Update popular_actions.go for actions/create-github-app-token@v3#668
Open
esaari wants to merge 1 commit into
Open
Update popular_actions.go for actions/create-github-app-token@v3#668esaari wants to merge 1 commit into
popular_actions.go for actions/create-github-app-token@v3#668esaari wants to merge 1 commit into
Conversation
The action's v3 action.yml added `client-id` as the canonical input,
deprecating `app-id`, and added several new inputs (`enterprise`,
`permission-artifact-metadata`, `permission-attestations`,
`permission-discussions`, `permission-merge-queues`).
The bundled v3 schema still marked `app-id` as required and did not
know about `client-id`, producing two false-positives per `with:` block
on workflows that use the canonical input:
- `missing input "app-id" which is required by action ...`
- `input "client-id" is not defined in action ...`
Regenerated via:
go run ./scripts/generate-popular-actions \
-r /tmp/single-entry-registry.json -q
against a single-entry registry containing only this slug (the full
default-registry regen currently fails on an unrelated 404 for a
deleted upstream tag — `actions-cool/issues-helper@v1`).
v1 and v2 entries were verified against their current action.yml and
left untouched — those tags ship `app-id` only.
heitbaum
added a commit
to heitbaum/actions
that referenced
this pull request
Jun 7, 2026
…oken@v3 client-id was introduced as the preferred input in actions/create-github-app-token@v3.1.0 (PR #353); app-id is now deprecated. Actionlint bundled metadata is stale and incorrectly requires app-id and rejects client-id, producing two false-positives: missing input "app-id" which is required by action "actions/create-github-app-token@v3" input "client-id" is not defined in action "actions/create-github-app-token@v3" Add ignore patterns to .github/actionlint.yaml to suppress both until rhysd/actionlint#668 is merged and a new release ships the corrected schema. - reviewdog/action-actionlint@v1 (action)
heitbaum
added a commit
to heitbaum/actions
that referenced
this pull request
Jun 7, 2026
…oken@v3 client-id was introduced as the preferred input in actions/create-github-app-token@v3.1.0 (PR #353); app-id is now deprecated. Actionlint bundled metadata is stale and incorrectly requires app-id and rejects client-id, producing two false-positives: missing input "app-id" which is required by action "actions/create-github-app-token@v3" input "client-id" is not defined in action "actions/create-github-app-token@v3" Add ignore patterns to .github/actionlint.yaml to suppress both until rhysd/actionlint#668 is merged and a new release ships the corrected schema. - reviewdog/action-actionlint@v1 (action)
|
Looking forward to this fix |
smorin
added a commit
to smorinlabs/py-launch-blueprint
that referenced
this pull request
Jun 16, 2026
actionlint v1.7.12 (latest) has stale schema for actions/create-github-app-token@v3 and flags `client-id` as an unknown input. The action does accept `client-id` (added shortly after actionlint's bundled metadata was generated), with `app-id` now deprecated. Add a narrowly-scoped suppression in .github/actionlint.yaml until upstream lands a fix. Tracking: - rhysd/actionlint#652 (PR, opened 2026-04-20) - rhysd/actionlint#668 (PR, opened 2026-05-21) REMOVE this file once a newer actionlint release ships with updated metadata.
