feat: deprecate GITHUB_TOKEN env var and use token input instead with default value (#112)

* deprecate GITHUB_TOKEN env var and use token input instead with default value

* update readme

* npm run lint:fix

README.md

@@ -59,16 +59,11 @@ Add a step like this to your workflow:
     # Default: ''
     tag: 'v1.0.0 --force'
 
-  env:
-    # This is necessary in order to push a commit to the repo
-    GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Leave this line unchanged
+    # Token to use for pushing the commit. The default value won't trigger any workflows, you need to use a Personal Access Token for that.
+    # Default: secrets.GITHUB_TOKEN
+    token: ${{ secrets.GITHUB_TOKEN }}
 ```
 
-### Environment variables:
-
-The only `env` variable required is the token for the action to run: GitHub generates one automatically, but you need to pass it through `env` to make it available to actions. You can find more about `GITHUB_TOKEN` [here](https://help.github.com/en/articles/virtual-environments-for-github-actions#github_token-secret).  
-That said, you can just copy the example line and not worry about it. If you do want to use a different token you can pass that in, but I wouldn't see any possible advantage in doing so.
-
 ### Adding files:
 
 The action adds files using a regular `git add` command, so you can put every kind of argument in the `add` option. For example, if you want to force-add a file: `./path/to/file.txt --force`.  
@@ -129,8 +124,6 @@ jobs:
           author_email: mail@example.com
           message: 'Your commit message'
           add: '*.js'
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
 ```
 
 If you need to run the action on a repository that is not located in [`$GITHUB_WORKSPACE`](https://help.github.com/en/actions/automating-your-workflow-with-github-actions/using-environment-variables#default-environment-variables), you can use the `cwd` option: the action uses a `cd` normal command, so the path should follow bash standards.
@@ -159,8 +152,6 @@ jobs:
           message: 'Add the very useful text file'
           add: '*.txt --force'
           cwd: './pathToRepo/'
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
 ```
 
 ## Contributors ✨

action.yml

@@ -38,6 +38,10 @@ inputs:
   tag:
     description: Arguments for the git tag command (the tag name always needs to be the first word not preceded by a hyphen)
     required: false
+  token:
+    description: 'GITHUB_TOKEN or a `repo` scoped Personal Access Token (PAT)'
+    required: false
+    default: ${{ github.token }}
 
 outputs:
   committed:

src/main.ts

@@ -161,7 +161,6 @@ async function checkInputs() {
 
   const eventPath = process.env.GITHUB_EVENT_PATH,
     event = eventPath && require(eventPath),
-    token = process.env.GITHUB_TOKEN,
     isPR = process.env.GITHUB_EVENT_NAME?.includes('pull_request'),
     sha = (event?.pull_request?.head?.sha || process.env.GITHUB_SHA) as string,
     defaultBranch = isPR
@@ -169,10 +168,15 @@ async function checkInputs() {
       : process.env.GITHUB_REF?.substring(11)
 
   // #region GITHUB_TOKEN
-  if (!token)
+  let token = process.env.GITHUB_TOKEN
+  if (token) {
     warning(
-      'The GITHUB_TOKEN env variable is missing: the action may not work as expected.'
+      "The GITHUB_TOKEN env variable is deprecated and will not be supported in the next major release. Use the 'token' input, " +
+        "which defaults to 'secrets.GITHUB_TOKEN'."
     )
+  } else {
+    token = getInput('token')
+  }
   // #endregion
 
   // #region add, remove