@@ -107,20 +107,22 @@ jobs:
107107 - name : Exchange OIDC for GitHub App token
108108 id : oidc-exchange
109109 run : |
110- OIDC_TOKEN =$(curl -sf \
110+ OIDC_RESPONSE =$(curl -s \
111111 -H "Authorization: bearer $ACTIONS_ID_TOKEN_REQUEST_TOKEN" \
112- "$ACTIONS_ID_TOKEN_REQUEST_URL&audience=claude-code-github-action" | jq -r '.value')
112+ "$ACTIONS_ID_TOKEN_REQUEST_URL&audience=claude-code-github-action")
113+ OIDC_TOKEN=$(echo "$OIDC_RESPONSE" | jq -r '.value')
113114 if [ -z "$OIDC_TOKEN" ] || [ "$OIDC_TOKEN" = "null" ]; then
114- echo "::error::OIDC token request failed"; exit 1
115+ echo "::error::OIDC token request failed: $OIDC_RESPONSE "; exit 1
115116 fi
116117
117- APP_TOKEN =$(curl -sf -X POST \
118+ EXCHANGE_RESPONSE =$(curl -s -X POST \
118119 -H "Authorization: Bearer $OIDC_TOKEN" \
119120 -H "Content-Type: application/json" \
120121 -d '{"permissions":{"contents":"write","pull_requests":"write","issues":"write"}}' \
121- "https://api.anthropic.com/api/github/github-app-token-exchange" | jq -r '.token')
122+ "https://api.anthropic.com/api/github/github-app-token-exchange")
123+ APP_TOKEN=$(echo "$EXCHANGE_RESPONSE" | jq -r '.token')
122124 if [ -z "$APP_TOKEN" ] || [ "$APP_TOKEN" = "null" ]; then
123- echo "::error::Token exchange failed"; exit 1
125+ echo "::error::Token exchange failed: $EXCHANGE_RESPONSE "; exit 1
124126 fi
125127
126128 echo "::add-mask::$APP_TOKEN"
@@ -269,9 +271,9 @@ jobs:
269271 - name : Revoke GitHub App token
270272 if : always() && steps.oidc-exchange.outputs.app_token != ''
271273 run : |
272- if ! gh api "installation/token" -X DELETE --silent 2>/dev/null; then
273- echo "::warning::Token revocation failed"
274- fi
274+ REVOKE_OUTPUT=$( gh api "installation/token" -X DELETE 2>&1) || {
275+ echo "::warning::Token revocation failed: $REVOKE_OUTPUT "
276+ }
275277env :
276278 GH_TOKEN : ${{ steps.oidc-exchange.outputs.app_token }}
277279 HTTPS_PROXY : http://localhost:3128
0 commit comments