Add support for using GitHub app with automatic token refresh

README.md

@@ -1,6 +1,6 @@
 # GitHub Action for Dispatching Workflows
 
-This action triggers another GitHub Actions workflow, using the `workflow_dispatch` event.  
+This action triggers another GitHub Actions workflow, using the `workflow_dispatch` event.
 The workflow must be configured for this event type e.g. `on: [workflow_dispatch]`
 
 This allows you to chain workflows, the classic use case is have a CI build workflow, trigger a CD release/deploy workflow when it completes. Allowing you to maintain separate workflows for CI and CD, and pass data between them as required.
@@ -23,9 +23,17 @@ For details of the `workflow_dispatch` even see [this blog post introducing this
 
 > **Required.** A GitHub access token (PAT) with write access to the repo in question.
 >
-> **NOTE.** The automatically provided token e.g. `${{ secrets.GITHUB_TOKEN }}` can not be used, GitHub prevents this token from being able to fire the  `workflow_dispatch` and `repository_dispatch` event. [The reasons are explained in the docs](https://docs.github.com/en/actions/reference/events-that-trigger-workflows#triggering-new-workflows-using-a-personal-access-token).  
+> **NOTE.** The automatically provided token e.g. `${{ secrets.GITHUB_TOKEN }}` can not be used, GitHub prevents this token from being able to fire the  `workflow_dispatch` and `repository_dispatch` event. [The reasons are explained in the docs](https://docs.github.com/en/actions/reference/events-that-trigger-workflows#triggering-new-workflows-using-a-personal-access-token).
 > The solution is to manually create a PAT and store it as a secret e.g. `${{ secrets.PERSONAL_TOKEN }}`
 
+### `app-id`
+
+> **Optional.** The GitHub App ID with access to Actions API.
+
+### `app-private-key`
+
+> **Optional.** The GitHub App Private Key of the app with access to Actions API.
+
 ### `inputs`
 
 > **Optional.** The inputs to pass to the workflow (if any are configured), this must be a JSON encoded string, e.g. `{ "myInput": "foobar" }`.
@@ -101,7 +109,7 @@ For details of the `workflow_dispatch` even see [this blog post introducing this
 
 ### `workflow-logs`
 
-> The logs of the triggered workflow based if `inputs.workflow-logs` is set to either `output`, or `json-output`.  
+> The logs of the triggered workflow based if `inputs.workflow-logs` is set to either `output`, or `json-output`.
 > Based on the value, result will be:
 >
 > * `output`: Multiline string
@@ -248,6 +256,23 @@ on:
         required: false
 ```
 
+### Invoke workflow with app-id and app-private-key
+
+```yaml
+- name: Invoke workflow with app-id and app-private-key
+  uses: the-actions-org/workflow-dispatch@v4
+  env:
+    RUN_NAME: ${{ github.repository }}/actions/runs/${{ github.run_id }}
+  with:
+    app-id: ${{ secrets.APP_ID }}
+    app-private-key: ${{ secrets.APP_PRIVATE_KEY }}
+    run-name: ${{ env.RUN_NAME }}
+    workflow: Another Workflow
+    inputs: >-
+      {
+        "run-name": "${{ env.RUN_NAME }}"
+      }
+
 ## Contributions
 
 Thanks to:

action.yaml

@@ -6,8 +6,14 @@ inputs:
     description: 'Name or ID of workflow to run'
     required: true
   token:
-    description: 'GitHub token with repo write access, can NOT use secrets.GITHUB_TOKEN, see readme'
-    required: true
+    description: 'GitHub token with repo write access, can NOT use secrets.GITHUB_TOKEN, see README.md. If not provided, app-id and app-private-key must be provided. If token is set it takes precedence over app-id and app-private-key.'
+    required: false
+  app-id:
+    description: 'GitHub App ID with access to Actions API.'
+    required: false
+  app-private-key:
+    description: 'GitHub App Private Key of the app with access to Actions API.'
+    required: false
   inputs:
     description: 'Inputs to pass to the workflow, must be a JSON string. All values must be strings (even if used as boolean or number)'
     required: false