Skip to content

Commit

Permalink
Try revoking token
Browse files Browse the repository at this point in the history
  • Loading branch information
tibdex committed Sep 9, 2023
1 parent 117f1dd commit b69f2b8
Show file tree
Hide file tree
Showing 5 changed files with 25 additions and 23 deletions.
10 changes: 7 additions & 3 deletions .github/workflows/test.yml
Original file line number Diff line number Diff line change
Expand Up @@ -18,12 +18,16 @@ jobs:
- run: npm run build
- run: npm run prettier -- --check
# Optional integration test of the action using a dedicated GitHub App.
- id: generate_token
- id: create_token
if: ${{ vars.TEST_GITHUB_APP_ID != '' }}
uses: ./
with:
# The only required permission is `Repository permissions > Metadata: Read-only`.
app_id: ${{ vars.TEST_GITHUB_APP_ID }}
private_key: ${{ secrets.TEST_GITHUB_APP_PRIVATE_KEY }}
- run: node --eval "assert('${{ steps.generate_token.outputs.token }}'.length > 0);"
if: ${{ steps.generate_token.outcome != 'skipped' }}
- name: Revoke token
env:
GITHUB_TOKEN: ${{ steps.create_token.outputs.token }}

- run: node --eval "assert('${{ steps.create_token.outputs.token }}'.length > 0);"
if: ${{ steps.create_token.outcome != 'skipped' }}
8 changes: 4 additions & 4 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -18,8 +18,8 @@ jobs:
job:
runs-on: ubuntu-latest
steps:
- name: Generate token
id: generate_token
- name: Create token
id: create_token
uses: tibdex/github-app-token@v2
with:
app_id: ${{ secrets.APP_ID }}
Expand All @@ -46,9 +46,9 @@ jobs:

- name: Use token
env:
TOKEN: ${{ steps.generate_token.outputs.token }}
TOKEN: ${{ steps.create_token.outputs.token }}
run: |
echo "The generated token is masked: ${TOKEN}"
echo "The created token is masked: ${TOKEN}"
```
[Another use case for this action can (or could) be found in GitHub's own docs](https://web.archive.org/web/20230115194214/https://docs.github.com/en/issues/planning-and-tracking-with-projects/automating-your-project/automating-projects-using-actions#example-workflow-authenticating-with-a-github-app).
14 changes: 7 additions & 7 deletions action.yml
Original file line number Diff line number Diff line change
Expand Up @@ -14,9 +14,9 @@ inputs:
One of:
- id: use the installation with the specified ID.
- organization: fetch an organization installation (https://docs.github.com/en/rest/apps/apps?apiVersion=2022-11-28#get-an-organization-installation-for-the-authenticated-app).
- repository: fetch a repository installation (https://docs.github.com/en/rest/apps/apps?apiVersion=2022-11-28#get-a-repository-installation-for-the-authenticated-app).
- user: fetch a user installation (https://docs.github.com/en/rest/apps/apps?apiVersion=2022-11-28#get-a-user-installation-for-the-authenticated-app).
- organization: use an organization installation (https://docs.github.com/en/rest/apps/apps?apiVersion=2022-11-28#get-an-organization-installation-for-the-authenticated-app).
- repository: use a repository installation (https://docs.github.com/en/rest/apps/apps?apiVersion=2022-11-28#get-a-repository-installation-for-the-authenticated-app).
- user: use a user installation (https://docs.github.com/en/rest/apps/apps?apiVersion=2022-11-28#get-a-user-installation-for-the-authenticated-app).
default: repository
installation_retrieval_payload:
description: >-
Expand All @@ -31,19 +31,19 @@ inputs:
permissions:
description: >-
The JSON-stringified permissions granted to the token.
Default to all the GitHub app permissions.
Defaults to all permissions granted to the GitHub app.
See https://docs.github.com/en/rest/apps/apps?apiVersion=2022-11-28#create-an-installation-access-token-for-an-app's `permissions`.
private_key:
description: Private key of the GitHub App (can be Base64 encoded).
required: true
repositories:
description: >-
The JSON-stringified array of the full names of the repositories the token should have access to.
Default to all repositories that the installation can access.
See See https://docs.github.com/en/rest/apps/apps?apiVersion=2022-11-28#create-an-installation-access-token-for-an-app's `repositories`.
Defaults to all repositories that the installation can access.
See https://docs.github.com/en/rest/apps/apps?apiVersion=2022-11-28#create-an-installation-access-token-for-an-app's `repositories`.
outputs:
token:
description: An installation token for the GitHub App on the requested repositories.
description: An installation access token for the GitHub App.
runs:
using: node20
main: dist/index.js
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ import { request } from "@octokit/request";

import { InstallationRetrievalDetails } from "./installation-retrieval-details.js";

export const fetchInstallationToken = async ({
export const createInstallationAccessToken = async ({
appId,
githubApiUrl,
installationRetrievalDetails,
Expand Down Expand Up @@ -65,18 +65,16 @@ export const fetchInstallationToken = async ({
break;
}
} catch (error: unknown) {
throw new Error("Could not get retrieve installation.", { cause: error });
throw new Error("Could not retrieve installation.", { cause: error });
}

debug(`Retrieved installation ID: ${installationId}.`);

try {

const {
data: { token },
} = await octokit.rest.apps.createInstallationAccessToken({
installation_id: installationId,
permissions,
});
} = await octokit.request("POST /app/installations/{installation_id}/access_tokens", {installation_id: installationId, permissions, repositories});
return token;
} catch (error: unknown) {
throw new Error("Could not create installation access token.", {
Expand Down
6 changes: 3 additions & 3 deletions src/index.ts
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@ import {
} from "@actions/core";
import isBase64 from "is-base64";

import { fetchInstallationToken } from "./fetch-installation-token.js";
import { createInstallationAccessToken } from "./create-installation-access-token.js";
import { getInstallationRetrievalDetails } from "./installation-retrieval-details.js";

try {
Expand Down Expand Up @@ -53,7 +53,7 @@ try {
: undefined;
debug(`Requested repositories: ${JSON.stringify(repositories)}.`);

const token = await fetchInstallationToken({
const token = await createInstallationAccessToken({
appId,
githubApiUrl,
installationRetrievalDetails,
Expand All @@ -64,7 +64,7 @@ try {

setSecret(token);
setOutput("token", token);
info("Token generated successfully!");
info("Token created successfully!");
} catch (error) {
// Using `console.error()` instead of only passing `error` to `setFailed()` for better error reporting.
// See https://github.com/actions/toolkit/issues/1527.
Expand Down

0 comments on commit b69f2b8

Please sign in to comment.