From 5269c8a66c0f73bcfb4e3b655e66761e7a88a72c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bj=C3=B6rn=20Kautler?= Date: Sun, 11 May 2025 04:36:00 +0200 Subject: [PATCH 1/3] Add action typing --- .github/workflows/check-action-typing.yml | 16 ++ README.md | 3 + action-types.yml | 321 ++++++++++++++++++++++ scripts/update-permission-inputs.js | 29 +- 4 files changed, 366 insertions(+), 3 deletions(-) create mode 100644 .github/workflows/check-action-typing.yml create mode 100644 action-types.yml diff --git a/.github/workflows/check-action-typing.yml b/.github/workflows/check-action-typing.yml new file mode 100644 index 0000000..20fb2a9 --- /dev/null +++ b/.github/workflows/check-action-typing.yml @@ -0,0 +1,16 @@ +name: Check Action Typing + +on: + - push + - pull_request + +jobs: + check_action_typing: + name: Check Action Typing + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v4 + + - name: Check Action Typing + uses: typesafegithub/github-actions-typing@v2 diff --git a/README.md b/README.md index f72b653..0d74f15 100644 --- a/README.md +++ b/README.md @@ -4,6 +4,9 @@ GitHub Action for creating a GitHub App installation access token. +Thanks to the provided [typings](action-types.yml), it is possible to use this action in a type-safe way using +https://github.com/typesafegithub/github-workflows-kt which allows writing workflow files using a type-safe Kotlin DSL. + ## Usage In order to use this action, you need to: diff --git a/action-types.yml b/action-types.yml new file mode 100644 index 0000000..c8b3f95 --- /dev/null +++ b/action-types.yml @@ -0,0 +1,321 @@ +# See https://github.com/typesafegithub/github-actions-typing +inputs: + app-id: + type: string + + private-key: + type: string + + owner: + type: string + + repositories: + type: list + separator: "\n" + list-item: + type: string + + skip-token-revoke: + type: boolean + + github-api-url: + type: string + + # + permission-actions: + type: enum + allowed-values: + - "read" + - "write" + + permission-administration: + type: enum + allowed-values: + - "read" + - "write" + + permission-checks: + type: enum + allowed-values: + - "read" + - "write" + + permission-codespaces: + type: enum + allowed-values: + - "read" + - "write" + + permission-contents: + type: enum + allowed-values: + - "read" + - "write" + + permission-dependabot-secrets: + type: enum + allowed-values: + - "read" + - "write" + + permission-deployments: + type: enum + allowed-values: + - "read" + - "write" + + permission-email-addresses: + type: enum + allowed-values: + - "read" + - "write" + + permission-environments: + type: enum + allowed-values: + - "read" + - "write" + + permission-followers: + type: enum + allowed-values: + - "read" + - "write" + + permission-git-ssh-keys: + type: enum + allowed-values: + - "read" + - "write" + + permission-gpg-keys: + type: enum + allowed-values: + - "read" + - "write" + + permission-interaction-limits: + type: enum + allowed-values: + - "read" + - "write" + + permission-issues: + type: enum + allowed-values: + - "read" + - "write" + + permission-members: + type: enum + allowed-values: + - "read" + - "write" + + permission-metadata: + type: enum + allowed-values: + - "read" + - "write" + + permission-organization-administration: + type: enum + allowed-values: + - "read" + - "write" + + permission-organization-announcement-banners: + type: enum + allowed-values: + - "read" + - "write" + + permission-organization-copilot-seat-management: + type: enum + allowed-values: + - "write" + + permission-organization-custom-org-roles: + type: enum + allowed-values: + - "read" + - "write" + + permission-organization-custom-properties: + type: enum + allowed-values: + - "read" + - "write" + - "admin" + + permission-organization-custom-roles: + type: enum + allowed-values: + - "read" + - "write" + + permission-organization-events: + type: enum + allowed-values: + - "read" + + permission-organization-hooks: + type: enum + allowed-values: + - "read" + - "write" + + permission-organization-packages: + type: enum + allowed-values: + - "read" + - "write" + + permission-organization-personal-access-token-requests: + type: enum + allowed-values: + - "read" + - "write" + + permission-organization-personal-access-tokens: + type: enum + allowed-values: + - "read" + - "write" + + permission-organization-plan: + type: enum + allowed-values: + - "read" + + permission-organization-projects: + type: enum + allowed-values: + - "read" + - "write" + - "admin" + + permission-organization-secrets: + type: enum + allowed-values: + - "read" + - "write" + + permission-organization-self-hosted-runners: + type: enum + allowed-values: + - "read" + - "write" + + permission-organization-user-blocking: + type: enum + allowed-values: + - "read" + - "write" + + permission-packages: + type: enum + allowed-values: + - "read" + - "write" + + permission-pages: + type: enum + allowed-values: + - "read" + - "write" + + permission-profile: + type: enum + allowed-values: + - "write" + + permission-pull-requests: + type: enum + allowed-values: + - "read" + - "write" + + permission-repository-custom-properties: + type: enum + allowed-values: + - "read" + - "write" + + permission-repository-hooks: + type: enum + allowed-values: + - "read" + - "write" + + permission-repository-projects: + type: enum + allowed-values: + - "read" + - "write" + - "admin" + + permission-secret-scanning-alerts: + type: enum + allowed-values: + - "read" + - "write" + + permission-secrets: + type: enum + allowed-values: + - "read" + - "write" + + permission-security-events: + type: enum + allowed-values: + - "read" + - "write" + + permission-single-file: + type: enum + allowed-values: + - "read" + - "write" + + permission-starring: + type: enum + allowed-values: + - "read" + - "write" + + permission-statuses: + type: enum + allowed-values: + - "read" + - "write" + + permission-team-discussions: + type: enum + allowed-values: + - "read" + - "write" + + permission-vulnerability-alerts: + type: enum + allowed-values: + - "read" + - "write" + + permission-workflows: + type: enum + allowed-values: + - "write" + + # + +outputs: + token: + type: string + + installation-id: + type: integer + + app-slug: + type: string diff --git a/scripts/update-permission-inputs.js b/scripts/update-permission-inputs.js index 8f17994..c1ed12c 100644 --- a/scripts/update-permission-inputs.js +++ b/scripts/update-permission-inputs.js @@ -30,13 +30,36 @@ const permissionsInputs = Object.entries(appPermissionsSchema.properties) description: "${description}"`; }, ""); -const actionsYamlContent = await readFile("action.yml", "utf8"); +const actionYamlContent = await readFile("action.yml", "utf8"); // In the action.yml file, replace the content between the `` and `` comments with the new content -const updatedActionsYamlContent = actionsYamlContent.replace( +const updatedActionYamlContent = actionYamlContent.replace( /(?<=# )(.|\n)*(?=# )/, permissionsInputs + "\n " ); -await writeFile("action.yml", updatedActionsYamlContent, "utf8"); +await writeFile("action.yml", updatedActionYamlContent, "utf8"); console.log("Updated action.yml with new permissions inputs"); + +const permissionsTypes = Object.entries(appPermissionsSchema.properties) + .sort((a, b) => a[0].localeCompare(b[0])) + .reduce((result, [key, value]) => { + const permissionAccessValues = value.enum.map((p) => ` - "${p}"`).reduce((result, p) => `${result}\n${p}`); + return `${result} + permission-${key.replace(/_/g, "-")}: + type: enum + allowed-values: +${permissionAccessValues} +`; + }, ""); + +const actionTypesYamlContent = await readFile("action-types.yml", "utf8"); + +// In the action-types.yml file, replace the content between the `` and `` comments with the new content +const updatedActionTypesYamlContent = actionTypesYamlContent.replace( + /(?<=# )(.|\n)*(?=# )/, + permissionsTypes + "\n " +); + +await writeFile("action-types.yml", updatedActionTypesYamlContent, "utf8"); +console.log("Updated action-types.yml with new permissions types"); From 5deaacf6a785726a5ecad5e92d839e2a50d7a4c6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bj=C3=B6rn=20Kautler?= Date: Sun, 11 May 2025 04:36:00 +0200 Subject: [PATCH 2/3] Review Feedback Vol. 1 --- .github/workflows/check-action-typing.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/.github/workflows/check-action-typing.yml b/.github/workflows/check-action-typing.yml index 20fb2a9..2c95c90 100644 --- a/.github/workflows/check-action-typing.yml +++ b/.github/workflows/check-action-typing.yml @@ -1,9 +1,11 @@ name: Check Action Typing on: - - push - pull_request +permissions: + contents: read + jobs: check_action_typing: name: Check Action Typing From f553deb854ac34b2b24efabcb4ea2d22ea78e30e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bj=C3=B6rn=20Kautler?= Date: Mon, 12 May 2025 17:17:59 +0200 Subject: [PATCH 3/3] Review Feedback Vol. 2 --- .github/workflows/check-action-typing.yml | 2 +- README.md | 3 --- 2 files changed, 1 insertion(+), 4 deletions(-) diff --git a/.github/workflows/check-action-typing.yml b/.github/workflows/check-action-typing.yml index 2c95c90..b4d5808 100644 --- a/.github/workflows/check-action-typing.yml +++ b/.github/workflows/check-action-typing.yml @@ -15,4 +15,4 @@ jobs: uses: actions/checkout@v4 - name: Check Action Typing - uses: typesafegithub/github-actions-typing@v2 + uses: typesafegithub/github-actions-typing@0dc5690c35c564d354dc0c23c56559f0813ed3ac diff --git a/README.md b/README.md index 0d74f15..f72b653 100644 --- a/README.md +++ b/README.md @@ -4,9 +4,6 @@ GitHub Action for creating a GitHub App installation access token. -Thanks to the provided [typings](action-types.yml), it is possible to use this action in a type-safe way using -https://github.com/typesafegithub/github-workflows-kt which allows writing workflow files using a type-safe Kotlin DSL. - ## Usage In order to use this action, you need to: