Merge pull request #124 from peter-evans/token-update

Token update

.eslintignore

@@ -0,0 +1,3 @@
+dist/
+lib/
+node_modules/

.eslintrc.json

@@ -1,17 +1,18 @@
 {
-    "env": {
-        "commonjs": true,
-        "es6": true,
-        "node": true
-    },
-    "extends": "eslint:recommended",
-    "globals": {
-        "Atomics": "readonly",
-        "SharedArrayBuffer": "readonly"
-    },
-    "parserOptions": {
-        "ecmaVersion": 2018
-    },
-    "rules": {
-    }
-}
+  "env": { "node": true, "jest": true },
+  "parser": "@typescript-eslint/parser",
+  "parserOptions": { "ecmaVersion": 9, "sourceType": "module" },
+  "extends": [
+    "eslint:recommended",
+    "plugin:@typescript-eslint/eslint-recommended",
+    "plugin:@typescript-eslint/recommended",
+    "plugin:import/errors",
+    "plugin:import/warnings",
+    "plugin:import/typescript",
+    "plugin:prettier/recommended"
+  ],
+  "plugins": ["@typescript-eslint"],
+  "rules": {
+    "@typescript-eslint/camelcase": "off"
+  }
+}

.github/FUNDING.yml

@@ -0,0 +1 @@
+github: peter-evans

.github/dependabot.yml

@@ -0,0 +1,15 @@
+version: 2
+updates:
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+    labels:
+      - "dependencies"
+
+  - package-ecosystem: "npm"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+    allow:
+      - dependency-name: "@actions/*"

.github/workflows/ci.yml

@@ -1,65 +1,91 @@
 name: CI
 on:
   push:
-    branches: [master]
+    branches: [main]
+    paths-ignore:
+      - 'README.md'
+      - 'docs/**'
   pull_request:
-    branches: [master]
+    branches: [main]
+    paths-ignore:
+      - 'README.md'
+      - 'docs/**'
+
+permissions:
+  pull-requests: write
+  contents: write
+  actions: write
+
 jobs:
   build:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v2
-      - uses: actions/setup-node@v1
+      - uses: actions/checkout@v3
+      - uses: actions/setup-node@v3
         with:
-          node-version: 12.x
+          node-version: 16.x
       - run: npm ci
+      - run: npm run build
+      - run: npm run format-check
+      - run: npm run lint
       - run: npm run test
-      - run: npm run package
-      - uses: actions/upload-artifact@v2
+      - uses: actions/upload-artifact@v3
         with:
           name: dist
           path: dist
+      - uses: actions/upload-artifact@v3
+        with:
+          name: action.yml
+          path: action.yml
 
   test:
+    if: github.event_name == 'push' || github.event.pull_request.head.repo.full_name == github.repository
     needs: [build]
     runs-on: ubuntu-latest
     strategy:
       matrix:
         target: [built, committed]
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v3
       - if: matrix.target == 'built' || github.event_name == 'pull_request'
-        uses: actions/download-artifact@v2
+        uses: actions/download-artifact@v3
         with:
           name: dist
           path: dist
+      - if: matrix.target == 'built' || github.event_name == 'pull_request'
+        uses: actions/download-artifact@v3
+        with:
+          name: action.yml
+          path: .
 
-      - name: Repository Dispatch
+      - name: Test repository dispatch
         uses: ./
         with:
-          token: ${{ secrets.REPO_ACCESS_TOKEN }}
           event-type: tests
           client-payload: '{"ref": "${{ github.ref }}", "sha": "${{ github.sha }}"}'
 
+      - name: Test repository dispatch (default payload)
+        uses: ./
+        with:
+          event-type: tests
+
   package:
-    if: github.event_name == 'push' && github.ref == 'refs/heads/master'
+    if: github.event_name == 'push' && github.ref == 'refs/heads/main'
     needs: [test]
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v2
-      - uses: actions/download-artifact@v2
+      - uses: actions/checkout@v3
+      - uses: actions/download-artifact@v3
         with:
           name: dist
           path: dist
       - name: Create Pull Request
-        uses: peter-evans/create-pull-request@v2
+        uses: peter-evans/create-pull-request@v4
         with:
           commit-message: Update distribution
-          committer: GitHub <noreply@github.com>
-          author: ${{ github.actor }} <${{ github.actor }}@users.noreply.github.com>
           title: Update distribution
           body: |
-            - Updates the distribution for changes on `master`
+            - Updates the distribution for changes on `main`
 
             Auto-generated by [create-pull-request][1]
 

.github/workflows/on-repository-dispatch.yml

@@ -6,7 +6,14 @@ jobs:
   tests:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v2
+      - name: Dump the client payload context
+        env:
+          PAYLOAD_CONTEXT: ${{ toJson(github.event.client_payload) }}
+        run: echo "$PAYLOAD_CONTEXT"
+
+      - uses: actions/checkout@v3
+        if: github.event.client_payload.ref != ''
         with:
           ref: ${{ github.event.client_payload.ref }}
+
       - run: echo ${{ github.event.client_payload.sha }}

.github/workflows/slash-command-dispatch.yml

@@ -0,0 +1,21 @@
+name: Slash Command Dispatch
+on:
+  issue_comment:
+    types: [created]
+jobs:
+  slashCommandDispatch:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Slash Command Dispatch
+        uses: peter-evans/slash-command-dispatch@v3
+        with:
+          token: ${{ secrets.ACTIONS_BOT_TOKEN }}
+          config: >
+            [
+              {
+                "command": "rebase",
+                "permission": "admin",
+                "repository": "peter-evans/slash-command-dispatch-processor",
+                "issue_type": "pull-request"
+              }
+            ]

.gitignore

@@ -1 +1,2 @@
-node_modules
+lib/
+node_modules/

.prettierignore

@@ -0,0 +1,3 @@
+dist/
+lib/
+node_modules/

.prettierrc.json

@@ -0,0 +1,11 @@
+{
+  "printWidth": 80,
+  "tabWidth": 2,
+  "useTabs": false,
+  "semi": false,
+  "singleQuote": true,
+  "trailingComma": "none",
+  "bracketSpacing": false,
+  "arrowParens": "avoid",
+  "parser": "typescript"
+}

README.md

@@ -1,24 +1,57 @@
 # Repository Dispatch
+[![CI](https://github.com/peter-evans/repository-dispatch/workflows/CI/badge.svg)](https://github.com/peter-evans/repository-dispatch/actions?query=workflow%3ACI)
 [![GitHub Marketplace](https://img.shields.io/badge/Marketplace-Repository%20Dispatch-blue.svg?colorA=24292e&colorB=0366d6&style=flat&longCache=true&logo=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAA4AAAAOCAYAAAAfSC3RAAAABHNCSVQICAgIfAhkiAAAAAlwSFlzAAAM6wAADOsB5dZE0gAAABl0RVh0U29mdHdhcmUAd3d3Lmlua3NjYXBlLm9yZ5vuPBoAAAERSURBVCiRhZG/SsMxFEZPfsVJ61jbxaF0cRQRcRJ9hlYn30IHN/+9iquDCOIsblIrOjqKgy5aKoJQj4O3EEtbPwhJbr6Te28CmdSKeqzeqr0YbfVIrTBKakvtOl5dtTkK+v4HfA9PEyBFCY9AGVgCBLaBp1jPAyfAJ/AAdIEG0dNAiyP7+K1qIfMdonZic6+WJoBJvQlvuwDqcXadUuqPA1NKAlexbRTAIMvMOCjTbMwl1LtI/6KWJ5Q6rT6Ht1MA58AX8Apcqqt5r2qhrgAXQC3CZ6i1+KMd9TRu3MvA3aH/fFPnBodb6oe6HM8+lYHrGdRXW8M9bMZtPXUji69lmf5Cmamq7quNLFZXD9Rq7v0Bpc1o/tp0fisAAAAASUVORK5CYII=)](https://github.com/marketplace/actions/repository-dispatch)
 
 A GitHub action to create a repository dispatch event.
 
