robojerk/codeql-action

Add a warning to not specify a token input in most cases.

Browse source
This commit is contained in:
Chris Gavin 2024-09-13 15:48:32 +01:00
parent 51de6a802f
commit 86b04fb0e4
No known key found for this signature in database
GPG key ID: 07F950B80C27E4DA
2 changed files with 2 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

2
analyze/action.yml
View file

@ -74,7 +74,7 @@ inputs:
required: true
default: "true"
token:
description: "GitHub token to use for authenticating with this instance of GitHub. The token must be the built-in GitHub Actions token, and the workflow must have the `security-events: write` permission."
description: "GitHub token to use for authenticating with this instance of GitHub. The token must be the built-in GitHub Actions token, and the workflow must have the `security-events: write` permission. Most of the time it is advisable to avoid specifying this input so that the workflow falls back to using the default value."
required: false
default: ${{ github.token }}
matrix:

2
upload-sarif/action.yml
View file

@ -20,7 +20,7 @@ inputs:
description: "The sha of the HEAD of the ref where results will be uploaded. If not provided, the Action will use the GITHUB_SHA environment variable. If provided, the ref input must be provided as well. This input is ignored for pull requests from forks."
required: false
token:
description: "GitHub token to use for authenticating with this instance of GitHub. The token must be the built-in GitHub Actions token, and the workflow must have the `security-events: write` permission."
description: "GitHub token to use for authenticating with this instance of GitHub. The token must be the built-in GitHub Actions token, and the workflow must have the `security-events: write` permission. Most of the time it is advisable to avoid specifying this input so that the workflow falls back to using the default value."
required: false
default: ${{ github.token }}
matrix: