feat: default the github_token input to ${{ github.token }}

[sean-krail]

Is your feature request related to a problem? Please describe

Forcing users to add github_token: ${{ secrets.GITHUB_TOKEN }} adds unnecessary boilerplate, since its possible to extract this token in the action.yml file (see here for an example).

Describe the solution you'd like

Update the action.yml file to default the github_token input to ${{ github.token }}, then if users want to use a personal access token or deploy key instead they can set those inputs to override it.

[peaceiris]

Thank you for suggesting this.

When I found this feature at actions/checkout a few months ago, other official actions were still using an empty token input so I ignored to apply it to this action. I thought that it was friendly to notify users that this action will use a built-in token. Today, only 3 official actions are using the default: ${{ github.token }} approach.

Using the default: ${{ github.token }}:

• actions/checkout/blob/v2.1.0/action.yml#L12
• actions/github-script/blob/v1.0.0/action.yml#L11
• actions/delete-package-versions/blob/v1.0.2/action.yml#L37

Using an empty token input:

• actions/stale/blob/v3.0.3/action.yml#L5
• actions/labeler/blob/v2.1.1/action.yml#L5
• actions/create-release/blob/v1.1.0/src/create-release.js#L7
• actions/upload-release-asset/blob/v1.0.2/src/upload-release-asset.js#L8

Personally, I think the time for using the default: ${{ github.token }} approach has come. The above 4 official actions will also start to use the approach.

OK. I will work on this. Note that we have some considerations for using the approach. In this action, we need to manage the order of auth tokens and the behavior on fork repositories.