feat: add application key management#151
Conversation
|
Build artifact for this PR: |
There was a problem hiding this comment.
Pull request overview
This PR expands the action’s surface area to support B2 application key management (create/list/delete) using the B2 SDK, including new inputs/outputs, summaries, and tests, while also updating lint schema metadata.
Changes:
- Add new dispatcher verbs:
create-key,list-keys,delete-key, including step summary +summary-jsonsupport that omits the one-time key secret. - Extend input parsing and action metadata so
bucketis only required for bucket-scoped file operations (not key-management). - Add command implementation + simulator-backed tests for key creation/listing/deletion, and update Biome schema metadata.
Reviewed changes
Copilot reviewed 12 out of 14 changed files in this pull request and generated 1 comment.
Show a summary per file
| File | Description |
|---|---|
| src/main.ts | Adds key-management dispatch paths, defers bucket resolution for non-bucket actions, and emits key-specific outputs/summaries. |
| src/inputs.ts | Introduces key-management actions/inputs and makes bucket optional when the action doesn’t need it. |
| src/commands/keys.ts | Implements createKey, listKeys, and deleteKey commands using the SDK. |
| src/client.ts | Allows bucket to be absent at authorization time; enforces bucket requirement only when resolving it. |
| README.md | Documents the new verbs, inputs/outputs, and provides examples for key management. |
| dist/index.js | Updates built distribution to match source changes. |
| biome.json | Updates schema URL and migrates linter config keying to the newer schema format. |
| action.yml | Adds inputs/outputs for key management and makes bucket not globally required. |
| tests/main.test.ts | Extends dispatcher tests for key actions, including bucket non-resolution and secret masking behavior. |
| tests/main-output-contract.test.ts | Adds expected output contracts for key-management actions. |
| tests/inputs.test.ts | Adds parsing tests for new key inputs and optional bucket requirement. |
| tests/commands/keys.test.ts | Adds integration-style tests for key creation/listing/deletion against the simulator fixture. |
| tests/_parsed-inputs.ts | Updates parsed-input fixtures with key-management fields/defaults. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
|
Build artifact for this PR: |
|
Build artifact for this PR: |
|
Build artifact for this PR: |
|
Build artifact for this PR: |
|
Build artifact for this PR: |
|
Build artifact for this PR: |
|
Build artifact for this PR: |
|
Build artifact for this PR: |
|
Build artifact for this PR: |
Summary
create-key,list-keys, anddelete-keyactions backed by the B2 SDK key-management APIs.create-keywith deterministic-name duplicate checks, required scope/duration by default, and explicit opt-ins for account-level, non-expiring, or privileged-capability keys.delete-keywith expected name/prefix validation, current-key refusal, dry-run support, idempotent already-absent no-ops, andkey-deletedoutput.bucketId-only key metadata from SDK-shaped responses.list-keyswith the B2 1000-key page limit, clearer truncation warnings, and shared pagination constants.summary-jsonprojection so secrets,accountId, and deprecatedbucketIdare not emitted.dist.Linked issue
Closes #99
Tests run
pnpm typecheckpnpm lintpnpm docs:check-action-ymlpnpm vitest run __tests__/commands/keys.test.ts __tests__/main.test.tspnpm test __tests__/inputs.test.ts __tests__/commands/keys.test.ts __tests__/main.test.ts __tests__/main-output-contract.test.ts __tests__/outputs.test.tspnpm vitest run __tests__/main-output-contract.test.tspnpm testpnpm buildpnpm verify-distpnpm allFollow-up notes
create-keyrefuses to create a duplicate when the requestedkey-namealready exists; B2 does not let the one-time secret be recovered from an existing key, so reruns fail safely and log the existing key ID for revocation.application-keyoutput is masked in logs but remains plaintext to later steps; the docs warn not to propagate it as a job, composite, or reusable-workflow output.bucketremains required at runtime for file actions, but is no longer required for key-management actions.summary-jsonfor key actions intentionally omits one-time key secrets and account-level inventory fields; use dedicated scalar outputs where available.