From 66a70456860bafc79e37635eea77b8b2a929f6c8 Mon Sep 17 00:00:00 2001
From: Wechuli <wechulipaul@yahoo.com>
Date: Wed, 26 Jun 2024 04:10:54 +0300
Subject: [PATCH] fix: do not revoke token if already expired (#147)

Closes #140

The pull request at #95 introduced changes to avoid revoking expired
tokens by saving the `expiresAt` value in the state. The change,
however, used `core.setOutput` instead of `core.setState` meaning the
value is not saved in the state but rather available in the output.

```javascript
if (!skipTokenRevoke) {
    core.saveState("token", authentication.token);
    core.setOutput("expiresAt", authentication.expiresAt);
  }
```
This means that when we use the value downstream, it evaluates to an
empty string and the following code block is never run:

```javascript
 const expiresAt = core.getState("expiresAt");
 if (expiresAt && tokenExpiresIn(expiresAt) < 0) {
   core.info("Token expired, skipping token revocation");
   return;
 }
```
This is a tiny PR to correct that typo.
---
 dist/main.cjs                 |   2 +-
 lib/main.js                   |   2 +-
 tests/snapshots/index.js.md   |  27 +++++++++------------------
 tests/snapshots/index.js.snap | Bin 1131 -> 1128 bytes
 4 files changed, 11 insertions(+), 20 deletions(-)

diff --git a/dist/main.cjs b/dist/main.cjs
index a96b5c0..474eaef 100644
--- a/dist/main.cjs
+++ b/dist/main.cjs
@@ -39753,7 +39753,7 @@ async function main(appId2, privateKey2, owner2, repositories2, core3, createApp
   core3.setOutput("app-slug", appSlug);
   if (!skipTokenRevoke2) {
     core3.saveState("token", authentication.token);
-    core3.setOutput("expiresAt", authentication.expiresAt);
+    core3.saveState("expiresAt", authentication.expiresAt);
   }
 }
 async function getTokenFromOwner(request2, auth5, parsedOwner) {
diff --git a/lib/main.js b/lib/main.js
index d685277..97443c0 100644
--- a/lib/main.js
+++ b/lib/main.js
@@ -104,7 +104,7 @@ export async function main(
   // Make token accessible to post function (so we can invalidate it)
   if (!skipTokenRevoke) {
     core.saveState("token", authentication.token);
-    core.setOutput("expiresAt", authentication.expiresAt);
+    core.saveState("expiresAt", authentication.expiresAt);
   }
 }
 
diff --git a/tests/snapshots/index.js.md b/tests/snapshots/index.js.md
index 21918c0..c458d39 100644
--- a/tests/snapshots/index.js.md
+++ b/tests/snapshots/index.js.md
@@ -33,8 +33,7 @@ Generated by [AVA](https://avajs.dev).
     ␊
     ::set-output name=app-slug::github-actions␊
     ::save-state name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
-    ␊
-    ::set-output name=expiresAt::2016-07-11T22:14:10Z`
+    ::save-state name=expiresAt::2016-07-11T22:14:10Z`
 
 ## main-missing-app-id.test.js
 
@@ -94,8 +93,7 @@ Generated by [AVA](https://avajs.dev).
     ␊
     ::set-output name=app-slug::github-actions␊
     ::save-state name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
-    ␊
-    ::set-output name=expiresAt::2016-07-11T22:14:10Z`
+    ::save-state name=expiresAt::2016-07-11T22:14:10Z`
 
 ## main-token-get-owner-set-repo-set-to-many.test.js
 
@@ -114,8 +112,7 @@ Generated by [AVA](https://avajs.dev).
     ␊
     ::set-output name=app-slug::github-actions␊
     ::save-state name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
-    ␊
-    ::set-output name=expiresAt::2016-07-11T22:14:10Z`
+    ::save-state name=expiresAt::2016-07-11T22:14:10Z`
 
 ## main-token-get-owner-set-repo-set-to-one.test.js
 
@@ -134,8 +131,7 @@ Generated by [AVA](https://avajs.dev).
     ␊
     ::set-output name=app-slug::github-actions␊
     ::save-state name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
-    ␊
-    ::set-output name=expiresAt::2016-07-11T22:14:10Z`
+    ::save-state name=expiresAt::2016-07-11T22:14:10Z`
 
 ## main-token-get-owner-set-to-org-repo-unset.test.js
 
@@ -154,8 +150,7 @@ Generated by [AVA](https://avajs.dev).
     ␊
     ::set-output name=app-slug::github-actions␊
     ::save-state name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
-    ␊
-    ::set-output name=expiresAt::2016-07-11T22:14:10Z`
+    ::save-state name=expiresAt::2016-07-11T22:14:10Z`
 