smorin
added a commit
to smorinlabs/py-launch-blueprint
that referenced
this pull request
Jun 16, 2026
* ci: migrate release-please + update-contributors to client-id Both workflows used the legacy single-step `app-id` pattern with `RELEASE_PLEASE_APP_ID` / `CONTRIBUTORS_PLEASE_APP_ID` secrets. `actions/create-github-app-token@v3` deprecated `app-id` in favor of `client-id` (the App's Client ID, e.g. Iv23li...). The corresponding *_CLIENT_ID secrets are already provisioned on the repo via the repo-secrets skill. - release-please.yml: rename RP_APP_ID -> RP_CLIENT_ID env var, switch app-id -> client-id input in both release-please and sync-uv-lock jobs, update header comment. - update-contributors.yml: switch app-id -> client-id input passed to smorinlabs/contributors-please-action (which accepts both). Sibling repos (smorinlabs/contributors-please, contributors-please-action) already migrated and verified via probe runs. * ci(actionlint): suppress false-positive `client-id` warning actionlint v1.7.12 (latest) has stale schema for actions/create-github-app-token@v3 and flags `client-id` as an unknown input. The action does accept `client-id` (added shortly after actionlint's bundled metadata was generated), with `app-id` now deprecated. Add a narrowly-scoped suppression in .github/actionlint.yaml until upstream lands a fix. Tracking: - rhysd/actionlint#652 (PR, opened 2026-04-20) - rhysd/actionlint#668 (PR, opened 2026-05-21) REMOVE this file once a newer actionlint release ships with updated metadata. * fix(ci): keep app-id input name in update-contributors.yml smorinlabs/contributors-please-action's action.yml only declares `app-id` as input (no `client-id`). The prior migration commit renamed it to `client-id:` — at runtime that input would be silently ignored and App auth would fail. Revert just the input NAME change in update-contributors.yml; keep the secret VALUE pointing at CONTRIBUTORS_PLEASE_CLIENT_ID. The action's `app-id` input forwards to @octokit/auth-app's `createAppAuth({ appId })`, which transparently accepts both numeric App IDs and Client ID strings (PR #38 in the action repo uses the same approach for e2e.yml). Also narrow .github/actionlint.yaml — update-contributors.yml no longer references `client-id`, so its suppression entry is removed. release-please.yml's suppression stays (canonical actions/create-github-app-token@v3, still flagged by actionlint v1.7.12). * style(actionlint): wrap long ignore-rule strings to satisfy yamllint Reviewer feedback (CodeRabbit): lines 51 and 53 of .github/actionlint.yaml exceed the 88-char limit yamllint warns at. Use YAML folded scalars (>-) to break across lines while preserving the byte-identical string actionlint matches against.
|
Looking backwards, and everywhere around me, for this fix |
Author
|
@rhysd Could I please get a review and/or merge on this? Are you planning a release soon? |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Closes #669.
What
Regenerate the v3 entry in
popular_actions.goforactions/create-github-app-tokento match its current upstream
action.yml.Diff:
app-id— wasrequired: true; nowrequired: falsewithdeprecationMessage: "Use 'client-id' instead."client-id— added (canonical replacement forapp-id)enterprise— addedpermission-artifact-metadata— addedpermission-attestations— addedpermission-discussions— addedpermission-merge-queues— addedv1 and v2 schemas were verified against their respective live
action.ymlfilesand left untouched — those tags ship
app-idonly and don't need any change.Why
The bundled v3 schema still requires
app-idand doesn't know aboutclient-id.On any workflow using the canonical input, actionlint produces two false-positives
per
with:block:actions/create-github-app-token@v3was published 2025-09 withclient-idas thecanonical input; teams adopting the supported input get this false-positive pair
on every call site. Full repro and root cause in #669.
Generation method
I tried the full regen first
(
go run ./scripts/generate-popular-actions ./popular_actions.go),but it currently fails on an unrelated 404:
actions-cool/issues-helperappears to have moved/deleted itsv1tag upstream.This is also blocking the weekly auto-refresh workflow from updating any entry —
worth a follow-up to make the generator tolerant of upstream 404s, but out of
scope for this PR. I scoped the regen to just the affected action via a
single-entry registry:
(where
/tmp/cgat-registry.jsoncontains only theactions/create-github-app-tokenslug). The output was then patched into the existing
popular_actions.goin place.The resulting diff is byte-for-byte what the full regenerator would produce for
this entry — no manual edits to the generated formatting.
Verification
go build ./...— passgo test -run TestPopularActionsDataset ./...— passgo test ./...— pass