Add support for multiple owner/org spaces

[erharb]

We're trying to use the create-github-app-token action in our enterprise GitHub cloud to create new repositories using our own GitHub Template repositories within a workflow running the gh CLI. The GitHub App being used has permissions to multiple "owner" spaces which we have setup (for example "internal/" and "product/", aka organizations), however the tokens currently created by the action only grant permissions to a single provided owner space.

This causes problems because we use an "internal" owner space to put the template repositories but would like to be able to create the repo using a template in a separate "product" owner space, however when creating a repository from a template you must have access to both spaces. It does work if we create the new repo in the same "internal" space as the template repository.

For example:

    steps:
      - name: Create app access token
        uses: actions/create-github-app-token@v1
        id: app-token
        with:
          app-id: "${{ vars.PROD_APP_ID }}"
          private-key: "${{ secrets.PROD_APP_PRIVATE_KEY }}"
          owner: "product"

...
+ gh repo create --private --clone --template internal/template-minimal product/my-minimal-repo
GraphQL: Could not resolve to a Repository with the name 'internal/template-minimal'. (repository)
Error: Process completed with exit code 1.

If I switch owner to "internal", then it won't have perms to the "product" space to create the new repository in. If we remove the "owner" param it only creates a token that can be used just for that repository, which means no permissions to create or load template repository.

owner and repositories not set, creating token for the current repository ("create-repo-from-template")

Could a new option be provided to input as a list of owner spaces instead of just one?

[gr2m]

Could a new option be provided to input as a list of owner spaces instead of just one?

unfortunately that's not possible, installation access tokens are scoped to a single owner. There is no way around it. If you have a script that needs to work with GitHub App credentials across multiple owners, you'll either have to wrap up the work into multiple steps using multiple tokens, or create your own script that creates the tokens itself as part of it.

[erharb]

@gr2m thanks for confirming my suspicions! Fortunately we have a service internally which provides that capability, we were just trying to see if we could leverage the gh CLI and deprecate that functionality. However, since the gh CLI appears to only support one token being input in a single command it's not possible for us to leverage it when the source template repo and target repo to create aren't in the same org.