From c08c5ace340664df431bf7f11d51b61d92358c2b Mon Sep 17 00:00:00 2001 From: Gregor Martynus <39992+gr2m@users.noreply.github.com> Date: Tue, 29 Aug 2023 22:29:41 -0700 Subject: [PATCH 1/2] fix(GHES): respect `GITHUB_API_URL` when creating installation access token (#38) Follow up to #36. I just wanted to do some refactoring but turns out I missed to pass the custom `request` instance to `createAppAuth`. It will fallback to the default `request` which does not respect `GITHUB_API_URL` --- lib/main.js | 11 ++++------- lib/post.js | 7 ++----- lib/request.js | 8 ++++++++ main.js | 2 +- post.js | 2 +- 5 files changed, 16 insertions(+), 14 deletions(-) create mode 100644 lib/request.js diff --git a/lib/main.js b/lib/main.js index 977fcf8..3db4fd4 100644 --- a/lib/main.js +++ b/lib/main.js @@ -1,16 +1,12 @@ // @ts-check -import core from "@actions/core"; -import { createAppAuth } from "@octokit/auth-app"; -import { request } from "@octokit/request"; - /** * @param {string} appId * @param {string} privateKey * @param {string} repository - * @param {core} core - * @param {createAppAuth} createAppAuth - * @param {request} request + * @param {import("@actions/core")} core + * @param {import("@octokit/auth-app").createAppAuth} createAppAuth + * @param {import("@octokit/request").request} request */ export async function main( appId, @@ -26,6 +22,7 @@ export async function main( const auth = createAppAuth({ appId, privateKey, + request, }); const appAuthentication = await auth({ diff --git a/lib/post.js b/lib/post.js index bfbae77..f02d0e5 100644 --- a/lib/post.js +++ b/lib/post.js @@ -1,11 +1,8 @@ // @ts-check -import core from "@actions/core"; -import { request } from "@octokit/request"; - /** - * @param {core} core - * @param {request} request + * @param {import("@actions/core")} core + * @param {import("@octokit/request").request} request */ export async function post(core, request) { const token = core.getState("token"); diff --git a/lib/request.js b/lib/request.js new file mode 100644 index 0000000..729cc19 --- /dev/null +++ b/lib/request.js @@ -0,0 +1,8 @@ +import { request } from "@octokit/request"; + +export default request.defaults({ + baseUrl: process.env["GITHUB_API_URL"], + headers: { + "user-agent": "actions/create-github-app-token", + }, +}); diff --git a/main.js b/main.js index eb480d4..9b269a1 100644 --- a/main.js +++ b/main.js @@ -2,9 +2,9 @@ import core from "@actions/core"; import { createAppAuth } from "@octokit/auth-app"; -import { request } from "@octokit/request"; import { main } from "./lib/main.js"; +import request from "./lib/request.js"; if (!process.env.GITHUB_REPOSITORY) { throw new Error("GITHUB_REPOSITORY missing, must be set to '/'"); diff --git a/post.js b/post.js index 145bc7e..66e37eb 100644 --- a/post.js +++ b/post.js @@ -1,9 +1,9 @@ // @ts-check import core from "@actions/core"; -import { request } from "@octokit/request"; import { post } from "./lib/post.js"; +import request from "./lib/request.js"; post( core, From 49ce228ea7cddec9f88dd09c5b7740dbac82d7ba Mon Sep 17 00:00:00 2001 From: semantic-release-bot Date: Wed, 30 Aug 2023 05:30:14 +0000 Subject: [PATCH 2/2] build(release): 1.2.1 [skip ci] ## [1.2.1](https://github.com/actions/create-github-app-token/compare/v1.2.0...v1.2.1) (2023-08-30) ### Bug Fixes * **GHES:** respect `GITHUB_API_URL` when creating installation access token ([#38](https://github.com/actions/create-github-app-token/issues/38)) ([c08c5ac](https://github.com/actions/create-github-app-token/commit/c08c5ace340664df431bf7f11d51b61d92358c2b)), closes [#36](https://github.com/actions/create-github-app-token/issues/36) --- dist/main.cjs | 58 +++++++++++++++++++++++++++++---------------------- dist/post.cjs | 25 ++++++++++++++-------- package.json | 2 +- 3 files changed, 50 insertions(+), 35 deletions(-) diff --git a/dist/main.cjs b/dist/main.cjs index d28fa90..c6dad18 100644 --- a/dist/main.cjs +++ b/dist/main.cjs @@ -3077,7 +3077,7 @@ var require_dist_node7 = __commonJS({ module2.exports = __toCommonJS2(dist_src_exports); var VERSION = "4.0.0"; var import_oauth_authorization_url = require_dist_node6(); - var