Skip to content

Commit

Permalink
feat(outputs): app-slug and installation-id (actions#105)
Browse files Browse the repository at this point in the history
It is convenient to use `https://api.github.com/users/$app_slug[bot]` to
obtain the corresponding account ID later.
Then build `Signed-off-by: $app_slug[bot]
<$id+$app_slug[bot]@users.noreply.github.com>`.

Currently, there is no Linux environment to build test snapshot files
  • Loading branch information
maboloshi authored Mar 1, 2024
1 parent bf627a5 commit babaff4
Show file tree
Hide file tree
Showing 13 changed files with 98 additions and 28 deletions.
8 changes: 8 additions & 0 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -239,6 +239,14 @@ jobs:

GitHub App installation access token.

### `installation-id`

GitHub App installation ID.

### `app-slug`

GitHub App slug.

## How it works

The action creates an installation access token using [the `POST /app/installations/{installation_id}/access_tokens` endpoint](https://docs.github.com/rest/apps/apps?apiVersion=2022-11-28#create-an-installation-access-token-for-an-app). By default,
Expand Down
4 changes: 4 additions & 0 deletions action.yml
Original file line number Diff line number Diff line change
Expand Up @@ -40,6 +40,10 @@ inputs:
outputs:
token:
description: "GitHub installation access token"
installation-id:
description: "GitHub App installation ID"
app-slug:
description: "GitHub App slug"
runs:
using: "node20"
main: "dist/main.cjs"
Expand Down
20 changes: 13 additions & 7 deletions dist/main.cjs
Original file line number Diff line number Diff line change
Expand Up @@ -29923,28 +29923,30 @@ async function main(appId2, privateKey2, owner2, repositories2, core3, createApp
privateKey: privateKey2,
request: request2
});
let authentication;
let authentication, installationId, appSlug;
if (parsedRepositoryNames) {
authentication = await pRetry(() => getTokenFromRepository(request2, auth, parsedOwner, parsedRepositoryNames), {
({ authentication, installationId, appSlug } = await pRetry(() => getTokenFromRepository(request2, auth, parsedOwner, parsedRepositoryNames), {
onFailedAttempt: (error) => {
core3.info(
`Failed to create token for "${parsedRepositoryNames}" (attempt ${error.attemptNumber}): ${error.message}`
);
},
retries: 3
});
}));
} else {
authentication = await pRetry(() => getTokenFromOwner(request2, auth, parsedOwner), {
({ authentication, installationId, appSlug } = await pRetry(() => getTokenFromOwner(request2, auth, parsedOwner), {
onFailedAttempt: (error) => {
core3.info(
`Failed to create token for "${parsedOwner}" (attempt ${error.attemptNumber}): ${error.message}`
);
},
retries: 3
});
}));
}
core3.setSecret(authentication.token);
core3.setOutput("token", authentication.token);
core3.setOutput("installation-id", installationId);
core3.setOutput("app-slug", appSlug);
if (!skipTokenRevoke2) {
core3.saveState("token", authentication.token);
core3.setOutput("expiresAt", authentication.expiresAt);
Expand All @@ -29970,7 +29972,9 @@ async function getTokenFromOwner(request2, auth, parsedOwner) {
type: "installation",
installationId: response.data.id
});
return authentication;
const installationId = response.data.id;
const appSlug = response.data["app_slug"];
return { authentication, installationId, appSlug };
}
async function getTokenFromRepository(request2, auth, parsedOwner, parsedRepositoryNames) {
const response = await request2("GET /repos/{owner}/{repo}/installation", {
Expand All @@ -29985,7 +29989,9 @@ async function getTokenFromRepository(request2, auth, parsedOwner, parsedReposit
installationId: response.data.id,
repositoryNames: parsedRepositoryNames.split(",")
});
return authentication;
const installationId = response.data.id;
const appSlug = response.data["app_slug"];
return { authentication, installationId, appSlug };
}

// lib/request.js
Expand Down
26 changes: 17 additions & 9 deletions lib/main.js
Original file line number Diff line number Diff line change
Expand Up @@ -70,35 +70,36 @@ export async function main(
request,
});

let authentication;
let authentication, installationId, appSlug;
// If at least one repository is set, get installation ID from that repository

if (parsedRepositoryNames) {
authentication = await pRetry(() => getTokenFromRepository(request, auth, parsedOwner, parsedRepositoryNames), {
({ authentication, installationId, appSlug } = await pRetry(() => getTokenFromRepository(request, auth, parsedOwner, parsedRepositoryNames), {
onFailedAttempt: (error) => {
core.info(
`Failed to create token for "${parsedRepositoryNames}" (attempt ${error.attemptNumber}): ${error.message}`
);
},
retries: 3,
});

}));
} else {
// Otherwise get the installation for the owner, which can either be an organization or a user account
authentication = await pRetry(() => getTokenFromOwner(request, auth, parsedOwner), {
({ authentication, installationId, appSlug } = await pRetry(() => getTokenFromOwner(request, auth, parsedOwner), {
onFailedAttempt: (error) => {
core.info(
`Failed to create token for "${parsedOwner}" (attempt ${error.attemptNumber}): ${error.message}`
);
},
retries: 3,
});
}));
}

