signed commits via graphql

README.md

@@ -65,7 +65,6 @@ All inputs are **optional**. If not set, sensible defaults will be used.
 | `branch-suffix` | The branch suffix type when using the alternative branching strategy. Valid values are `random`, `timestamp` and `short-commit-hash`. See [Alternative strategy](#alternative-strategy---always-create-a-new-pull-request-branch) for details. | |
 | `base` | Sets the pull request base branch. | Defaults to the branch checked out in the workflow. |
 | `push-to-fork` | A fork of the checked-out parent repository to which the pull request branch will be pushed. e.g. `owner/repo-fork`. The pull request will be created to merge the fork's branch into the parent's base. See [push pull request branches to a fork](docs/concepts-guidelines.md#push-pull-request-branches-to-a-fork) for details. | |
-| `sign-commits` | Sign commits as `github-actions[bot]` when using `GITHUB_TOKEN`, or your own bot when using [GitHub App tokens](docs/concepts-guidelines.md#authenticating-with-github-app-generated-tokens). See [commit signing](docs/concepts-guidelines.md#commit-signature-verification-for-bots) for details.  | `false` |
 | `title` | The title of the pull request. | `Changes by create-pull-request action` |
 | `body` | The body of the pull request. | `Automated changes by [create-pull-request](https://github.com/peter-evans/create-pull-request) GitHub action` |
 | `body-path` | The path to a file containing the pull request body. Takes precedence over `body`. | |
@@ -75,6 +74,7 @@ All inputs are **optional**. If not set, sensible defaults will be used.
 | `team-reviewers` | A comma or newline-separated list of GitHub teams to request a review from. Note that a `repo` scoped [PAT](https://docs.github.com/en/github/authenticating-to-github/creating-a-personal-access-token), or equivalent [GitHub App permissions](docs/concepts-guidelines.md#authenticating-with-github-app-generated-tokens), are required. | |
 | `milestone` | The number of the milestone to associate this pull request with. | |
 | `draft` | Create a [draft pull request](https://docs.github.com/en/github/collaborating-with-issues-and-pull-requests/about-pull-requests#draft-pull-requests). It is not possible to change draft status after creation except through the web interface. | `false` |
+| `sign-commit` | Sign the commit as bot [refer: [Signature verification for bots](https://docs.github.com/en/authentication/managing-commit-signature-verification/about-commit-signature-verification#signature-verification-for-bots)]. This can be useful if your repo or org has enforced commit-signing. | `false` |
 
 #### commit-message
 

__test__/create-or-update-branch.int.test.ts

@@ -2,6 +2,7 @@ import {
   createOrUpdateBranch,
   tryFetch,
   getWorkingBaseAndType,
+  buildBranchFileChanges,
   buildBranchCommits
 } from '../lib/create-or-update-branch'
 import * as fs from 'fs'
@@ -239,9 +240,6 @@ describe('create-or-update-branch tests', () => {
   it('tests buildBranchCommits with addition and modification', async () => {
     await git.checkout(BRANCH, BASE)
     await createChanges()
-    const UNTRACKED_EXE_FILE = 'a/script.sh'
-    const filepath = path.join(REPO_PATH, UNTRACKED_EXE_FILE)
-    await fs.promises.writeFile(filepath, '#!/usr/bin/env bash', {mode: 0o755})
     await git.exec(['add', '-A'])
     await git.commit(['-m', 'Test changes'])
 
@@ -249,9 +247,8 @@ describe('create-or-update-branch tests', () => {
 
     expect(branchCommits.length).toEqual(1)
     expect(branchCommits[0].subject).toEqual('Test changes')
-    expect(branchCommits[0].changes.length).toEqual(3)
+    expect(branchCommits[0].changes.length).toEqual(2)
     expect(branchCommits[0].changes).toEqual([
-      {mode: '100755', path: UNTRACKED_EXE_FILE, status: 'A'},
       {mode: '100644', path: TRACKED_FILE, status: 'M'},
       {mode: '100644', path: UNTRACKED_FILE, status: 'A'}
     ])
@@ -301,6 +298,80 @@ describe('create-or-update-branch tests', () => {
     }
   })
 
+  it('tests buildBranchFileChanges with no diff', async () => {
+    await git.checkout(BRANCH, BASE)
+    const branchFileChanges = await buildBranchFileChanges(git, BASE, BRANCH)
+    expect(branchFileChanges.additions.length).toEqual(0)
+    expect(branchFileChanges.deletions.length).toEqual(0)
+  })
+
+  it('tests buildBranchFileChanges with addition and modification', async () => {
+    await git.checkout(BRANCH, BASE)
+    const changes = await createChanges()
+    await git.exec(['add', '-A'])
+    await git.commit(['-m', 'Test changes'])
+
+    const branchFileChanges = await buildBranchFileChanges(git, BASE, BRANCH)
+
+    expect(branchFileChanges.additions).toEqual([
+      {
+        path: TRACKED_FILE,
+        contents: Buffer.from(changes.tracked, 'binary').toString('base64')
+      },
+      {
+        path: UNTRACKED_FILE,
+        contents: Buffer.from(changes.untracked, 'binary').toString('base64')
+      }
+    ])
+    expect(branchFileChanges.deletions.length).toEqual(0)
+  })
+
+  it('tests buildBranchFileChanges with addition and deletion', async () => {
+    await git.checkout(BRANCH, BASE)
+    const changes = await createChanges()
+    const TRACKED_FILE_NEW_PATH = 'c/tracked-file.txt'
+    const filepath = path.join(REPO_PATH, TRACKED_FILE_NEW_PATH)
+    await fs.promises.mkdir(path.dirname(filepath), {recursive: true})
+    await fs.promises.rename(path.join(REPO_PATH, TRACKED_FILE), filepath)
+    await git.exec(['add', '-A'])
+    await git.commit(['-m', 'Test changes'])
+
+    const branchFileChanges = await buildBranchFileChanges(git, BASE, BRANCH)
+
+    expect(branchFileChanges.additions).toEqual([
+      {
+        path: UNTRACKED_FILE,
+        contents: Buffer.from(changes.untracked, 'binary').toString('base64')
+      },
+      {
+        path: TRACKED_FILE_NEW_PATH,
+        contents: Buffer.from(changes.tracked, 'binary').toString('base64')
+      }
+    ])
+    expect(branchFileChanges.deletions).toEqual([{path: TRACKED_FILE}])
+  })
+
+  it('tests buildBranchFileChanges with binary files', async () => {
+    await git.checkout(BRANCH, BASE)
+    const filename = 'c/untracked-binary-file'
+    const filepath = path.join(REPO_PATH, filename)
+    const binaryData = Buffer.from([0x00, 0xff, 0x10, 0x20])
+    await fs.promises.mkdir(path.dirname(filepath), {recursive: true})
+    await fs.promises.writeFile(filepath, binaryData)
+    await git.exec(['add', '-A'])
+    await git.commit(['-m', 'Test changes'])
+
+    const branchFileChanges = await buildBranchFileChanges(git, BASE, BRANCH)
+
+    expect(branchFileChanges.additions).toEqual([
+      {
+        path: filename,
+        contents: binaryData.toString('base64')
+      }
+    ])
+    expect(branchFileChanges.deletions.length).toEqual(0)
+  })
+
   it('tests no changes resulting in no new branch being created', async () => {
     const commitMessage = uuidv4()
     const result = await createOrUpdateBranch(

action.yml

@@ -51,9 +51,6 @@ inputs:
       A fork of the checked out parent repository to which the pull request branch will be pushed.
       e.g. `owner/repo-fork`.
       The pull request will be created to merge the fork's branch into the parent's base.
-  sign-commits:
-    description: 'Sign commits as `github-actions[bot]` when using `GITHUB_TOKEN`, or your own bot when using GitHub App tokens.'
-    default: true
   title:
     description: 'The title of the pull request.'
     default: 'Changes by create-pull-request action'
@@ -77,6 +74,9 @@ inputs:
   draft:
     description: 'Create a draft pull request. It is not possible to change draft status after creation except through the web interface'
     default: false
+  sign-commit:
+    description: 'Sign the commit as github-actions bot (and as custom app if a different github-token is provided)'
+    default: true
 outputs:
   pull-request-number:
     description: 'The pull request number'

docs/concepts-guidelines.md

@@ -16,9 +16,7 @@ This document covers terminology, how the action works, general usage guidelines
   - [Push using SSH (deploy keys)](#push-using-ssh-deploy-keys)
   - [Push pull request branches to a fork](#push-pull-request-branches-to-a-fork)
   - [Authenticating with GitHub App generated tokens](#authenticating-with-github-app-generated-tokens)
-  - [Commit signing](#commit-signing)
+  - [GPG commit signature verification](#gpg-commit-signature-verification)
-    - [Commit signature verification for bots](#commit-signature-verification-for-bots)
-    - [GPG commit signature verification](#gpg-commit-signature-verification)
   - [Running in a container or on self-hosted runners](#running-in-a-container-or-on-self-hosted-runners)
 
 ## Terminology
@@ -262,17 +260,17 @@ GitHub App generated tokens are more secure than using a PAT because GitHub App
 
 4. Set secrets on your repository containing the GitHub App ID, and the private key you created in step 2. e.g. `APP_ID`, `APP_PRIVATE_KEY`.
 
