Set GitHub Token as the preferred way of giving access to actions.

rht · web-flow · commit c4376b651bd0 · 2023-01-10T12:57:56.000-08:00
Fixes #77. Co-authored-by: rht <rhtbot@protonmail.com>
diff --git a/README.md b/README.md
@@ -36,23 +36,22 @@ GitHub action needs the following credentials for running.
 
 Zulip API key is used for fetching the messages of public streams from the Zulip organization. We recommend creating a bot and using it's API key instead of using your own API key. See https://zulip.com/help/add-a-bot-or-integration for more details.
 
-#### GitHub Personal Access Token
+#### GitHub Token
 
-The token is used by the GitHub action for pushing to the repo and running GitHub page builds. You can generate the token by going to https://github.com/settings/tokens. Make sure to enable `repo` and `workflow` while generating the token.
+The token is used by the GitHub Actions for pushing to the repo and running GitHub page builds.
+It is generated automatically by GitHub Actions itself as `secrets.GITHUB_TOKEN` and can be used right away.
 
 ### Step 3 - Store credentials as secrets in the repository
 
 Now that we have generated the credentials, we need to store them in the repository as secrets so that action can access them during run time. For that goto `https://github.com/<username>/<repo-name>/settings/secrets`. `<username>` is your GitHub username and `<repo-name>` is the name of the repo you just created.
 
-Now create the following 4 secrets. Use the credentials generated in the above step as the value of each secret.
+Now create the following 3 secrets. Use the credentials generated in the above step as the value of each secret.
 
 |Secret name                  | Value                        |
 |-----------------------------|----------------------------------------------|
 |zulip_organization_url       | URL of your Zulip organization.              |
 |zulip_bot_email              | The email of the Zulip bot you created       |
 |zulip_bot_key                | API key of the Zulip bot you created         |
-|gh_personal_access_token     | The GitHub personal access token you created |
-
 
 ### Step 4 - Configure the streams you want to index
 `zulip-archive` by default don't know which all public streams to be indexed. You can tell `zulip-archive` which all streams to be indexed by creating a file called `streams.yaml` in the newly created repository. You can make a copy of a default file to start with: `cp default_streams.yaml streams.yaml`
@@ -107,7 +106,8 @@ jobs:
         zulip_organization_url: ${{ secrets.zulip_organization_url }}
         zulip_bot_email: ${{ secrets.zulip_bot_email }}
         zulip_bot_key: ${{ secrets.zulip_bot_key }}
-        github_personal_access_token: ${{ secrets.gh_personal_access_token }}
+        # Using GitHub Token that is provided automatically by GitHub Actions
+        github_token: ${{ secrets.GITHUB_TOKEN }}
         delete_history: true
 ```
 
diff --git a/action.yml b/action.yml
@@ -12,7 +12,11 @@ inputs:
     description: 'API key of the Zulip bot'
     required: true
   github_personal_access_token:
-    description: 'GitHub personal access token'
+    description: 'GitHub personal access token (deprecated)'
+    required: false
+    deprecationMessage: 'Please use `github_token` instead'
+  github_token:
+    description: 'GitHub Token/GitHub Personal Access Token'
     required: true
   delete_history:
     description: 'If enabled, will delete the archive history while keeping the most recent version'
@@ -30,6 +34,7 @@ runs:
     - ${{ inputs.zulip_organization_url }}
     - ${{ inputs.zulip_bot_email }}
     - ${{ inputs.zulip_bot_key }}
-    - ${{ inputs.github_personal_access_token }}
+    - ${{ inputs.github_token }}
     - ${{ inputs.delete_history }}
     - ${{ inputs.archive_branch }}
+    - ${{ inputs.github_personal_access_token }}
diff --git a/entrypoint.sh b/entrypoint.sh
@@ -4,9 +4,20 @@ set -e
 zulip_organization_url=$1
 zulip_bot_email=$2
 zulip_bot_api_key=$3
-github_personal_access_token=$4
+github_token=$4
 delete_history=$5
 archive_branch=$6
+github_personal_access_token=$7
+
+github_personal_access_token=${github_personal_access_token:-NOT_SET}
+
+if [ $github_personal_access_token != "NOT_SET" ]; then
+    echo "'github_personal_access_token' input has been deprecated."
+    echo "To migrate to the new setup, you have to replace it with"
+    echo "github_token. For more info, see"
+    echo 'https://github.com/zulip/zulip-archive#step-5---enable-zulip-archive-action'
+    exit 1
+fi
 
 # This is a temporary workaround.
 # See https://github.com/actions/checkout/issues/766
@@ -38,7 +49,7 @@ pip3 install crudini
 
 # Uses GitHub pages API
 # https://docs.github.com/en/rest/pages
-auth_header="Authorization: Bearer ${github_personal_access_token}"
+auth_header="Authorization: Bearer ${github_token}"
 accept_header="Accept: application/vnd.github.switcheroo-preview+json"
 page_api_url="https://api.github.com/repos/${GITHUB_REPOSITORY}/pages"
 # Enable GitHub pages
@@ -106,7 +117,7 @@ git config --global user.name "Archive Bot"
 git add -A
 git commit -m "Update archive."
 
-git remote add origin2 https://${GITHUB_ACTOR}:${github_personal_access_token}@github.com/${GITHUB_REPOSITORY}
+git remote add origin2 https://${GITHUB_ACTOR}:${github_token}@github.com/${GITHUB_REPOSITORY}
 
 git push origin2 HEAD:$archive_branch -f
 
