diff --git a/README.md b/README.md index 91efed1..50bdc90 100644 --- a/README.md +++ b/README.md @@ -343,7 +343,7 @@ The reason we define one `permision-` input per permission is t ### `skip-token-revoke` -**Optional:** If truthy, the token will not be revoked when the current job is complete. +**Optional:** If true, the token will not be revoked when the current job is complete. ### `github-api-url` @@ -370,7 +370,7 @@ The action creates an installation access token using [the `POST /app/installati 1. The token is scoped to the current repository or `repositories` if set. 2. The token inherits all the installation's permissions. 3. The token is set as output `token` which can be used in subsequent steps. -4. Unless the `skip-token-revoke` input is set to a truthy value, the token is revoked in the `post` step of the action, which means it cannot be passed to another job. +4. Unless the `skip-token-revoke` input is set to true, the token is revoked in the `post` step of the action, which means it cannot be passed to another job. 5. The token is masked, it cannot be logged accidentally. > [!NOTE] diff --git a/action.yml b/action.yml index 33b9fb1..ab7d7f3 100644 --- a/action.yml +++ b/action.yml @@ -18,8 +18,9 @@ inputs: description: "Comma or newline-separated list of repositories to install the GitHub App on (defaults to current repository if owner is unset)" required: false skip-token-revoke: - description: "If truthy, the token will not be revoked when the current job is complete" + description: "If true, the token will not be revoked when the current job is complete" required: false + default: "false" # Make GitHub API configurable to support non-GitHub Cloud use cases # see https://github.com/actions/create-github-app-token/issues/77 github-api-url: diff --git a/lib/post.js b/lib/post.js index f21174d..4719964 100644 --- a/lib/post.js +++ b/lib/post.js @@ -5,7 +5,7 @@ * @param {import("@octokit/request").request} request */ export async function post(core, request) { - const skipTokenRevoke = Boolean(core.getInput("skip-token-revoke")); + const skipTokenRevoke = core.getBooleanInput("skip-token-revoke"); if (skipTokenRevoke) { core.info("Token revocation was skipped"); diff --git a/main.js b/main.js index ac3a7c5..7670378 100644 --- a/main.js +++ b/main.js @@ -24,7 +24,7 @@ const repositories = core .map((s) => s.trim()) .filter((x) => x !== ""); -const skipTokenRevoke = Boolean(core.getInput("skip-token-revoke")); +const skipTokenRevoke = core.getBooleanInput("skip-token-revoke"); const permissions = getPermissionsFromInputs(process.env); diff --git a/tests/main.js b/tests/main.js index 2172752..792da70 100644 --- a/tests/main.js +++ b/tests/main.js @@ -8,6 +8,7 @@ export const DEFAULT_ENV = { // inputs are set as environment variables with the prefix INPUT_ // https://docs.github.com/actions/creating-actions/metadata-syntax-for-github-actions#example-specifying-inputs "INPUT_GITHUB-API-URL": "https://api.github.com", + "INPUT_SKIP-TOKEN-REVOKE": "false", "INPUT_APP-ID": "123456", // This key is invalidated. It’s from https://github.com/octokit/auth-app.js/issues/465#issuecomment-1564998327. "INPUT_PRIVATE-KEY": `-----BEGIN RSA PRIVATE KEY----- diff --git a/tests/post-revoke-token-fail-response.test.js b/tests/post-revoke-token-fail-response.test.js index 6962ca3..b729b55 100644 --- a/tests/post-revoke-token-fail-response.test.js +++ b/tests/post-revoke-token-fail-response.test.js @@ -7,6 +7,7 @@ process.env.STATE_token = "secret123"; // inputs are set as environment variables with the prefix INPUT_ // https://docs.github.com/en/actions/creating-actions/metadata-syntax-for-github-actions#example-specifying-inputs process.env["INPUT_GITHUB-API-URL"] = "https://api.github.com"; +process.env["INPUT_SKIP-TOKEN-REVOKE"] = "false"; // 1 hour in the future, not expired process.env.STATE_expiresAt = new Date( diff --git a/tests/post-token-expired.test.js b/tests/post-token-expired.test.js index 6479845..62caa6d 100644 --- a/tests/post-token-expired.test.js +++ b/tests/post-token-expired.test.js @@ -7,6 +7,10 @@ process.env.STATE_token = "secret123"; // 1 hour in the past, expired process.env.STATE_expiresAt = new Date(Date.now() - 1000 * 60 * 60).toISOString(); +// inputs are set as environment variables with the prefix INPUT_ +// https://docs.github.com/en/actions/creating-actions/metadata-syntax-for-github-actions#example-specifying-inputs +process.env["INPUT_SKIP-TOKEN-REVOKE"] = "false"; + const mockAgent = new MockAgent(); setGlobalDispatcher(mockAgent); diff --git a/tests/post-token-set.test.js b/tests/post-token-set.test.js index 33697d0..8ae8c36 100644 --- a/tests/post-token-set.test.js +++ b/tests/post-token-set.test.js @@ -7,6 +7,7 @@ process.env.STATE_token = "secret123"; // inputs are set as environment variables with the prefix INPUT_ // https://docs.github.com/en/actions/creating-actions/metadata-syntax-for-github-actions#example-specifying-inputs process.env["INPUT_GITHUB-API-URL"] = "https://api.github.com"; +process.env["INPUT_SKIP-TOKEN-REVOKE"] = "false"; // 1 hour in the future, not expired process.env.STATE_expiresAt = new Date(Date.now() + 1000 * 60 * 60).toISOString(); diff --git a/tests/post-token-unset.test.js b/tests/post-token-unset.test.js index 7b1922a..32228ef 100644 --- a/tests/post-token-unset.test.js +++ b/tests/post-token-unset.test.js @@ -2,4 +2,8 @@ // https://docs.github.com/en/actions/using-workflows/workflow-commands-for-github-actions#sending-values-to-the-pre-and-post-actions delete process.env.STATE_token; +// inputs are set as environment variables with the prefix INPUT_ +// https://docs.github.com/en/actions/creating-actions/metadata-syntax-for-github-actions#example-specifying-inputs +process.env["INPUT_SKIP-TOKEN-REVOKE"] = "false"; + await import("../post.js");