Skip to content

Commit

Permalink
Add permissions input (tibdex#40)
Browse files Browse the repository at this point in the history
  • Loading branch information
tibdex authored Jul 12, 2022
1 parent c95b1c4 commit f66c1c3
Show file tree
Hide file tree
Showing 6 changed files with 593 additions and 447 deletions.
11 changes: 10 additions & 1 deletion README.md
Original file line number Diff line number Diff line change
Expand Up @@ -18,11 +18,20 @@ jobs:
uses: tibdex/github-app-token@v1
with:
app_id: ${{ secrets.APP_ID }}
private_key: ${{ secrets.PRIVATE_KEY }}

# Optional (defaults to ID of the repository's installation).
# installation_id: 1337

# Optional (defaults to all the Github App permissions).
# Using a YAML multiline string to avoid escaping the JSON quotes.
# permissions: >-
# {"members": "read"}

private_key: ${{ secrets.PRIVATE_KEY }}

# Optional (defaults to the current repository).
# repository: "owner/repo"

- name: Use token
env:
TOKEN: ${{ steps.generate_token.outputs.token }}
Expand Down
2 changes: 2 additions & 0 deletions action.yml
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,8 @@ inputs:
description: The ID of the installation for which the token will be requested (defaults to the ID of the repository's installation).
repository:
description: The full name of the repository for which the token will be requested (defaults to the current repository).
permissions:
description: The JSON-stringified permissions granted to the token (defaults to all the GitHub app permissions, see https://docs.github.com/en/rest/apps/apps#create-an-installation-access-token-for-an-app).
outputs:
token:
description: An installation token for the GitHub App on the requested repository.
Expand Down
20 changes: 10 additions & 10 deletions package.json
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"name": "github-app-token",
"version": "1.5.2",
"version": "1.6.0",
"license": "MIT",
"type": "module",
"files": [
Expand All @@ -14,26 +14,26 @@
"xo": "xo"
},
"dependencies": {
"@actions/core": "^1.6.0",
"@actions/github": "^5.0.1",
"@octokit/auth-app": "^3.6.1",
"@octokit/request": "^5.6.3",
"@actions/core": "^1.9.0",
"@actions/github": "^5.0.3",
"@octokit/auth-app": "^4.0.4",
"@octokit/request": "^6.0.2",
"ensure-error": "^4.0.0",
"is-base64": "^1.1.0"
},
"devDependencies": {
"@types/error-cause": "^1.0.1",
"@types/is-base64": "^1.1.1",
"@types/node": "^16.11.26",
"@vercel/ncc": "^0.33.3",
"@vercel/ncc": "^0.34.0",
"eslint-config-prettier": "^8.5.0",
"eslint-plugin-import": "^2.26.0",
"eslint-plugin-sort-destructure-keys": "^1.4.0",
"eslint-plugin-typescript-sort-keys": "^2.1.0",
"prettier": "^2.6.2",
"prettier-plugin-packagejson": "^2.2.17",
"typescript": "^4.7.0-beta",
"xo": "^0.48.0",
"yarn-deduplicate": "^4.0.0"
"prettier-plugin-packagejson": "^2.2.18",
"typescript": "^4.7.4",
"xo": "^0.50.0",
"yarn-deduplicate": "^5.0.0"
}
}
8 changes: 7 additions & 1 deletion src/fetch-installation-token.ts
Original file line number Diff line number Diff line change
Expand Up @@ -8,12 +8,14 @@ export const fetchInstallationToken = async ({
appId,
installationId,
owner,
permissions,
privateKey,
repo,
}: Readonly<{
appId: string;
installationId?: number;
owner: string;
permissions?: Record<string, string>;
privateKey: string;
repo: string;
}>): Promise<string> => {
Expand Down Expand Up @@ -42,6 +44,10 @@ export const fetchInstallationToken = async ({
}
}

const installation = await app({ installationId, type: "installation" });
const installation = await app({
installationId,
permissions,
type: "installation",
});
return installation.token;
};
15 changes: 13 additions & 2 deletions src/index.ts
Original file line number Diff line number Diff line change
Expand Up @@ -8,21 +8,32 @@ import { fetchInstallationToken } from "./fetch-installation-token.js";
const run = async () => {
try {
const appId = getInput("app_id", { required: true });

const installationIdInput = getInput("installation_id");
const installationId = installationIdInput
? Number(installationIdInput)
: undefined;

const permissionsInput = getInput("permissions");
const permissions = permissionsInput
? (JSON.parse(permissionsInput) as Record<string, string>)
: undefined;

const privateKeyInput = getInput("private_key", { required: true });
const privateKey = isBase64(privateKeyInput)
? Buffer.from(privateKeyInput, "base64").toString("utf8")
: privateKeyInput;

const installationId = getInput("installation_id");
const repositoryInput = getInput("repository");
const [owner, repo] = repositoryInput
? repositoryInput.split("/")
: [context.repo.owner, context.repo.repo];

const installationToken = await fetchInstallationToken({
appId,
installationId: installationId ? Number(installationId) : undefined,
installationId,
owner,
permissions,
privateKey,
repo,
});
Expand Down
Loading

0 comments on commit f66c1c3

Please sign in to comment.