Closed smockle closed 11 months ago
I've seen this option but couldn't think of a use case for it. Do you know why it was added to tibdex/github-app-token or can you think of a use case when someone would need it?
No biggie but could you create an issue next time before putting in work into a pull request? That way we can have a discussion and avoid unnecessary work
I've seen this option but couldn't think of a use case for it…can you think of a use case when someone would need it?
No biggie but could you create an issue next time before putting in work into a pull request? That way we can have a discussion and avoid unnecessary work
@gr2m I opened https://github.com/actions/create-github-app-token/issues/55, and I wrote about our use case there. Let’s move discussion there.
:tada: This PR is included in version 1.4.0 :tada:
The release is available on GitHub release
Your semantic-release bot :package::rocket:
Fixes https://github.com/actions/create-github-app-token/issues/55
Currently,
actions/create-github-app-token
always/unconditionally revokes the installation access token in apost
step, at the completion of the current job. This prevents tokens from being used in other jobs.This PR makes this behavior configurable:
skip-token-revoke
input is not specified (i.e. by default), the token is revoked in apost
step (i.e. the current behavior).skip-token-revoke
input is set to a truthy value (e.g."true"
[^1]), the token is not revoked in apost
step.This PR adds a test for the
skip-token-revoke: "true"
case.This is configurable in other app token actions, e.g. tibdex/github-app-token and wow-actions/use-app-token.
[^1]: Note that
"false"
is also truthy:Boolean("false")
istrue
. If we think that’ll potentially confuse folks, I can requireskip-token-revoke
to be set explicitly to"true"
.