fix: normalize action input names#72
Conversation
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
![botantler[bot]](https://avatars.githubusercontent.com/in/1025824?s=60&v=4){kind=small}
There was a problem hiding this comment.
Pull request overview
Normalizes GitHub Action input names across several in-repo actions to consistently use kebab-case (including secret-backed inputs), and updates the associated documentation and test workflows to match the new interfaces.
Changes:
- Renamed action inputs from env-style names (e.g.,
GITHUB_TOKEN,APP_PRIVATE_KEY,CODECOV_TOKEN) to kebab-case equivalents. - Updated composite action implementations to reference the new input names.
- Updated READMEs, in-repo test workflows, and CONTRIBUTING guidance to reflect the normalized interfaces.
Reviewed changes
Copilot reviewed 19 out of 19 changed files in this pull request and generated 2 comments.
Show a summary per file
| File | Description |
|---|---|
| upsert-issue/README.md | Updates documented input name to github-token. |
| upsert-issue/action.yaml | Renames GITHUB_TOKEN input to github-token and updates internal reference. |
| setup-go-toolchain/README.md | Updates documented/usage input name to github-token. |
| setup-go-toolchain/action.yaml | Renames GITHUB_TOKEN input to github-token and updates if/env references. |
| run-dotnet-tests/README.md | Documents new kebab-case inputs (app-private-key, github-token, codecov-token). |
| run-dotnet-tests/action.yaml | Renames inputs and updates expression references to kebab-case. |
| login-to-ghcr/README.md | Updates documented/usage input name to github-token. |
| login-to-ghcr/action.yaml | Renames GITHUB_TOKEN input to github-token and updates password reference. |
| create-issues-from-todos/README.md | Updates documented/usage input name to app-private-key. |
| create-issues-from-todos/action.yaml | Renames APP_PRIVATE_KEY input to app-private-key and updates reference. |
| CONTRIBUTING.md | Updates naming guidance to require kebab-case for all action inputs (including secret-backed). |
| approve-pr/README.md | Updates documented/usage input name to app-private-key. |
| approve-pr/action.yaml | Renames APP_PRIVATE_KEY input to app-private-key and updates reference. |
| .github/workflows/test-upsert-issue.yaml | Updates test workflow to pass github-token. |
| .github/workflows/test-setup-go-toolchain.yaml | Updates test workflow to pass github-token. |
| .github/workflows/test-run-dotnet-tests.yaml | Updates test workflow to pass app-private-key and github-token. |
| .github/workflows/test-login-to-ghcr.yaml | Updates test workflow to pass github-token. |
| .github/workflows/test-create-issues-from-todos.yaml | Updates test workflow to pass app-private-key. |
| .github/workflows/test-approve-pr.yaml | Updates test workflow to pass app-private-key. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| description: GitHub App ID to generate a token | ||
| required: true | ||
| APP_PRIVATE_KEY: | ||
| app-private-key: | ||
| description: Private key of the GitHub App to generate a token | ||
| required: true |
There was a problem hiding this comment.
app-id and app-private-key are marked as required inputs here, but they are not referenced anywhere in this composite action (no inputs.app-id / inputs.app-private-key usage). This makes the action interface misleading and forces callers to provide/handle an unnecessary secret. Either remove these inputs (and update workflows/README accordingly) or add the missing step(s) that actually use them (e.g., generate a GitHub App token and consume it).
| | `app-id` | GitHub App ID to generate a token | ✅ | - | | ||
| | `APP_PRIVATE_KEY` | Private key of the GitHub App | ✅ | - | | ||
| | `GITHUB_TOKEN` | GitHub token to access the repository | ✅ | - | | ||
| | `CODECOV_TOKEN` | Token to upload code coverage to CodeCov | ❌ | - | | ||
| | `app-private-key` | Private key of the GitHub App | ✅ | - | | ||
| | `github-token` | GitHub token to access the repository | ✅ | - | | ||
| | `codecov-token` | Token to upload code coverage to CodeCov | ❌ | - | |
There was a problem hiding this comment.
The README documents app-id / app-private-key as required inputs for generating a token, but the action implementation does not consume those inputs at all. Please either update the docs to reflect the actual behavior/required inputs, or update the action to use these inputs as documented.
Why
Several actions exposed a mix of kebab-case and uppercase env-style input names. That made the action interfaces inconsistent and conflicted with the repo's naming guidance.
What changed
This PR normalizes action inputs to kebab-case for the affected actions, including secret-backed inputs such as
app-private-key,github-token, andcodecov-token. It updates the action metadata, internalinputs.*references, the in-repo test workflows that call those actions, and the corresponding READMEs so the documented interface matches the implemented one.Notes
Reusable workflow boundaries were left unchanged on purpose. For example,
.github/workflows/active-release.yamlstill usesAPP_PRIVATE_KEYbecause that is a workflow secret interface, not an action input.CONTRIBUTING.mdnow makes that distinction explicit.