Merge pull request #49 from nabeken/hardening-composite-action

chore(actions): hardening the composite action with envvars
nabeken · Sep 7, 2023 · fc859a2 · fc859a2
2 parents 9ca5538 + 29594a2
commit fc859a2
Show file tree

Hide file tree

Showing 2 changed files with 31 additions and 4 deletions.
diff --git a/.github/workflows/test-action.yml b/.github/workflows/test-action.yml
@@ -13,6 +13,26 @@ env:
   GO_GITHUB_APPS_VERSION: '0.1.10'
 
 jobs:
+  test_action_with_local:
+    name: Run the action with local version
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Check out code
+        uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4
+
+      - name: Get GITHUB_TOKEN for Github Apps
+        uses: ./
+        id: go-github-apps
+        with:
+          installation_id: ${{ secrets.installation_id }}
+          app_id: ${{ secrets.app_id }}
+          private_key: ${{ secrets.private_key }}
+
+      - name: Test Github API call
+        run: |
+          curl --fail -H 'Authorization: token ${{ steps.go-github-apps.outputs.app_github_token }}' https://api.github.com/
+
   test_action_with_version:
     name: Run the action with the version
     runs-on: ubuntu-latest

diff --git a/action.yml b/action.yml
@@ -22,19 +22,26 @@ runs:
   using: "composite"
   steps:
     - run: |
-        curl -sSLf https://github.com/nabeken/go-github-apps/master/install-via-release.sh | bash -s -- -v v${{ inputs.version }}
+        curl -sSLf https://github.com/nabeken/go-github-apps/master/install-via-release.sh | bash -s -- -v "${VERSION}"
         sudo cp go-github-apps /usr/local/bin
       shell: bash
+      env:
+        VERSION: "v${{ inputs.version }}"
     - id: go-github-apps
       run: |
         T=$(mktemp)
         trap "rm -f $T" 1 2 3 15
 
         urlparam=""
-        if [ -n "${{ inputs.github_url }}" ]; then
-          urlparam="-url ${{ inputs.github_url }}"
+        if [ -n "${GITHUB_URL}" ]; then
+          urlparam="-url ${GITHUB_URL}"
         fi
 
-        env GITHUB_PRIV_KEY="${{ inputs.private_key }}" go-github-apps -inst-id ${{ inputs.installation_id }} -app-id ${{ inputs.app_id }} $urlparam > $T
+        go-github-apps -app-id "${GH_APP_ID}" -inst-id "${GH_APP_INST_ID}" $urlparam > $T
         echo "github_token=$(cat $T)" >> $GITHUB_OUTPUT
       shell: bash
+      env:
+        GITHUB_URL: "${{ inputs.github_url }}"
+        GITHUB_PRIV_KEY: "${{ inputs.private_key }}"
+        GH_APP_ID: "${{ inputs.app_id }}"
+        GH_APP_INST_ID: "${{ inputs.installation_id }}"