-5. The following example workflow shows how to use [actions/create-github-app-token](https://github.com/actions/create-github-app-token) to generate a token for use with this action.
+5. The following example workflow shows how to use [tibdex/github-app-token](https://github.com/tibdex/github-app-token) to generate a token for use with this action.
 
 ```yaml
     steps:
       - uses: actions/checkout@v4
 
-      - uses: actions/create-github-app-token@v1
+      - uses: tibdex/github-app-token@v1
         id: generate-token
         with:
-          app-id: ${{ secrets.APP_ID }}
+          app_id: ${{ secrets.APP_ID }}
-          private-key: ${{ secrets.APP_PRIVATE_KEY }}
+          private_key: ${{ secrets.APP_PRIVATE_KEY }}
 
       # Make changes to pull request here
 
@@ -282,54 +280,7 @@ GitHub App generated tokens are more secure than using a PAT because GitHub App
           token: ${{ steps.generate-token.outputs.token }}
 ```
 
-### Commit signing
+### GPG commit signature verification
-
-[Commit signature verification](https://docs.github.com/en/authentication/managing-commit-signature-verification/about-commit-signature-verification) is a feature where GitHub will mark signed commits as "verified" to give confidence that changes are from a trusted source. Some organizations require commit signing, and enforce it with branch protection rules.
-
-The action supports two methods to sign commits, [commit signature verification for bots](#commit-signature-verification-for-bots), and [GPG commit signature verification](#gpg-commit-signature-verification).
-
-#### Commit signature verification for bots
-
-The action can sign commits as `github-actions[bot]` when using the repository's default `GITHUB_TOKEN`, or your own bot when using [GitHub App tokens](#authenticating-with-github-app-generated-tokens).
-
-> [!IMPORTANT]  
-> - When setting `sign-commits: true` the action will ignore the `committer` and `author` inputs.
-> - If you attempt to use a [Personal Access Token (PAT)](https://docs.github.com/en/github/authenticating-to-github/creating-a-personal-access-token) the action will create the pull request, but commits will not be signed. Commit signing is only supported with bot generated tokens.
-
-In this example the `token` input is not supplied, so the action will use the repository's default `GITHUB_TOKEN`. This will sign commits as `github-actions[bot]`.
-```yaml
-    steps:
-      - uses: actions/checkout@v4
-
-      # Make changes to pull request here
-
-      - name: Create Pull Request
-        uses: peter-evans/create-pull-request@v6
-        with:
-          sign-commits: true
-```
-
-In this example, the `token` input is generated using a GitHub App. This will sign commits as `<application-name>[bot]`.
-```yaml
-    steps:
-      - uses: actions/checkout@v4
-
-      - uses: actions/create-github-app-token@v1
-        id: generate-token
-        with:
-          app-id: ${{ secrets.APP_ID }}
-          private-key: ${{ secrets.APP_PRIVATE_KEY }}
-
-      # Make changes to pull request here
-
-      - name: Create Pull Request
-        uses: peter-evans/create-pull-request@v6
-        with:
-          token: ${{ steps.generate-token.outputs.token }}
-          sign-commits: true
-```
-
-#### GPG commit signature verification
 
 The action can use GPG to sign commits with a GPG key that you generate yourself.
 

package-lock.json

@@ -11,18 +11,18 @@
       "dependencies": {
         "@actions/core": "^1.10.1",
         "@actions/exec": "^1.1.1",
-        "@octokit/core": "^6.1.2",
+        "@octokit/core": "^4.2.4",
-        "@octokit/plugin-paginate-rest": "^11.3.3",
+        "@octokit/graphql": "^8.1.1",
-        "@octokit/plugin-rest-endpoint-methods": "^13.2.4",
+        "@octokit/graphql-schema": "^15.25.0",
-        "@octokit/plugin-throttling": "^9.3.1",
+        "@octokit/plugin-paginate-rest": "^5.0.1",
-        "p-limit": "^6.1.0",
+        "@octokit/plugin-rest-endpoint-methods": "^6.8.1",
         "proxy-from-env": "^1.1.0",
-        "undici": "^6.19.7",
+        "undici": "^6.19.5",
         "uuid": "^9.0.1"
       },
       "devDependencies": {
         "@types/jest": "^29.5.12",
-        "@types/node": "^18.19.44",
+        "@types/node": "^18.19.43",
         "@typescript-eslint/eslint-plugin": "^7.17.0",
         "@typescript-eslint/parser": "^7.17.0",
         "@vercel/ncc": "^0.38.1",
@@ -1262,40 +1262,54 @@
       }
     },
     "node_modules/@octokit/auth-token": {
-      "version": "5.1.1",
+      "version": "3.0.4",
-      "resolved": "https://registry.npmjs.org/@octokit/auth-token/-/auth-token-5.1.1.tgz",
+      "resolved": "https://registry.npmjs.org/@octokit/auth-token/-/auth-token-3.0.4.tgz",
-      "integrity": "sha512-rh3G3wDO8J9wSjfI436JUKzHIxq8NaiL0tVeB2aXmG6p/9859aUOAjA9pmSPNGGZxfwmaJ9ozOJImuNVJdpvbA==",
+      "integrity": "sha512-TWFX7cZF2LXoCvdmJWY7XVPi74aSY0+FfBZNSXEXFkMpjcqsQwDSYVv5FhRFaI0V1ECnwbz4j59T/G+rXNWaIQ==",
       "engines": {
-        "node": ">= 18"
+        "node": ">= 14"
       }
     },
     "node_modules/@octokit/core": {
-      "version": "6.1.2",
+      "version": "4.2.4",
-      "resolved": "https://registry.npmjs.org/@octokit/core/-/core-6.1.2.tgz",
+      "resolved": "https://registry.npmjs.org/@octokit/core/-/core-4.2.4.tgz",
-      "integrity": "sha512-hEb7Ma4cGJGEUNOAVmyfdB/3WirWMg5hDuNFVejGEDFqupeOysLc2sG6HJxY2etBp5YQu5Wtxwi020jS9xlUwg==",
+      "integrity": "sha512-rYKilwgzQ7/imScn3M9/pFfUf4I1AZEH3KhyJmtPdE2zfaXAn2mFfUy4FbKewzc2We5y/LlKLj36fWJLKC2SIQ==",
       "dependencies": {
-        "@octokit/auth-token": "^5.0.0",
+        "@octokit/auth-token": "^3.0.0",
-        "@octokit/graphql": "^8.0.0",
+        "@octokit/graphql": "^5.0.0",
-        "@octokit/request": "^9.0.0",
+        "@octokit/request": "^6.0.0",
-        "@octokit/request-error": "^6.0.1",
+        "@octokit/request-error": "^3.0.0",
-        "@octokit/types": "^13.0.0",
+        "@octokit/types": "^9.0.0",
-        "before-after-hook": "^3.0.2",
+        "before-after-hook": "^2.2.0",
-        "universal-user-agent": "^7.0.0"
+        "universal-user-agent": "^6.0.0"
       },
       "engines": {
-        "node": ">= 18"
+        "node": ">= 14"
+      }
+    },
+    "node_modules/@octokit/core/node_modules/@octokit/graphql": {
+      "version": "5.0.6",
+      "resolved": "https://registry.npmjs.org/@octokit/graphql/-/graphql-5.0.6.tgz",
+      "integrity": "sha512-Fxyxdy/JH0MnIB5h+UQ3yCoh1FG4kWXfFKkpWqjZHw/p+Kc8Y44Hu/kCgNBT6nU1shNumEchmW/sUO1JuQnPcw==",
+      "dependencies": {
+        "@octokit/request": "^6.0.0",
+        "@octokit/types": "^9.0.0",
+        "universal-user-agent": "^6.0.0"
+      },
+      "engines": {
+        "node": ">= 14"
       }
     },
     "node_modules/@octokit/endpoint": {
-      "version": "10.1.1",
+      "version": "7.0.6",
-      "resolved": "https://registry.npmjs.org/@octokit/endpoint/-/endpoint-10.1.1.tgz",
+      "resolved": "https://registry.npmjs.org/@octokit/endpoint/-/endpoint-7.0.6.tgz",
-      "integrity": "sha512-JYjh5rMOwXMJyUpj028cu0Gbp7qe/ihxfJMLc8VZBMMqSwLgOxDI1911gV4Enl1QSavAQNJcwmwBF9M0VvLh6Q==",
+      "integrity": "sha512-5L4fseVRUsDFGR00tMWD/Trdeeihn999rTMGRMC1G/Ldi1uWlWJzI98H4Iak5DB/RVvQuyMYKqSK/R6mbSOQyg==",
       "dependencies": {
-        "@octokit/types": "^13.0.0",
+        "@octokit/types": "^9.0.0",
-        "universal-user-agent": "^7.0.2"
+        "is-plain-object": "^5.0.0",
+        "universal-user-agent": "^6.0.0"
       },
       "engines": {
-        "node": ">= 18"
+        "node": ">= 14"
       }
     },
     "node_modules/@octokit/graphql": {
@@ -1311,55 +1325,33 @@
         "node": ">= 18"
       }
     },
-    "node_modules/@octokit/openapi-types": {
+    "node_modules/@octokit/graphql-schema": {
+      "version": "15.25.0",
+      "resolved": "https://registry.npmjs.org/@octokit/graphql-schema/-/graphql-schema-15.25.0.tgz",
+      "integrity": "sha512-aqz9WECtdxVWSqgKroUu9uu+CRt5KnfErWs0dBPKlTdrreAeWzS5NRu22ZVcGdPP7s3XDg2Gnf5iyoZPCRZWmQ==",
+      "dependencies": {
+        "graphql": "^16.0.0",
+        "graphql-tag": "^2.10.3"
+      }
+    },
+    "node_modules/@octokit/graphql/node_modules/@octokit/endpoint": {
+      "version": "10.1.1",
+      "resolved": "https://registry.npmjs.org/@octokit/endpoint/-/endpoint-10.1.1.tgz",
+      "integrity": "sha512-JYjh5rMOwXMJyUpj028cu0Gbp7qe/ihxfJMLc8VZBMMqSwLgOxDI1911gV4Enl1QSavAQNJcwmwBF9M0VvLh6Q==",
+      "dependencies": {
+        "@octokit/types": "^13.0.0",
+        "universal-user-agent": "^7.0.2"
+      },
+      "engines": {
+        "node": ">= 18"
+      }
+    },
+    "node_modules/@octokit/graphql/node_modules/@octokit/openapi-types": {
       "version": "22.2.0",
       "resolved": "https://registry.npmjs.org/@octokit/openapi-types/-/openapi-types-22.2.0.tgz",
       "integrity": "sha512-QBhVjcUa9W7Wwhm6DBFu6ZZ+1/t/oYxqc2tp81Pi41YNuJinbFRx8B133qVOrAaBbF7D/m0Et6f9/pZt9Rc+tg=="
     },
-    "node_modules/@octokit/plugin-paginate-rest": {
+    "node_modules/@octokit/graphql/node_modules/@octokit/request": {
-      "version": "11.3.3",
-      "resolved": "https://registry.npmjs.org/@octokit/plugin-paginate-rest/-/plugin-paginate-rest-11.3.3.tgz",
-      "integrity": "sha512-o4WRoOJZlKqEEgj+i9CpcmnByvtzoUYC6I8PD2SA95M+BJ2x8h7oLcVOg9qcowWXBOdcTRsMZiwvM3EyLm9AfA==",
-      "dependencies": {
-        "@octokit/types": "^13.5.0"
-      },
-      "engines": {
-        "node": ">= 18"
-      },
-      "peerDependencies": {
-        "@octokit/core": ">=6"
-      }
-    },
-    "node_modules/@octokit/plugin-rest-endpoint-methods": {
-      "version": "13.2.4",
-      "resolved": "https://registry.npmjs.org/@octokit/plugin-rest-endpoint-methods/-/plugin-rest-endpoint-methods-13.2.4.tgz",
-      "integrity": "sha512-gusyAVgTrPiuXOdfqOySMDztQHv6928PQ3E4dqVGEtOvRXAKRbJR4b1zQyniIT9waqaWk/UDaoJ2dyPr7Bk7Iw==",
-      "dependencies": {
-        "@octokit/types": "^13.5.0"
-      },
-      "engines": {
-        "node": ">= 18"
-      },
-      "peerDependencies": {
-        "@octokit/core": ">=6"
-      }
-    },
-    "node_modules/@octokit/plugin-throttling": {
-      "version": "9.3.1",
-      "resolved": "https://registry.npmjs.org/@octokit/plugin-throttling/-/plugin-throttling-9.3.1.tgz",
-      "integrity": "sha512-Qd91H4liUBhwLB2h6jZ99bsxoQdhgPk6TdwnClPyTBSDAdviGPceViEgUwj+pcQDmB/rfAXAXK7MTochpHM3yQ==",
-      "dependencies": {
-        "@octokit/types": "^13.0.0",
-        "bottleneck": "^2.15.3"
-      },
-      "engines": {
-        "node": ">= 18"
-      },
-      "peerDependencies": {
-        "@octokit/core": "^6.0.0"
-      }
-    },
-    "node_modules/@octokit/request": {
       "version": "9.1.3",
       "resolved": "https://registry.npmjs.org/@octokit/request/-/request-9.1.3.tgz",
       "integrity": "sha512-V+TFhu5fdF3K58rs1pGUJIDH5RZLbZm5BI+MNF+6o/ssFNT4vWlCh/tVpF3NxGtP15HUxTTMUbsG5llAuU2CZA==",
@@ -1373,7 +1365,7 @@
         "node": ">= 18"
       }
     },
-    "node_modules/@octokit/request-error": {
+    "node_modules/@octokit/graphql/node_modules/@octokit/request-error": {
       "version": "6.1.4",
       "resolved": "https://registry.npmjs.org/@octokit/request-error/-/request-error-6.1.4.tgz",
       "integrity": "sha512-VpAhIUxwhWZQImo/dWAN/NpPqqojR6PSLgLYAituLM6U+ddx9hCioFGwBr5Mi+oi5CLeJkcAs3gJ0PYYzU6wUg==",
@@ -1384,7 +1376,7 @@
         "node": ">= 18"
       }
     },
-    "node_modules/@octokit/types": {
+    "node_modules/@octokit/graphql/node_modules/@octokit/types": {
       "version": "13.5.0",
       "resolved": "https://registry.npmjs.org/@octokit/types/-/types-13.5.0.tgz",
       "integrity": "sha512-HdqWTf5Z3qwDVlzCrP8UJquMwunpDiMPt5er+QjGzL4hqr/vBVY/MauQgS1xWxCDT1oMx1EULyqxncdCY/NVSQ==",
@@ -1392,6 +1384,108 @@
         "@octokit/openapi-types": "^22.2.0"
       }
     },
+    "node_modules/@octokit/graphql/node_modules/universal-user-agent": {
+      "version": "7.0.2",
+      "resolved": "https://registry.npmjs.org/universal-user-agent/-/universal-user-agent-7.0.2.tgz",
+      "integrity": "sha512-0JCqzSKnStlRRQfCdowvqy3cy0Dvtlb8xecj/H8JFZuCze4rwjPZQOgvFvn0Ws/usCHQFGpyr+pB9adaGwXn4Q=="
+    },
+    "node_modules/@octokit/openapi-types": {
+      "version": "18.1.1",
+      "resolved": "https://registry.npmjs.org/@octokit/openapi-types/-/openapi-types-18.1.1.tgz",
+      "integrity": "sha512-VRaeH8nCDtF5aXWnjPuEMIYf1itK/s3JYyJcWFJT8X9pSNnBtriDf7wlEWsGuhPLl4QIH4xM8fqTXDwJ3Mu6sw=="
+    },
+    "node_modules/@octokit/plugin-paginate-rest": {
+      "version": "5.0.1",
+      "resolved": "https://registry.npmjs.org/@octokit/plugin-paginate-rest/-/plugin-paginate-rest-5.0.1.tgz",
+      "integrity": "sha512-7A+rEkS70pH36Z6JivSlR7Zqepz3KVucEFVDnSrgHXzG7WLAzYwcHZbKdfTXHwuTHbkT1vKvz7dHl1+HNf6Qyw==",
+      "dependencies": {
+        "@octokit/types": "^8.0.0"
+      },
+      "engines": {
+        "node": ">= 14"
+      },
+      "peerDependencies": {
+        "@octokit/core": ">=4"
+      }
+    },
+    "node_modules/@octokit/plugin-paginate-rest/node_modules/@octokit/openapi-types": {
+      "version": "14.0.0",
+      "resolved": "https://registry.npmjs.org/@octokit/openapi-types/-/openapi-types-14.0.0.tgz",
+      "integrity": "sha512-HNWisMYlR8VCnNurDU6os2ikx0s0VyEjDYHNS/h4cgb8DeOxQ0n72HyinUtdDVxJhFy3FWLGl0DJhfEWk3P5Iw=="
+    },
+    "node_modules/@octokit/plugin-paginate-rest/node_modules/@octokit/types": {
+      "version": "8.2.1",
+      "resolved": "https://registry.npmjs.org/@octokit/types/-/types-8.2.1.tgz",
+      "integrity": "sha512-8oWMUji8be66q2B9PmEIUyQm00VPDPun07umUWSaCwxmeaquFBro4Hcc3ruVoDo3zkQyZBlRvhIMEYS3pBhanw==",
+      "dependencies": {
+        "@octokit/openapi-types": "^14.0.0"
+      }
+    },
+    "node_modules/@octokit/plugin-rest-endpoint-methods": {
+      "version": "6.8.1",
+      "resolved": "https://registry.npmjs.org/@octokit/plugin-rest-endpoint-methods/-/plugin-rest-endpoint-methods-6.8.1.tgz",
+      "integrity": "sha512-QrlaTm8Lyc/TbU7BL/8bO49vp+RZ6W3McxxmmQTgYxf2sWkO8ZKuj4dLhPNJD6VCUW1hetCmeIM0m6FTVpDiEg==",
+      "dependencies": {
+        "@octokit/types": "^8.1.1",
+        "deprecation": "^2.3.1"
+      },
+      "engines": {
+        "node": ">= 14"
+      },
+      "peerDependencies": {
+        "@octokit/core": ">=3"
+      }
+    },
+    "node_modules/@octokit/plugin-rest-endpoint-methods/node_modules/@octokit/openapi-types": {
+      "version": "14.0.0",
+      "resolved": "https://registry.npmjs.org/@octokit/openapi-types/-/openapi-types-14.0.0.tgz",
+      "integrity": "sha512-HNWisMYlR8VCnNurDU6os2ikx0s0VyEjDYHNS/h4cgb8DeOxQ0n72HyinUtdDVxJhFy3FWLGl0DJhfEWk3P5Iw=="
+    },
+    "node_modules/@octokit/plugin-rest-endpoint-methods/node_modules/@octokit/types": {
+      "version": "8.2.1",
+      "resolved": "https://registry.npmjs.org/@octokit/types/-/types-8.2.1.tgz",
+      "integrity": "sha512-8oWMUji8be66q2B9PmEIUyQm00VPDPun07umUWSaCwxmeaquFBro4Hcc3ruVoDo3zkQyZBlRvhIMEYS3pBhanw==",
+      "dependencies": {
+        "@octokit/openapi-types": "^14.0.0"
+      }
+    },
+    "node_modules/@octokit/request": {
+      "version": "6.2.8",
+      "resolved": "https://registry.npmjs.org/@octokit/request/-/request-6.2.8.tgz",
+      "integrity": "sha512-ow4+pkVQ+6XVVsekSYBzJC0VTVvh/FCTUUgTsboGq+DTeWdyIFV8WSCdo0RIxk6wSkBTHqIK1mYuY7nOBXOchw==",
+      "dependencies": {
+        "@octokit/endpoint": "^7.0.0",
+        "@octokit/request-error": "^3.0.0",
+        "@octokit/types": "^9.0.0",
+        "is-plain-object": "^5.0.0",
+        "node-fetch": "^2.6.7",
+        "universal-user-agent": "^6.0.0"
+      },
+      "engines": {
+        "node": ">= 14"
+      }
+    },
+    "node_modules/@octokit/request-error": {
+      "version": "3.0.3",
+      "resolved": "https://registry.npmjs.org/@octokit/request-error/-/request-error-3.0.3.tgz",
+      "integrity": "sha512-crqw3V5Iy2uOU5Np+8M/YexTlT8zxCfI+qu+LxUB7SZpje4Qmx3mub5DfEKSO8Ylyk0aogi6TYdf6kxzh2BguQ==",
+      "dependencies": {
+        "@octokit/types": "^9.0.0",
+        "deprecation": "^2.0.0",
+        "once": "^1.4.0"
+      },
+      "engines": {
+        "node": ">= 14"
+      }
+    },
+    "node_modules/@octokit/types": {
+      "version": "9.3.2",
+      "resolved": "https://registry.npmjs.org/@octokit/types/-/types-9.3.2.tgz",
+      "integrity": "sha512-D4iHGTdAnEEVsB8fl95m1hiz7D5YiRdQ9b/OEb3BYRVwbLsGHcRVPz+u+BgRLNk0Q0/4iZCBqDN96j2XNxfXrA==",
+      "dependencies": {
+        "@octokit/openapi-types": "^18.0.0"
+      }
+    },
     "node_modules/@pkgr/core": {
       "version": "0.1.1",
       "resolved": "https://registry.npmjs.org/@pkgr/core/-/core-0.1.1.tgz",
@@ -1545,9 +1639,9 @@
       "dev": true
     },
     "node_modules/@types/node": {
-      "version": "18.19.44",
+      "version": "18.19.43",
-      "resolved": "https://registry.npmjs.org/@types/node/-/node-18.19.44.tgz",
+      "resolved": "https://registry.npmjs.org/@types/node/-/node-18.19.43.tgz",
-      "integrity": "sha512-ZsbGerYg72WMXUIE9fYxtvfzLEuq6q8mKERdWFnqTmOvudMxnz+CBNRoOwJ2kNpFOncrKjT1hZwxjlFgQ9qvQA==",
+      "integrity": "sha512-Mw/YlgXnyJdEwLoFv2dpuJaDFriX+Pc+0qOBJ57jC1H6cDxIj2xc5yUrdtArDVG0m+KV6622a4p2tenEqB3C/g==",
       "dev": true,
       "dependencies": {
         "undici-types": "~5.26.4"
@@ -2606,14 +2700,9 @@
       "dev": true
     },
     "node_modules/before-after-hook": {
-      "version": "3.0.2",
+      "version": "2.2.3",
-      "resolved": "https://registry.npmjs.org/before-after-hook/-/before-after-hook-3.0.2.tgz",
+      "resolved": "https://registry.npmjs.org/before-after-hook/-/before-after-hook-2.2.3.tgz",
-      "integrity": "sha512-Nik3Sc0ncrMK4UUdXQmAnRtzmNQTAAXmXIopizwZ1W1t8QmfJj+zL4OA2I7XPTPW5z5TDqv4hRo/JzouDJnX3A=="
+      "integrity": "sha512-NzUnlZexiaH/46WDhANlyR2bXRopNg4F/zuSA3OpZnllCUgRaOF2znDioDWrmbNVsuZk6l9pMquQB38cfBZwkQ=="
-    },
-    "node_modules/bottleneck": {
-      "version": "2.19.5",
-      "resolved": "https://registry.npmjs.org/bottleneck/-/bottleneck-2.19.5.tgz",
-      "integrity": "sha512-VHiNCbI1lKdl44tGrhNfU3lup0Tj/ZBMJB5/2ZbNXRCPuRCO7ed2mgcK4r17y+KB2EfuYuRaVlwNbAeaWGSpbw=="
     },
     "node_modules/brace-expansion": {
       "version": "1.1.11",
@@ -3128,6 +3217,11 @@
         "node": ">=0.4.0"
       }
     },
+    "node_modules/deprecation": {
+      "version": "2.3.1",
+      "resolved": "https://registry.npmjs.org/deprecation/-/deprecation-2.3.1.tgz",
+      "integrity": "sha512-xmHIy4F3scKVwMsQ4WnVaS8bHOx0DmVwRywosKhaILI0ywMDWPtBSku2HNxRvF7jtwDRsoEwYQSfbxj8b7RlJQ=="
+    },
     "node_modules/dequal": {
       "version": "2.0.3",
       "resolved": "https://registry.npmjs.org/dequal/-/dequal-2.0.3.tgz",
@@ -4473,6 +4567,28 @@
       "integrity": "sha512-EtKwoO6kxCL9WO5xipiHTZlSzBm7WLT627TqC/uVRd0HKmq8NXyebnNYxDoBi7wt8eTWrUrKXCOVaFq9x1kgag==",
       "dev": true
     },
+    "node_modules/graphql": {
+      "version": "16.9.0",
+      "resolved": "https://registry.npmjs.org/graphql/-/graphql-16.9.0.tgz",
+      "integrity": "sha512-GGTKBX4SD7Wdb8mqeDLni2oaRGYQWjWHGKPQ24ZMnUtKfcsVoiv4uX8+LJr1K6U5VW2Lu1BwJnj7uiori0YtRw==",
+      "engines": {
+        "node": "^12.22.0 || ^14.16.0 || ^16.0.0 || >=17.0.0"
+      }
+    },
+    "node_modules/graphql-tag": {
+      "version": "2.12.6",
+      "resolved": "https://registry.npmjs.org/graphql-tag/-/graphql-tag-2.12.6.tgz",
+      "integrity": "sha512-FdSNcu2QQcWnM2VNvSCCDCVS5PpPqpzgFT8+GXzqJuoDd0CBncxCY278u4mhRO7tMgo2JjgJA5aZ+nWSQ/Z+xg==",
+      "dependencies": {
+        "tslib": "^2.1.0"
+      },
+      "engines": {
+        "node": ">=10"
+      },
+      "peerDependencies": {
+        "graphql": "^0.9.0 || ^0.10.0 || ^0.11.0 || ^0.12.0 || ^0.13.0 || ^14.0.0 || ^15.0.0 || ^16.0.0"
+      }
+    },
     "node_modules/has-bigints": {
       "version": "1.0.2",
       "resolved": "https://registry.npmjs.org/has-bigints/-/has-bigints-1.0.2.tgz",
@@ -4965,6 +5081,14 @@
         "node": ">=8"
       }
     },
+    "node_modules/is-plain-object": {
+      "version": "5.0.0",
+      "resolved": "https://registry.npmjs.org/is-plain-object/-/is-plain-object-5.0.0.tgz",
+      "integrity": "sha512-VRSzKkbMm5jMDoKLbltAkFQ5Qr7VDiTFGXxYFXXowVj387GeGNOCsOH6Msy00SGZ3Fp84b1Naa1psqgcCIEP5Q==",
+      "engines": {
+        "node": ">=0.10.0"
+      }
+    },
     "node_modules/is-potential-custom-element-name": {
       "version": "1.0.1",
       "resolved": "https://registry.npmjs.org/is-potential-custom-element-name/-/is-potential-custom-element-name-1.0.1.tgz",
@@ -5260,33 +5384,6 @@
         "node": "^14.15.0 || ^16.10.0 || >=18.0.0"
       }
     },
-    "node_modules/jest-changed-files/node_modules/p-limit": {
-      "version": "3.1.0",
-      "resolved": "https://registry.npmjs.org/p-limit/-/p-limit-3.1.0.tgz",
-      "integrity": "sha512-TYOanM3wGwNGsZN2cVTYPArw454xnXj5qmWF1bEoAc4+cU/ol7GVh7odevjp1FNHduHc3KZMcFduxU5Xc6uJRQ==",
-      "dev": true,
-      "dependencies": {
-        "yocto-queue": "^0.1.0"
-      },
-      "engines": {
-        "node": ">=10"
-      },
-      "funding": {
-        "url": "https://github.com/sponsors/sindresorhus"
-      }
-    },
-    "node_modules/jest-changed-files/node_modules/yocto-queue": {
-      "version": "0.1.0",
-      "resolved": "https://registry.npmjs.org/yocto-queue/-/yocto-queue-0.1.0.tgz",
-      "integrity": "sha512-rVksvsnNCdJ/ohGc6xgPwyN8eheCxsiLM8mxuE/t/mOVqJewPuO1miLpTHQiRgTKCLexL4MeAFVagts7HmNZ2Q==",
-      "dev": true,
-      "engines": {
-        "node": ">=10"
-      },
-      "funding": {
-        "url": "https://github.com/sponsors/sindresorhus"
-      }
-    },
     "node_modules/jest-circus": {
       "version": "29.7.0",
       "resolved": "https://registry.npmjs.org/jest-circus/-/jest-circus-29.7.0.tgz",
@@ -5318,33 +5415,6 @@
         "node": "^14.15.0 || ^16.10.0 || >=18.0.0"
       }
     },
-    "node_modules/jest-circus/node_modules/p-limit": {
-      "version": "3.1.0",
-      "resolved": "https://registry.npmjs.org/p-limit/-/p-limit-3.1.0.tgz",
