From 2950cbc446a8d3030ea17d3f7cbdd3c0fce4b0f5 Mon Sep 17 00:00:00 2001 From: Parker Brown <17183625+parkerbxyz@users.noreply.github.com> Date: Fri, 2 May 2025 11:44:01 -0700 Subject: [PATCH 1/2] fix: permission input handling (#243) This pull request fixes the handling of permissions inputs. - Updated `getPermissionsFromInputs` in `lib/get-permissions-from-inputs.js` to use hyphens (`INPUT_PERMISSION-`) instead of underscores (`INPUT_PERMISSION_`) in input keys, added a check to skip empty values, and clarified behavior when no permissions are set. - Added a `shouldRetry` function to retry requests when server errors (HTTP status 500 or higher) occur in the `main` function in `lib/main.js` to prevent unnecessary retries. - Updated test cases in `tests/main-token-permissions-set.test.js` to match the new input key format with hyphens. - Added a default empty string for unset inputs (e.g., `INPUT_PERMISSION-ADMINISTRATION`) in `tests/main.js` to simulate the behavior of the Actions runner. - Updated snapshots in `tests/snapshots/index.js.md` to reflect the updated hyphenated input keys in permissions. --------- Co-authored-by: Gregor Martynus <39992+gr2m@users.noreply.github.com> --- lib/get-permissions-from-inputs.js | 7 +++++-- lib/main.js | 1 + tests/main-token-permissions-set.test.js | 4 ++-- tests/main.js | 8 +++++--- tests/snapshots/index.js.md | 2 +- tests/snapshots/index.js.snap | Bin 1392 -> 1392 bytes 6 files changed, 14 insertions(+), 8 deletions(-) diff --git a/lib/get-permissions-from-inputs.js b/lib/get-permissions-from-inputs.js index 7458155..7777d94 100644 --- a/lib/get-permissions-from-inputs.js +++ b/lib/get-permissions-from-inputs.js @@ -7,9 +7,12 @@ */ export function getPermissionsFromInputs(env) { return Object.entries(env).reduce((permissions, [key, value]) => { - if (!key.startsWith("INPUT_PERMISSION_")) return permissions; + if (!key.startsWith("INPUT_PERMISSION-")) return permissions; + if (!value) return permissions; - const permission = key.slice("INPUT_PERMISSION_".length).toLowerCase(); + const permission = key.slice("INPUT_PERMISSION-".length).toLowerCase(); + + // Inherit app permissions if no permissions inputs are set if (permissions === undefined) { return { [permission]: value }; } diff --git a/lib/main.js b/lib/main.js index f07947f..3ec39b5 100644 --- a/lib/main.js +++ b/lib/main.js @@ -89,6 +89,7 @@ export async function main( permissions ), { + shouldRetry: (error) => error.status >= 500, onFailedAttempt: (error) => { core.info( `Failed to create token for "${parsedRepositoryNames.join( diff --git a/tests/main-token-permissions-set.test.js b/tests/main-token-permissions-set.test.js index b3f6386..19746ac 100644 --- a/tests/main-token-permissions-set.test.js +++ b/tests/main-token-permissions-set.test.js @@ -2,6 +2,6 @@ import { test } from "./main.js"; // Verify `main` successfully sets permissions await test(() => { - process.env.INPUT_PERMISSION_ISSUES = `write`; - process.env.INPUT_PERMISSION_PULL_REQUESTS = `read`; + process.env["INPUT_PERMISSION-ISSUES"] = `write`; + process.env["INPUT_PERMISSION-PULL-REQUESTS"] = `read`; }); diff --git a/tests/main.js b/tests/main.js index 792da70..5466529 100644 --- a/tests/main.js +++ b/tests/main.js @@ -38,6 +38,8 @@ so0tiQKBgGQXZaxaXhYUcxYHuCkQ3V4Vsj3ezlM92xXlP32SGFm3KgFhYy9kATxw Cax1ytZzvlrKLQyQFVK1COs2rHt7W4cJ7op7C8zXfsigXCiejnS664oAuX8sQZID x3WQZRiXlWejSMUAHuMwXrhGlltF3lw83+xAjnqsVp75kGS6OH61 -----END RSA PRIVATE KEY-----`, + // The Actions runner sets all inputs to empty strings if not set. + "INPUT_PERMISSION-ADMINISTRATION": "", }; export async function test(cb = (_mockPool) => {}, env = DEFAULT_ENV) { @@ -61,7 +63,7 @@ export async function test(cb = (_mockPool) => {}, env = DEFAULT_ENV) { const owner = env.INPUT_OWNER ?? env.GITHUB_REPOSITORY_OWNER; const currentRepoName = env.GITHUB_REPOSITORY.split("/")[1]; const repo = encodeURIComponent( - (env.INPUT_REPOSITORIES ?? currentRepoName).split(",")[0], + (env.INPUT_REPOSITORIES ?? currentRepoName).split(",")[0] ); mockPool @@ -77,7 +79,7 @@ export async function test(cb = (_mockPool) => {}, env = DEFAULT_ENV) { .reply( 200, { id: mockInstallationId, app_slug: mockAppSlug }, - { headers: { "content-type": "application/json" } }, + { headers: { "content-type": "application/json" } } ); // Mock installation access token request @@ -98,7 +100,7 @@ export async function test(cb = (_mockPool) => {}, env = DEFAULT_ENV) { .reply( 201, { token: mockInstallationAccessToken, expires_at: mockExpiresAt }, - { headers: { "content-type": "application/json" } }, + { headers: { "content-type": "application/json" } } ); // Run the callback diff --git a/tests/snapshots/index.js.md b/tests/snapshots/index.js.md index e419536..55b25ba 100644 --- a/tests/snapshots/index.js.md +++ b/tests/snapshots/index.js.md @@ -331,7 +331,7 @@ Generated by [AVA](https://avajs.dev). --- REQUESTS ---␊ GET /repos/actions/create-github-app-token/installation␊ POST /app/installations/123456/access_tokens␊ - {"repositories":["create-github-app-token"],"permissions":{"issues":"write","pull_requests":"read"}}` + {"repositories":["create-github-app-token"],"permissions":{"issues":"write","pull-requests":"read"}}` ## post-revoke-token-fail-response.test.js diff --git a/tests/snapshots/index.js.snap b/tests/snapshots/index.js.snap index e66c3d55e1416e7ac7aff4b1d2b5c4e6ce80213f..0b63dabc7db6f383c4adb398cbab95a6b6bd508f 100644 GIT binary patch delta 210 zcmV;@04@LU3h)XtK~_N^Q*L2!b7*gLAa*kf0{}UX?Ak`Njah&ex^i+3rE9%kwGNje z2A?1>h(IvW%CE69sRVx-JwBk7pJOCjdp=nWMa(LVeSpDZQC!o5|AT7kcPF2l=8y(1 zQrt9~isLe=rHVqLC#)u!{No%2F~Szjo}B^JY6{h21SJl;On8s^{#b@%h!YR~6TmXL z$HB)bQ16ZF(*yh5nkdYfYVt)Y{U>LpNB*QB&N30rhY2(pZx0p@K22eHKf*HJg{AWU M2O(JQRWK<40CJ370RR91 delta 210 zcmV;@04@LU3h)XtK~_N^Q*L2!b7*gLAa*kf0{}dx%ADPW$4F3tl6IdP_G4l`3*6@e zn%uz4FvQ+P;k&UisRVzTqxgVUevXlB?fGOi6fvtb_5lWuMR83J{tv3D-<^DJnnN16 zNO99_DvryfmMRK~p0Ju^@{e;A#0Xn7dv*p?t0`2A5tKOWGT}Yu`(qi7Ax=E_PXNp0 z9tR(%K)pAvPY>*KYoah`s>v6r^q-uW9{H1kILkydA12Ubyge2;_%wy({Rqo=7naKZ MANPLytuQG70Ev)cB>(^b From 4821f52fa7a8e45784f1d99cdb1c27bec9f00720 Mon Sep 17 00:00:00 2001 From: semantic-release-bot Date: Fri, 2 May 2025 18:44:32 +0000 Subject: [PATCH 2/2] build(release): 2.0.4 [skip ci] ## [2.0.4](https://github.com/actions/create-github-app-token/compare/v2.0.3...v2.0.4) (2025-05-02) ### Bug Fixes * permission input handling ([#243](https://github.com/actions/create-github-app-token/issues/243)) ([2950cbc](https://github.com/actions/create-github-app-token/commit/2950cbc446a8d3030ea17d3f7cbdd3c0fce4b0f5)) --- dist/main.cjs | 6 ++++-- package-lock.json | 4 ++-- package.json | 2 +- 3 files changed, 7 insertions(+), 5 deletions(-) diff --git a/dist/main.cjs b/dist/main.cjs index a977f68..c0c6a0e 100644 --- a/dist/main.cjs +++ b/dist/main.cjs @@ -42394,8 +42394,9 @@ function createAppAuth(options) { // lib/get-permissions-from-inputs.js function getPermissionsFromInputs(env) { return Object.entries(env).reduce((permissions2, [key, value]) => { - if (!key.startsWith("INPUT_PERMISSION_")) return permissions2; - const permission = key.slice("INPUT_PERMISSION_".length).toLowerCase(); + if (!key.startsWith("INPUT_PERMISSION-")) return permissions2; + if (!value) return permissions2; + const permission = key.slice("INPUT_PERMISSION-".length).toLowerCase(); if (permissions2 === void 0) { return { [permission]: value }; } @@ -42568,6 +42569,7 @@ async function main(appId2, privateKey2, owner2, repositories2, permissions2, co permissions2 ), { + shouldRetry: (error) => error.status >= 500, onFailedAttempt: (error) => { core3.info( `Failed to create token for "${parsedRepositoryNames.join( diff --git a/package-lock.json b/package-lock.json index 13776a1..3edd92b 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1,12 +1,12 @@ { "name": "create-github-app-token", - "version": "2.0.3", + "version": "2.0.4", "lockfileVersion": 3, "requires": true, "packages": { "": { "name": "create-github-app-token", - "version": "2.0.3", + "version": "2.0.4", "license": "MIT", "dependencies": { "@actions/core": "^1.11.1", diff --git a/package.json b/package.json index e7926fd..be24d43 100644 --- a/package.json +++ b/package.json @@ -2,7 +2,7 @@ "name": "create-github-app-token", "private": true, "type": "module", - "version": "2.0.3", + "version": "2.0.4", "description": "GitHub Action for creating a GitHub App Installation Access Token", "scripts": { "build": "esbuild main.js post.js --bundle --outdir=dist --out-extension:.js=.cjs --platform=node --target=node20.0.0 --packages=bundle",