Add a warning to not specify a token input in most cases.

2024-10-23 08:00:03 +08:00 · 2024-09-13 15:48:32 +01:00 · 2024-09-13 15:48:32 +01:00 · 86b04fb0e4
commit 86b04fb0e4
parent 51de6a802f
2 changed files with 2 additions and 2 deletions
--- a/analyze/action.yml
+++ b/analyze/action.yml
@ -74,7 +74,7 @@ inputs:
    required: true
    default: "true"
  token:
-    description: "GitHub token to use for authenticating with this instance of GitHub. The token must be the built-in GitHub Actions token, and the workflow must have the `security-events: write` permission."
+    description: "GitHub token to use for authenticating with this instance of GitHub. The token must be the built-in GitHub Actions token, and the workflow must have the `security-events: write` permission. Most of the time it is advisable to avoid specifying this input so that the workflow falls back to using the default value."
    required: false
    default: ${{ github.token }}
  matrix:
--- a/upload-sarif/action.yml
+++ b/upload-sarif/action.yml
@ -20,7 +20,7 @@ inputs:
    description: "The sha of the HEAD of the ref where results will be uploaded. If not provided, the Action will use the GITHUB_SHA environment variable. If provided, the ref input must be provided as well. This input is ignored for pull requests from forks."
    required: false
  token:
-    description: "GitHub token to use for authenticating with this instance of GitHub. The token must be the built-in GitHub Actions token, and the workflow must have the `security-events: write` permission."
+    description: "GitHub token to use for authenticating with this instance of GitHub. The token must be the built-in GitHub Actions token, and the workflow must have the `security-events: write` permission. Most of the time it is advisable to avoid specifying this input so that the workflow falls back to using the default value."
    required: false
    default: ${{ github.token }}
  matrix: