feat: add client-id input and deprecate app-id

Copilot · parkerbxyz · Copilot · commit 37f42c53d0b4 · 2026-03-18T20:32:46.000Z
Co-authored-by: parkerbxyz &lt;17183625+parkerbxyz@users.noreply.github.com&gt;
diff --git a/README.md b/README.md
@@ -9,10 +9,10 @@ GitHub Action for creating a GitHub App installation access token.
 In order to use this action, you need to:
 
 1. [Register new GitHub App](https://docs.github.com/apps/creating-github-apps/setting-up-a-github-app/creating-a-github-app).
-2. [Store the App's Client ID (recommended) or App ID in your repository environment variables](https://docs.github.com/actions/learn-github-actions/variables#defining-configuration-variables-for-multiple-workflows) (example: `APP_ID`).
+2. [Store the App's Client ID in your repository environment variables](https://docs.github.com/actions/learn-github-actions/variables#defining-configuration-variables-for-multiple-workflows) (example: `APP_CLIENT_ID`).
 3. [Store the App's private key in your repository secrets](https://docs.github.com/actions/security-guides/encrypted-secrets?tool=webui#creating-encrypted-secrets-for-a-repository) (example: `PRIVATE_KEY`).
 
-Pass the App's Client ID or App ID using the `app-id` input. GitHub recommends using the Client ID when available.
+Pass the App's Client ID using the `client-id` input. The legacy `app-id` input remains available for compatibility, but is deprecated.
 
 > [!IMPORTANT]  
 > An installation access token expires after 1 hour. Please [see this comment](https://github.com/actions/create-github-app-token/issues/121#issuecomment-2043214796) for alternative approaches if you have long-running processes.
@@ -33,7 +33,7 @@ jobs:
       - uses: actions/create-github-app-token@v3
         id: app-token
         with:
-          app-id: ${{ vars.APP_ID }}
+          client-id: ${{ vars.APP_CLIENT_ID }}
           private-key: ${{ secrets.PRIVATE_KEY }}
       - uses: ./actions/staging-tests
         with:
@@ -53,7 +53,7 @@ jobs:
         id: app-token
         with:
           # required
-          app-id: ${{ vars.APP_ID }}
+          client-id: ${{ vars.APP_CLIENT_ID }}
           private-key: ${{ secrets.PRIVATE_KEY }}
       - uses: actions/checkout@v6
         with:
@@ -79,7 +79,7 @@ jobs:
         id: app-token
         with:
           # required
-          app-id: ${{ vars.APP_ID }}
+          client-id: ${{ vars.APP_CLIENT_ID }}
           private-key: ${{ secrets.PRIVATE_KEY }}
       - name: Get GitHub App User ID
         id: get-user-id
@@ -104,7 +104,7 @@ jobs:
         id: app-token
         with:
           # required
-          app-id: ${{ vars.APP_ID }}
+          client-id: ${{ vars.APP_CLIENT_ID }}
           private-key: ${{ secrets.PRIVATE_KEY }}
       - name: Get GitHub App User ID
         id: get-user-id
@@ -140,7 +140,7 @@ jobs:
       - uses: actions/create-github-app-token@v3
         id: app-token
         with:
-          app-id: ${{ vars.APP_ID }}
+          client-id: ${{ vars.APP_CLIENT_ID }}
           private-key: ${{ secrets.PRIVATE_KEY }}
           owner: ${{ github.repository_owner }}
       - uses: peter-evans/create-or-update-comment@v4
@@ -162,7 +162,7 @@ jobs:
       - uses: actions/create-github-app-token@v3
         id: app-token
         with:
-          app-id: ${{ vars.APP_ID }}
+          client-id: ${{ vars.APP_CLIENT_ID }}
           private-key: ${{ secrets.PRIVATE_KEY }}
           owner: ${{ github.repository_owner }}
           repositories: |
@@ -187,7 +187,7 @@ jobs:
       - uses: actions/create-github-app-token@v3
         id: app-token
         with:
-          app-id: ${{ vars.APP_ID }}
+          client-id: ${{ vars.APP_CLIENT_ID }}
           private-key: ${{ secrets.PRIVATE_KEY }}
           owner: another-owner
       - uses: peter-evans/create-or-update-comment@v4
@@ -212,7 +212,7 @@ jobs:
       - uses: actions/create-github-app-token@v3
         id: app-token
         with:
-          app-id: ${{ vars.APP_ID }}
+          client-id: ${{ vars.APP_CLIENT_ID }}
           private-key: ${{ secrets.PRIVATE_KEY }}
           owner: ${{ github.repository_owner }}
           permission-issues: write
@@ -254,7 +254,7 @@ jobs:
       - uses: actions/create-github-app-token@v3
         id: app-token
         with:
-          app-id: ${{ vars.APP_ID }}
+          client-id: ${{ vars.APP_CLIENT_ID }}
           private-key: ${{ secrets.PRIVATE_KEY }}
           owner: ${{ matrix.owners-and-repos.owner }}
           repositories: ${{ join(matrix.owners-and-repos.repos) }}
@@ -283,7 +283,7 @@ jobs:
         id: create_token
         uses: actions/create-github-app-token@v3
         with:
-          app-id: ${{ vars.GHES_APP_ID }}
+          client-id: ${{ vars.GHES_APP_CLIENT_ID }}
           private-key: ${{ secrets.GHES_APP_PRIVATE_KEY }}
           owner: ${{ vars.GHES_INSTALLATION_ORG }}
           github-api-url: ${{ vars.GITHUB_API_URL }}
@@ -312,15 +312,24 @@ If you set `HTTP_PROXY` or `HTTPS_PROXY`, also set `NODE_USE_ENV_PROXY: "1"` on
     NO_PROXY: github.example.com
     NODE_USE_ENV_PROXY: "1"
   with:
-    app-id: ${{ vars.APP_ID }}
+    client-id: ${{ vars.APP_CLIENT_ID }}
     private-key: ${{ secrets.PRIVATE_KEY }}
 ```
 
 ## Inputs
 
+### `client-id`
+
+**Optional:** GitHub App Client ID. This is the recommended input.
+
 ### `app-id`
 
-**Required:** GitHub App Client ID or App ID. GitHub recommends using the Client ID when available.
+**Optional:** GitHub App ID.
+
+> [!WARNING]
+> `app-id` is deprecated. Use `client-id` instead.
+
+You must set either `client-id` or `app-id`. If both are set, `client-id` takes precedence.
 
 ### `private-key`
 
@@ -340,7 +349,7 @@ steps:
     id: app-token
     uses: actions/create-github-app-token@v3
     with:
-      app-id: ${{ vars.APP_ID }}
+      client-id: ${{ vars.APP_CLIENT_ID }}
       private-key: ${{ steps.decode.outputs.private-key }}
 ```
 
diff --git a/action.yml b/action.yml
@@ -5,9 +5,13 @@ branding:
   icon: "lock"
   color: "gray-dark"
 inputs:
+  client-id:
+    description: "GitHub App Client ID"
+    required: false
   app-id:
-    description: "GitHub App ID or Client ID"
-    required: true
+    description: "GitHub App ID"
+    required: false
+    deprecationMessage: "Use 'client-id' instead."
   private-key:
     description: "GitHub App private key"
     required: true
diff --git a/dist/main.cjs b/dist/main.cjs
@@ -23307,7 +23307,10 @@ if (!process.env.GITHUB_REPOSITORY_OWNER) {
 }
 async function run() {
   ensureNativeProxySupport();
-  const appId = getInput("app-id");
+  const appId = getInput("client-id") || getInput("app-id");
+  if (!appId) {
+    throw new Error("Either 'client-id' or 'app-id' input must be set");
+  }
   const privateKey = getInput("private-key");
   const owner = getInput("owner");
   const repositories = getInput("repositories").split(/[\n,]+/).map((s) => s.trim()).filter((x) => x !== "");
diff --git a/main.js b/main.js
@@ -18,7 +18,10 @@ if (!process.env.GITHUB_REPOSITORY_OWNER) {
 async function run() {
   ensureNativeProxySupport();
 
-  const appId = core.getInput("app-id");
+  const appId = core.getInput("client-id") || core.getInput("app-id");
+  if (!appId) {
+    throw new Error("Either 'client-id' or 'app-id' input must be set");
+  }
   const privateKey = core.getInput("private-key");
   const owner = core.getInput("owner");
   const repositories = core
diff --git a/tests/README.md b/tests/README.md
@@ -33,4 +33,4 @@ node --test --test-update-snapshots tests/index.js
 We have tests both for the `main.js` and `post.js` scripts.
 
 - If you do not expect an error, take [main-token-permissions-set.test.js](tests/main-token-permissions-set.test.js) as a starting point.
-- If your test has an expected error, take [main-missing-app-id.test.js](tests/main-missing-app-id.test.js) as a starting point.
+- If your test has an expected error, take [main-missing-client-and-app-id.test.js](tests/main-missing-client-and-app-id.test.js) as a starting point.
diff --git a/tests/index.js.snapshot b/tests/index.js.snapshot
@@ -1,3 +1,7 @@
+exports[`action-deprecated-inputs.test.js > stdout 1`] = `
+app-id — Use 'client-id' instead.
+`;
+
 exports[`main-client-id.test.js > stdout 1`] = `
 Inputs 'owner' and 'repositories' are not set. Creating token for this repository (actions/create-github-app-token).
 ::add-mask::ghs_16C7e42F292c6912E7710c838347Ae178B4a
@@ -34,6 +38,19 @@ POST /api/v3/app/installations/123456/access_tokens
 {"repositories":["create-github-app-token"]}
 `;
 
+exports[`main-missing-client-and-app-id.test.js > stderr 1`] = `
+Error: Either 'client-id' or 'app-id' input must be set
+    at run [90m(file:///home/runner/work/create-github-app-token/create-github-app-token/[39mmain.js:23:11[90m)[39m
+    at [90mfile:///home/runner/work/create-github-app-token/create-github-app-token/[39mmain.js:51:16
+[90m    at ModuleJob.run (node:internal/modules/esm/module_job:430:25)[39m
+[90m    at async onImport.tracePromise.__proto__ (node:internal/modules/esm/loader:661:26)[39m
+    at async [90mfile:///home/runner/work/create-github-app-token/create-github-app-token/[39mtests/main-missing-client-and-app-id.test.js:12:30
+`;
+
+exports[`main-missing-client-and-app-id.test.js > stdout 1`] = `
+::error::Either 'client-id' or 'app-id' input must be set
+`;
+
 exports[`main-missing-owner.test.js > stderr 1`] = `
 GITHUB_REPOSITORY_OWNER missing, must be set to '<owner>'
 `;
diff --git a/tests/main-client-id.test.js b/tests/main-client-id.test.js
@@ -1,6 +1,11 @@
-import { test } from "./main.js";
+import { DEFAULT_ENV, test } from "./main.js";
 
-// Verify `main` accepts a GitHub App client ID via the `app-id` input
-await test(() => {
-  process.env["INPUT_APP-ID"] = "Iv1.0123456789abcdef";
-});
+// Verify `main` accepts a GitHub App client ID via the `client-id` input
+await test(
+  () => {},
+  {
+    ...DEFAULT_ENV,
+    "INPUT_CLIENT-ID": "Iv1.0123456789abcdef",
+    "INPUT_APP-ID": "",
+  }
+);
diff --git a/tests/main-missing-client-and-app-id.test.js b/tests/main-missing-client-and-app-id.test.js
@@ -0,0 +1,14 @@
+import { DEFAULT_ENV } from "./main.js";
+
+for (const [key, value] of Object.entries({
+  ...DEFAULT_ENV,
+  "INPUT_CLIENT-ID": "",
+  "INPUT_APP-ID": "",
+})) {
+  process.env[key] = value;
+}
+
+// Verify `main` exits with an error when neither `client-id` nor `app-id` is set.
+const { default: promise } = await import("../main.js");
+await promise;
+process.exitCode = 0;
