feat!: Remove github_token input and use default GITHUB_TOKEN from ca…

…lling workflow The `github_token` input was removed and the action now uses the default `GITHUB_TOKEN` variable that is always available to actions. See https://docs.github.com/en/actions/security-guides/automatic-token-authentication for more information about GITHUB_TOKEN and how it works in Github Actions. BREAKING CHANGE: The github_token input was removed and is no longer needed.
activescott · Jan 28, 2023 · 5c921fa · 5c921fa
1 parent 30e050c
commit 5c921fa
Show file tree

Hide file tree

Showing 5 changed files with 8 additions and 10 deletions.
diff --git a/.github/workflows/approve-deployment.yml b/.github/workflows/approve-deployment.yml
@@ -13,10 +13,9 @@ jobs:
       deployments: read
     steps:
       - name: Auto Approve Deploys
-        # you can use any @vN.N.N tag from https://github.com/activescott/automate-environment-deployment-approval/releases
-        uses: activescott/automate-environment-deployment-approval@v1.0.0
+        # you should use any @vN.N.N tag such as @v1.0.0 from https://github.com/activescott/automate-environment-deployment-approval/releases
+        uses: activescott/automate-environment-deployment-approval@main
         with:
-          github_token: ${{ secrets.GITHUB_TOKEN }}
           environment_allow_list: |
             Github
           # the below automatically approves dependabot and anything submitted by the Github user with login "activescott"

diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
@@ -21,7 +21,6 @@ jobs:
       - uses: actions/checkout@v3
       - uses: ./
         with:
-          github_token: ${{ secrets.GITHUB_TOKEN }}
           environment_allow_list: |
             aws
             gcp

diff --git a/README.md b/README.md
@@ -34,7 +34,6 @@ jobs:
         # you can use any @vN.N.N tag from https://github.com/activescott/automate-environment-deployment-approval/releases
         uses: activescott/automate-environment-deployment-approval@v1.0.0
         with:
-          github_token: ${{ secrets.GH_TOKEN_FOR_AUTO_APPROVING_DEPLOYS }}
           environment_allow_list: |
             aws
           # the below automatically approves dependabot and anything submitted by the Github user with login "activescott"

diff --git a/action.yml b/action.yml
@@ -13,9 +13,6 @@ inputs:
   actor_allow_list:
     required: true
     description: The list of users to automatically approve deploys for. Can be a newline-delimited list of strings.
-  github_token:
-    required: true
-    description: A personal access token (PAT) from a 'required reviewer' and must have the 'repo' scope.
 
 runs:
   using: "node16"

diff --git a/src/main.ts b/src/main.ts
@@ -2,7 +2,7 @@ import * as core from "@actions/core"
 import * as github from "@actions/github"
 import { inspect } from "node:util"
 import { findAndApproveDeployments } from "./approver"
-import { getMultilineInput, getStringInput } from "./inputs"
+import { getMultilineInput } from "./inputs"
 import { Octo, createOcto } from "./octo"
 
 async function run(): Promise<void> {
@@ -15,7 +15,11 @@ async function run(): Promise<void> {
     const actors_to_approve = getMultilineInput("actor_allow_list")
     core.info(`input actors_to_approve: ${inspect(actors_to_approve)}`)
 
-    const github_token: string = getStringInput("github_token")
+    const github_token = process.env["GITHUB_TOKEN"]
+    if (!github_token) {
+      // my understanding is that the environment should always be there: https://docs.github.com/en/actions/security-guides/automatic-token-authentication
+      throw new Error("The GITHUB_TOKEN environment variable was not found.")
+    }
 
     const repo = github.context.repo
     const octo: Octo = createOcto(repo, github.getOctokit(github_token))