-      "integrity": "sha512-TYOanM3wGwNGsZN2cVTYPArw454xnXj5qmWF1bEoAc4+cU/ol7GVh7odevjp1FNHduHc3KZMcFduxU5Xc6uJRQ==",
-      "dev": true,
-      "dependencies": {
-        "yocto-queue": "^0.1.0"
-      },
-      "engines": {
-        "node": ">=10"
-      },
-      "funding": {
-        "url": "https://github.com/sponsors/sindresorhus"
-      }
-    },
-    "node_modules/jest-circus/node_modules/yocto-queue": {
-      "version": "0.1.0",
-      "resolved": "https://registry.npmjs.org/yocto-queue/-/yocto-queue-0.1.0.tgz",
-      "integrity": "sha512-rVksvsnNCdJ/ohGc6xgPwyN8eheCxsiLM8mxuE/t/mOVqJewPuO1miLpTHQiRgTKCLexL4MeAFVagts7HmNZ2Q==",
-      "dev": true,
-      "engines": {
-        "node": ">=10"
-      },
-      "funding": {
-        "url": "https://github.com/sponsors/sindresorhus"
-      }
-    },
     "node_modules/jest-cli": {
       "version": "29.7.0",
       "resolved": "https://registry.npmjs.org/jest-cli/-/jest-cli-29.7.0.tgz",
@@ -5697,33 +5767,6 @@
         "node": "^14.15.0 || ^16.10.0 || >=18.0.0"
       }
     },
-    "node_modules/jest-runner/node_modules/p-limit": {
-      "version": "3.1.0",
-      "resolved": "https://registry.npmjs.org/p-limit/-/p-limit-3.1.0.tgz",
-      "integrity": "sha512-TYOanM3wGwNGsZN2cVTYPArw454xnXj5qmWF1bEoAc4+cU/ol7GVh7odevjp1FNHduHc3KZMcFduxU5Xc6uJRQ==",
-      "dev": true,
-      "dependencies": {
-        "yocto-queue": "^0.1.0"
-      },
-      "engines": {
-        "node": ">=10"
-      },
-      "funding": {
-        "url": "https://github.com/sponsors/sindresorhus"
-      }
-    },
-    "node_modules/jest-runner/node_modules/yocto-queue": {
-      "version": "0.1.0",
-      "resolved": "https://registry.npmjs.org/yocto-queue/-/yocto-queue-0.1.0.tgz",
-      "integrity": "sha512-rVksvsnNCdJ/ohGc6xgPwyN8eheCxsiLM8mxuE/t/mOVqJewPuO1miLpTHQiRgTKCLexL4MeAFVagts7HmNZ2Q==",
-      "dev": true,
-      "engines": {
-        "node": ">=10"
-      },
-      "funding": {
-        "url": "https://github.com/sponsors/sindresorhus"
-      }
-    },
     "node_modules/jest-runtime": {
       "version": "29.7.0",
       "resolved": "https://registry.npmjs.org/jest-runtime/-/jest-runtime-29.7.0.tgz",
@@ -6254,6 +6297,44 @@
       "integrity": "sha512-OWND8ei3VtNC9h7V60qff3SVobHr996CTwgxubgyQYEpg290h9J0buyECNNJexkFm5sOajh5G116RYA1c8ZMSw==",
       "dev": true
     },
+    "node_modules/node-fetch": {
+      "version": "2.7.0",
+      "resolved": "https://registry.npmjs.org/node-fetch/-/node-fetch-2.7.0.tgz",
+      "integrity": "sha512-c4FRfUm/dbcWZ7U+1Wq0AwCyFL+3nt2bEw05wfxSz+DWpWsitgmSgYmy2dQdWyKC1694ELPqMs/YzUSNozLt8A==",
+      "dependencies": {
+        "whatwg-url": "^5.0.0"
+      },
+      "engines": {
+        "node": "4.x || >=6.0.0"
+      },
+      "peerDependencies": {
+        "encoding": "^0.1.0"
+      },
+      "peerDependenciesMeta": {
+        "encoding": {
+          "optional": true
+        }
+      }
+    },
+    "node_modules/node-fetch/node_modules/tr46": {
+      "version": "0.0.3",
+      "resolved": "https://registry.npmjs.org/tr46/-/tr46-0.0.3.tgz",
+      "integrity": "sha512-N3WMsuqV66lT30CrXNbEjx4GEwlow3v6rr4mCcv6prnfwhS01rkgyFdjPNBYd9br7LpXV1+Emh01fHnq2Gdgrw=="
+    },
+    "node_modules/node-fetch/node_modules/webidl-conversions": {
+      "version": "3.0.1",
+      "resolved": "https://registry.npmjs.org/webidl-conversions/-/webidl-conversions-3.0.1.tgz",
+      "integrity": "sha512-2JAn3z8AR6rjK8Sm8orRC0h/bcl/DqL7tRPdGZ4I1CjdF+EaMLmYxBHyXuKL849eucPFhvBoxMsflfOb8kxaeQ=="
+    },
+    "node_modules/node-fetch/node_modules/whatwg-url": {
+      "version": "5.0.0",
+      "resolved": "https://registry.npmjs.org/whatwg-url/-/whatwg-url-5.0.0.tgz",
+      "integrity": "sha512-saE57nupxk6v3HY35+jzBwYa0rKSy0XR8JSxZPwgLr7ys0IBzhGviA1/TUGJLmSVqs8pb9AnvICXEuOHLprYTw==",
+      "dependencies": {
+        "tr46": "~0.0.3",
+        "webidl-conversions": "^3.0.0"
+      }
+    },
     "node_modules/node-int64": {
       "version": "0.4.0",
       "resolved": "https://registry.npmjs.org/node-int64/-/node-int64-0.4.0.tgz",
@@ -6401,7 +6482,6 @@
       "version": "1.4.0",
       "resolved": "https://registry.npmjs.org/once/-/once-1.4.0.tgz",
       "integrity": "sha512-lNaJgI+2Q5URQBkccEKHTQOPaXdUxnZZElQTZY0MFUAuaEqe1E+Nyvgdz/aIyNi6Z9MzO5dv1H8n58/GELp3+w==",
-      "dev": true,
       "dependencies": {
         "wrappy": "1"
       }
@@ -6439,35 +6519,6 @@
       }
     },
     "node_modules/p-limit": {
-      "version": "6.1.0",
-      "resolved": "https://registry.npmjs.org/p-limit/-/p-limit-6.1.0.tgz",
-      "integrity": "sha512-H0jc0q1vOzlEk0TqAKXKZxdl7kX3OFUzCnNVUnq5Pc3DGo0kpeaMuPqxQn235HibwBEb0/pm9dgKTjXy66fBkg==",
-      "dependencies": {
-        "yocto-queue": "^1.1.1"
-      },
-      "engines": {
-        "node": ">=18"
-      },
-      "funding": {
-        "url": "https://github.com/sponsors/sindresorhus"
-      }
-    },
-    "node_modules/p-locate": {
-      "version": "5.0.0",
-      "resolved": "https://registry.npmjs.org/p-locate/-/p-locate-5.0.0.tgz",
-      "integrity": "sha512-LaNjtRWUBY++zB5nE/NwcaoMylSPk+S+ZHNB1TzdbMJMny6dynpAGt7X/tl/QYq3TIeE6nxHppbo2LGymrG5Pw==",
-      "dev": true,
-      "dependencies": {
-        "p-limit": "^3.0.2"
-      },
-      "engines": {
-        "node": ">=10"
-      },
-      "funding": {
-        "url": "https://github.com/sponsors/sindresorhus"
-      }
-    },
-    "node_modules/p-locate/node_modules/p-limit": {
       "version": "3.1.0",
       "resolved": "https://registry.npmjs.org/p-limit/-/p-limit-3.1.0.tgz",
       "integrity": "sha512-TYOanM3wGwNGsZN2cVTYPArw454xnXj5qmWF1bEoAc4+cU/ol7GVh7odevjp1FNHduHc3KZMcFduxU5Xc6uJRQ==",
@@ -6482,11 +6533,14 @@
         "url": "https://github.com/sponsors/sindresorhus"
       }
     },
-    "node_modules/p-locate/node_modules/yocto-queue": {
+    "node_modules/p-locate": {
-      "version": "0.1.0",
+      "version": "5.0.0",
-      "resolved": "https://registry.npmjs.org/yocto-queue/-/yocto-queue-0.1.0.tgz",
+      "resolved": "https://registry.npmjs.org/p-locate/-/p-locate-5.0.0.tgz",
-      "integrity": "sha512-rVksvsnNCdJ/ohGc6xgPwyN8eheCxsiLM8mxuE/t/mOVqJewPuO1miLpTHQiRgTKCLexL4MeAFVagts7HmNZ2Q==",
+      "integrity": "sha512-LaNjtRWUBY++zB5nE/NwcaoMylSPk+S+ZHNB1TzdbMJMny6dynpAGt7X/tl/QYq3TIeE6nxHppbo2LGymrG5Pw==",
       "dev": true,
+      "dependencies": {
+        "p-limit": "^3.0.2"
+      },
       "engines": {
         "node": ">=10"
       },
@@ -7582,8 +7636,7 @@
     "node_modules/tslib": {
       "version": "2.6.3",
       "resolved": "https://registry.npmjs.org/tslib/-/tslib-2.6.3.tgz",
-      "integrity": "sha512-xNvxJEOUiWPGhUuUdQgAJPKOOJfGnIyKySOc09XkKsgdUV/3E2zvwZYdejjmRgPCgcym1juLH3226yA7sEFJKQ==",
+      "integrity": "sha512-xNvxJEOUiWPGhUuUdQgAJPKOOJfGnIyKySOc09XkKsgdUV/3E2zvwZYdejjmRgPCgcym1juLH3226yA7sEFJKQ=="
-      "dev": true
     },
     "node_modules/tsutils": {
       "version": "3.21.0",
@@ -7749,9 +7802,9 @@
       }
     },
     "node_modules/undici": {
-      "version": "6.19.7",
+      "version": "6.19.5",
-      "resolved": "https://registry.npmjs.org/undici/-/undici-6.19.7.tgz",
+      "resolved": "https://registry.npmjs.org/undici/-/undici-6.19.5.tgz",
-      "integrity": "sha512-HR3W/bMGPSr90i8AAp2C4DM3wChFdJPLrWYpIS++LxS8K+W535qftjt+4MyjNYHeWabMj1nvtmLIi7l++iq91A==",
+      "integrity": "sha512-LryC15SWzqQsREHIOUybavaIHF5IoL0dJ9aWWxL/PgT1KfqAW5225FZpDUFlt9xiDMS2/S7DOKhFWA7RLksWdg==",
       "engines": {
         "node": ">=18.17"
       }
@@ -7763,9 +7816,9 @@
       "dev": true
     },
     "node_modules/universal-user-agent": {
-      "version": "7.0.2",
+      "version": "6.0.1",
-      "resolved": "https://registry.npmjs.org/universal-user-agent/-/universal-user-agent-7.0.2.tgz",
+      "resolved": "https://registry.npmjs.org/universal-user-agent/-/universal-user-agent-6.0.1.tgz",
-      "integrity": "sha512-0JCqzSKnStlRRQfCdowvqy3cy0Dvtlb8xecj/H8JFZuCze4rwjPZQOgvFvn0Ws/usCHQFGpyr+pB9adaGwXn4Q=="
+      "integrity": "sha512-yCzhz6FN2wU1NiiQRogkTQszlQSlpWaw8SvVegAc+bDxbzHgh1vX8uIe8OYyMH6DwH+sdTJsgMl36+mSMdRJIQ=="
     },
     "node_modules/universalify": {
       "version": "0.2.0",
@@ -8038,8 +8091,7 @@
     "node_modules/wrappy": {
       "version": "1.0.2",
       "resolved": "https://registry.npmjs.org/wrappy/-/wrappy-1.0.2.tgz",
-      "integrity": "sha512-l4Sp/DRseor9wL6EvV2+TuQn63dMkPjZ/sp9XkghTEbV9KlPS1xUsZ3u7/IQO4wxtcFB4bgpQPRcR3QCvezPcQ==",
+      "integrity": "sha512-l4Sp/DRseor9wL6EvV2+TuQn63dMkPjZ/sp9XkghTEbV9KlPS1xUsZ3u7/IQO4wxtcFB4bgpQPRcR3QCvezPcQ=="
-      "dev": true
     },
     "node_modules/write-file-atomic": {
       "version": "4.0.2",
@@ -8133,11 +8185,12 @@
       }
     },
     "node_modules/yocto-queue": {
-      "version": "1.1.1",
+      "version": "0.1.0",
-      "resolved": "https://registry.npmjs.org/yocto-queue/-/yocto-queue-1.1.1.tgz",
+      "resolved": "https://registry.npmjs.org/yocto-queue/-/yocto-queue-0.1.0.tgz",
-      "integrity": "sha512-b4JR1PFR10y1mKjhHY9LaGo6tmrgjit7hxVIeAmyMw3jegXR4dhYqLaQF5zMXZxY7tLpMyJeLjr1C4rLmkVe8g==",
+      "integrity": "sha512-rVksvsnNCdJ/ohGc6xgPwyN8eheCxsiLM8mxuE/t/mOVqJewPuO1miLpTHQiRgTKCLexL4MeAFVagts7HmNZ2Q==",
+      "dev": true,
       "engines": {
-        "node": ">=12.20"
+        "node": ">=10"
       },
       "funding": {
         "url": "https://github.com/sponsors/sindresorhus"

package.json

@@ -31,18 +31,18 @@
   "dependencies": {
     "@actions/core": "^1.10.1",
     "@actions/exec": "^1.1.1",
-    "@octokit/core": "^6.1.2",
+    "@octokit/core": "^4.2.4",
-    "@octokit/plugin-paginate-rest": "^11.3.3",
+    "@octokit/graphql": "^8.1.1",
-    "@octokit/plugin-rest-endpoint-methods": "^13.2.4",
+    "@octokit/graphql-schema": "^15.25.0",
-    "@octokit/plugin-throttling": "^9.3.1",
+    "@octokit/plugin-paginate-rest": "^5.0.1",
-    "p-limit": "^6.1.0",
+    "@octokit/plugin-rest-endpoint-methods": "^6.8.1",
     "proxy-from-env": "^1.1.0",
-    "undici": "^6.19.7",
+    "undici": "^6.19.5",
     "uuid": "^9.0.1"
   },
   "devDependencies": {
     "@types/jest": "^29.5.12",
-    "@types/node": "^18.19.44",
+    "@types/node": "^18.19.43",
     "@typescript-eslint/eslint-plugin": "^7.17.0",
     "@typescript-eslint/parser": "^7.17.0",
     "@vercel/ncc": "^0.38.1",

src/create-or-update-branch.ts

@@ -1,6 +1,7 @@
 import * as core from '@actions/core'
 import {GitCommandManager, Commit} from './git-command-manager'
 import {v4 as uuidv4} from 'uuid'
+import * as utils from './utils'
 
 const CHERRYPICK_EMPTY =
   'The previous cherry-pick is now empty, possibly due to conflict resolution.'
@@ -65,6 +66,38 @@ export async function buildBranchCommits(
   return commits
 }
 
