From 5ed580e624e94da8d8f33aaf3a90ca9a2f8ed3c5 Mon Sep 17 00:00:00 2001 From: Parker Brown <17183625+parkerbxyz@users.noreply.github.com> Date: Fri, 2 May 2025 10:51:49 -0700 Subject: [PATCH 01/10] Test permissions --- .github/workflows/test.yml | 4 +++- lib/main.js | 7 +++++++ main.js | 1 + 3 files changed, 11 insertions(+), 1 deletion(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index ab2b03f..aca0b1f 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -44,10 +44,12 @@ jobs: with: app-id: ${{ vars.TEST_APP_ID }} private-key: ${{ secrets.TEST_APP_PRIVATE_KEY }} + permission-issues: read + permission-pull-requests: read - uses: octokit/request-action@v2.x id: get-repository env: GITHUB_TOKEN: ${{ steps.test.outputs.token }} with: - route: GET /installation/repositories + route: GET /repos/${{ github.repository }} - run: echo '${{ steps.get-repository.outputs.data }}' diff --git a/lib/main.js b/lib/main.js index f07947f..b3a5b16 100644 --- a/lib/main.js +++ b/lib/main.js @@ -175,6 +175,13 @@ async function getTokenFromRepository( permissions, }); + const { token, ...authenticationProperties } = authentication; + + console.log({ + permissions, + authenticationProperties + }); + const installationId = response.data.id; const appSlug = response.data["app_slug"]; diff --git a/main.js b/main.js index 7670378..8beda44 100644 --- a/main.js +++ b/main.js @@ -27,6 +27,7 @@ const repositories = core const skipTokenRevoke = core.getBooleanInput("skip-token-revoke"); const permissions = getPermissionsFromInputs(process.env); +console.log("Permissions: ", permissions); // Export promise for testing export default main( From 73668b0354f39a2dcdb31aa77a96b0bf0c49ab3a Mon Sep 17 00:00:00 2001 From: Parker Brown <17183625+parkerbxyz@users.noreply.github.com> Date: Fri, 2 May 2025 10:58:08 -0700 Subject: [PATCH 02/10] fix: correct input prefix from `INPUT_PERMISSION_` to `INPUT_PERMISSION-` --- lib/get-permissions-from-inputs.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/get-permissions-from-inputs.js b/lib/get-permissions-from-inputs.js index 7458155..df6ae8d 100644 --- a/lib/get-permissions-from-inputs.js +++ b/lib/get-permissions-from-inputs.js @@ -7,9 +7,9 @@ */ export function getPermissionsFromInputs(env) { return Object.entries(env).reduce((permissions, [key, value]) => { - if (!key.startsWith("INPUT_PERMISSION_")) return permissions; + if (!key.startsWith("INPUT_PERMISSION-")) return permissions; - const permission = key.slice("INPUT_PERMISSION_".length).toLowerCase(); + const permission = key.slice("INPUT_PERMISSION-".length).toLowerCase(); if (permissions === undefined) { return { [permission]: value }; } From 1e79eab0874508b2f21dfc0b2ab132f4a9fe9eb5 Mon Sep 17 00:00:00 2001 From: Parker Brown <17183625+parkerbxyz@users.noreply.github.com> Date: Fri, 2 May 2025 11:05:18 -0700 Subject: [PATCH 03/10] fix: enhance permission input handling by adding checks for undefined values --- lib/get-permissions-from-inputs.js | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/lib/get-permissions-from-inputs.js b/lib/get-permissions-from-inputs.js index df6ae8d..6710e7b 100644 --- a/lib/get-permissions-from-inputs.js +++ b/lib/get-permissions-from-inputs.js @@ -6,10 +6,14 @@ * @returns {undefined | Record} */ export function getPermissionsFromInputs(env) { + console.log(Object.keys(env)); return Object.entries(env).reduce((permissions, [key, value]) => { if (!key.startsWith("INPUT_PERMISSION-")) return permissions; + if (!value) return permissions; const permission = key.slice("INPUT_PERMISSION-".length).toLowerCase(); + + // Inherit app permissions if no permissions inputs are set if (permissions === undefined) { return { [permission]: value }; } From 630b4529e818cdc0920d3e61975b56c66fbbba99 Mon Sep 17 00:00:00 2001 From: Parker Brown <17183625+parkerbxyz@users.noreply.github.com> Date: Fri, 2 May 2025 11:12:17 -0700 Subject: [PATCH 04/10] fix: only retry on return status of 500 or greater --- lib/main.js | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/lib/main.js b/lib/main.js index b3a5b16..40aa474 100644 --- a/lib/main.js +++ b/lib/main.js @@ -89,6 +89,7 @@ export async function main( permissions ), { + shouldRetry: (error) => error.status >= 500, onFailedAttempt: (error) => { core.info( `Failed to create token for "${parsedRepositoryNames.join( @@ -179,7 +180,7 @@ async function getTokenFromRepository( console.log({ permissions, - authenticationProperties + authenticationProperties, }); const installationId = response.data.id; From 91f5b9e20874fa3ba600c064073b97dc5314e1ed Mon Sep 17 00:00:00 2001 From: Parker Brown <17183625+parkerbxyz@users.noreply.github.com> Date: Fri, 2 May 2025 11:15:37 -0700 Subject: [PATCH 05/10] Revert testing changes --- .github/workflows/test.yml | 4 +--- lib/main.js | 7 ------- main.js | 1 - 3 files changed, 1 insertion(+), 11 deletions(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index aca0b1f..ab2b03f 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -44,12 +44,10 @@ jobs: with: app-id: ${{ vars.TEST_APP_ID }} private-key: ${{ secrets.TEST_APP_PRIVATE_KEY }} - permission-issues: read - permission-pull-requests: read - uses: octokit/request-action@v2.x id: get-repository env: GITHUB_TOKEN: ${{ steps.test.outputs.token }} with: - route: GET /repos/${{ github.repository }} + route: GET /installation/repositories - run: echo '${{ steps.get-repository.outputs.data }}' diff --git a/lib/main.js b/lib/main.js index 40aa474..3ec39b5 100644 --- a/lib/main.js +++ b/lib/main.js @@ -176,13 +176,6 @@ async function getTokenFromRepository( permissions, }); - const { token, ...authenticationProperties } = authentication; - - console.log({ - permissions, - authenticationProperties, - }); - const installationId = response.data.id; const appSlug = response.data["app_slug"]; diff --git a/main.js b/main.js index 8beda44..7670378 100644 --- a/main.js +++ b/main.js @@ -27,7 +27,6 @@ const repositories = core const skipTokenRevoke = core.getBooleanInput("skip-token-revoke"); const permissions = getPermissionsFromInputs(process.env); -console.log("Permissions: ", permissions); // Export promise for testing export default main( From 3210240066c349367f48c79d7eff16fcb7fa8990 Mon Sep 17 00:00:00 2001 From: Parker Brown <17183625+parkerbxyz@users.noreply.github.com> Date: Fri, 2 May 2025 11:17:31 -0700 Subject: [PATCH 06/10] fix: update environment variable syntax for permission inputs --- tests/main-token-permissions-set.test.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/main-token-permissions-set.test.js b/tests/main-token-permissions-set.test.js index b3f6386..0c15102 100644 --- a/tests/main-token-permissions-set.test.js +++ b/tests/main-token-permissions-set.test.js @@ -2,6 +2,6 @@ import { test } from "./main.js"; // Verify `main` successfully sets permissions await test(() => { - process.env.INPUT_PERMISSION_ISSUES = `write`; - process.env.INPUT_PERMISSION_PULL_REQUESTS = `read`; + process.env["INPUT_PERMISSION_ISSUES"] = `write`; + process.env["INPUT_PERMISSION_PULL_REQUESTS"] = `read`; }); From 058fb861e72371d1d93b9dd059511afb506a2871 Mon Sep 17 00:00:00 2001 From: Parker Brown <17183625+parkerbxyz@users.noreply.github.com> Date: Fri, 2 May 2025 11:19:56 -0700 Subject: [PATCH 07/10] fix: remove debug log statement from getPermissionsFromInputs function --- lib/get-permissions-from-inputs.js | 1 - 1 file changed, 1 deletion(-) diff --git a/lib/get-permissions-from-inputs.js b/lib/get-permissions-from-inputs.js index 6710e7b..7777d94 100644 --- a/lib/get-permissions-from-inputs.js +++ b/lib/get-permissions-from-inputs.js @@ -6,7 +6,6 @@ * @returns {undefined | Record} */ export function getPermissionsFromInputs(env) { - console.log(Object.keys(env)); return Object.entries(env).reduce((permissions, [key, value]) => { if (!key.startsWith("INPUT_PERMISSION-")) return permissions; if (!value) return permissions; From 69ad13e2a810c4a13c9c8cb8d3b27a8cffaacfb9 Mon Sep 17 00:00:00 2001 From: Parker Brown <17183625+parkerbxyz@users.noreply.github.com> Date: Fri, 2 May 2025 11:22:04 -0700 Subject: [PATCH 08/10] fix: correct environment variable syntax for permission inputs --- tests/main-token-permissions-set.test.