// Register the token with the runner as a secret to ensure it is masked in logs
core.setSecret(authentication.token);

core.setOutput("token", authentication.token);
core.setOutput("installation-id", installationId);
core.setOutput("app-slug", appSlug);

// Make token accessible to post function (so we can invalidate it)
if (!skipTokenRevoke) {
Expand Down Expand Up @@ -132,7 +133,11 @@ async function getTokenFromOwner(request, auth, parsedOwner) {
type: "installation",
installationId: response.data.id,
});
return authentication;

const installationId = response.data.id;
const appSlug = response.data['app_slug'];

return { authentication, installationId, appSlug };
}

async function getTokenFromRepository(request, auth, parsedOwner, parsedRepositoryNames) {
Expand All @@ -152,5 +157,8 @@ async function getTokenFromRepository(request, auth, parsedOwner, parsedReposito
repositoryNames: parsedRepositoryNames.split(","),
});

return authentication;
}
const installationId = response.data.id;
const appSlug = response.data['app_slug'];

return { authentication, installationId, appSlug };
}
4 changes: 3 additions & 1 deletion tests/main-repo-skew.js
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,7 @@ await test((mockPool) => {
const owner = process.env.INPUT_OWNER
const repo = process.env.INPUT_REPOSITORIES
const mockInstallationId = "123456";
const mockAppSlug = "github-actions";

install({ now: 0, toFake: ["Date"] });

Expand Down Expand Up @@ -44,7 +45,8 @@ await test((mockPool) => {
return {
statusCode: 200,
data: {
id: mockInstallationId
id: mockInstallationId,
"app_slug": mockAppSlug
},
responseOptions: {
headers: {
Expand Down
3 changes: 2 additions & 1 deletion tests/main-token-get-owner-set-repo-fail-response.test.js
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@ await test((mockPool) => {
const owner = process.env.INPUT_OWNER;
const repo = process.env.INPUT_REPOSITORIES;
const mockInstallationId = "123456";
const mockAppSlug = "github-actions";

mockPool
.intercept({
Expand All @@ -32,7 +33,7 @@ await test((mockPool) => {
})
.reply(
200,
{ id: mockInstallationId },
{ id: mockInstallationId, "app_slug": mockAppSlug },
{ headers: { "content-type": "application/json" } }
);
});
5 changes: 3 additions & 2 deletions tests/main-token-get-owner-set-to-org-repo-unset.test.js
Original file line number Diff line number Diff line change
Expand Up @@ -5,8 +5,9 @@ await test((mockPool) => {
process.env.INPUT_OWNER = process.env.GITHUB_REPOSITORY_OWNER;
delete process.env.INPUT_REPOSITORIES;

// Mock installation id request
// Mock installation id and app slug request
const mockInstallationId = "123456";
const mockAppSlug = "github-actions";
mockPool
.intercept({
path: `/orgs/${process.env.INPUT_OWNER}/installation`,
Expand All @@ -19,7 +20,7 @@ await test((mockPool) => {
})
.reply(
200,
{ id: mockInstallationId },
{ id: mockInstallationId, "app_slug": mockAppSlug },
{ headers: { "content-type": "application/json" } }
);
});
5 changes: 3 additions & 2 deletions tests/main-token-get-owner-set-to-user-fail-response.test.js
Original file line number Diff line number Diff line change
Expand Up @@ -5,8 +5,9 @@ await test((mockPool) => {
process.env.INPUT_OWNER = "smockle";
delete process.env.INPUT_REPOSITORIES;

// Mock installation id request
// Mock installation ID and app slug request
const mockInstallationId = "123456";
const mockAppSlug = "github-actions";
mockPool
.intercept({
path: `/orgs/${process.env.INPUT_OWNER}/installation`,
Expand All @@ -30,7 +31,7 @@ await test((mockPool) => {
})
.reply(
200,
{ id: mockInstallationId },
{ id: mockInstallationId, "app_slug": mockAppSlug },
{ headers: { "content-type": "application/json" } }
);
});
5 changes: 3 additions & 2 deletions tests/main-token-get-owner-set-to-user-repo-unset.test.js
Original file line number Diff line number Diff line change
Expand Up @@ -5,8 +5,9 @@ await test((mockPool) => {
process.env.INPUT_OWNER = "smockle";
delete process.env.INPUT_REPOSITORIES;

