Rest client method `actions` seems to be transforming the API endpoint it uses in environments

[evertonspader-eneco]

Describe the bug
Using the method actions.createEnvironmentVariable seems to be calling the wrong API endpoint. In the actions log below, the interesting part is that the URL is not forming and it's using the /repositories endpoint:

    url: 'https://api.github.com/repositories//environments/dev/variables',

However, the correct endpoint is /repos as per plugin-rest-endpoint-method.js package. Same as it shows in the GitHub API documentation.

Another interesting finding is that I am using the method github.rest.repos.createOrUpdateEnvironment in the same action and this one seems to use the same endpoint. I tried using actions.deleteEnvironmentVariable and I got the same error with the /repositories endpoint.
The same is true for actions.getEnvironmentVariable where the same URL is malformed:

url: 'https://api.github.com/repositories//environments/acc/variables/TEST_VAR?owner=my-org&repo=my-repo',

Instead, using something like this works just fine:

github.request(`POST /repos/${repoOwner}/${repoName}/environments/${envName}/variables`, {

I couldn't really trace back in the packages where this is happening but the issue seems with the action

RequestError [HttpError]: Not Found
    at /home/runner/work/_actions/actions/github-script/v8/dist/index.js:9537:21
    at process.processTicksAndRejections (node:internal/process/task_queues:105:5)
    at async eval (eval at callAsyncFunction (/home/runner/work/_actions/actions/github-script/v8/dist/index.js:36187:16), <anonymous>:48:11)
    at async main (/home/runner/work/_actions/actions/github-script/v8/dist/index.js:36285:20) {
  status: 404,
  response: {
    url: 'https://api.github.com/repositories//environments/dev/variables',
    status: 404,
    headers: {
      'access-control-allow-origin': '*',
      'access-control-expose-headers': 'ETag, Link, Location, Retry-After, X-GitHub-OTP, X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Used, X-RateLimit-Resource, X-RateLimit-Reset, X-OAuth-Scopes, X-Accepted-OAuth-Scopes, X-Poll-Interval, X-GitHub-Media-Type, X-GitHub-SSO, X-GitHub-Request-Id, Deprecation, Sunset',
      connection: 'close',
      'content-security-policy': "default-src 'none'",
      'content-type': 'application/json; charset=utf-8',
      date: 'Thu, 30 Oct 2025 14:35:15 GMT',
      'referrer-policy': 'origin-when-cross-origin, strict-origin-when-cross-origin',
      server: 'github.com',
      'strict-transport-security': 'max-age=31536000; includeSubdomains; preload',
      vary: 'Accept-Encoding, Accept, X-Requested-With',
      'x-content-type-options': 'nosniff',
      'x-frame-options': 'deny',
      'x-github-media-type': 'github.v3; format=json',
      'x-github-request-id': '7403:55D82:AD282:2DDD42:690377A3',
      'x-xss-protection': '0'
    },
    data: {
      message: 'Not Found',
      documentation_url: 'https://docs.github.com/rest',
      status: '404'
    }
  },
  request: {
    method: 'POST',
    url: 'https://api.github.com/repositories//environments/dev/variables',
    headers: {
      accept: 'application/vnd.github.v3+json',
      'user-agent': 'actions/github-script octokit-core.js/5.0.1 Node.js/24',
      authorization: 'token [REDACTED]',
      'content-type': 'application/json; charset=utf-8'
    },
    body: '{"owner":"my-org","repo":"my-repo","name":"TEST_VAR","value":"test-value"}',
    request: {
      agent: [Agent],
      fetch: [Function: proxyFetch],
      hook: [Function: bound bound register]
    }
  }
}

To Reproduce
Steps to reproduce the behavior:

1. Create a Github workflow as below
2. It uses a Github App to fetch a token. The right permissions must be enabled. The same can be accomplished with a PAT.

name: Setup Environments

on:
  push:
    branches:
      - main

permissions:
  contents: read
  actions: write
  id-token: write

jobs:
  setup-environments:
    name: Setup Environments
    runs-on: ubuntu-latest

    steps:
      - name: Checkout code
        uses: actions/checkout@v5

      - name: Generate GitHub App Token
        id: generate-token
        uses: actions/create-github-app-token@v1
        with:
          app-id: ${{ secrets.GH_APP_ID }}
          private-key: ${{ secrets.GH_APP_PRIVATE_KEY }}

      - name: Parse environments.yaml and setup environments
        uses: actions/github-script@v8
        with:
          github-token: ${{ steps.generate-token.outputs.token }}
          script: |
            await github.rest.repos.createOrUpdateEnvironment({
              owner: "my-org",
              repo: my-repo,
              environment_name: "dev",
            });

            await github.rest.actions.createEnvironmentVariable({
              owner: "my-org",
              repo: "my-repo",
              environment_name: "dev',
              name: 'TEST_VAR',
              value: 'test-value',
            });

Expected behavior
Environment variables should be created with the rest client from the action.

Desktop (please complete the following information):

• OS: MacOS
• Browser: Chrome
• Version: 141.0.7390.123