 ## Usage
 
+Dispatch an event to the current repository by elivating the permissions of the default `GITHUB_TOKEN`.
+```yml
+permissions:
+  actions: write
+
+jobs:
+  repositorydispatch:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Repository Dispatch
+        uses: peter-evans/repository-dispatch@v2
+        with:
+          event-type: my-event
+```
+
+Dispatch an event to a remote repository using a `repo` scoped [Personal Access Token (PAT)](https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/creating-a-personal-access-token).
 ```yml
       - name: Repository Dispatch
-        uses: peter-evans/repository-dispatch@v1
+        uses: peter-evans/repository-dispatch@v2
         with:
           token: ${{ secrets.REPO_ACCESS_TOKEN }}
           event-type: my-event
 ```
 
-## Parameters
+### Action inputs
 
-- `token` (**required**) - A `repo` scoped GitHub [Personal Access Token](https://help.github.com/en/github/authenticating-to-github/creating-a-personal-access-token-for-the-command-line).
-- `repository` - The full name of the repository to send the dispatch. Defaults to the current repository.
-- `event-type` (**required**) - A custom webhook event name.
-- `client-payload` - JSON payload with extra information about the webhook event that your action or workflow may use. Default: {}
+| Name | Description | Default |
+| --- | --- | --- |
+| `token` | (**required**) `GITHUB_TOKEN` (permissions `actions: write`) or a `repo` scoped [Personal Access Token (PAT)](https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/creating-a-personal-access-token). See [token](#token) for further details. | `GITHUB_TOKEN` |
+| `repository` | The full name of the repository to send the dispatch. | `github.repository` (current repository) |
+| `event-type` | (**required**) A custom webhook event name. | |
+| `client-payload` | JSON payload with extra information about the webhook event that your action or workflow may use. | `{}` |
+
+#### Token
+
+This action creates [`repository_dispatch`](https://docs.github.com/en/rest/repos/repos#create-a-repository-dispatch-event) events.
+The default `GITHUB_TOKEN` token can only be used if you are dispatching the same repository that the workflow is executing in.
+In this case you must [elevate the token permissions](https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs) to allow the dispatch.
+
+```yaml
+permissions:
+  actions: write
+```
+
+To dispatch to a remote repository you must create a [Personal Access Token (PAT)](https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/creating-a-personal-access-token) with the `repo` scope and store it as a secret.
+If you will be dispatching to a public repository then you can use the more limited `public_repo` scope.
 
 ## Example
 
@@ -26,7 +59,7 @@ Here is an example setting all of the input parameters.
 
 ```yml
       - name: Repository Dispatch
-        uses: peter-evans/repository-dispatch@v1
+        uses: peter-evans/repository-dispatch@v2
         with:
           token: ${{ secrets.REPO_ACCESS_TOKEN }}
           repository: username/my-repo
@@ -35,7 +68,7 @@ Here is an example setting all of the input parameters.
 ```
 
 Here is an example `on: repository_dispatch` workflow to receive the event.
-Note that repository dispatch events will only trigger a workflow run if the workflow is committed to the default branch (usually `master`).
+Note that repository dispatch events will only trigger a workflow run if the workflow is committed to the default branch.
 
 ```yml
 name: Repository Dispatch
@@ -46,12 +79,36 @@ jobs:
   myEvent:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v3
         with:
           ref: ${{ github.event.client_payload.ref }}
       - run: echo ${{ github.event.client_payload.sha }}
 ```
 