// Mock installation id request
// Mock installation ID and app slug request
const mockInstallationId = "123456";
const mockAppSlug = "github-actions";
mockPool
.intercept({
path: `/orgs/${process.env.INPUT_OWNER}/installation`,
Expand All @@ -30,7 +31,7 @@ await test((mockPool) => {
})
.reply(
200,
{ id: mockInstallationId },
{ id: mockInstallationId, "app_slug": mockAppSlug },
{ headers: { "content-type": "application/json" } }
);
});
5 changes: 3 additions & 2 deletions tests/main-token-get-owner-unset-repo-unset.test.js
Original file line number Diff line number Diff line change
Expand Up @@ -5,8 +5,9 @@ await test((mockPool) => {
delete process.env.INPUT_OWNER;
delete process.env.INPUT_REPOSITORIES;

// Mock installation id request
// Mock installation ID and app slug request
const mockInstallationId = "123456";
const mockAppSlug = "github-actions";
mockPool
.intercept({
path: `/repos/${process.env.GITHUB_REPOSITORY}/installation`,
Expand All @@ -19,7 +20,7 @@ await test((mockPool) => {
})
.reply(
200,
{ id: mockInstallationId },
{ id: mockInstallationId, "app_slug": mockAppSlug },
{ headers: { "content-type": "application/json" } }
);
});
5 changes: 3 additions & 2 deletions tests/main.js
Original file line number Diff line number Diff line change
Expand Up @@ -54,8 +54,9 @@ export async function test(cb = (_mockPool) => {}, env = DEFAULT_ENV) {

// Calling `auth({ type: "app" })` to obtain a JWT doesn’t make network requests, so no need to intercept.

// Mock installation id request
// Mock installation ID and app slug request
const mockInstallationId = "123456";
const mockAppSlug = "github-actions";
const owner = env.INPUT_OWNER ?? env.GITHUB_REPOSITORY_OWNER;
const repo = encodeURIComponent(
(env.INPUT_REPOSITORIES ?? env.GITHUB_REPOSITORY).split(",")[0]
Expand All @@ -72,7 +73,7 @@ export async function test(cb = (_mockPool) => {}, env = DEFAULT_ENV) {
})
.reply(
200,
{ id: mockInstallationId },
{ id: mockInstallationId, "app_slug": mockAppSlug },
{ headers: { "content-type": "application/json" } }
);

Expand Down
36 changes: 36 additions & 0 deletions tests/snapshots/index.js.md
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,10 @@ Generated by [AVA](https://avajs.dev).
::add-mask::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
::set-output name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
::set-output name=installation-id::123456␊
::set-output name=app-slug::github-actions␊
::save-state name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
::set-output name=expiresAt::2016-07-11T22:14:10Z`
Expand Down Expand Up @@ -85,6 +89,10 @@ Generated by [AVA](https://avajs.dev).
::add-mask::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
::set-output name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
::set-output name=installation-id::123456␊
::set-output name=app-slug::github-actions␊
::save-state name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
::set-output name=expiresAt::2016-07-11T22:14:10Z`
Expand All @@ -101,6 +109,10 @@ Generated by [AVA](https://avajs.dev).
::add-mask::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
::set-output name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
::set-output name=installation-id::123456␊
::set-output name=app-slug::github-actions␊
::save-state name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
::set-output name=expiresAt::2016-07-11T22:14:10Z`
Expand All @@ -117,6 +129,10 @@ Generated by [AVA](https://avajs.dev).
::add-mask::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
::set-output name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
::set-output name=installation-id::123456␊
::set-output name=app-slug::github-actions␊
::save-state name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
::set-output name=expiresAt::2016-07-11T22:14:10Z`
Expand All @@ -133,6 +149,10 @@ Generated by [AVA](https://avajs.dev).
::add-mask::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
::set-output name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
::set-output name=installation-id::123456␊
::set-output name=app-slug::github-actions␊
::save-state name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
::set-output name=expiresAt::2016-07-11T22:14:10Z`
Expand All @@ -150,6 +170,10 @@ Generated by [AVA](https://avajs.dev).
::add-mask::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
::set-output name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
::set-output name=installation-id::123456␊
::set-output name=app-slug::github-actions␊
::save-state name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
::set-output name=expiresAt::2016-07-11T22:14:10Z`
Expand All @@ -166,6 +190,10 @@ Generated by [AVA](https://avajs.dev).
::add-mask::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
::set-output name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
::set-output name=installation-id::123456␊
::set-output name=app-slug::github-actions␊
::save-state name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
::set-output name=expiresAt::2016-07-11T22:14:10Z`
Expand All @@ -182,6 +210,10 @@ Generated by [AVA](https://avajs.dev).
::add-mask::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
::set-output name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
::set-output name=installation-id::123456␊
::set-output name=app-slug::github-actions␊
::save-state name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
::set-output name=expiresAt::2016-07-11T22:14:10Z`
Expand All @@ -198,6 +230,10 @@ Generated by [AVA](https://avajs.dev).
::add-mask::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
::set-output name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
::set-output name=installation-id::123456␊
::set-output name=app-slug::github-actions␊
::save-state name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
::set-output name=expiresAt::2016-07-11T22:14:10Z`
Expand Down
Binary file modified tests/snapshots/index.js.snap
Binary file not shown.

0 comments on commit babaff4

Please sign in to comment.