From b16d820aeca338afb3baab22a132a57ab9c6056b Mon Sep 17 00:00:00 2001
From: Miroslav Shubernetskiy <miroslav@miki725.com>
Date: Wed, 29 May 2024 14:07:17 -0400
Subject: [PATCH] exporting GITHUB_TOKEN

as chalk github plugin attempts to talk to github API, it now requires
access to GITHUB_TOKEN and so we automatically export it to ensure
chalk can complete its metadata collection
---
 action.yml | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/action.yml b/action.yml
index d2042fe..2b3ebac 100644
--- a/action.yml
+++ b/action.yml
@@ -137,3 +137,18 @@ runs:
           ${{ inputs.public_key != '' && format('--public-key={0}/chalk.pub', github.action_path) || '' }} \
           ${{ inputs.private_key != '' && format('--private-key={0}/chalk.key', github.action_path) || '' }} \
           ${{ runner.debug == '1' && '--debug' || '' }}
+
+    # https://docs.github.com/en/actions/security-guides/automatic-token-authentication#using-the-github_token-in-a-workflow
+    # in some cases chalk needs to auth to GitHub API and it requires
+    # GITHUB_TOKEN env variable to be present
+    # Note that by default this env var is not accessible unless it is accessed
+    # by a secret - either 1) ${{ secrets.GITHUB_TOKEN }} or 2) ${{ github.token }}
+    # However as chalk can be invoked anywhere downstream of this action setting up chalk
+    # (e.g. by calling docker build from docker push action)
+    # we cannot guarantee that GITHUB_TOKEN is going to be accessible at that time
+    # and so we export it here to ensure chalk can succeed with its metadata collection
+    - name: Export GITHUB_TOKEN
+      if: runner.os == 'Linux' || runner.os == 'macOS'
+      shell: bash
+      run: |
+        [ -z "$GITHUB_TOKEN" ] && echo "GITHUB_TOKEN=${{ github.token }}" >> $GITHUB_ENV