mirror of
https://github.com/actions/github-script.git
synced 2025-12-09 00:26:20 +00:00
Compare commits
14 Commits
v7.0.0
...
benwells/p
| Author | SHA1 | Date | |
|---|---|---|---|
|
258926b0d3 | ||
|
|
4020e461ac | ||
|
|
ec3a5c4c4c | ||
|
|
660ec11d82 | ||
|
|
c0ceea4835 | ||
|
|
58d7008c60 | ||
|
|
b9f8f75f36 | ||
|
|
35b1cdd1b2 | ||
|
|
3c6a5c5d52 | ||
|
|
c44be22d0b | ||
|
|
60a0d83039 | ||
|
|
b7fb2001b4 | ||
|
|
12e22ed06b | ||
|
|
d319f8f5b5 |
75
.github/workflows/integration.yml
vendored
75
.github/workflows/integration.yml
vendored
@@ -248,3 +248,78 @@ jobs:
|
||||
done <<< "$tests"
|
||||
|
||||
echo $'\u2705 Test passed' | tee -a $GITHUB_STEP_SUMMARY
|
||||
|
||||
test-base-url:
|
||||
name: 'Integration test: base-url option'
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- uses: actions/checkout@v3
|
||||
- uses: ./.github/actions/install-dependencies
|
||||
|
||||
- id: base-url-default
|
||||
name: API URL with base-url not set
|
||||
uses: ./
|
||||
with:
|
||||
script: |
|
||||
const endpoint = github.request.endpoint
|
||||
return endpoint({}).url
|
||||
result-encoding: string
|
||||
|
||||
- id: base-url-default-graphql
|
||||
name: GraphQL URL with base-url not set
|
||||
uses: ./
|
||||
with:
|
||||
script: |
|
||||
const endpoint = github.request.endpoint
|
||||
return endpoint({url: "/graphql"}).url
|
||||
result-encoding: string
|
||||
|
||||
- id: base-url-set
|
||||
name: API URL with base-url set
|
||||
uses: ./
|
||||
with:
|
||||
base-url: https://my.github-enterprise-server.com/api/v3
|
||||
script: |
|
||||
const endpoint = github.request.endpoint
|
||||
return endpoint({}).url
|
||||
result-encoding: string
|
||||
|
||||
- id: base-url-set-graphql
|
||||
name: GraphQL URL with base-url set
|
||||
uses: ./
|
||||
with:
|
||||
base-url: https://my.github-enterprise-server.com/api/v3
|
||||
script: |
|
||||
const endpoint = github.request.endpoint
|
||||
return endpoint({url: "/graphql"}).url
|
||||
result-encoding: string
|
||||
|
||||
- run: |
|
||||
echo "- Validating API URL default"
|
||||
expected="https://api.github.com/"
|
||||
actual="${{steps.base-url-default.outputs.result}}"
|
||||
if [[ "$expected" != "$actual" ]]; then
|
||||
echo $'::error::\u274C' "Expected base-url to equal '$expected', got $actual"
|
||||
exit 1
|
||||
fi
|
||||
echo "- Validating GraphQL URL default"
|
||||
expected="https://api.github.com/graphql"
|
||||
actual="${{steps.base-url-default-graphql.outputs.result}}"
|
||||
if [[ "$expected" != "$actual" ]]; then
|
||||
echo $'::error::\u274C' "Expected base-url to equal '$expected', got $actual"
|
||||
exit 1
|
||||
fi
|
||||
echo "- Validating base-url set to a value"
|
||||
expected="https://my.github-enterprise-server.com/api/v3/"
|
||||
actual="${{steps.base-url-set.outputs.result}}"
|
||||
if [[ "$expected" != "$actual" ]]; then
|
||||
echo $'::error::\u274C' "Expected base-url to equal '$expected', got $actual"
|
||||
exit 1
|
||||
fi
|
||||
echo "- Validating GraphQL URL with base-url set to a value"
|
||||
expected="https://my.github-enterprise-server.com/api/v3/graphql"
|
||||
actual="${{steps.base-url-set-graphql.outputs.result}}"
|
||||
if [[ "$expected" != "$actual" ]]; then
|
||||
echo $'::error::\u274C' "Expected base-url to equal '$expected', got $actual"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
20
.github/workflows/publish-immutable-actions.yml
vendored
Normal file
20
.github/workflows/publish-immutable-actions.yml
vendored
Normal file
@@ -0,0 +1,20 @@
|
||||
name: 'Publish Immutable Action Version'
|
||||
|
||||
on:
|
||||
release:
|
||||
types: [published]
|
||||
|
||||
jobs:
|
||||
publish:
|
||||
runs-on: ubuntu-latest
|
||||
permissions:
|
||||
contents: read
|
||||
id-token: write
|
||||
packages: write
|
||||
|
||||
steps:
|
||||
- name: Checking out
|
||||
uses: actions/checkout@v4
|
||||
- name: Publish
|
||||
id: publish
|
||||
uses: actions/publish-immutable-action@0.0.3
|
||||
@@ -1,4 +1 @@
|
||||
#!/bin/sh
|
||||
. "$(dirname "$0")/_/husky.sh"
|
||||
|
||||
npm run pre-commit && git add dist/
|
||||
|
||||
26
README.md
26
README.md
@@ -1,8 +1,8 @@
|
||||
# actions/github-script
|
||||
|
||||
[](https://github.com/actions/github-script/actions?query=workflow%3AIntegration+branch%3Amain+event%3Apush)
|
||||
[](https://github.com/actions/github-script/actions?query=workflow%3ACI+branch%3Amain+event%3Apush)
|
||||
[](https://github.com/actions/github-script/actions?query=workflow%3ALicensed+branch%3Amain+event%3Apush)
|
||||
[](https://github.com/actions/github-script/actions/workflows/integration.yml)
|
||||
[](https://github.com/actions/github-script/actions/workflows/ci.yml)
|
||||
[](https://github.com/actions/github-script/actions/workflows/licensed.yml)
|
||||
|
||||
This action makes it easy to quickly write a script in your workflow that
|
||||
uses the GitHub API and the workflow run context.
