Merge branch 'tibdex:main' into main

pelotoncycle · Jan 25, 2024 · 3c8fc20 · 3c8fc20
2 parents 28308af + 3eb77c7
commit 3c8fc20
Show file tree

Hide file tree

Showing 22 changed files with 2,366 additions and 3,316 deletions.
diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml
@@ -9,7 +9,7 @@ jobs:
     name: Publish
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v4
       - uses: dylanvann/publish-github-action@v1.1.49
         with:
           github_token: ${{ secrets.GITHUB_TOKEN }}
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
@@ -9,14 +9,22 @@ jobs:
     name: Test
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v2
-      - name: Install
-        run: yarn install --frozen-lockfile
-      - name: Deduplicate dependencies
-        run: yarn run yarn-deduplicate --fail --strategy fewer
-      - name: Build
-        run: yarn run build
-      - name: Format
-        run: yarn run prettier --check
-      - name: Lint
-        run: yarn run xo
+      - uses: actions/checkout@v4
+      - uses: actions/setup-node@v3
+        with:
+          node-version: 20
+          cache: npm
+      - run: npm ci
+      - run: npm run typecheck
+      - run: npm run build
+      # Optional integration test of the action using a dedicated GitHub App.
+      - id: create_token
+        if: ${{ vars.TEST_GITHUB_APP_ID != '' }}
+        uses: ./
+        with:
+          # The only required permission is `Repository permissions > Metadata: Read-only`.
+          app_id: ${{ vars.TEST_GITHUB_APP_ID }}
+          private_key: ${{ secrets.TEST_GITHUB_APP_PRIVATE_KEY }}
+      - if: ${{ steps.create_token.outcome != 'skipped' }}
+        run: node --eval "assert('${{ steps.create_token.outputs.token }}'.length > 0);"
+      - run: npm run prettier -- --check
diff --git a/LICENSE b/LICENSE
@@ -1,5 +1,5 @@
 The MIT License (MIT)
-Copyright (c) 2022 Thibault Derousseaux <tibdex@gmail.com>
+Copyright (c) 2023 Thibault Derousseaux <tibdex@gmail.com>
 
 Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
 

diff --git a/README.md b/README.md
@@ -21,31 +21,35 @@ jobs:
   job:
     runs-on: ubuntu-latest
     steps:
-      - name: Generate token
-        id: generate_token
-        uses: tibdex/github-app-token@v1
+      - id: create_token
+        uses: tibdex/github-app-token@v2
         with:
           app_id: ${{ secrets.APP_ID }}
 
           # Optional.
           # github_api_url: https://api.example.com
 
           # Optional.
-          # installation_id: 1337
+          # installation_retrieval_mode: id
+
+          # Optional.
+          # installation_retrieval_payload: 1337
 
           # Optional.
           # Using a YAML multiline string to avoid escaping the JSON quotes.
           # permissions: >-
-          #   {"members": "read"}
+          #   {"pull_requests": "read"}
 
           private_key: ${{ secrets.PRIVATE_KEY }}
 
           # Optional.
-          # repository: owner/repo
+          # repositories: >-
+          #   ["actions/toolkit", "github/docs"]
 
-      - name: Use token
-        env:
-          TOKEN: ${{ steps.generate_token.outputs.token }}
-        run: |
-          echo "The generated token is masked: ${TOKEN}"
+          # Optional.
+          # revoke: false
+
+      - run: "echo 'The created token is masked: ${{ steps.create_token.outputs.token }}'"
 ```
+
+[Another use case for this action can (or could) be found in GitHub's own docs](https://web.archive.org/web/20230115194214/https://docs.github.com/en/issues/planning-and-tracking-with-projects/automating-your-project/automating-projects-using-actions#example-workflow-authenticating-with-a-github-app).
diff --git a/action.yml b/action.yml
@@ -5,25 +5,52 @@ inputs:
   app_id:
     description: ID of the GitHub App.
     required: true
-  installation_id:
-    description: The ID of the installation for which the token will be requested (defaults to the ID of the repository's installation).
   github_api_url:
     description: The API URL of the GitHub server.
     default: ${{ github.api_url }}
+  installation_retrieval_mode:
+    description: >-
+      The mode used to retrieve the installation for which the token will be requested.
+
+      One of:
+      - id: use the installation with the specified ID.
+      - organization: use an organization installation (https://docs.github.com/en/rest/apps/apps?apiVersion=2022-11-28#get-an-organization-installation-for-the-authenticated-app).
+      - repository: use a repository installation (https://docs.github.com/en/rest/apps/apps?apiVersion=2022-11-28#get-a-repository-installation-for-the-authenticated-app).
+      - user: use a user installation (https://docs.github.com/en/rest/apps/apps?apiVersion=2022-11-28#get-a-user-installation-for-the-authenticated-app).
+    default: repository
+  installation_retrieval_payload:
+    description: >-
+      The payload used to retrieve the installation.
+
+      Examples for each retrieval mode:
+      - id: 1337
+      - organization: github
+      - repository: tibdex/github-app-token
+      - user: tibdex
+    default: ${{ github.repository }}
   permissions:
-    description: The JSON-stringified permissions granted to the token (defaults to all the GitHub app permissions, see https://docs.github.com/en/rest/apps/apps#create-an-installation-access-token-for-an-app).
+    description: >-
+      The JSON-stringified permissions granted to the token.
+      Defaults to all permissions granted to the GitHub app.
+      See https://docs.github.com/en/rest/apps/apps?apiVersion=2022-11-28#create-an-installation-access-token-for-an-app's `permissions`.
   private_key:
     description: Private key of the GitHub App (can be Base64 encoded).
     required: true
-  repository:
-    description: The full name of the repository for which the token will be requested.
-    default: ${{ github.repository }}
+  repositories:
+    description: >-
+      The JSON-stringified array of the full names of the repositories the token should have access to.
+      Defaults to all repositories that the installation can access.
+      See https://docs.github.com/en/rest/apps/apps?apiVersion=2022-11-28#create-an-installation-access-token-for-an-app's `repositories`.
+  revoke:
+    description: Revoke the token at the end of the job.
+    default: true
 outputs:
   token:
-    description: An installation token for the GitHub App on the requested repository.
+    description: An installation access token for the GitHub App.
 runs:
-  using: node16
-  main: dist/index.js
+  using: node20
+  main: dist/main/index.js
+  post: dist/post/index.js
 branding:
   icon: unlock
   color: gray-dark