Add token input

.github/workflows/ci.yml

@@ -34,8 +34,6 @@ jobs:
         working-directory: sbt-plugin
     env:
       GITHUB_TOKEN: ${{ github.token }}
-    permissions:
-      contents: write
     steps:
     - uses: actions/checkout@v3
     - uses: coursier/[email protected]
@@ -52,10 +50,6 @@ jobs:
       fail-fast: false
     name: Test Github action on ${{ matrix.os }}
     runs-on: ${{ matrix.os }}
-    env:
-      GITHUB_TOKEN: ${{ github.token }}
-    permissions:
-      contents: write
     steps:
     - uses: actions/checkout@v3
     - run: sbt publishLocal

README.md

@@ -1,6 +1,6 @@
 # Sbt Dependency Graph Action
 
-A Github action to submit the dependency graphs of an [sbt](https://www.scala-sbt.org/) build to the Github Dependency submission API.
+A Github action to submit the dependency graphs of an [sbt](https://www.scala-sbt.org/) build to the Github [Dependency submission API](https://docs.github.com/en/code-security/supply-chain-security/understanding-your-software-supply-chain/using-the-dependency-submission-api).
 
 After the workflow has been successfully run, the graph of the sbt build is visible in the [Dependency Graph](https://docs.github.com/en/code-security/supply-chain-security/understanding-your-software-supply-chain/exploring-the-dependencies-of-a-repository) page of the Insights tab.
 
@@ -25,8 +25,6 @@ jobs:
   submit-graph:
     name: Submit Dependency Graph
     runs-on: ubuntu-latest # or windows-latest, or macOS-latest
-    env:
-      GITHUB_TOKEN: ${{ github.token }}
     permissions:
       contents: write # this permission is needed to submit the dependency graph
     steps:

action.yml

@@ -10,13 +10,17 @@ inputs:
     required: false
     default: ''
   projects:
-    description: "A list of space-separated names of projects from your build. The action will publish the graph of these projects only. Default is the empty string and it means all projects."
+    description: "A list of space-separated names of projects from your build. The action will publish the graph of these projects only. If unspecified, the action will detect all the projects of the build."
     required: false
     default: ''
   scala-versions:
-    description: "A list of space-separated versions of Scala, that are declared in your build. The action will publish the graph on these Scala versions only. Defaulat is the empty string and it means all Scala versions."
+    description: "A list of space-separated versions of Scala, that are declared in your build. The action will publish the graph on these Scala versions only. If unspecified, the action will detect all the Scala versions of the build."
     required: false
     default: ''
+  token:
+    description: "GitHub Personal Access Token (PAT). Defaults to PAT provided by Action runner."
+    required: false
+    default: ${{ github.token }}
   sbt-plugin-version:
     description: "Override the version of the sbt-github-dependency-graph plugin that is used internally."
     required: false

src/main.ts

@@ -18,19 +18,24 @@ async function commandExists(cmd: string): Promise<boolean> {
 
 async function run(): Promise<void> {
   try {
+    const token = core.getInput('token')
+    core.setSecret(token)
+
     const baseDirInput = core.getInput('base-dir')
     const baseDir = baseDirInput.length === 0 ? '.' : baseDirInput
     const projectDir = path.join(baseDir, 'project')
+    if (!fs.existsSync(projectDir)) {
+      core.setFailed(`${baseDir} is not a valid sbt project: missing folder '${projectDir}'.`)
+      return
+    }
+
     const uuid = crypto.randomUUID()
+    const pluginFile = path.join(projectDir, `github-dependency-graph-${uuid}.sbt`)
+
     const pluginVersionInput = core.getInput('sbt-plugin-version')
     const pluginVersion =
       pluginVersionInput.length === 0 ? defaultPluginVersion : pluginVersionInput
-    const pluginFile = path.join(projectDir, `github-dependency-graph-${uuid}.sbt`)
     const pluginDep = `addSbtPlugin("ch.epfl.scala" % "sbt-github-dependency-graph" % "${pluginVersion}")`
-    if (!fs.existsSync(projectDir)) {
-      core.setFailed(`${baseDir} is not a valid sbt project: missing folder '${projectDir}'.`)
-      return
-    }
     await fsPromises.writeFile(pluginFile, pluginDep)
     const sbtExists = await commandExists('sbt')
     if (!sbtExists) {
@@ -49,9 +54,8 @@ async function run(): Promise<void> {
         .filter(value => value.length > 0),
     }
 
-    await cli.exec('sbt', [`githubSubmitDependencyGraph ${JSON.stringify(input)}`], {
-      cwd: baseDir,
-    })
+    process.env['GITHUB_TOKEN'] = token
+    await cli.exec('sbt', [`githubSubmitDependencyGraph ${JSON.stringify(input)}`], { cwd: baseDir })
   } catch (error) {
     if (error instanceof Error) {
       core.setFailed(error)