Clarify expiration of created token

[grossag]

Sorry if this is already covered.

How long is a token created by create-github-app-token expected to last? It appears that it only lasts 1 hour so our longer Conan builds start failing to fetch repositories after 1 hour.

Is this customizable?

[grossag]

Actually I may have found my answer. https://docs.github.com/en/enterprise-cloud@latest/rest/apps/apps?apiVersion=2022-11-28#create-an-installation-access-token-for-an-app says:

Installation tokens expire one hour from the time you create them. Using an expired token produces a status code of 401 - Unauthorized, and requires creating a new installation token.

which shows that this can't be customized or refreshed.

[gr2m]

Yes your findings are correct, the token expires after one hour, the time cannot be extended.

I wonder what the best place would be to document that, you are not the first to ask about it. We could also add a log message 🤔 I'm open to suggestions

[grossag]

I would recommend adding it either as a subsection of the "How it Works" section or in a newer "Token Expiration" or "Notes" section at the end.

Here's my best shot at a wording:

This action generates an API token that lasts for 1 hour and cannot be renewed. For more information on this limitation, you can refer to the documentation for the underlying GitHub API that this action uses. Using this token after expiration will result in a 401 - Unauthorized error.