From 9eb195e72245cafb788feb531ec81ffda5c25dbe Mon Sep 17 00:00:00 2001
From: Yuta Kasai <yuta.kasai@linecorp.com>
Date: Sat, 29 Mar 2025 23:04:40 +0900
Subject: [PATCH 1/4] NO-ISSUE Use core.getBooleanInput() to retrieve boolean
 input values

---
 lib/post.js | 4 +---
 main.js     | 4 +---
 2 files changed, 2 insertions(+), 6 deletions(-)

diff --git a/lib/post.js b/lib/post.js
index 9b294ae..7d19c57 100644
--- a/lib/post.js
+++ b/lib/post.js
@@ -5,9 +5,7 @@
  * @param {import("@octokit/request").request} request
  */
 export async function post(core, request) {
-  const skipTokenRevoke = Boolean(
-    core.getInput("skip-token-revoke") || core.getInput("skip_token_revoke")
-  );
+  const skipTokenRevoke = core.getBooleanInput("skip-token-revoke") || core.getBooleanInput("skip_token_revoke");
 
   if (skipTokenRevoke) {
     core.info("Token revocation was skipped");
diff --git a/main.js b/main.js
index 81b7767..1f81ee3 100644
--- a/main.js
+++ b/main.js
@@ -32,9 +32,7 @@ const repositories = core
   .map((s) => s.trim())
   .filter((x) => x !== "");
 
-const skipTokenRevoke = Boolean(
-  core.getInput("skip-token-revoke") || core.getInput("skip_token_revoke"),
-);
+const skipTokenRevoke = core.getBooleanInput("skip-token-revoke") || core.getBooleanInput("skip_token_revoke");
 
 const permissions = getPermissionsFromInputs(process.env);
 

From 0f0eed104abb4528f4f6f04e834c9d9383682953 Mon Sep 17 00:00:00 2001
From: Yuta Kasai <yuta.kasai@linecorp.com>
Date: Sat, 29 Mar 2025 23:49:58 +0900
Subject: [PATCH 2/4] NO-ISSUE Explicitly set the default value to false, and
 update document

---
 README.md  | 4 ++--
 action.yml | 6 ++++--
 2 files changed, 6 insertions(+), 4 deletions(-)

diff --git a/README.md b/README.md
index 91efed1..50bdc90 100644
--- a/README.md
+++ b/README.md
@@ -343,7 +343,7 @@ The reason we define one `permision-<permission name>` input per permission is t
 
 ### `skip-token-revoke`
 
-**Optional:** If truthy, the token will not be revoked when the current job is complete.
+**Optional:** If true, the token will not be revoked when the current job is complete.
 
 ### `github-api-url`
 
@@ -370,7 +370,7 @@ The action creates an installation access token using [the `POST /app/installati
 1. The token is scoped to the current repository or `repositories` if set.
 2. The token inherits all the installation's permissions.
 3. The token is set as output `token` which can be used in subsequent steps.
-4. Unless the `skip-token-revoke` input is set to a truthy value, the token is revoked in the `post` step of the action, which means it cannot be passed to another job.
+4. Unless the `skip-token-revoke` input is set to true, the token is revoked in the `post` step of the action, which means it cannot be passed to another job.
 5. The token is masked, it cannot be logged accidentally.
 
 > [!NOTE]
diff --git a/action.yml b/action.yml
index aab57bc..9542e88 100644
--- a/action.yml
+++ b/action.yml
@@ -26,11 +26,13 @@ inputs:
     description: "Comma or newline-separated list of repositories to install the GitHub App on (defaults to current repository if owner is unset)"
     required: false
   skip-token-revoke:
-    description: "If truthy, the token will not be revoked when the current job is complete"
+    description: "If true, the token will not be revoked when the current job is complete"
     required: false
+    default: "false"
   skip_token_revoke:
-    description: "If truthy, the token will not be revoked when the current job is complete"
+    description: "If true, the token will not be revoked when the current job is complete"
     required: false
+    default: "false"
     deprecationMessage: "'skip_token_revoke' is deprecated and will be removed in a future version. Use 'skip-token-revoke' instead."
   # Make GitHub API configurable to support non-GitHub Cloud use cases
   # see https://github.com/actions/create-github-app-token/issues/77

From 55e5ec50e2b6a1038b3416556617b07bce1e4a32 Mon Sep 17 00:00:00 2001
From: Yuta Kasai <yuta.kasai@linecorp.com>
Date: Sat, 29 Mar 2025 23:50:18 +0900
Subject: [PATCH 3/4] NO-ISSUE Fix test

