fix bug when scope is repository

Author: whywaita

README.md

@@ -26,6 +26,7 @@ You will need to provide the GitHub App ID and private key. The action will then
     with:
       app_id: ${{ secrets.APP_ID }}
       private_key: ${{ secrets.APP_PRIVATE_KEY }}
+      scope: "octocat"  # Optional, you can set "org" or "org/repo"
 
   - name: Checkout private repo
     uses: actions/checkout@v2

action.yml

@@ -10,7 +10,7 @@ inputs:
     description: 'Private key for the GitHub App'
   scope:
     required: false
-    description: 'Scope of installation account'
+    description: 'Scope of installation account. Format: "org" or "org/repo"'
     default: ''
 outputs:
   token:

dist/index.js

@@ -104,12 +104,13 @@
             const installations = yield appOctokit.apps.listInstallations();
             let installationId = installations.data[0].id;
             if (scope !== '') {
+              const loginName = scope.split('/')[0]; // if scope set repository, loginName is username
               const scopedData = installations.data.find((item) => {
                 var _a;
                 return (
                   ((_a = item.account) === null || _a === void 0
                     ? void 0
-                    : _a.login) === scope
+                    : _a.login) === loginName
                 );
               });
               if (scopedData === undefined) {
@@ -129,16 +130,45 @@
               throw new Error('Unable to authenticate');
             }
             // @ts-expect-error
-            core.setSecret(resp.token);
-            // @ts-expect-error
-            core.setOutput('token', resp.token);
+            const installationToken = resp.token;
+            // Need to check accessibility if scope set repository
+            if (scope !== '' && scope.split('/').length === 2) {
+              const error = yield isExistRepositoryInGitHubApps(
+                installationToken,
+                scope
+              );
+              if (error.error !== '') {
+                throw new Error(error.error);
+              }
+            }
+            core.setSecret(installationToken);
+            core.setOutput('token', installationToken);
           } catch (error) {
             if (error instanceof Error) {
               core.setFailed(error.message);
             }
           }
         });
       }
+      function isExistRepositoryInGitHubApps(installationToken, repository) {
+        return __awaiter(this, void 0, void 0, function* () {
+          const installationOctokit = new rest_1.Octokit({
+            auth: installationToken,
+            baseUrl: process.env.GITHUB_API_URL || 'https://api.github.com',
+          });
+          const accessibleRepositories =
+            yield installationOctokit.apps.listReposAccessibleToInstallation();
+          const repo = accessibleRepositories.data.repositories.find(
+            (item) => item.full_name === repository
+          );
+          if (repo === undefined) {
+            return {
+              error: `GitHub Apps can't accessible repository (${repository})`,
+            };
+          }
+          return {error: ''};
+        });
+      }
       run();
 
       /***/

src/main.ts

@@ -5,6 +5,8 @@ import * as core from '@actions/core';
 
 type listInstallationsResponse =
   Endpoints['GET /app/installations']['response'];
+type listRepositoriesResponse =
+  Endpoints['GET /installation/repositories']['response'];
 
 async function run(): Promise<void> {
   try {
@@ -24,8 +26,9 @@ async function run(): Promise<void> {
       await appOctokit.apps.listInstallations();
     let installationId = installations.data[0].id;
     if (scope !== '') {
+      const loginName: string = scope.split('/')[0]; // if scope set repository, loginName is username
       const scopedData = installations.data.find(
-        (item) => item.account?.login === scope
+        (item) => item.account?.login === loginName
       );
       if (scopedData === undefined) {
         throw new Error(`set scope is ${scope}, but installation is not found`);
@@ -43,16 +46,48 @@ async function run(): Promise<void> {
     if (!resp) {
       throw new Error('Unable to authenticate');
     }
-
-    // @ts-expect-error
-    core.setSecret(resp.token);
     // @ts-expect-error
-    core.setOutput('token', resp.token);
+    const installationToken = resp.token;
+
+    // Need to check accessibility if scope set repository
+    if (scope !== '' && scope.split('/').length === 2) {
+      const error = await isExistRepositoryInGitHubApps(
+        installationToken,
+        scope
+      );
+      if (error.error !== '') {
+        throw new Error(error.error);
+      }
+    }
+
+    core.setSecret(installationToken);
+    core.setOutput('token', installationToken);
   } catch (error) {
     if (error instanceof Error) {
       core.setFailed(error.message);
     }
   }
 }
 
+async function isExistRepositoryInGitHubApps(
+  installationToken: string,
+  repository: string
+): Promise<{error: string}> {
+  const installationOctokit = new Octokit({
+    auth: installationToken,
+    baseUrl: process.env.GITHUB_API_URL || 'https://api.github.com',
+  });
+  const accessibleRepositories: listRepositoriesResponse =
+    await installationOctokit.apps.listReposAccessibleToInstallation();
+
+  const repo = accessibleRepositories.data.repositories.find(
+    (item) => item.full_name === repository
+  );
+  if (repo === undefined) {
+    return {error: `GitHub Apps can't accessible repository (${repository})`};
+  }
+
+  return {error: ''};
+}
+
 run();