+export async function buildBranchFileChanges(
+  git: GitCommandManager,
+  base: string,
+  branch: string
+): Promise<BranchFileChanges> {
+  const branchFileChanges: BranchFileChanges = {
+    additions: [],
+    deletions: []
+  }
+  const changedFiles = await git.getChangedFiles([
+    '--diff-filter=AM',
+    `${base}..${branch}`
+  ])
+  const deletedFiles = await git.getChangedFiles([
+    '--diff-filter=D',
+    `${base}..${branch}`
+  ])
+  const repoPath = git.getWorkingDirectory()
+  for (const file of changedFiles) {
+    branchFileChanges.additions!.push({
+      path: file,
+      contents: utils.readFileBase64([repoPath, file])
+    })
+  }
+  for (const file of deletedFiles) {
+    branchFileChanges.deletions!.push({
+      path: file
+    })
+  }
+  return branchFileChanges
+}
+
 // Return the number of commits that branch2 is ahead of branch1
 async function commitsAhead(
   git: GitCommandManager,
@@ -128,12 +161,22 @@ function splitLines(multilineString: string): string[] {
     .filter(x => x !== '')
 }
 
+export interface BranchFileChanges {
+  additions: {
+    path: string
+    contents: string
+  }[]
+  deletions: {
+    path: string
+  }[]
+}
+
 interface CreateOrUpdateBranchResult {
   action: string
   base: string
   hasDiffWithBase: boolean
-  baseSha: string
   headSha: string
+  branchFileChanges?: BranchFileChanges
   branchCommits: Commit[]
 }
 
@@ -144,8 +187,7 @@ export async function createOrUpdateBranch(
   branch: string,
   branchRemoteName: string,
   signoff: boolean,
-  addPaths: string[],
+  addPaths: string[]
-  signCommits: boolean = false
 ): Promise<CreateOrUpdateBranchResult> {
   // Get the working base.
   // When a ref, it may or may not be the actual base.
@@ -165,7 +207,6 @@ export async function createOrUpdateBranch(
     action: 'none',
     base: base,
     hasDiffWithBase: false,
-    baseSha: '',
     headSha: '',
     branchCommits: []
   }
@@ -312,15 +353,14 @@ export async function createOrUpdateBranch(
     result.hasDiffWithBase = await isAhead(git, base, branch)
   }
 
-  // Get the base and head SHAs
+  // Build the branch commits
-  result.baseSha = await git.revParse(base)
+  result.branchCommits = await buildBranchCommits(git, base, branch)
-  result.headSha = await git.revParse(branch)
 
-  // NOTE: This could always be built and returned. Maybe remove when there is confidence in buildBranchCommits.
+  // Build the branch file changes
-  if (signCommits) {
+  result.branchFileChanges = await buildBranchFileChanges(git, base, branch)
-    // Build the branch commits
+
-    result.branchCommits = await buildBranchCommits(git, base, branch)
+  // Get the pull request branch SHA
-  }
+  result.headSha = await git.revParse('HEAD')
 
   // Delete the temporary branch
   await git.exec(['branch', '--delete', '--force', tempBranch])

src/create-pull-request.ts

@@ -23,7 +23,6 @@ export interface Inputs {
   branchSuffix: string
   base: string
   pushToFork: string
-  signCommits: boolean
   title: string
   body: string
   bodyPath: string
@@ -33,6 +32,7 @@ export interface Inputs {
   teamReviewers: string[]
   milestone: number
   draft: boolean
+  signCommit: boolean
 }
 
 export async function createPullRequest(inputs: Inputs): Promise<void> {
@@ -184,8 +184,7 @@ export async function createPullRequest(inputs: Inputs): Promise<void> {
       inputs.branch,
       branchRemoteName,
       inputs.signoff,
-      inputs.addPaths,
+      inputs.addPaths
-      inputs.signCommits
     )
     // Set the base. It would have been '' if not specified as an input
     inputs.base = result.base
@@ -196,17 +195,23 @@ export async function createPullRequest(inputs: Inputs): Promise<void> {
       core.startGroup(
         `Pushing pull request branch to '${branchRemoteName}/${inputs.branch}'`
       )
-      if (inputs.signCommits) {
+      if (inputs.signCommit) {
-        // Create signed commits via the GitHub API
+        // Stash any uncommitted tracked and untracked changes
         const stashed = await git.stashPush(['--include-untracked'])
         await git.checkout(inputs.branch)
         await githubHelper.pushSignedCommits(
           result.branchCommits,
-          result.baseSha,
           repoPath,
           branchRepository,
           inputs.branch
         )
+        // await githubHelper.pushSignedCommit(
+        //   branchRepository,
+        //   inputs.branch,
+        //   inputs.base,
+        //   inputs.commitMessage,
+        //   result.branchFileChanges
+        // )
         await git.checkout('-')
         if (stashed) {
           await git.stashPop()

src/git-command-manager.ts

@@ -216,6 +216,15 @@ export class GitCommandManager {
     return output.exitCode === 1
   }
 
+  async getChangedFiles(options?: string[]): Promise<string[]> {
+    const args = ['diff', '--name-only']
+    if (options) {
+      args.push(...options)
+    }
+    const output = await this.exec(args)
+    return output.stdout.split('\n').filter(filename => filename != '')
+  }
+
   async isDirty(untracked: boolean, pathspec?: string[]): Promise<boolean> {
     const pathspecArgs = pathspec ? ['--', ...pathspec] : []
     // Check untracked changes

src/github-helper.ts

@@ -1,15 +1,19 @@
 import * as core from '@actions/core'
 import {Inputs} from './create-pull-request'
 import {Commit} from './git-command-manager'
-import {Octokit, OctokitOptions, throttleOptions} from './octokit-client'
+import {Octokit, OctokitOptions} from './octokit-client'
-import pLimit from 'p-limit'
+import type {
+  Repository as TempRepository,
+  Ref,
+  Commit as CommitTemp,
+  FileChanges
+} from '@octokit/graphql-schema'
+import {BranchFileChanges} from './create-or-update-branch'
 import * as utils from './utils'
 
 const ERROR_PR_REVIEW_TOKEN_SCOPE =
   'Validation Failed: "Could not resolve to a node with the global id of'
 
-const blobCreationLimit = pLimit(8)
-
 interface Repository {
   owner: string
   repo: string
@@ -41,7 +45,6 @@ export class GitHubHelper {
     } else {
       options.baseUrl = 'https://api.github.com'
     }
-    options.throttle = throttleOptions
     this.octokit = new Octokit(options)
   }
 
@@ -199,45 +202,36 @@ export class GitHubHelper {
 
   async pushSignedCommits(
     branchCommits: Commit[],
-    baseSha: string,
     repoPath: string,
     branchRepository: string,
     branch: string
   ): Promise<void> {
-    let headSha = baseSha
+    let headSha = ''
     for (const commit of branchCommits) {
-      headSha = await this.createCommit(
+      headSha = await this.createCommit(commit, repoPath, branchRepository)
-        commit,
-        [headSha],
-        repoPath,
-        branchRepository
-      )
     }
     await this.createOrUpdateRef(branchRepository, branch, headSha)
   }
 
   private async createCommit(
     commit: Commit,
-    parents: string[],
     repoPath: string,
     branchRepository: string
   ): Promise<string> {
     const repository = this.parseRepository(branchRepository)
     let treeSha = commit.tree
     if (commit.changes.length > 0) {
-      core.info(`Creating tree objects for local commit ${commit.sha}`)
+      core.debug(`Creating tree objects for local commit ${commit.sha}`)
       const treeObjects = await Promise.all(
         commit.changes.map(async ({path, mode, status}) => {
           let sha: string | null = null
           if (status === 'A' || status === 'M') {
-            core.info(`Creating blob for file '${path}'`)
+            core.debug(`Creating blob for file '${path}'`)
-            const {data: blob} = await blobCreationLimit(() =>
+            const {data: blob} = await this.octokit.rest.git.createBlob({
-              this.octokit.rest.git.createBlob({
+              ...repository,
-                ...repository,
+              content: utils.readFileBase64([repoPath, path]),
-                content: utils.readFileBase64([repoPath, path]),
+              encoding: 'base64'
-                encoding: 'base64'
+            })
-              })
-            )
             sha = blob.sha
           }
           return <TreeObject>{
@@ -248,28 +242,25 @@ export class GitHubHelper {
           }
         })
       )
-      core.info(`Creating tree for local commit ${commit.sha}`)
+      core.debug(`Creating tree for local commit ${commit.sha}`)
       const {data: tree} = await this.octokit.rest.git.createTree({
         ...repository,
-        base_tree: parents[0],
+        base_tree: commit.parents[0],
         tree: treeObjects
       })
       treeSha = tree.sha
-      core.info(`Created tree ${treeSha} for local commit ${commit.sha}`)
+      core.debug(`Created tree ${treeSha} for local commit ${commit.sha}`)
     }
 
     const {data: remoteCommit} = await this.octokit.rest.git.createCommit({
       ...repository,
-      parents: parents,
+      parents: commit.parents,
       tree: treeSha,
       message: `${commit.subject}\n\n${commit.body}`
     })
-    core.info(
+    core.debug(
       `Created commit ${remoteCommit.sha} for local commit ${commit.sha}`
     )
-    core.info(
-      `Commit verified: ${remoteCommit.verification.verified}; reason: ${remoteCommit.verification.reason}`
-    )
     return remoteCommit.sha
   }
 