---
 tests/main.js                                 | 2 ++
 tests/post-revoke-token-fail-response.test.js | 2 ++
 tests/post-token-expired.test.js              | 5 +++++
 tests/post-token-set.test.js                  | 2 ++
 tests/post-token-unset.test.js                | 5 +++++
 5 files changed, 16 insertions(+)

diff --git a/tests/main.js b/tests/main.js
index 2172752..aa519d2 100644
--- a/tests/main.js
+++ b/tests/main.js
@@ -8,6 +8,8 @@ export const DEFAULT_ENV = {
   // inputs are set as environment variables with the prefix INPUT_
   // https://docs.github.com/actions/creating-actions/metadata-syntax-for-github-actions#example-specifying-inputs
   "INPUT_GITHUB-API-URL": "https://api.github.com",
+  "INPUT_SKIP-TOKEN-REVOKE": "false",
+  "INPUT_SKIP_TOKEN_REVOKE": "false",
   "INPUT_APP-ID": "123456",
   // This key is invalidated. It’s from https://github.com/octokit/auth-app.js/issues/465#issuecomment-1564998327.
   "INPUT_PRIVATE-KEY": `-----BEGIN RSA PRIVATE KEY-----
diff --git a/tests/post-revoke-token-fail-response.test.js b/tests/post-revoke-token-fail-response.test.js
index 6962ca3..7e31df8 100644
--- a/tests/post-revoke-token-fail-response.test.js
+++ b/tests/post-revoke-token-fail-response.test.js
@@ -7,6 +7,8 @@ process.env.STATE_token = "secret123";
 // inputs are set as environment variables with the prefix INPUT_
 // https://docs.github.com/en/actions/creating-actions/metadata-syntax-for-github-actions#example-specifying-inputs
 process.env["INPUT_GITHUB-API-URL"] = "https://api.github.com";
+process.env["INPUT_SKIP-TOKEN-REVOKE"] = "false";
+process.env["INPUT_SKIP_TOKEN_REVOKE"] = "false";
 
 // 1 hour in the future, not expired
 process.env.STATE_expiresAt = new Date(
diff --git a/tests/post-token-expired.test.js b/tests/post-token-expired.test.js
index 6479845..8539519 100644
--- a/tests/post-token-expired.test.js
+++ b/tests/post-token-expired.test.js
@@ -7,6 +7,11 @@ process.env.STATE_token = "secret123";
 // 1 hour in the past, expired
 process.env.STATE_expiresAt = new Date(Date.now() - 1000 * 60 * 60).toISOString();
 
+// inputs are set as environment variables with the prefix INPUT_
+// https://docs.github.com/en/actions/creating-actions/metadata-syntax-for-github-actions#example-specifying-inputs
+process.env["INPUT_SKIP-TOKEN-REVOKE"] = "false";
+process.env["INPUT_SKIP_TOKEN_REVOKE"] = "false";
+
 const mockAgent = new MockAgent();
 
 setGlobalDispatcher(mockAgent);
diff --git a/tests/post-token-set.test.js b/tests/post-token-set.test.js
index 33697d0..9437e9a 100644
--- a/tests/post-token-set.test.js
+++ b/tests/post-token-set.test.js
@@ -7,6 +7,8 @@ process.env.STATE_token = "secret123";
 // inputs are set as environment variables with the prefix INPUT_
 // https://docs.github.com/en/actions/creating-actions/metadata-syntax-for-github-actions#example-specifying-inputs
 process.env["INPUT_GITHUB-API-URL"] = "https://api.github.com";
+process.env["INPUT_SKIP-TOKEN-REVOKE"] = "false";
+process.env["INPUT_SKIP_TOKEN_REVOKE"] = "false";
 
 // 1 hour in the future, not expired
 process.env.STATE_expiresAt = new Date(Date.now() + 1000 * 60 * 60).toISOString();
diff --git a/tests/post-token-unset.test.js b/tests/post-token-unset.test.js
index 7b1922a..65b07fe 100644
--- a/tests/post-token-unset.test.js
+++ b/tests/post-token-unset.test.js
@@ -2,4 +2,9 @@
 // https://docs.github.com/en/actions/using-workflows/workflow-commands-for-github-actions#sending-values-to-the-pre-and-post-actions
 delete process.env.STATE_token;
 
+// inputs are set as environment variables with the prefix INPUT_
+// https://docs.github.com/en/actions/creating-actions/metadata-syntax-for-github-actions#example-specifying-inputs
+process.env["INPUT_SKIP-TOKEN-REVOKE"] = "false";
+process.env["INPUT_SKIP_TOKEN_REVOKE"] = "false";
+
 await import("../post.js");

