From 3eb77c7243b85c65e84acfa93fdbac02fb6bd532 Mon Sep 17 00:00:00 2001 From: Thibault Derousseaux <6574550+tibdex@users.noreply.github.com> Date: Tue, 19 Sep 2023 12:11:38 -0400 Subject: [PATCH] Add option to not revoke token (#95) --- README.md | 3 +++ action.yml | 3 +++ package-lock.json | 20 ++++++++++---------- package.json | 6 +++--- src/post.ts | 7 ++++++- 5 files changed, 25 insertions(+), 14 deletions(-) diff --git a/README.md b/README.md index 1b5a20b..6e23369 100644 --- a/README.md +++ b/README.md @@ -43,6 +43,9 @@ jobs: # repositories: >- # ["actions/toolkit", "github/docs"] + # Optional. + # revoke: false + - run: "echo 'The created token is masked: ${{ steps.create_token.outputs.token }}'" ``` diff --git a/action.yml b/action.yml index ca7ec4c..4146f35 100644 --- a/action.yml +++ b/action.yml @@ -41,6 +41,9 @@ inputs: The JSON-stringified array of the full names of the repositories the token should have access to. Defaults to all repositories that the installation can access. See https://docs.github.com/en/rest/apps/apps?apiVersion=2022-11-28#create-an-installation-access-token-for-an-app's `repositories`. + revoke: + description: Revoke the token at the end of the job. + default: true outputs: token: description: An installation access token for the GitHub App. diff --git a/package-lock.json b/package-lock.json index f1796ce..2d1403b 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1,15 +1,15 @@ { "name": "github-app-token", - "version": "2.0.0", + "version": "2.1.0", "lockfileVersion": 3, "requires": true, "packages": { "": { "name": "github-app-token", - "version": "2.0.0", + "version": "2.1.0", "license": "MIT", "dependencies": { - "@actions/core": "^1.10.0", + "@actions/core": "^1.10.1", "@actions/github": "^5.1.1", "@octokit/auth-app": "^6.0.0", "@octokit/request": "^8.1.1", @@ -18,7 +18,7 @@ "devDependencies": { "@trivago/prettier-plugin-sort-imports": "^4.2.0", "@types/is-base64": "^1.1.1", - "@types/node": "^20.6.0", + "@types/node": "^20.6.2", "@vercel/ncc": "^0.38.0", "prettier": "^3.0.3", "prettier-plugin-packagejson": "^2.4.5", @@ -26,9 +26,9 @@ } }, "node_modules/@actions/core": { - "version": "1.10.0", - "resolved": "https://registry.npmjs.org/@actions/core/-/core-1.10.0.tgz", - "integrity": "sha512-2aZDDa3zrrZbP5ZYg159sNoLRb61nQ7awl5pSvIq5Qpj81vwDzdMRKzkWJGJuwVvWpvZKx7vspJALyvaaIQyug==", + "version": "1.10.1", + "resolved": "https://registry.npmjs.org/@actions/core/-/core-1.10.1.tgz", + "integrity": "sha512-3lBR9EDAY+iYIpTnTIXmWcNbX3T2kCkAEQGIQx4NVQ0575nk2k3GRZDTPQG+vVtS2izSLmINlxXf0uLtnrTP+g==", "dependencies": { "@actions/http-client": "^2.0.1", "uuid": "^8.3.2" @@ -701,9 +701,9 @@ } }, "node_modules/@types/node": { - "version": "20.6.0", - "resolved": "https://registry.npmjs.org/@types/node/-/node-20.6.0.tgz", - "integrity": "sha512-najjVq5KN2vsH2U/xyh2opaSEz6cZMR2SetLIlxlj08nOcmPOemJmUK2o4kUzfLqfrWE0PIrNeE16XhYDd3nqg==" + "version": "20.6.2", + "resolved": "https://registry.npmjs.org/@types/node/-/node-20.6.2.tgz", + "integrity": "sha512-Y+/1vGBHV/cYk6OI1Na/LHzwnlNCAfU3ZNGrc1LdRe/LAIbdDPTTv/HU3M7yXN448aTVDq3eKRm2cg7iKLb8gw==" }, "node_modules/@vercel/ncc": { "version": "0.38.0", diff --git a/package.json b/package.json index 00e65a2..f05683a 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "github-app-token", - "version": "2.0.0", + "version": "2.1.0", "license": "MIT", "type": "module", "files": [ @@ -16,7 +16,7 @@ "typecheck": "tsc --build" }, "dependencies": { - "@actions/core": "^1.10.0", + "@actions/core": "^1.10.1", "@actions/github": "^5.1.1", "@octokit/auth-app": "^6.0.0", "@octokit/request": "^8.1.1", @@ -25,7 +25,7 @@ "devDependencies": { "@trivago/prettier-plugin-sort-imports": "^4.2.0", "@types/is-base64": "^1.1.1", - "@types/node": "^20.6.0", + "@types/node": "^20.6.2", "@vercel/ncc": "^0.38.0", "prettier": "^3.0.3", "prettier-plugin-packagejson": "^2.4.5", diff --git a/src/post.ts b/src/post.ts index 9ffc13c..0d2680e 100644 --- a/src/post.ts +++ b/src/post.ts @@ -1,10 +1,15 @@ -import { getState, info } from "@actions/core"; +import { getInput, getState, info } from "@actions/core"; import { revokeInstallationAccessToken } from "./revoke-installation-access-token.js"; import { run } from "./run.js"; import { tokenKey } from "./state.js"; await run(async () => { + if (!JSON.parse(getInput("revoke"))) { + info("Token revocation skipped"); + return; + } + const token = getState(tokenKey); if (!token) { info("No token to revoke");