Use the official GitHub Action to obtain installation access tokens

When I committed the first workflow in e84a016 (Add a workflow to
synchronize refs from git/git to gitgitgadget/git, 2023-08-18), I had
missed the first public release of `actions/create-github-app-token` by
_mere days_: The first version of that GitHub Action to be officially
published to the GitHub Marketplace was v1.1.0, on August 22nd, 2023:
https://github.com/actions/create-github-app-token/releases/tag/v1.1.0,
i.e. a mere 4 days after I had committed the initial version of the
`sync-ref` workflow.

That was the reason why, when I scoured around for a GitHub Action that
could be used to obtain an installation access token, I only found a
third-party one.

I don't exactly remember how I got aware of the official Action provided
by GitHub itself, but I know that I immediately opened
#5 so that
I wouldn't forget to eventually migrate to that Action.

This commit is it. With this, we switch from that 3rd-party Action to
the official GitHub one.

Signed-off-by: Johannes Schindelin <[email protected]>

Author: dscho

.github/workflows/sync-git-gui.yml

@@ -25,6 +25,10 @@ jobs:
         id: check
         with:
           script: |
+            const [targetRepoOwner, targetRepoName] = process.env.TARGET_REPOSITORY.split('/')
+            core.setOutput('target-repo-owner', targetRepoOwner)
+            core.setOutput('target-repo-name', targetRepoName)
+
             const sleep = async (milliseconds) => {
               return new Promise(resolve => setTimeout(resolve, milliseconds))
             }
@@ -109,12 +113,13 @@ jobs:
             core.setOutput('to-fetch', [...toFetch].join(' '))
       - name: obtain installation token
         if: steps.check.outputs.refspec != ''
-        uses: tibdex/github-app-token@b62528385c34dbc9f38e5f4225ac829252d1ea92
+        uses: actions/create-github-app-token@v1
         id: token
         with:
-          app_id: ${{ secrets.GITGITGADGET_GITHUB_APP_ID }}
-          private_key: ${{ secrets.GITGITGADGET_GITHUB_APP_PRIVATE_KEY }}
-          repository: ${{ env.TARGET_REPOSITORY }}
+          app-id: ${{ secrets.GITGITGADGET_GITHUB_APP_ID }}
+          private-key: ${{ secrets.GITGITGADGET_GITHUB_APP_PRIVATE_KEY }}
+          owner: ${{ steps.check.outputs.target-repo-owner }}
+          repositories: ${{ steps.check.outputs.target-repo-name }}
       - name: set authorization header
         if: steps.check.outputs.refspec != ''
         uses: actions/github-script@v7

.github/workflows/sync-gitster-git.yml

@@ -24,6 +24,10 @@ jobs:
         id: check
         with:
           script: |
+            const [targetRepoOwner, targetRepoName] = process.env.TARGET_REPOSITORY.split('/')
+            core.setOutput('target-repo-owner', targetRepoOwner)
+            core.setOutput('target-repo-name', targetRepoName)
+
             const sleep = async (milliseconds) => {
               return new Promise(resolve => setTimeout(resolve, milliseconds))
             }
@@ -95,12 +99,13 @@ jobs:
             core.setOutput('to-fetch', [...toFetch].join(' '))
       - name: obtain installation token
         if: steps.check.outputs.refspec != ''
-        uses: tibdex/github-app-token@b62528385c34dbc9f38e5f4225ac829252d1ea92
+        uses: actions/create-github-app-token@v1
         id: token
         with:
-          app_id: ${{ secrets.GITGITGADGET_GITHUB_APP_ID }}
-          private_key: ${{ secrets.GITGITGADGET_GITHUB_APP_PRIVATE_KEY }}
-          repository: ${{ env.TARGET_REPOSITORY }}
+          app-id: ${{ secrets.GITGITGADGET_GITHUB_APP_ID }}
+          private-key: ${{ secrets.GITGITGADGET_GITHUB_APP_PRIVATE_KEY }}
+          owner: ${{ steps.check.outputs.target-repo-owner }}
+          repositories: ${{ steps.check.outputs.target-repo-name }}
       - name: set authorization header
         if: steps.check.outputs.refspec != ''
         uses: actions/github-script@v7

.github/workflows/sync-ref.yml

@@ -30,6 +30,10 @@ jobs:
         id: check
         with:
           script: |
+            const [targetRepoOwner, targetRepoName] = process.env.TARGET_REPOSITORY.split('/')
+            core.setOutput('target-repo-owner', targetRepoOwner)
+            core.setOutput('target-repo-name', targetRepoName)
+
             const getSHA = async (repository, ref) => {
               if (ref.startsWith('refs/heads/') || ref.startsWith('refs/tags/')) ref = ref.substring(4)
               else throw new Error(`Cannot handle ref '${ref}`)
@@ -60,12 +64,13 @@ jobs:
             core.setOutput('target-sha', targetSHA || '')
       - name: obtain installation token
         if: steps.check.outputs.skip == 'false'
-        uses: tibdex/github-app-token@b62528385c34dbc9f38e5f4225ac829252d1ea92
+        uses: actions/create-github-app-token@v1
         id: token
         with:
-          app_id: ${{ secrets.GITGITGADGET_GITHUB_APP_ID }}
-          private_key: ${{ secrets.GITGITGADGET_GITHUB_APP_PRIVATE_KEY }}
-          repository: ${{ env.TARGET_REPOSITORY }}
+          app-id: ${{ secrets.GITGITGADGET_GITHUB_APP_ID }}
+          private-key: ${{ secrets.GITGITGADGET_GITHUB_APP_PRIVATE_KEY }}
+          owner: ${{ steps.check.outputs.target-repo-owner }}
+          repositories: ${{ steps.check.outputs.target-repo-name }}
       - name: set authorization header
         if: steps.check.outputs.skip == 'false'
         uses: actions/github-script@v7