@@ -279,10 +270,10 @@ export class GitHubHelper {
     newHead: string
   ) {
     const repository = this.parseRepository(branchRepository)
-    const branchExists = await this.octokit.rest.repos
+    const branchExists = await this.octokit.rest.git
-      .getBranch({
+      .getRef({
         ...repository,
-        branch: branch
+        ref: branch
       })
       .then(
         () => true,
@@ -290,15 +281,14 @@ export class GitHubHelper {
       )
 
     if (branchExists) {
-      core.info(`Branch ${branch} exists; Updating ref`)
+      core.debug(`Branch ${branch} exists, updating ref`)
       await this.octokit.rest.git.updateRef({
         ...repository,
         sha: newHead,
-        ref: `heads/${branch}`,
+        ref: `heads/${branch}`
-        force: true
       })
     } else {
-      core.info(`Branch ${branch} does not exist; Creating ref`)
+      core.debug(`Branch ${branch} does not exist, creating ref`)
       await this.octokit.rest.git.createRef({
         ...repository,
         sha: newHead,
@@ -306,4 +296,171 @@ export class GitHubHelper {
       })
     }
   }
+
+  async pushSignedCommit(
+    branchRepository: string,
+    branch: string,
+    base: string,
+    commitMessage: string,
+    branchFileChanges?: BranchFileChanges
+  ): Promise<void> {
+    core.info(`Use API to push a signed commit`)
+
+    const [repoOwner, repoName] = branchRepository.split('/')
+    core.debug(`repoOwner: '${repoOwner}', repoName: '${repoName}'`)
+    const refQuery = `
+        query GetRefId($repoName: String!, $repoOwner: String!, $branchName: String!) {
+          repository(owner: $repoOwner, name: $repoName){
+            id
+            ref(qualifiedName: $branchName){
+              id
+              name
+              prefix
+              target{
+                id
+                oid
+                commitUrl
+                commitResourcePath
+                abbreviatedOid
+              }
+            }
+          },
+        }
+      `
+
+    let branchRef = await this.octokit.graphql<{repository: TempRepository}>(
+      refQuery,
+      {
+        repoOwner: repoOwner,
+        repoName: repoName,
+        branchName: branch
+      }
+    )
+    core.debug(
+      `Fetched information for branch '${branch}' - '${JSON.stringify(branchRef)}'`
+    )
+
+    // if the branch does not exist, then first we need to create the branch from base
+    if (branchRef.repository.ref == null) {
+      core.debug(`Branch does not exist - '${branch}'`)
+      branchRef = await this.octokit.graphql<{repository: TempRepository}>(
+        refQuery,
+        {
+          repoOwner: repoOwner,
+          repoName: repoName,
+          branchName: base
+        }
+      )
+      core.debug(
+        `Fetched information for base branch '${base}' - '${JSON.stringify(branchRef)}'`
+      )
+
+      core.info(
+        `Creating new branch '${branch}' from '${base}', with ref '${JSON.stringify(branchRef.repository.ref!.target!.oid)}'`
+      )
+      if (branchRef.repository.ref != null) {
+        core.debug(`Send request for creating new branch`)
+        const newBranchMutation = `
+          mutation CreateNewBranch($branchName: String!, $oid: GitObjectID!, $repoId: ID!) {
+            createRef(input: {
+              name: $branchName,
+              oid: $oid,
+              repositoryId: $repoId
+            }) {
+              ref {
+                id
+                name
+                prefix
+              }
+            }
+          }
+        `
+        const newBranch = await this.octokit.graphql<{createRef: {ref: Ref}}>(
+          newBranchMutation,
+          {
+            repoId: branchRef.repository.id,
+            oid: branchRef.repository.ref.target!.oid,
+            branchName: 'refs/heads/' + branch
+          }
+        )
+        core.debug(
+          `Created new branch '${branch}': '${JSON.stringify(newBranch.createRef.ref)}'`
+        )
+      }
+    }
+    core.info(
+      `Hash ref of branch '${branch}' is '${JSON.stringify(branchRef.repository.ref!.target!.oid)}'`
+    )
+
+    const fileChanges = <FileChanges>{
+      additions: branchFileChanges!.additions,
+      deletions: branchFileChanges!.deletions
+    }
+
+    const pushCommitMutation = `
+      mutation PushCommit(
+        $repoNameWithOwner: String!,
+        $branchName: String!,
+        $headOid: GitObjectID!,
+        $commitMessage: String!,
+        $fileChanges: FileChanges
+      ) {
+        createCommitOnBranch(input: {
+          branch: {
+            repositoryNameWithOwner: $repoNameWithOwner,
+            branchName: $branchName,
+          }
+          fileChanges: $fileChanges
+          message: {
+            headline: $commitMessage
+          }
+          expectedHeadOid: $headOid
+        }){
+          clientMutationId
+          ref{
+            id
+            name
+            prefix
+          }
+          commit{
+            id
+            abbreviatedOid
+            oid
+          }
+        }
+      }
+    `
+    const pushCommitVars = {
+      branchName: branch,
+      repoNameWithOwner: repoOwner + '/' + repoName,
+      headOid: branchRef.repository.ref!.target!.oid,
+      commitMessage: commitMessage,
+      fileChanges: fileChanges
+    }
+
+    const pushCommitVarsWithoutContents = {
+      ...pushCommitVars,
+      fileChanges: {
+        ...pushCommitVars.fileChanges,
+        additions: pushCommitVars.fileChanges.additions?.map(addition => {
+          // eslint-disable-next-line @typescript-eslint/no-unused-vars
+          const {contents, ...rest} = addition
+          return rest
+        })
+      }
+    }
+
+    core.debug(
+      `Push commit with payload: '${JSON.stringify(pushCommitVarsWithoutContents)}'`
+    )
+
+    const commit = await this.octokit.graphql<{
+      createCommitOnBranch: {ref: Ref; commit: CommitTemp}
+    }>(pushCommitMutation, pushCommitVars)
+
+    core.debug(`Pushed commit - '${JSON.stringify(commit)}'`)
+    core.info(
+      `Pushed commit with hash - '${commit.createCommitOnBranch.commit.oid}' on branch - '${commit.createCommitOnBranch.ref.name}'`
+    )
+  }
 }

src/main.ts

@@ -19,7 +19,6 @@ async function run(): Promise<void> {
       branchSuffix: core.getInput('branch-suffix'),
       base: core.getInput('base'),
       pushToFork: core.getInput('push-to-fork'),
-      signCommits: core.getBooleanInput('sign-commits'),
       title: core.getInput('title'),
       body: core.getInput('body'),
       bodyPath: core.getInput('body-path'),
@@ -28,7 +27,8 @@ async function run(): Promise<void> {
       reviewers: utils.getInputAsArray('reviewers'),
       teamReviewers: utils.getInputAsArray('team-reviewers'),
       milestone: Number(core.getInput('milestone')),
-      draft: core.getBooleanInput('draft')
+      draft: core.getBooleanInput('draft'),
+      signCommit: core.getBooleanInput('sign-commit')
     }
     core.debug(`Inputs: ${inspect(inputs)}`)
 

src/octokit-client.ts

@@ -1,37 +1,17 @@
-import * as core from '@actions/core'
+import {Octokit as Core} from '@octokit/core'
-import {Octokit as OctokitCore} from '@octokit/core'
 import {paginateRest} from '@octokit/plugin-paginate-rest'
 import {restEndpointMethods} from '@octokit/plugin-rest-endpoint-methods'
-import {throttling} from '@octokit/plugin-throttling'
 import {getProxyForUrl} from 'proxy-from-env'
 import {ProxyAgent, fetch as undiciFetch} from 'undici'
 export {RestEndpointMethodTypes} from '@octokit/plugin-rest-endpoint-methods'
-// eslint-disable-next-line import/no-unresolved
 export {OctokitOptions} from '@octokit/core/dist-types/types'
 
-export const Octokit = OctokitCore.plugin(
+export const Octokit = Core.plugin(
   paginateRest,
   restEndpointMethods,
-  throttling,
   autoProxyAgent
 )
 
-export const throttleOptions = {
-  onRateLimit: (retryAfter, options, _, retryCount) => {
-    core.debug(`Hit rate limit for request ${options.method} ${options.url}`)
-    // Retries twice for a total of three attempts
-    if (retryCount < 2) {
-      core.debug(`Retrying after ${retryAfter} seconds!`)
-      return true
-    }
-  },
-  onSecondaryRateLimit: (_, options) => {
-    core.warning(
-      `Hit secondary rate limit for request ${options.method} ${options.url}`
-    )
-  }
-}
-
 const proxyFetch =
   (proxyUrl: string): typeof undiciFetch =>
   (url, opts) => {
@@ -44,7 +24,7 @@ const proxyFetch =
   }
 
 // Octokit plugin to support the standard environment variables http_proxy, https_proxy and no_proxy
-function autoProxyAgent(octokit: OctokitCore) {
+function autoProxyAgent(octokit: Core) {
   octokit.hook.before('request', options => {
     const proxy = getProxyForUrl(options.baseUrl)
     if (proxy) {