From 86b04fb0e47484f7282357688f21d5d0e32175fe Mon Sep 17 00:00:00 2001 From: Chris Gavin Date: Fri, 13 Sep 2024 15:48:32 +0100 Subject: [PATCH] Add a warning to not specify a `token` input in most cases. --- analyze/action.yml | 2 +- upload-sarif/action.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/analyze/action.yml b/analyze/action.yml index 5ff9fc34d..7fec8fb44 100644 --- a/analyze/action.yml +++ b/analyze/action.yml @@ -74,7 +74,7 @@ inputs: required: true default: "true" token: - description: "GitHub token to use for authenticating with this instance of GitHub. The token must be the built-in GitHub Actions token, and the workflow must have the `security-events: write` permission." + description: "GitHub token to use for authenticating with this instance of GitHub. The token must be the built-in GitHub Actions token, and the workflow must have the `security-events: write` permission. Most of the time it is advisable to avoid specifying this input so that the workflow falls back to using the default value." required: false default: ${{ github.token }} matrix: diff --git a/upload-sarif/action.yml b/upload-sarif/action.yml index adaa2ab0a..f4fd30f0c 100644 --- a/upload-sarif/action.yml +++ b/upload-sarif/action.yml @@ -20,7 +20,7 @@ inputs: description: "The sha of the HEAD of the ref where results will be uploaded. If not provided, the Action will use the GITHUB_SHA environment variable. If provided, the ref input must be provided as well. This input is ignored for pull requests from forks." required: false token: - description: "GitHub token to use for authenticating with this instance of GitHub. The token must be the built-in GitHub Actions token, and the workflow must have the `security-events: write` permission." + description: "GitHub token to use for authenticating with this instance of GitHub. The token must be the built-in GitHub Actions token, and the workflow must have the `security-events: write` permission. Most of the time it is advisable to avoid specifying this input so that the workflow falls back to using the default value." required: false default: ${{ github.token }} matrix: