GitHub token is required (#4)

Author: zefir-git

README.md

@@ -12,6 +12,7 @@ steps:
     uses: cloudnode-pro/[email protected]
     with:
       # See the ‘Inputs’ section below for details.
+      gh-token: ${{ github.token }}
       release-id: 123456 # Optional for `release` events.
       files: |
         path/to/file.txt; type=text/plain; name=File1.txt
@@ -20,6 +21,14 @@ steps:
 
 ## Inputs
 
+### `gh-token`
+
+The GitHub token to use for authentication.
+
+If you are uploading to a release in the same repository, you can use `${{github.token}}`, which is a secret
+generated by the workflow. Otherwise, you need to manually create a token, save it as a repository secret, and pass it
+using `${{secrets.NAME_OF_SECRET}}`.
+
 ### `release-id`
 
 The ID of the release to which to upload files.

action.yaml

@@ -1,6 +1,9 @@
 name: Release Upload Asset
 description: Upload files to a GitHub release
 inputs:
+  gh-token:
+    description: The GitHub token to use for authentication.
+    required: true
   release-id:
     description: The ID of the release to which to upload files.
     required: false

src/index.ts

@@ -24,9 +24,9 @@ function parseInputFileParams(input: string): {path: string, params: Record<stri
 
 // Action inputs
 const GH_INPUTS: Record<string, string> = JSON.parse(process.env.GH_INPUTS!);
-const GITHUB_TOKEN = process.env.GITHUB_TOKEN!;
 
 const inputs = {
+    ghToken: GH_INPUTS["gh-token"]!,
     releaseId: GH_INPUTS["release-id"]!,
     files: GH_INPUTS["files"]!,
 };
@@ -60,7 +60,7 @@ const files = (await Promise.all(inputs.files.split("\n").map(async f => {
 }))).filter(f => f !== null);
 
 // Upload the files
-const octokit = github.getOctokit(GITHUB_TOKEN);
+const octokit = github.getOctokit(inputs.ghToken);
 core.info("Getting release...");
 const release = await octokit.rest.repos.getRelease({
     owner: github.context.repo.owner,
@@ -75,7 +75,7 @@ const responses = await Promise.all(
         const res = await fetch(parseUriTemplate(release.data.upload_url).expand({name: file.name}), {
             method: "POST",
             headers: {
-                "Authorization": "token " + GITHUB_TOKEN,
+                "Authorization": "token " + inputs.ghToken,
             },
             body: file
         });