code-pushup
diff --git a/‎__tests__/auth.test.ts‎
Lines changed: 18 additions & 5 deletions b/‎__tests__/auth.test.ts‎
Lines changed: 18 additions & 5 deletions
diff --git a/‎dist/index.js‎
Lines changed: 9 additions & 4 deletions b/‎dist/index.js‎
Lines changed: 9 additions & 4 deletions
diff --git a/‎dist/index.js.map‎
Lines changed: 1 addition & 1 deletion b/‎dist/index.js.map‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎src/auth.ts‎
Lines changed: 9 additions & 4 deletions b/‎src/auth.ts‎
Lines changed: 9 additions & 4 deletions
@@ -9,6 +9,7 @@ describe('authenticate', () => {
   const mockFetch = jest.spyOn(global, 'fetch')
 
   beforeEach(() => {
+    process.env.GITHUB_TOKEN = 'ghp_default_token'
     mockFetch.mockClear()
   })
 
@@ -21,7 +22,7 @@ describe('authenticate', () => {
 
     const result = await authenticate(
       { owner: 'dunder-mifflin', repo: 'website' },
-      'fallback_token'
+      'ghp_default_token'
     )
 
     expect(result).toBe('ghs_app_123')
@@ -43,20 +44,32 @@ describe('authenticate', () => {
 
     const result = await authenticate(
       { owner: 'dunder-mifflin', repo: 'website' },
-      'fallback_token'
+      'ghp_default_token'
     )
 
-    expect(result).toBe('fallback_token')
+    expect(result).toBe('ghp_default_token')
   })
 
   it('should fall back to standard authentication when service is unavailable', async () => {
     mockFetch.mockRejectedValue(new Error('Network error'))
 
     const result = await authenticate(
       { owner: 'dunder-mifflin', repo: 'website' },
-      'fallback_token'
+      'ghp_default_token'
     )
 
-    expect(result).toBe('fallback_token')
+    expect(result).toBe('ghp_default_token')
+  })
+
+  it('should use user-provided PAT when different from GITHUB_TOKEN', async () => {
+    const customPAT = 'ghp_custom_pat'
+
+    const result = await authenticate(
+      { owner: 'owner', repo: 'repo' },
+      customPAT
+    )
+
+    expect(result).toBe(customPAT)
+    expect(mockFetch).not.toHaveBeenCalled()
   })
 })
@@ -1,6 +1,7 @@
 import * as core from '@actions/core'
 import type { Context } from '@actions/github/lib/context'
 
+// TODO: check production URL?
 export const GITHUB_AUTH_SERVICE_URL =
   'https://github-auth.staging.code-pushup.dev'
 
@@ -13,8 +14,12 @@ type TokenResponse = {
 
 export async function authenticate(
   { owner, repo }: Context['repo'],
-  fallbackToken: string
+  token: string
 ): Promise<string> {
+  if (token !== process.env.GITHUB_TOKEN) {
+    core.info('Using user-provided PAT')
+    return token
+  }
   try {
     const response = await fetch(
       `${GITHUB_AUTH_SERVICE_URL}/github/${owner}/${repo}/installation-token`,
@@ -27,7 +32,7 @@ export async function authenticate(
     )
     const data = await response.json()
     if (response.ok && isTokenResponse(data)) {
-      core.info('Using Code PushUp GitHub App authentication')
+      core.info('Using Code PushUp GitHub App installation token')
       return data.token
     }
     handleErrorResponse(response.status)
@@ -36,8 +41,8 @@ export async function authenticate(
       `Unable to contact Code PushUp authentication service: ${error}`
     )
   }
-  core.info('Using standard token authentication')
-  return fallbackToken
+  core.info('Using default GITHUB_TOKEN')
+  return token
 }
 
 function isTokenResponse(res: unknown): res is TokenResponse {