Provide default for GITHUB_TOKEN

[chancancode]

See https://github.com/actions/checkout/blob/94c2de77cccf605d74201a8aec6dd8fc0717ad66/action.yml#L24

[thisismydesign]

Thanks a lot, this is interesting. Do you know if this is the same token as secrets.GITHUB_TOKEN?

@gomorizsolt could you give both a try? Let's also make sure it's not possible to display this variable in the logs as it's not stored as a secret.

[chancancode]

Yep see the documentation:

A token to authenticate on behalf of the GitHub App installed on your repository. This is functionally equivalent to the GITHUB_TOKEN secret.

As for masking, yes, the masking on GitHub is value-based. If the value of the token is printed to the logs for any reason, and it doesn't matter how it got there, the processor of the logs will mask the value before rendering it, including in the "raw" logs.

So for example, you could take a secret value, pass it as an environment variable, feed it into a node script, then console.log it, and it will still be masked, even though GitHub has no hope of possibly tracing that console.log back to the source. However, if you do things like reversing the string, or splitting it and rejoining with spaces in between each character, then the masking would fail.

[thisismydesign]

Thanks, that makes sense.

[gomorizsolt]

Sorry for the sluggish reply. Thanks @chancancode for this improvement. I've tested your branch out against my experimental repository and works as expected. Approved from my side.

[gomorizsolt]

One more thing: @chancancode, could you please update the doc accordingly? Just remove these lines:

GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

Note: secrets.GITHUB_TOKEN is a repository-level access token already provided by the Actions framework, you don't need to set any secrets.

[chancancode]

Done! 🆗

[gomorizsolt]

Thanks!

[gomorizsolt]

Released in https://github.com/c-hive/gha-remove-artifacts/releases/tag/v1.1.0. 🎉