From 85a794241f3020436e9cd2ad21753769f0a77e07 Mon Sep 17 00:00:00 2001
From: Yuta Kasai <yuta.kasai@linecorp.com>
Date: Fri, 4 Apr 2025 13:15:43 +0900
Subject: [PATCH 4/4] NO-ISSUE fix test

---
 tests/main.js                                 | 1 -
 tests/post-revoke-token-fail-response.test.js | 1 -
 tests/post-token-expired.test.js              | 1 -
 tests/post-token-set.test.js                  | 1 -
 tests/post-token-unset.test.js                | 1 -
 5 files changed, 5 deletions(-)

diff --git a/tests/main.js b/tests/main.js
index aa519d2..792da70 100644
--- a/tests/main.js
+++ b/tests/main.js
@@ -9,7 +9,6 @@ export const DEFAULT_ENV = {
   // https://docs.github.com/actions/creating-actions/metadata-syntax-for-github-actions#example-specifying-inputs
   "INPUT_GITHUB-API-URL": "https://api.github.com",
   "INPUT_SKIP-TOKEN-REVOKE": "false",
-  "INPUT_SKIP_TOKEN_REVOKE": "false",
   "INPUT_APP-ID": "123456",
   // This key is invalidated. It’s from https://github.com/octokit/auth-app.js/issues/465#issuecomment-1564998327.
   "INPUT_PRIVATE-KEY": `-----BEGIN RSA PRIVATE KEY-----
diff --git a/tests/post-revoke-token-fail-response.test.js b/tests/post-revoke-token-fail-response.test.js
index 7e31df8..b729b55 100644
--- a/tests/post-revoke-token-fail-response.test.js
+++ b/tests/post-revoke-token-fail-response.test.js
@@ -8,7 +8,6 @@ process.env.STATE_token = "secret123";
 // https://docs.github.com/en/actions/creating-actions/metadata-syntax-for-github-actions#example-specifying-inputs
 process.env["INPUT_GITHUB-API-URL"] = "https://api.github.com";
 process.env["INPUT_SKIP-TOKEN-REVOKE"] = "false";
-process.env["INPUT_SKIP_TOKEN_REVOKE"] = "false";
 
 // 1 hour in the future, not expired
 process.env.STATE_expiresAt = new Date(
diff --git a/tests/post-token-expired.test.js b/tests/post-token-expired.test.js
index 8539519..62caa6d 100644
--- a/tests/post-token-expired.test.js
+++ b/tests/post-token-expired.test.js
@@ -10,7 +10,6 @@ process.env.STATE_expiresAt = new Date(Date.now() - 1000 * 60 * 60).toISOString(
 // inputs are set as environment variables with the prefix INPUT_
 // https://docs.github.com/en/actions/creating-actions/metadata-syntax-for-github-actions#example-specifying-inputs
 process.env["INPUT_SKIP-TOKEN-REVOKE"] = "false";
-process.env["INPUT_SKIP_TOKEN_REVOKE"] = "false";
 
 const mockAgent = new MockAgent();
 
diff --git a/tests/post-token-set.test.js b/tests/post-token-set.test.js
index 9437e9a..8ae8c36 100644
--- a/tests/post-token-set.test.js
+++ b/tests/post-token-set.test.js
@@ -8,7 +8,6 @@ process.env.STATE_token = "secret123";
 // https://docs.github.com/en/actions/creating-actions/metadata-syntax-for-github-actions#example-specifying-inputs
 process.env["INPUT_GITHUB-API-URL"] = "https://api.github.com";
 process.env["INPUT_SKIP-TOKEN-REVOKE"] = "false";
-process.env["INPUT_SKIP_TOKEN_REVOKE"] = "false";
 
 // 1 hour in the future, not expired
 process.env.STATE_expiresAt = new Date(Date.now() + 1000 * 60 * 60).toISOString();
diff --git a/tests/post-token-unset.test.js b/tests/post-token-unset.test.js
index 65b07fe..32228ef 100644
--- a/tests/post-token-unset.test.js
+++ b/tests/post-token-unset.test.js
@@ -5,6 +5,5 @@ delete process.env.STATE_token;
 // inputs are set as environment variables with the prefix INPUT_
 // https://docs.github.com/en/actions/creating-actions/metadata-syntax-for-github-actions#example-specifying-inputs
 process.env["INPUT_SKIP-TOKEN-REVOKE"] = "false";
-process.env["INPUT_SKIP_TOKEN_REVOKE"] = "false";
 
 await import("../post.js");