|
||||
@@ -132,6 +132,26 @@ By default, the following status codes will not be retried: `400, 401, 403, 404,
|
||||
|
||||
These retries are implemented using the [octokit/plugin-retry.js](https://github.com/octokit/plugin-retry.js) plugin. The retries use [exponential backoff](https://en.wikipedia.org/wiki/Exponential_backoff) to space out retries. ([source](https://github.com/octokit/plugin-retry.js/blob/9a2443746c350b3beedec35cf26e197ea318a261/src/error-request.ts#L13))
|
||||
|
||||
## Recommended Permissions
|
||||
|
||||
The permissions required for the `GITHUB_TOKEN` in your workflow vary depending on how you use `github-script`. To ensure secure and efficient use of this action, we recommend reviewing and setting the least privileges necessary for your use case.
|
||||
|
||||
### Determine the Required Permissions
|
||||
|
||||
1. **`GITHUB_TOKEN` Authentication**
|
||||
GitHub automatically provides a `GITHUB_TOKEN` for workflows. You can customize the permissions granted to this token. Refer to the documentation for details:
|
||||
[Permissions for the `GITHUB_TOKEN`](https://docs.github.com/en/actions/security-for-github-actions/security-guides/automatic-token-authentication#permissions-for-the-github_token)
|
||||
|
||||
2. **API Calls with Installation Access Tokens**
|
||||
If you're using `github-script` to make API calls requiring installation access tokens, ensure the permissions are configured appropriately for those endpoints. Learn more here:
|
||||
[Permissions for installation access tokens](https://docs.github.com/en/rest/authentication/endpoints-available-for-github-app-installation-access-tokens)
|
||||
|
||||
### General Best Practices
|
||||
|
||||
- Use the principle of least privilege: Only grant the specific permissions needed for your workflow.
|
||||
- Regularly audit and review your workflows to ensure permissions remain appropriate for your use cases.
|
||||
- Test your workflows with the intended permissions to verify they work as expected without over-permissioning.
|
||||
|
||||
## Examples
|
||||
|
||||
Note that `github-token` is optional in this action, and the input is there
|
||||
|
||||
8
dist/index.js
vendored
8
dist/index.js
vendored
@@ -35509,9 +35509,13 @@ async function main() {
|
||||
userAgent: userAgent || undefined,
|
||||
previews: previews ? previews.split(',') : undefined,
|
||||
retry: retryOpts,
|
||||
request: requestOpts,
|
||||
baseUrl: baseUrl || undefined
|
||||
request: requestOpts
|
||||
};
|
||||
// Setting `baseUrl` to undefined will prevent the default value from being used
|
||||
// https://github.com/actions/github-script/issues/436
|
||||
if (baseUrl) {
|
||||
opts.baseUrl = baseUrl;
|
||||
}
|
||||
const github = (0,lib_github.getOctokit)(token, opts, plugin_retry_dist_node.retry, dist_node.requestLog);
|
||||
const script = core.getInput('script', { required: true });
|
||||
// Using property/value shorthand on `require` (e.g. `{require}`) causes compilation errors.