 ## main-token-get-owner-set-to-user-fail-response.test.js
 
@@ -175,8 +170,7 @@ Generated by [AVA](https://avajs.dev).
     ␊
     ::set-output name=app-slug::github-actions␊
     ::save-state name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
-    ␊
-    ::set-output name=expiresAt::2016-07-11T22:14:10Z`
+    ::save-state name=expiresAt::2016-07-11T22:14:10Z`
 
 ## main-token-get-owner-set-to-user-repo-unset.test.js
 
@@ -195,8 +189,7 @@ Generated by [AVA](https://avajs.dev).
     ␊
     ::set-output name=app-slug::github-actions␊
     ::save-state name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
-    ␊
-    ::set-output name=expiresAt::2016-07-11T22:14:10Z`
+    ::save-state name=expiresAt::2016-07-11T22:14:10Z`
 
 ## main-token-get-owner-unset-repo-set.test.js
 
@@ -215,8 +208,7 @@ Generated by [AVA](https://avajs.dev).
     ␊
     ::set-output name=app-slug::github-actions␊
     ::save-state name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
-    ␊
-    ::set-output name=expiresAt::2016-07-11T22:14:10Z`
+    ::save-state name=expiresAt::2016-07-11T22:14:10Z`
 
 ## main-token-get-owner-unset-repo-unset.test.js
 
@@ -235,8 +227,7 @@ Generated by [AVA](https://avajs.dev).
     ␊
     ::set-output name=app-slug::github-actions␊
     ::save-state name=token::ghs_16C7e42F292c6912E7710c838347Ae178B4a␊
-    ␊
-    ::set-output name=expiresAt::2016-07-11T22:14:10Z`
+    ::save-state name=expiresAt::2016-07-11T22:14:10Z`
 
 ## post-revoke-token-fail-response.test.js
 
diff --git a/tests/snapshots/index.js.snap b/tests/snapshots/index.js.snap
index 53720f3db20c1a6b28f5ab5d2b11dba78c399cea..5a0653706ded1917da4cb52e95edaeab23821f70 100644
GIT binary patch
literal 1128
zcmV-u1eg0kRzV<BZeeh9Xm4~Nb~6eC0B@U&X;<(hsDouWbo-rU5FA?I!1MvrwTalO
zoTf5z)E|oo00000000B+ncs>dMHI#-iU<RO-ia$(1R=AUnoVc2$xN{dvobp~7dp#0
zi?iN@O8O*Irn{=GI-S|Q6JJ5`-UY#XLGKk`z&Fqb5MMx$uI~IPl1|p?$tsduh3?9C
zzB=`*Q-{hoy-uLI1M}q*K!E`~BD{-2N$NwSq013`Dr6L+*+ww9{izW~^2l5$G+#XN
zeUAKt=Qm#5NIs<(HeT6)fOjD18T3Kxbil(BpC0nuX^BTsTlnPn&%Yv-^m~N}Lnbi^
zmp-`^K|ne{G=yphJ`s{|(u*<HK!%`=P;#3*Fkm&P)sO~(``eq57DJBE9>C)?%G85m
zp)w(w3XS5Kfr#3u1|ZuShH3z5)S1V{VkdIc%F(f0=3tU`72{|v%OMw%c4LDoq<w)G
zafk9q&{zjWR`VxkHNP*ZO9|ReMMI>FK&1s3VgRe8tAV4CePV5sp3?51a*CU|We38<
zWj4_=Nz{GPc|0Ck-eipXJ`K4UFxI~?ZLj%$3mWx%^}Twxx#!gnS}m{E-QC&UX|(pi
zYwg}`@Xbxe3?Nl8Mllk}LwMIlC?=8Qp9cZAdq((-dG(#f?dH6p$(&3O_Zb^aGM!H{
zln;R#<Oo+YHmd-SBB8<TBV+ZN*QB);^}Mrsop}xB)jpYv%MFW5D2x%ZPt!e>%gOoe
zX$ne}<D^Is4WGqAXJAW(#Kch)2=Ez6_2vMTN8FUN*Bob-w|rxVj<LPN<Flg&ciX22
z_fI}LK07&m*gpCA!-G?jsZ~iB8%*|}0VJqM<&M>VuW~i3#IZV6E%FUB$8dFNCZ|NN
z=J8F(<9I(Vuz2KHWHUKkn$25xk}y|I>W(#>R=$3+trAU|Y_LR?_P7YB1`{c1ph#u=
z%c*RC6sv5BEAXwuxmE0*eV-&Lt$kBM?r*m^B7_kV?<OOM0*~Sj*}s2mso+B{0^SK=
zT@+VS6urghC0|g{kjwnt^AzCy>VWt2N{`g)=shYG3<R!^*k?ym?Wt%|vQQOU_h<i4
zc<Q<EB+TgaB&V@7fJN~6*1_lNlEZ`TL~_94LEyrZJnV}hNRlGBCS=8gG#3#P8_?I+
zD*fqD^4oP%VnWp&1hBY68Vy=^NB<^p`HlGqxc_`j8q>B$WF?5aGZzs{#JK4xg2pcn
z8b4&+&MXt@^U3o6!!}1q(v7tSiJ8*Y_%yq@MrSqX&}HZpt}8z}@O+ooDle)qcmZQF
zCRZtBtDJ|@8kZH}Qi+to>}EWp=9=1_^SX2Y^%i57TuUMQjGb8!lAv9iM3P?JFf#ul
z(^^curBlqmVO{R3>A2cTtz@!QlKfi`O<0{+oabyfWvtMiI=|tVdTElM0r*REVm%ki
u$=go&*JqaJk{gmmnd|1&DK`bn%lR9QmzPs7Vq8v~_<sYV%9jO+8vp<VYAlQZ