+### Dispatch to multiple repositories
+
+You can dispatch to multiple repositories by using a [matrix strategy](https://docs.github.com/en/actions/reference/workflow-syntax-for-github-actions#jobsjob_idstrategymatrix). In the following example, after the `build` job succeeds, an event is dispatched to three different repositories.
+
+```yml
+jobs:
+  build:
+    # Main workflow job that builds, tests, etc.
+
+  dispatch:
+    needs: build
+    strategy:
+      matrix:
+        repo: ['my-org/repo1', 'my-org/repo2', 'my-org/repo3']
+    runs-on: ubuntu-latest
+    steps:
+      - name: Repository Dispatch
+        uses: peter-evans/repository-dispatch@v2
+        with:
+          token: ${{ secrets.REPO_ACCESS_TOKEN }}
+          repository: ${{ matrix.repo }}
+          event-type: my-event
+```
+
 ## Client payload
 
 The GitHub API allows a maximum of 10 top-level properties in the `client-payload` JSON.
@@ -74,6 +131,8 @@ The following payload will succeed.
 client-payload: '{"github": ${{ toJson(github) }}}'
 ```
 
+Additionally, there is a limitation on the total data size of the `client-payload`. A very large payload may result in a `client_payload is too large` error.
+
 ## License
 
 [MIT](LICENSE)

action.yml

@@ -2,19 +2,20 @@ name: 'Repository Dispatch'
 description: 'Create a repository dispatch event'
 inputs:
   token:
-    description: 'A repo scoped GitHub Personal Access Token'
-    required: true
+    description: 'GITHUB_TOKEN or a `repo` scoped Personal Access Token (PAT)'
+    default: ${{ github.token }}
   repository:
-    description: 'The full name of the repository to send the dispatch. Defaults to the current repository.'
+    description: 'The full name of the repository to send the dispatch.'
+    default: ${{ github.repository }}
   event-type:
     description: 'A custom webhook event name.'
     required: true
   client-payload:
-    description: 'JSON payload with extra information about the webhook event that your action or worklow may use. Default: {}'
+    description: 'JSON payload with extra information about the webhook event that your action or worklow may use.'
+    default: '{}'
 runs:
-  using: 'node12'
+  using: 'node16'
   main: 'dist/index.js'
 branding:
-  icon: 'target'  
+  icon: 'target'
   color: 'gray-dark'
-  

jest.config.js

@@ -0,0 +1,11 @@
+module.exports = {
+  clearMocks: true,
+  moduleFileExtensions: ['js', 'ts'],
+  testEnvironment: 'node',
+  testMatch: ['**/*.test.ts'],
+  testRunner: 'jest-circus/runner',
+  transform: {
+    '^.+\\.ts$': 'ts-jest'
+  },
+  verbose: true
+}

package.json

@@ -1,18 +1,25 @@
 {
   "name": "repository-dispatch",
-  "version": "1.0.0",
+  "version": "2.0.0",
+  "private": true,
   "description": "Create a repository dispatch event",
-  "main": "src/index.js",
+  "main": "lib/main.js",
   "scripts": {
-    "lint": "eslint src/index.js",
-    "package": "ncc build src/index.js -o dist",
-    "test": "eslint src/index.js && jest --passWithNoTests"
+    "build": "tsc && ncc build",
+    "format": "prettier --write '**/*.ts'",
+    "format-check": "prettier --check '**/*.ts'",
+    "lint": "eslint src/**/*.ts",
+    "test": "jest --passWithNoTests"
   },
   "repository": {
     "type": "git",
     "url": "git+https://github.com/peter-evans/repository-dispatch.git"
   },
-  "keywords": [],
+  "keywords": [
+    "actions",
+    "repository",
+    "dispatch"
+  ],
   "author": "Peter Evans",
   "license": "MIT",
   "bugs": {
@@ -20,12 +27,22 @@
   },
