationId: installationId ? Number(installationId) : undefined,
34+
installationId,
2535
owner,
36+
permissions,
2637
privateKey,
2738
repo,
2839
});

0 commit comments

Comments
 (0)