literal 1131
zcmV-x1eE(hRzV<BZeeh9Xm4~Nb~6eC0RMlNd!<3&y`Gl^XUQOekjPV{9JLiXm6VWN
z0d6|bnIDS?00000000B+nayq^MG(hh5JHNC1UJMYXhlfQf;;P(c<rRMAZ1ZD$pNwo
zS&`*pwP(ss<MGVU-Q(=u5U&6dXZC=^9SQCrUVt~)7eKrKqCdtTt$6Gu6E6ta7ms?%
zRsXL3b#<xzUAGe@L0^3R1SFFYJVG>(EQxUlDTjbc2r-M(Oo}ZDLT-I7n22dA&J!uV
zdJ=|I(vMzTdwETNDle_QwgwUHK-3j71kSC&!wQ`?dEul&)3nV(^z_SbP}M$H5ff+<
z6VW(C7c7cU2M~urGE`$MMig~3nQ=fv;6lmVLJtHOAK3Vag#;RIt*4v~m7jJW9@{8W
z1LZ>Hj<9t!iYNLkZOfz&aht<XecPy)hRem)?yzx($L?|kle8z99IfTXfU+0|nUKi<
z_n17-I+&&mXFMvin!h-!`C}!yh=H4_a7YuuWWpH;BtX_sz=28@_mGi|x(RoUHY{%9
zmNA5h%6y_5NP7=a=keHdW1SEhhIl|lpOD_UXnV~MThQ?D`MZA5-1YqZR?DjgJKH<k
zjn*D`t)06Kx~_hu6k(MfMKg-&0Nytd%DK?_r%^=Bo?#&&p1<9=-JE5r=Om)6rvm1a
zwDZxXbO=~El5lOp;8Dsrh&@S&U-z20-ol=D>ifiN5U>8(OkQpnUIt7EwPM(AszOlC
zZck%SsUGPnp%(XxOvSZi$B9HDOVfx!NRah6gQz0prj)(mC^Ntn3p;Rx?H(MR9zM9+
zKH0y2{K?Vj@yWyX@uwf}pP<}Z4Gq)=(Hl^uP+^LycZ~lJs#lYW9H~>~qF69-1lJa3
za?0t|G`{U<9B;@u5)U1T<Wf!-X7kn^9p<V@-8O=4>Fa6IwNI>>*Isd#vPeCNRBb0H
zQ`-J=O4}dhN}E=tj!!)}vy9y{?{$)F@tbnw{&tf}34>H3?<PS9Ode((w0Hl=P(g>v
zl6E3kRmCM$MQ=WP`avct?{V?=c?R-+cgXv7sfTK9^j;=O)Ms*a$UaA$>d%Bz5|^rD
zs}}8lN{?SikA{ZZ!yISo7?frB`QG8@+lm8(X+{djQHgfx(StoURIe?AD@2x!NOK+{
znNZKy)-L_&VDj`jF%g3#=tnTWOBxxiI;4M<xZ>`7MBIPADvfblF|r&+-kZsYL1Nta
zlwspHhmD`|j^{EIc6_q_|FG3zF$yxyA(pwP&GCVDbH&b**ujg~DP389cIf$`s9&B}
zW8^uE(U{z*C_ai<TJf?hUaBhlGQT3vvAL#}=gfER!QLU{g7R2_K**^fK?e;?7LmQe
zA!zo6rjcm1*(ny^v@TZFbX09xDY@Gk(tjJI6Idq_XDJ&_2`ja!&TcrOUYX>l58=X`
x7|o?}@~#v9%}dL3K?TaA%vAIGl$w(D<?Jm-%d1uk8`l#j{@?5J`je6y001LSE1LiS