-
Notifications
You must be signed in to change notification settings - Fork 60
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
feat: Add a
skip_token_revoke
input for configuring token revocation (
#54) Fixes #55 Currently, `actions/create-github-app-token` always/unconditionally revokes the installation access token in a `post` step, at the completion of the current job. This prevents tokens from being used in other jobs. This PR makes this behavior configurable: - When the `skip-token-revoke` input is not specified (i.e. by default), the token is revoked in a `post` step (i.e. the current behavior). - When the `skip-token-revoke` input is set to a truthy value (e.g. `"true"`[^1]), the token is not revoked in a `post` step. This PR adds a test for the `skip-token-revoke: "true"` case. This is configurable in other app token actions, e.g. [tibdex/github-app-token](https://github.com/tibdex/github-app-token/blob/3eb77c7243b85c65e84acfa93fdbac02fb6bd532/README.md?plain=1#L46-L47) and [wow-actions/use-app-token](https://github.com/wow-actions/use-app-token/blob/cd772994fc762f99cf291f308797341327a49b0c/README.md?plain=1#L132). [^1]: Note that `"false"` is also truthy: `Boolean("false")` is `true`. If we think that’ll potentially confuse folks, I can require `skip-token-revoke` to be set explicitly to `"true"`.
- Loading branch information
Showing
11 changed files
with
77 additions
and
8 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,29 @@ | ||
import { MockAgent, setGlobalDispatcher } from "undici"; | ||
|
||
// state variables are set as environment variables with the prefix STATE_ | ||
// https://docs.github.com/en/actions/using-workflows/workflow-commands-for-github-actions#sending-values-to-the-pre-and-post-actions | ||
process.env.STATE_token = "secret123"; | ||
|
||
// inputs are set as environment variables with the prefix INPUT_ | ||
// https://docs.github.com/en/actions/creating-actions/metadata-syntax-for-github-actions#example-specifying-inputs | ||
process.env.INPUT_SKIP_TOKEN_REVOKE = "true"; | ||
|
||
const mockAgent = new MockAgent(); | ||
|
||
setGlobalDispatcher(mockAgent); | ||
|
||
// Provide the base url to the request | ||
const mockPool = mockAgent.get("https://api.github.com"); | ||
|
||
// intercept the request | ||
mockPool | ||
.intercept({ | ||
path: "/installation/token", | ||
method: "DELETE", | ||
headers: { | ||
authorization: "token secret123", | ||
}, | ||
}) | ||
.reply(204); | ||
|
||
await import("../post.js"); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Binary file not shown.