feat: use action input instead of env var to get the github token

wagoid · wagoid · commit 18e9bff0e695 · 2020-08-02T11:23:03.000-03:00
BREAKING CHANGE: GITHUB_TOKEN env var is now ignored. In case a custom token is needed,
it'll be necessary to pass it via the `token` input from now on.
diff --git a/.github/workflows/commitlint.yml b/.github/workflows/commitlint.yml
@@ -4,8 +4,6 @@ on: [push, pull_request]
 jobs:
   commitlint:
     runs-on: ubuntu-latest
-    env:
-      GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
     steps:
       - uses: actions/checkout@v2
         with:
@@ -19,8 +17,6 @@ jobs:
         run: echo ${{ toJSON(steps.run_commitlint.outputs.results) }}
   commitlint-with-yml-file:
     runs-on: ubuntu-latest
-    env:
-      GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
     steps:
       - uses: actions/checkout@v2
         with:
@@ -32,8 +28,6 @@ jobs:
           configFile: './.commitlintrc.yml'
   commitlint-pulling-from-docker-hub:
     runs-on: ubuntu-latest
-    env:
-      GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
     steps:
       - uses: actions/checkout@v2
         with:
diff --git a/README.md b/README.md
@@ -7,19 +7,17 @@ Lints Pull Request commits with commitlint
 Create a github workflow in the `.github` folder, e.g. `.github/workflows/commitlint.yml`:
 
 ```yaml
-name: Commitlint
+name: Lint Commit Messages
 on: [pull_request]
 
 jobs:
-  lint:
+  commitlint:
     runs-on: ubuntu-latest
-    env:
-      GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
     steps:
       - uses: actions/checkout@v2
         with:
           fetch-depth: 0
-      - uses: wagoid/commitlint-github-action@v1
+      - uses: wagoid/commitlint-github-action@v2
 ```
 
 Alternatively, you can run on other event types such as `on: [push]`. In that case the action will lint the push event's commit(s) instead of linting commits from a pull request. You can also combine `push` and `pull_request` together in the same workflow.
@@ -54,6 +52,14 @@ Link to a page explaining your commit message convention.
 
 default: `https://github.com/conventional-changelog/commitlint/#what-is-commitlint`
 
+### `token`
+
+Personal access token (PAT) used to interact with the GitHub API.
+By default, the automatic token provided by GitHub is used.
+You can see more info about GitHub's default token [here](https://docs.github.com/en/actions/configuring-and-managing-workflows/authenticating-with-the-github_token).
+
+default: `${{ github.token }}`
+
 ## Outputs
 
 ### `results`
@@ -114,14 +120,12 @@ Apart from the shared configurations that are included by default, you can also
 In order to do so, you can use `NODE_PATH` env var to make the action take those dependencies into account. Below is an example workflow that does that.
 
 ```yaml
-name: Commitlint
+name: Lint Commit Messages
 on: [pull_request]
 
 jobs:
-  lint:
+  commitlint:
     runs-on: ubuntu-latest
-    env:
-      GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
     steps:
       - uses: actions/checkout@v2
         with:
@@ -134,7 +138,7 @@ jobs:
         # $GITHUB_WORKSPACE is the path to your repository
         run: echo "::set-env name=NODE_PATH::$GITHUB_WORKSPACE/node_modules"
       # Now the commitlint action will run considering its own dependencies and yours as well 🚀
-      - uses: wagoid/commitlint-github-action@v1
+      - uses: wagoid/commitlint-github-action@v2
 ```
 
 ---
diff --git a/action.yml b/action.yml
@@ -7,7 +7,9 @@ inputs:
     default: './commitlint.config.js'
     required: false
   firstParent:
-    description: 'When set to true, we follow only the first parent commit when seeing a merge commit. More info in git-log docs https://git-scm.com/docs/git-log#Documentation/git-log.txt---first-parent'
+    description: >
+      When set to true, we follow only the first parent commit when seeing a merge commit.
+      More info in git-log docs https://git-scm.com/docs/git-log#Documentation/git-log.txt---first-parent
     default: 'true'
     required: false
   failOnWarnings:
@@ -18,6 +20,13 @@ inputs:
     description: 'Link to a page explaining your commit message convention'
     default: 'https://github.com/conventional-changelog/commitlint/#what-is-commitlint'
     required: false
+  token:
+    description: >
+      Personal access token (PAT) used to interact with the GitHub API.
+      By default, the automatic token provided by GitHub is used.
+      You can see more info about GitHub's default token here: https://docs.github.com/en/actions/configuring-and-managing-workflows/authenticating-with-the-github_token
+    default: ${{ github.token }}
+    required: false
 outputs:
   results:
     description: The error and warning messages for each one of the analyzed commits
diff --git a/src/action.js b/src/action.js
@@ -10,7 +10,7 @@ const generateOutputs = require('./generateOutputs')
 
 const pullRequestEvent = 'pull_request'
 
-const { GITHUB_TOKEN, GITHUB_EVENT_NAME, GITHUB_SHA } = process.env
+const { GITHUB_EVENT_NAME, GITHUB_SHA } = process.env
 
 const configPath = resolve(
   process.env.GITHUB_WORKSPACE,
@@ -47,7 +47,7 @@ const getRangeForPushEvent = () => {
 const getRangeForEvent = async () => {
   if (GITHUB_EVENT_NAME !== pullRequestEvent) return getRangeForPushEvent()
 
-  const octokit = new github.GitHub(GITHUB_TOKEN)
+  const octokit = new github.GitHub(core.getInput('token'))
   const { owner, repo, number } = eventContext.issue
   const { data: commits } = await octokit.pulls.listCommits({
     owner,
