Pass the default github token to the github-token input (#264)

* Pass the default github token to the github-token input Signed-off-by: Sora Morimoto <sora@morimoto.io> * Update README.md Signed-off-by: Sora Morimoto <sora@morimoto.io> * Update .github/workflows/*.yml Signed-off-by: Sora Morimoto <sora@morimoto.io> Signed-off-by: Sora Morimoto <sora@morimoto.io>
fastify · Sep 4, 2022 · 33bd98d · 33bd98d
1 parent d204a4d
commit 33bd98d
Show file tree

Hide file tree

Showing 6 changed files with 9 additions and 15 deletions.
diff --git a/.github/workflows/check-linked-issues.yml b/.github/workflows/check-linked-issues.yml
@@ -12,5 +12,5 @@ jobs:
       - uses: nearform/github-action-check-linked-issues@v1
         id: check-linked-issues
         with:
-          github-token: ${{ secrets.GITHUB_TOKEN }}
+          github-token: ${{ github.token }}
           exclude-branches: "release/**, dependabot/**"
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -1,5 +1,5 @@
 name: CI
-on: 
+on:
   push:
     branches: main
   pull_request:
@@ -25,5 +25,5 @@ jobs:
     steps:
       - uses: fastify/github-action-merge-dependabot@main
         with:
-          github-token: ${{ secrets.GITHUB_TOKEN }}
+          github-token: ${{ github.token }}
           target: minor
diff --git a/.github/workflows/notify-release.yml b/.github/workflows/notify-release.yml
@@ -10,4 +10,4 @@ jobs:
       - name: Notify release
         uses: nearform/github-action-notify-release@v1
         with:
-          github-token: ${{ secrets.GITHUB_TOKEN }}
+          github-token: ${{ github.token }}
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -25,7 +25,7 @@ jobs:
           node-version: 16
       - uses: nearform/optic-release-automation-action@v3
         with:
-          github-token: ${{ secrets.github_token }}
+          github-token: ${{ github.token }}
           semver: ${{ github.event.inputs.semver }}
           sync-semver-tags: true
           build-command: |

diff --git a/README.md b/README.md
@@ -7,7 +7,7 @@ This action automatically approves and merges dependabot PRs.
 
 ### `github-token`
 
-**Required** A GitHub token. See below for additional information.
+_Optional_ A GitHub token. See below for additional information.
 
 ### `exclude`
 
@@ -80,8 +80,6 @@ jobs:
 
     steps:
       - uses: fastify/github-action-merge-dependabot@v3.0.0
-        with:
-          github-token: ${{ secrets.GITHUB_TOKEN }}
 ```
 
 ### Excluding packages
@@ -94,7 +92,6 @@ permissions:
 steps:
   - uses: fastify/github-action-merge-dependabot@v3.0.0
     with:
-      github-token: ${{ secrets.GITHUB_TOKEN }}
       exclude: 'react,fastify'
 ```
 
@@ -106,7 +103,6 @@ permissions:
 steps:
   - uses: fastify/github-action-merge-dependabot@v3.0.0
     with:
-      github-token: ${{ secrets.GITHUB_TOKEN }}
       approve-only: true
 ```
 
@@ -134,7 +130,6 @@ jobs:
     steps:
       - uses: fastify/github-action-merge-dependabot@v3.0.0
         with:
-          github-token: ${{ secrets.GITHUB_TOKEN }}
           pr-number: ${{ github.event.inputs.pr-number }}
 ```
 
@@ -178,13 +173,11 @@ jobs:
     steps:
 -     - uses: fastify/github-action-merge-dependabot@v2.1.1
 +     - uses: fastify/github-action-merge-dependabot@v3
-        with:
-          github-token: ${{ secrets.GITHUB_TOKEN }}
 ```
 
 ## Notes
 
-- A GitHub token is automatically provided by Github Actions, which can be accessed using `secrets.GITHUB_TOKEN` and supplied to the action as an input `github-token`.
+- A GitHub token is automatically provided by Github Actions, which can be accessed using `github.token` and supplied to the action as an input `github-token`.
 - Only the [GitHub native Dependabot integration](https://docs.github.com/en/github/administering-a-repository/keeping-your-dependencies-updated-automatically) is supported, the old [Dependabot Preview app](https://github.com/marketplace/dependabot-preview) isn't.
 - Make sure to use `needs: <jobs>` to delay the auto-merging until CI checks (test/build) are passed.
 - If you want to use GitHub's [auto-merge](https://docs.github.com/en/github/collaborating-with-issues-and-pull-requests/automatically-merging-a-pull-request) feature but still use this action to approve Pull Requests without merging, use `approve-only: true`.

diff --git a/action.yml b/action.yml
@@ -3,7 +3,8 @@ description: 'Automatically approve and merge dependabot PRs'
 inputs:
   github-token:
     description: 'A GitHub token'
-    required: true
+    required: false
+    default: ${{ github.token }}
   exclude:
     description: 'Packages that you want to manually review before upgrading'
     required: false