Josh Gross
0c014070f9
Fixes #72 If an Actions job is long enough, more than an hour can pass between creating and revoking the App token in the post-job clean up step. Since the token itself is used to authenticate with the revoke API, an expired token will fail to be revoked. This PR saves the token expiration in the actions state and uses that in the post step to determine if the token can be revoked. I've also added error handling to the revoke token API call, as it's unlikely that users would want their job to fail if the token can't be revoked.
29 lines
804 B
JavaScript
29 lines
804 B
JavaScript
import { MockAgent, setGlobalDispatcher } from "undici";
|
|
|
|
// state variables are set as environment variables with the prefix STATE_
|
|
// https://docs.github.com/en/actions/using-workflows/workflow-commands-for-github-actions#sending-values-to-the-pre-and-post-actions
|
|
process.env.STATE_token = "secret123";
|
|
|
|
// 1 hour in the past, expired
|
|
process.env.STATE_expiresAt = new Date(Date.now() - 1000 * 60 * 60).toISOString();
|
|
|
|
const mockAgent = new MockAgent();
|
|
|
|
setGlobalDispatcher(mockAgent);
|
|
|
|
// Provide the base url to the request
|
|
const mockPool = mockAgent.get("https://api.github.com");
|
|
|
|
// intercept the request
|
|
mockPool
|
|
.intercept({
|
|
path: "/installation/token",
|
|
method: "DELETE",
|
|
headers: {
|
|
authorization: "token secret123",
|
|
},
|
|
})
|
|
.reply(204);
|
|
|
|
await import("../post.js");
|