Add client-id input and deprecate app-id

[Copilot]

GitHub now recommends using a GitHub App's Client ID for authentication. This PR adds a first-class client-id input, keeps app-id available for compatibility, and makes the migration path explicit in both runtime behavior and documentation.

• Action inputs

  • Adds a new client-id input
  • Removes required from app-id
  • Marks app-id as deprecated in action.yml

• Runtime behavior

  • Updates input parsing to prefer client-id
  • Falls back to app-id for existing workflows
  • Adds a clear error when neither client-id nor app-id is provided

• Docs

  • Updates the README to recommend client-id
  • Switches usage examples to client-id
  • Documents that app-id is deprecated and that client-id takes precedence if both are set

• Regression coverage

  • Adds a focused test proving a client-ID-shaped value works through the new client-id input
  • Adds coverage for the missing-ID validation path
  • Updates snapshots to lock in the new metadata and runtime behavior

• Resulting usage

  • Users can migrate to the new input name directly:

- uses: actions/create-github-app-token@v3
  with:
    client-id: ${{ vars.APP_CLIENT_ID }}
    private-key: ${{ secrets.PRIVATE_KEY }}

---

🔒 GitHub Advanced Security automatically protects Copilot coding agent pull requests. You can protect all pull requests by enabling Advanced Security for your repositories. Learn more about Advanced Security.

[parkerbxyz]

@copilot Let's also add a new client-id input, remove required from app-id, and mark app-id as deprecated.

[Copilot]

@copilot Let's also add a new client-id input, remove required from app-id, and mark app-id as deprecated.

Implemented in 37f42c5: added client-id, made app-id non-required with a deprecation message, updated runtime handling/docs, and added focused tests for the new input path and missing-ID validation.

[Copilot]

Pull request overview

This PR updates the action to support GitHub App authentication via a new client-id input while keeping app-id for backwards compatibility (now deprecated), and makes the runtime + docs prefer client-id.

Changes:

• Add client-id input, deprecate app-id, and update action metadata accordingly.
• Update runtime input parsing to prefer client-id, fallback to app-id, and error when neither is set.
• Update README and add/adjust tests + snapshots to cover the new input and missing-ID validation.

Reviewed changes

Copilot reviewed 8 out of 9 changed files in this pull request and generated 2 comments.

Show a summary per file

File	Description
tests/main-missing-client-and-app-id.test.js	Adds coverage for the new “neither ID provided” failure path and snapshots its output.
tests/main-client-id.test.js	Adds a regression test ensuring a client-ID-shaped value works via client-id.
tests/index.js.snapshot	Updates snapshots to capture new stdout/stderr behavior and deprecated-input output.
tests/README.md	Updates test-writing guidance to point to the new missing-ID test as the “expected error” template.
main.js	Prefers client-id over app-id and adds explicit validation when neither is provided.
lib/main.js	Renames the first parameter to clientId and wires it into auth creation.
dist/main.cjs	Rebuild output reflecting the new input parsing and renamed parameter.
action.yml	Adds client-id, makes app-id optional, and marks app-id deprecated via deprecationMessage.
README.md	Updates docs and examples to recommend client-id, and documents precedence + deprecation.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[jeffwidman]

Should this also be clientId: clientId?

I didn't look into createAppAuth() and which makes the most sense for its arg naming...