SCP-86 Sets token optional

.github/workflows/test-action.yml

@@ -27,7 +27,7 @@ jobs:
         with:
 #          sbom-ignore: 'scanoss-ignore.json'
            with-dependencies: true
-           github-token: ${{ secrets.GITHUB_TOKEN }}
+#          github-token: ${{ secrets.GITHUB_TOKEN }}
 
 
       - name: Print stdout scan command

README.md

@@ -42,8 +42,6 @@ jobs:
     - name: Run SCANOSS analysis
       id: scanoss-scan-action
       uses: scanoss/actions-scan@main
-      with:
-        github-token: ${{ secrets.GITHUB_TOKEN }}
 ```
 
 For example workflow runs, check out the
@@ -53,7 +51,7 @@ For example workflow runs, check out the
 
 | **Parameter** | **Description**                               | **Required** | **Default** | 
 |--------------|------------------------------------------------|--------------|-------------|
-| github-token | Your GitHub token| Required     | - |    
+| github-token | Your GitHub token | Optional     |  `${{ github.token }}` | 
 | output-path  | Output result file name. | Optional | `results.json` |
 | sbom-identify  | Scan and identify components in SBOM file | Optional     | - |
 | sbom-ignore  | Ignore components specified in the SBOM file | Optional     | - |

action.yml

@@ -11,7 +11,8 @@ branding:
 inputs:
   github-token:
     description: 'Your GitHub token'
-    required: true
+    required: false
+    default: ${{ github.token }}
   output-path:
     description: 'Output result file name'
     required: false

src/app.input.ts

@@ -1,6 +1,7 @@
 import * as core from '@actions/core';
 
 export const REPO_DIR = process.env.GITHUB_WORKSPACE as string;
+export const GITHUB_TOKEN = core.getInput('github-token');
 export const OUTPUT_PATH = core.getInput('output-path');
 export const SBOM_INDENTIFY = core.getInput('sbom-identify');
 export const SBOM_IGNORE = core.getInput('sbom-ignore');

src/policies/policy-check.ts

@@ -3,6 +3,7 @@ import * as core from '@actions/core';
 import { getSHA } from '../utils/github.utils';
 import { ScannerResults } from '../services/result.interfaces';
 import { GitHub } from '@actions/github/lib/utils';
+import * as inputs from '../app.input';
 
 const UNINITIALIZED = -1;
 
@@ -25,9 +26,7 @@ export abstract class PolicyCheck {
   private checkRunId: number;
 
   constructor(checkName: string) {
-    const GITHUB_TOKEN = core.getInput('github-token');
-
-    this.octokit = getOctokit(GITHUB_TOKEN);
+    this.octokit = getOctokit(inputs.GITHUB_TOKEN);
     this.checkName = checkName;
     this.checkRunId = UNINITIALIZED;
   }

src/services/scan.service.ts

@@ -1,6 +1,7 @@
 import path from 'path';
 import * as input from '../app.input';
 import { DefaultArtifactClient } from '@actions/artifact';
+
 const artifact = new DefaultArtifactClient();
 
 export async function uploadResults(): Promise<void> {

src/utils/github.utils.ts

@@ -1,5 +1,6 @@
 import { context, getOctokit } from '@actions/github';
 import * as core from '@actions/core';
+import * as inputs from '../app.input';
 
 const prEvents = ['pull_request', 'pull_request_review', 'pull_request_review_comment'];
 
@@ -20,8 +21,7 @@ export function getSHA(): string {
 }
 
 export async function createCommentOnPR(message: string): Promise<void> {
-  const GITHUB_TOKEN = core.getInput('github-token');
-  const octokit = getOctokit(GITHUB_TOKEN);
+  const octokit = getOctokit(inputs.GITHUB_TOKEN);
 
   core.debug('Creating comment on PR');
   octokit.rest.issues.createComment({