|
||||
|
||||
22
package-lock.json
generated
22
package-lock.json
generated
@@ -1,12 +1,12 @@
|
||||
{
|
||||
"name": "github-script",
|
||||
"version": "7.0.0",
|
||||
"version": "7.0.1",
|
||||
"lockfileVersion": 2,
|
||||
"requires": true,
|
||||
"packages": {
|
||||
"": {
|
||||
"name": "github-script",
|
||||
"version": "7.0.0",
|
||||
"version": "7.0.1",
|
||||
"license": "MIT",
|
||||
"dependencies": {
|
||||
"@actions/core": "^1.10.1",
|
||||
@@ -27,7 +27,7 @@
|
||||
"eslint": "^8.51.0",
|
||||
"eslint-config-prettier": "^9.0.0",
|
||||
"eslint-plugin-prettier": "^5.0.1",
|
||||
"husky": "^7.0.0",
|
||||
"husky": "^9.1.1",
|
||||
"jest": "^29.7.0",
|
||||
"npm-run-all": "^4.1.5",
|
||||
"prettier": "^3.0.3",
|
||||
@@ -4045,15 +4045,15 @@
|
||||
}
|
||||
},
|
||||
"node_modules/husky": {
|
||||
"version": "7.0.2",
|
||||
"resolved": "https://registry.npmjs.org/husky/-/husky-7.0.2.tgz",
|
||||
"integrity": "sha512-8yKEWNX4z2YsofXAMT7KvA1g8p+GxtB1ffV8XtpAEGuXNAbCV5wdNKH+qTpw8SM9fh4aMPDR+yQuKfgnreyZlg==",
|
||||
"version": "9.1.1",
|
||||
"resolved": "https://registry.npmjs.org/husky/-/husky-9.1.1.tgz",
|
||||
"integrity": "sha512-fCqlqLXcBnXa/TJXmT93/A36tJsjdJkibQ1MuIiFyCCYUlpYpIaj2mv1w+3KR6Rzu1IC3slFTje5f6DUp2A2rg==",
|
||||
"dev": true,
|
||||
"bin": {
|
||||
"husky": "lib/bin.js"
|
||||
"husky": "bin.js"
|
||||
},
|
||||
"engines": {
|
||||
"node": ">=12"
|
||||
"node": ">=18"
|
||||
},
|
||||
"funding": {
|
||||
"url": "https://github.com/sponsors/typicode"
|
||||
@@ -10325,9 +10325,9 @@
|
||||
"dev": true
|
||||
},
|
||||
"husky": {
|
||||
"version": "7.0.2",
|
||||
"resolved": "https://registry.npmjs.org/husky/-/husky-7.0.2.tgz",
|
||||
"integrity": "sha512-8yKEWNX4z2YsofXAMT7KvA1g8p+GxtB1ffV8XtpAEGuXNAbCV5wdNKH+qTpw8SM9fh4aMPDR+yQuKfgnreyZlg==",
|
||||
"version": "9.1.1",
|
||||
"resolved": "https://registry.npmjs.org/husky/-/husky-9.1.1.tgz",
|
||||
"integrity": "sha512-fCqlqLXcBnXa/TJXmT93/A36tJsjdJkibQ1MuIiFyCCYUlpYpIaj2mv1w+3KR6Rzu1IC3slFTje5f6DUp2A2rg==",
|
||||
"dev": true
|
||||
},
|
||||
"ignore": {
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
{
|
||||
"name": "github-script",
|
||||
"description": "A GitHub action for executing a simple script",
|
||||
"version": "7.0.0",
|
||||
"version": "7.0.1",
|
||||
"author": "GitHub",
|
||||
"license": "MIT",
|
||||
"main": "dist/index.js",
|
||||
@@ -20,7 +20,7 @@
|
||||
"style:write": "run-p --continue-on-error --aggregate-output format:write lint",
|
||||
"pre-commit": "run-s style:write test build",
|
||||
"test": "jest",
|
||||
"prepare": "husky install"
|
||||
"prepare": "husky"
|
||||
},
|
||||
"jest": {
|
||||
"preset": "ts-jest",
|
||||
@@ -57,11 +57,11 @@
|
||||
"eslint": "^8.51.0",
|
||||
"eslint-config-prettier": "^9.0.0",
|
||||
"eslint-plugin-prettier": "^5.0.1",
|
||||
"husky": "^7.0.0",
|
||||
"husky": "^9.1.1",
|
||||
"jest": "^29.7.0",
|
||||
"npm-run-all": "^4.1.5",
|
||||
"prettier": "^3.0.3",
|
||||
"ts-jest": "^29.1.1",
|
||||
"typescript": "^5.2.2"
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -44,8 +44,13 @@ async function main(): Promise<void> {
|
||||
userAgent: userAgent || undefined,
|
||||
previews: previews ? previews.split(',') : undefined,
|
||||
retry: retryOpts,
|
||||
request: requestOpts,
|
||||
baseUrl: baseUrl || undefined
|
||||
request: requestOpts
|
||||
}
|
||||
|
||||
// Setting `baseUrl` to undefined will prevent the default value from being used
|
||||
// https://github.com/actions/github-script/issues/436
|
||||
if (baseUrl) {
|
||||
opts.baseUrl = baseUrl
|
||||
}
|
||||
|
||||
const github = getOctokit(token, opts, retry, requestLog)
|
||||
|
||||
Reference in New Issue
Block a user