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/main-token-permissions-set.test.js b/tests/main-token-permissions-set.test.js index 0c15102..19746ac 100644 --- a/tests/main-token-permissions-set.test.js +++ b/tests/main-token-permissions-set.test.js @@ -2,6 +2,6 @@ import { test } from "./main.js"; // Verify `main` successfully sets permissions await test(() => { - process.env["INPUT_PERMISSION_ISSUES"] = `write`; - process.env["INPUT_PERMISSION_PULL_REQUESTS"] = `read`; + process.env["INPUT_PERMISSION-ISSUES"] = `write`; + process.env["INPUT_PERMISSION-PULL-REQUESTS"] = `read`; }); From 26014ed65a0ac083fab90d637a1e41cf7afe808b Mon Sep 17 00:00:00 2001 From: Parker Brown <17183625+parkerbxyz@users.noreply.github.com> Date: Fri, 2 May 2025 11:22:54 -0700 Subject: [PATCH 09/10] fix: correct permission key syntax in snapshot files --- tests/snapshots/index.js.md | 2 +- tests/snapshots/index.js.snap | Bin 1392 -> 1392 bytes 2 files changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/snapshots/index.js.md b/tests/snapshots/index.js.md index e419536..55b25ba 100644 --- a/tests/snapshots/index.js.md +++ b/tests/snapshots/index.js.md @@ -331,7 +331,7 @@ Generated by [AVA](https://avajs.dev). --- REQUESTS ---␊ GET /repos/actions/create-github-app-token/installation␊ POST /app/installations/123456/access_tokens␊ - {"repositories":["create-github-app-token"],"permissions":{"issues":"write","pull_requests":"read"}}` + {"repositories":["create-github-app-token"],"permissions":{"issues":"write","pull-requests":"read"}}` ## post-revoke-token-fail-response.test.js diff --git a/tests/snapshots/index.js.snap b/tests/snapshots/index.js.snap index e66c3d55e1416e7ac7aff4b1d2b5c4e6ce80213f..0b63dabc7db6f383c4adb398cbab95a6b6bd508f 100644 GIT binary patch delta 210 zcmV;@04@LU3h)XtK~_N^Q*L2!b7*gLAa*kf0{}UX?Ak`Njah&ex^i+3rE9%kwGNje z2A?1>h(IvW%CE69sRVx-JwBk7pJOCjdp=nWMa(LVeSpDZQC!o5|AT7kcPF2l=8y(1 zQrt9~isLe=rHVqLC#)u!{No%2F~Szjo}B^JY6{h21SJl;On8s^{#b@%h!YR~6TmXL z$HB)bQ16ZF(*yh5nkdYfYVt)Y{U>LpNB*QB&N30rhY2(pZx0p@K22eHKf*HJg{AWU M2O(JQRWK<40CJ370RR91 delta 210 zcmV;@04@LU3h)XtK~_N^Q*L2!b7*gLAa*kf0{}dx%ADPW$4F3tl6IdP_G4l`3*6@e zn%uz4FvQ+P;k&UisRVzTqxgVUevXlB?fGOi6fvtb_5lWuMR83J{tv3D-<^DJnnN16 zNO99_DvryfmMRK~p0Ju^@{e;A#0Xn7dv*p?t0`2A5tKOWGT}Yu`(qi7Ax=E_PXNp0 z9tR(%K)pAvPY>*KYoah`s>v6r^q-uW9{H1kILkydA12Ubyge2;_%wy({Rqo=7naKZ MANPLytuQG70Ev)cB>(^b From 46278435d88ad420be660db02050590e88c95438 Mon Sep 17 00:00:00 2001 From: Parker Brown <17183625+parkerbxyz@users.noreply.github.com> Date: Fri, 2 May 2025 11:26:31 -0700 Subject: [PATCH 10/10] fix: add INPUT_PERMISSION-ADMINISTRATION to default environment variables --- tests/main.js | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/tests/main.js b/tests/main.js index 792da70..5466529 100644 --- a/tests/main.js +++ b/tests/main.js @@ -38,6 +38,8 @@ so0tiQKBgGQXZaxaXhYUcxYHuCkQ3V4Vsj3ezlM92xXlP32SGFm3KgFhYy9kATxw Cax1ytZzvlrKLQyQFVK1COs2rHt7W4cJ7op7C8zXfsigXCiejnS664oAuX8sQZID x3WQZRiXlWejSMUAHuMwXrhGlltF3lw83+xAjnqsVp75kGS6OH61 -----END RSA PRIVATE KEY-----`, + // The Actions runner sets all inputs to empty strings if not set. + "INPUT_PERMISSION-ADMINISTRATION": "", }; export async function test(cb = (_mockPool) => {}, env = DEFAULT_ENV) { @@ -61,7 +63,7 @@ export async function test(cb = (_mockPool) => {}, env = DEFAULT_ENV) { const owner = env.INPUT_OWNER ?? env.GITHUB_REPOSITORY_OWNER; const currentRepoName = env.GITHUB_REPOSITORY.split("/")[1]; const repo = encodeURIComponent( - (env.INPUT_REPOSITORIES ?? currentRepoName).split(",")[0], + (env.INPUT_REPOSITORIES ?? currentRepoName).split(",")[0] ); mockPool @@ -77,7 +79,7 @@ export async function test(cb = (_mockPool) => {}, env = DEFAULT_ENV) { .reply( 200, { id: mockInstallationId, app_slug: mockAppSlug }, - { headers: { "content-type": "application/json" } }, + { headers: { "content-type": "application/json" } } ); // Mock installation access token request @@ -98,7 +100,7 @@ export async function test(cb = (_mockPool) => {}, env = DEFAULT_ENV) { .reply( 201, { token: mockInstallationAccessToken, expires_at: mockExpiresAt }, - { headers: { "content-type": "application/json" } }, + { headers: { "content-type": "application/json" } } ); // Run the callback