actions · gr2m · Oct 4, 2023 · Sep 20, 2023 · Sep 20, 2023 · Sep 21, 2023
@@ -9,6 +9,7 @@ In order to use this action, you need to:
 1. [Register new GitHub App](https://docs.github.com/apps/creating-github-apps/setting-up-a-github-app/creating-a-github-app)
 2. [Store the App's ID in your repository environment variables](https://docs.github.com/actions/learn-github-actions/variables#defining-configuration-variables-for-multiple-workflows) (example: `APP_ID`)
 3. [Store the App's private key in your repository secrets](https://docs.github.com/actions/security-guides/encrypted-secrets?tool=webui#creating-encrypted-secrets-for-a-repository) (example: `PRIVATE_KEY`)
+4. We recommend that `owner` be set to `env.GITHUB_REPOSITORY_OWNER` (See [environment variables](https://docs.github.com/en/actions/learn-github-actions/variables#default-environment-variables))
 
 ### Minimal usage
 
@@ -24,6 +25,8 @@ jobs:
         with:
           app_id: ${{ vars.APP_ID }}
           private_key: ${{ secrets.PRIVATE_KEY }}
+          owener: ${{ github.repository_owner }}
+          repositories: repo1,repo2
       - uses: peter-evans/create-or-update-comment@v3
         with:
           token: ${{ steps.app-token.outputs.token }}
@@ -46,6 +49,10 @@ jobs:
           # required
           app_id: ${{ vars.APP_ID }}
           private_key: ${{ secrets.PRIVATE_KEY }}
+          # optional - if not used, defaults to current repository owner
+          owner: ${{ github.repository_owner }}
+          # optional - if not used, defaults to all repositories in the organization where the app is installed
+          repositories: repo1,repo2
       - uses: actions/checkout@v3
         with:
           token: ${{ steps.app-token.outputs.token }}
@@ -67,6 +74,14 @@ jobs:
 
 **Required:** GitHub App private key.
 
+### `owner`
+
+**Optional:** GitHub App installation owner. Defaults to the current repository owner.
+
+### `repositories`
+
+**Optional:** Comma-separated list of repositories to grant access to. Defaults to the current repository.
+
 ## Outputs
 
 ### `token`
@@ -77,7 +92,7 @@ GitHub App installation access token.
 
 The action creates an installation access token using [the `POST /app/installations/{installation_id}/access_tokens` endpoint](https://docs.github.com/rest/apps/apps?apiVersion=2022-11-28#create-an-installation-access-token-for-an-app). By default,
 
-1. The token is scoped to the current repository.
+1. The token is scoped to the current repository or the repositories given.
 2. The token inherits all the installation's permissions.
 3. The token is set as output `token` which can be used in subsequent steps.
 4. The token is revoked in the `post` step of the action, which means it cannot be passed to another job.

@@ -11,6 +11,12 @@ inputs:
   private_key:
     description: "GitHub App private key"
     required: true
+  owner:
+    description: "GitHub App owner (defaults to current repository owner)"
+    required: false
+  repositories:
+    description: "Repositories to install the GitHub App on (defaults to current repository)"
+    required: false
 outputs:
   token:
     description: "GitHub installation access token"

@@ -2956,8 +2956,10 @@ var import_core = __toESM(require_core(), 1);
 // lib/post.js
 async function post(core2, request2) {
   const token = core2.getState("token");
-  if (!token)
+  if (!token) {
+    core2.info("Token is not set");
     return;
+  }
   await request2("DELETE /installation/token", {
     headers: {
       authorization: `token ${token}`

@@ -3,21 +3,23 @@
 /**
  * @param {string} appId
  * @param {string} privateKey
- * @param {string} repository
+ * @param {string} org
+ * @param {string} repositories
  * @param {import("@actions/core")} core
  * @param {import("@octokit/auth-app").createAppAuth} createAppAuth
  * @param {import("@octokit/request").request} request
  */
 export async function main(
   appId,
   privateKey,
-  repository,
+  org,
+  repositories,
   core,
   createAppAuth,
   request
 ) {
-  // Get owner and repo name from GITHUB_REPOSITORY
-  const [owner, repo] = repository.split("/");
+
+  const repos = repositories.split(",").map((repo) => repo.trim());
 
   const auth = createAppAuth({
     appId,
@@ -32,23 +34,31 @@ export async function main(
   // Get the installation ID
   // https://docs.github.com/en/rest/apps/apps?apiVersion=2022-11-28#get-a-repository-installation-for-the-authenticated-app
   const { data: installation } = await request(
-    "GET /repos/{owner}/{repo}/installation",
+    "GET /orgs/{org}/installation",
     {
-      owner,
-      repo,
+      org,
       headers: {
         authorization: `bearer ${appAuthentication.token}`,
       },
     }
   );
 
   // Create a new installation token
-  const authentication = await auth({
-    type: "installation",
-    installationId: installation.id,
-    repositoryNames: [repo],
-  });
+  let authentication;
 
+  if (repositories.length == 0) {
+    authentication = await auth({
+      type: "installation",
+      installationId: installation.id,
+    });
+  } else {
+    authentication = await auth({
+      type: "installation",
+      installationId: installation.id,
+      repositoryNames: repos,
+    });
+  }
+
   // Register the token with the runner as a secret to ensure it is masked in logs
   core.setSecret(authentication.token);
 

@@ -10,15 +10,20 @@ if (!process.env.GITHUB_REPOSITORY) {
   throw new Error("GITHUB_REPOSITORY missing, must be set to '<owner>/<repo>'");
 }
 
+if (!process.env.GITHUB_REPOSITORY_OWNER) {
+  throw new Error("GITHUB_REPOSITORY_OWNER missing, must be set to '<owner>'");
+}
+
 const appId = core.getInput("app_id");
 const privateKey = core.getInput("private_key");
-
-const repository = process.env.GITHUB_REPOSITORY;
+const owner = core.getInput("owner") == "" ? process.env.GITHUB_REPOSITORY_OWNER?.trim() : core.getInput("owner");
+const repositories = core.getInput("repositories");
 
 main(
   appId,
   privateKey,
-  repository,
+  owner,
+  repositories,
   core,
   createAppAuth,
   request.defaults({