From 49df72dfcf8d33860806d95d9dc13f324f655a81 Mon Sep 17 00:00:00 2001
From: Lukas Burgholzer <burgholzer@me.com>
Date: Wed, 11 Sep 2024 10:18:23 +0200
Subject: [PATCH] =?UTF-8?q?=F0=9F=9A=B8=20use=20GitHub=20token=20by=20defa?=
 =?UTF-8?q?ult=20(#61)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

This PR adjusts the action so that it is no longer necessary to
explicitly specify the GitHub token to circumvent the API rate limit.
To this end, it simply passes the repository's GitHub token (available
via `${{ github.token }}`) as a default for the `github_token` action
input.

This is similar to how this is handled in, e.g.,
https://github.com/peter-evans/create-pull-request; specifically
[here](https://github.com/peter-evans/create-pull-request/blob/5354f85616108575685a73a0ddd2f67c26a441c3/action.yml#L4-L6).
---
 .github/workflows/test-windows.yml |  2 --
 .github/workflows/test.yml         |  8 +++-----
 README.md                          | 19 ++++++++++++-------
 action.yml                         |  1 +
 4 files changed, 16 insertions(+), 14 deletions(-)

diff --git a/.github/workflows/test-windows.yml b/.github/workflows/test-windows.yml
index d7fc746..06be023 100644
--- a/.github/workflows/test-windows.yml
+++ b/.github/workflows/test-windows.yml
@@ -23,7 +23,5 @@ jobs:
           }
       - name: Setup uv
         uses: ./
-        with:
-          github-token: ${{ secrets.GITHUB_TOKEN }}
       - run: uv sync
         working-directory: __tests__\fixtures\uv-project
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index 3eda544..9f19e5e 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -30,8 +30,6 @@ jobs:
       - uses: actions/checkout@v4
       - name: Install default version
         uses: ./
-        with:
-          github-token: ${{ secrets.GITHUB_TOKEN }}
       - run: uv sync
         working-directory: __tests__/fixtures/uv-project
   test-specific-version:
@@ -46,7 +44,6 @@ jobs:
         uses: ./
         with:
           version: ${{ matrix.uv-version }}
-          github-token: ${{ secrets.GITHUB_TOKEN }}
       - run: uv sync
         working-directory: __tests__/fixtures/uv-project
   test-checksum:
@@ -69,13 +66,14 @@ jobs:
         with:
           version: "0.3.2"
           checksum: ${{ matrix.checksum }}
-          github-token: ${{ secrets.GITHUB_TOKEN }}
-  test-without-github-token:
+  test-with-explicit-token:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v4
       - name: Install default version
         uses: ./
+        with:
+          github-token: ${{ secrets.GITHUB_TOKEN }}
       - run: uv sync
         working-directory: __tests__/fixtures/uv-project
   test-uvx:
diff --git a/README.md b/README.md
index 322a5ad..4869f73 100644
--- a/README.md
+++ b/README.md
@@ -17,7 +17,7 @@ Set up your GitHub Actions workflow with a specific version of [uv](https://docs
   - [Enable Caching](#enable-caching)
     - [Local cache path](#local-cache-path)
     - [Cache dependency glob](#cache-dependency-glob)
-  - [API rate limit](#api-rate-limit)
+  - [GitHub authentication token](#github-authentication-token)
 - [How it works](#how-it-works)
 - [FAQ](#faq)
 
@@ -127,7 +127,7 @@ changes. The glob matches files relative to the repository root.
 
 ```yaml
 - name: Define a list of cache dependency globs
-  uses: astral-sh/setup-uv@v1
+  uses: astral-sh/setup-uv@v2
   with:
     enable-cache: true
     cache-dependency-glob: |
@@ -135,16 +135,21 @@ changes. The glob matches files relative to the repository root.
       '**pyproject.toml'
 ```
 
-### API rate limit
+### GitHub authentication token
 
-To avoid hitting the `API rate limit exceeded` error, supply a GitHub token via the `github-token`
-input.
+This action uses the GitHub API to fetch the `uv` release artifacts. To avoid hitting the GitHub API
+rate limit too quickly, an authentication token can be provided via the `github-token` input. By
+default, the `GITHUB_TOKEN` secret is used, which is automatically provided by GitHub Actions.
+
+If the default
+[permissions for the GitHub token](https://docs.github.com/en/actions/security-for-github-actions/security-guides/automatic-token-authentication#permissions-for-the-github_token)
+are not sufficient, you can provide a custom GitHub token with the necessary permissions.
 
 ```yaml
-- name: Install uv and supply a GitHub token
+- name: Install the latest version of uv with a custom GitHub token
   uses: astral-sh/setup-uv@v2
   with:
-    github-token: ${{ secrets.GITHUB_TOKEN }}
+    github-token: ${{ secrets.CUSTOM_GITHUB_TOKEN }}
 ```
 
 ## How it works
diff --git a/action.yml b/action.yml
index b29d5ea..2a383f3 100644
--- a/action.yml
+++ b/action.yml
@@ -13,6 +13,7 @@ inputs:
       "Used to increase the rate limit when retrieving versions and downloading
       uv."
     required: false
+    default: ${{ github.token }}
   enable-cache:
     description: "Enable caching of the uv cache"
     default: "false"