   "homepage": "https://github.com/peter-evans/repository-dispatch#readme",
   "dependencies": {
-    "@actions/core": "1.2.4",
-    "@octokit/request": "5.4.2"
+    "@actions/core": "^1.10.0",
+    "@actions/github": "^5.1.1"
   },
   "devDependencies": {
-    "@zeit/ncc": "0.22.1",
-    "eslint": "6.8.0",
-    "jest": "25.5.4"
+    "@types/jest": "^27.0.3",
+    "@types/node": "^16.11.11",
+    "@typescript-eslint/parser": "^5.5.0",
+    "@vercel/ncc": "^0.32.0",
+    "eslint": "^8.3.0",
+    "eslint-plugin-github": "^4.3.5",
+    "eslint-plugin-jest": "^25.3.0",
+    "jest": "^27.4.3",
+    "jest-circus": "^27.4.2",
+    "js-yaml": "^4.1.0",
+    "prettier": "^2.5.0",
+    "ts-jest": "^27.0.7",
+    "typescript": "^4.5.2"
   }
 }

renovate.json

@@ -1,11 +0,0 @@
-{
-  "extends": [
-    "config:base"
-  ],
-  "packageRules": [
-    {
-      "depTypeList": ["devDependencies"],
-      "automerge": true
-    }
-  ]
-}

src/index.js

@@ -1,40 +0,0 @@
-const { inspect } = require("util");
-const core = require("@actions/core");
-const { request } = require("@octokit/request");
-
-async function run() {
-  try {
-    const inputs = {
-      token: core.getInput("token"),
-      repository: core.getInput("repository"),
-      eventType: core.getInput("event-type"),
-      clientPayload: core.getInput("client-payload")
-    };
-    core.debug(`Inputs: ${inspect(inputs)}`);
-
-    const repository = inputs.repository ? inputs.repository : process.env.GITHUB_REPOSITORY;
-    core.debug(`repository: ${repository}`);
-
-    const clientPayload = inputs.clientPayload ? inputs.clientPayload : '{}';
-    core.debug(`clientPayload: ${clientPayload}`);
-
-    await request(
-      `POST /repos/${repository}/dispatches`,
-      {
-        headers: {
-          authorization: `token ${inputs.token}`
-        },
-        mediaType: {
-          previews: ['everest']
-        },
-        event_type: `${inputs.eventType}`,
-        client_payload: JSON.parse(clientPayload),
-      }
-    );
-  } catch (error) {
-    core.debug(inspect(error));
-    core.setFailed(error.message);
-  }
-}
-
-run();

src/main.ts

@@ -0,0 +1,37 @@
+import * as core from '@actions/core'
+import * as github from '@actions/github'
+import {inspect} from 'util'
+
+async function run(): Promise<void> {
+  try {
+    const inputs = {
+      token: core.getInput('token'),
+      repository: core.getInput('repository'),
+      eventType: core.getInput('event-type'),
+      clientPayload: core.getInput('client-payload')
+    }
+    core.debug(`Inputs: ${inspect(inputs)}`)
+
+    const [owner, repo] = inputs.repository.split('/')
+
+    const octokit = github.getOctokit(inputs.token)
+
+    await octokit.rest.repos.createDispatchEvent({
+      owner: owner,
+      repo: repo,
+      event_type: inputs.eventType,
+      client_payload: JSON.parse(inputs.clientPayload)
+    })
+  } catch (error: any) {
+    core.debug(inspect(error))
+    if (error.status == 404) {
+      core.setFailed(
+        'Repository not found, OR token has insufficient permissions.'
+      )
+    } else {
+      core.setFailed(error.message)
+    }
+  }
+}
+
+run()

tsconfig.json

@@ -0,0 +1,16 @@
+{
+  "compilerOptions": {
+    "target": "es6",
+    "module": "commonjs",
+    "lib": [
+      "es6"
+    ],
+    "outDir": "./lib",
+    "rootDir": "./src",
+    "declaration": true,
+    "strict": true,
+    "noImplicitAny": false,
+    "esModuleInterop": true
+  },
+  "exclude": ["__test__", "lib", "node_modules"]
+}