import_request2 = require_dist_node5(); + var import_request3 = require_dist_node5(); var import_request_error = require_dist_node4(); function requestToOAuthBaseUrl(request2) { const endpointDefaults = request2.endpoint.DEFAULTS; @@ -3110,7 +3110,7 @@ var require_dist_node7 = __commonJS({ return response; } function getWebFlowAuthorizationUrl({ - request: request2 = import_request2.request, + request: request2 = import_request3.request, ...options }) { const baseUrl = requestToOAuthBaseUrl(request2); @@ -3158,10 +3158,10 @@ var require_dist_node7 = __commonJS({ function toTimestamp(apiTimeInMs, expirationInSeconds) { return new Date(apiTimeInMs + expirationInSeconds * 1e3).toISOString(); } - var import_request3 = require_dist_node5(); + var import_request32 = require_dist_node5(); async function createDeviceCode(options) { const request2 = options.request || /* istanbul ignore next: we always pass a custom request in tests */ - import_request3.request; + import_request32.request; const parameters = { client_id: options.clientId }; @@ -3399,7 +3399,7 @@ var require_dist_node8 = __commonJS({ }); module2.exports = __toCommonJS2(dist_src_exports); var import_universal_user_agent = require_dist_node(); - var import_request2 = require_dist_node5(); + var import_request3 = require_dist_node5(); var import_oauth_methods = require_dist_node7(); async function getOAuthAccessToken(state, options) { const cachedAuthentication = getCachedAuthentication(state, options.auth); @@ -3496,7 +3496,7 @@ var require_dist_node8 = __commonJS({ } var VERSION = "6.0.0"; function createOAuthDeviceAuth(options) { - const requestWithDefaults = options.request || import_request2.request.defaults({ + const requestWithDefaults = options.request || import_request3.request.defaults({ headers: { "user-agent": `octokit-auth-oauth-device.js/${VERSION} ${(0, import_universal_user_agent.getUserAgent)()}` } @@ -3567,7 +3567,7 @@ var require_dist_node9 = __commonJS({ }); module2.exports = __toCommonJS2(dist_src_exports); var import_universal_user_agent = require_dist_node(); - var import_request2 = require_dist_node5(); + var import_request3 = require_dist_node5(); var VERSION = "4.0.0"; var import_auth_oauth_device = require_dist_node8(); var import_oauth_methods = require_dist_node7(); @@ -3732,7 +3732,7 @@ var require_dist_node9 = __commonJS({ clientId, clientSecret, clientType = "oauth-app", - request: request2 = import_request2.request.defaults({ + request: request2 = import_request3.request.defaults({ headers: { "user-agent": `octokit-auth-oauth-app.js/${VERSION} ${(0, import_universal_user_agent.getUserAgent)()}` } @@ -3795,7 +3795,7 @@ var require_dist_node10 = __commonJS({ }); module2.exports = __toCommonJS2(dist_src_exports); var import_universal_user_agent = require_dist_node(); - var import_request2 = require_dist_node5(); + var import_request3 = require_dist_node5(); var import_btoa_lite = __toESM2(require_btoa_node()); var import_auth_oauth_user = require_dist_node9(); async function auth(state, authOptions) { @@ -3865,7 +3865,7 @@ var require_dist_node10 = __commonJS({ function createOAuthAppAuth(options) { const state = Object.assign( { - request: import_request2.request.defaults({ + request: import_request3.request.defaults({ headers: { "user-agent": `octokit-auth-oauth-app.js/${VERSION} ${(0, import_universal_user_agent.getUserAgent)()}` } @@ -14610,7 +14610,7 @@ var require_dist_node12 = __commonJS({ }); module2.exports = __toCommonJS2(dist_src_exports); var import_universal_user_agent = require_dist_node(); - var import_request2 = require_dist_node5(); + var import_request3 = require_dist_node5(); var import_auth_oauth_app = require_dist_node10(); var import_deprecation = require_dist_node3(); var OAuthAppAuth = __toESM2(require_dist_node10()); @@ -15009,7 +15009,7 @@ var require_dist_node12 = __commonJS({ }, options.log ); - const request2 = options.request || import_request2.request.defaults({ + const request2 = options.request || import_request3.request.defaults({ headers: { "user-agent": `octokit-auth-app.js/${VERSION} ${(0, import_universal_user_agent.getUserAgent)()}` } @@ -15039,17 +15039,16 @@ var require_dist_node12 = __commonJS({ }); // main.js -var import_core2 = __toESM(require_core(), 1); +var import_core = __toESM(require_core(), 1); var import_auth_app = __toESM(require_dist_node12(), 1); -var import_request = __toESM(require_dist_node5(), 1); // lib/main.js -var import_core = __toESM(require_core(), 1); -async function main(appId2, privateKey2, repository2, core3, createAppAuth2, request2) { +async function main(appId2, privateKey2, repository2, core2, createAppAuth2, request2) { const [owner, repo] = repository2.split("/"); const auth = createAppAuth2({ appId: appId2, - privateKey: privateKey2 + privateKey: privateKey2, + request: request2 }); const appAuthentication = await auth({ type: "app" @@ -15069,30 +15068,39 @@ async function main(appId2, privateKey2, repository2, core3, createAppAuth2, req installationId: installation.id, repositoryNames: [repo] }); - core3.setSecret(authentication.token); - core3.setOutput("token", authentication.token); - core3.saveState("token", authentication.token); + core2.setSecret(authentication.token); + core2.setOutput("token", authentication.token); + core2.saveState("token", authentication.token); } +// lib/request.js +var import_request = __toESM(require_dist_node5(), 1); +var request_default = import_request.request.defaults({ + baseUrl: process.env["GITHUB_API_URL"], + headers: { + "user-agent": "actions/create-github-app-token" + } +}); + // main.js if (!process.env.GITHUB_REPOSITORY) { throw new Error("GITHUB_REPOSITORY missing, must be set to '/'"); } -var appId = import_core2.default.getInput("app_id"); -var privateKey = import_core2.default.getInput("private_key"); +var appId = import_core.default.getInput("app_id"); +var privateKey = import_core.default.getInput("private_key"); var repository = process.env.GITHUB_REPOSITORY; main( appId, privateKey, repository, - import_core2.default, + import_core.default, import_auth_app.createAppAuth, - import_request.request.defaults({ + request_default.defaults({ baseUrl: process.env["GITHUB_API_URL"] }) ).catch((error) => { console.error(error); - import_core2.default.setFailed(error.message); + import_core.default.setFailed(error.message); }); /*! Bundled license information: diff --git a/dist/post.cjs b/dist/post.cjs index 8f558c7..f54b096 100644 --- a/dist/post.cjs +++ b/dist/post.cjs @@ -2951,13 +2951,11 @@ var require_dist_node5 = __commonJS({ }); // post.js -var import_core2 = __toESM(require_core(), 1); -var import_request = __toESM(require_dist_node5(), 1); +var import_core = __toESM(require_core(), 1); // lib/post.js -var import_core = __toESM(require_core(), 1); -async function post(core3, request2) { - const token = core3.getState("token"); +async function post(core2, request2) { + const token = core2.getState("token"); if (!token) return; await request2("DELETE /installation/token", { @@ -2965,18 +2963,27 @@ async function post(core3, request2) { authorization: `token ${token}` } }); - core3.info("Token revoked"); + core2.info("Token revoked"); } +// lib/request.js +var import_request = __toESM(require_dist_node5(), 1); +var request_default = import_request.request.defaults({ + baseUrl: process.env["GITHUB_API_URL"], + headers: { + "user-agent": "actions/create-github-app-token" + } +}); + // post.js post( - import_core2.default, - import_request.request.defaults({ + import_core.default, + request_default.defaults({ baseUrl: process.env["GITHUB_API_URL"] }) ).catch((error) => { console.error(error); - import_core2.default.setFailed(error.message); + import_core.default.setFailed(error.message); }); /*! Bundled license information: diff --git a/package.json b/package.json index 26f3bde..65ef9c9 100644 --- a/package.json +++ b/package.json @@ -2,7 +2,7 @@ "name": "create-github-app-token", "private": true, "type": "module", - "version": "1.2.0", + "version": "1.2.1", "description": "GitHub Action for creating a GitHub App Installation Access Token", "scripts": { "build": "esbuild main.js post.js --bundle --outdir=dist --out-extension:.js=.cjs --platform=node --target=node16.16",