diff --git a/.github/workflows/approve-deployment.yml b/.github/workflows/approve-deployment.yml index 1678396..fb69e58 100644 --- a/.github/workflows/approve-deployment.yml +++ b/.github/workflows/approve-deployment.yml @@ -13,10 +13,9 @@ jobs: deployments: read steps: - name: Auto Approve Deploys - # you can use any @vN.N.N tag from https://github.com/activescott/automate-environment-deployment-approval/releases - uses: activescott/automate-environment-deployment-approval@v1.0.0 + # you should use any @vN.N.N tag such as @v1.0.0 from https://github.com/activescott/automate-environment-deployment-approval/releases + uses: activescott/automate-environment-deployment-approval@main with: - github_token: ${{ secrets.GITHUB_TOKEN }} environment_allow_list: | Github # the below automatically approves dependabot and anything submitted by the Github user with login "activescott" diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index a2c3f0b..f56686e 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -21,7 +21,6 @@ jobs: - uses: actions/checkout@v3 - uses: ./ with: - github_token: ${{ secrets.GITHUB_TOKEN }} environment_allow_list: | aws gcp diff --git a/README.md b/README.md index f5f362a..dc4ed8c 100644 --- a/README.md +++ b/README.md @@ -34,7 +34,6 @@ jobs: # you can use any @vN.N.N tag from https://github.com/activescott/automate-environment-deployment-approval/releases uses: activescott/automate-environment-deployment-approval@v1.0.0 with: - github_token: ${{ secrets.GH_TOKEN_FOR_AUTO_APPROVING_DEPLOYS }} environment_allow_list: | aws # the below automatically approves dependabot and anything submitted by the Github user with login "activescott" diff --git a/action.yml b/action.yml index 835c184..30381ee 100644 --- a/action.yml +++ b/action.yml @@ -13,9 +13,6 @@ inputs: actor_allow_list: required: true description: The list of users to automatically approve deploys for. Can be a newline-delimited list of strings. - github_token: - required: true - description: A personal access token (PAT) from a 'required reviewer' and must have the 'repo' scope. runs: using: "node16" diff --git a/src/main.ts b/src/main.ts index f3c4071..87b7fe0 100644 --- a/src/main.ts +++ b/src/main.ts @@ -2,7 +2,7 @@ import * as core from "@actions/core" import * as github from "@actions/github" import { inspect } from "node:util" import { findAndApproveDeployments } from "./approver" -import { getMultilineInput, getStringInput } from "./inputs" +import { getMultilineInput } from "./inputs" import { Octo, createOcto } from "./octo" async function run(): Promise { @@ -15,7 +15,11 @@ async function run(): Promise { const actors_to_approve = getMultilineInput("actor_allow_list") core.info(`input actors_to_approve: ${inspect(actors_to_approve)}`) - const github_token: string = getStringInput("github_token") + const github_token = process.env["GITHUB_TOKEN"] + if (!github_token) { + // my understanding is that the environment should always be there: https://docs.github.com/en/actions/security-guides/automatic-token-authentication + throw new Error("The GITHUB_TOKEN environment variable was not found.") + } const repo = github.context.repo const octo: Octo = createOcto(repo, github.getOctokit(github_token))