fix: preserve caller's GITHUB_TOKEN when already set in environment#16
Merged
danielmeppiel merged 1 commit intomainfrom Mar 19, 2026
Merged
fix: preserve caller's GITHUB_TOKEN when already set in environment#16danielmeppiel merged 1 commit intomainfrom
danielmeppiel merged 1 commit intomainfrom
Conversation
Use nullish-coalescing assignment (??=) so a GITHUB_TOKEN already present in the environment (e.g., a PAT set via job-level env:) is not clobbered by the action's default github.token input. Addresses review feedback on #15. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
There was a problem hiding this comment.
Pull request overview
This PR adjusts how the action propagates the github-token input into the environment so it won’t overwrite a GITHUB_TOKEN already provided by the caller (e.g., via job-level env:), while keeping the token available to the APM subprocess.
Changes:
- Switch
process.env.GITHUB_TOKENassignment to nullish-coalescing assignment (??=) to avoid clobbering an existing env var. - Add a unit test ensuring an existing
GITHUB_TOKENis preserved. - Regenerate
dist/index.jsto match the source change.
Reviewed changes
Copilot reviewed 2 out of 3 changed files in this pull request and generated no comments.
| File | Description |
|---|---|
src/runner.ts |
Preserve any pre-set GITHUB_TOKEN while still honoring the github-token input when GITHUB_TOKEN is unset. |
src/__tests__/runner.test.ts |
Adds coverage for the “do not clobber existing GITHUB_TOKEN” behavior. |
dist/index.js |
Built output updated to reflect the ??= change. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Problem
Follow-up to #15 — addresses the review comment:
Since
github-tokenhas a non-empty default (${{ github.token }}), the=assignment in #15 would overwrite aGITHUB_TOKENalready present in the environment. This clobbers a user's PAT when they set it via job-levelenv:rather than the action input.Scenario:
Fix
One-character change:
=→??=The nullish-coalescing assignment only sets the value when
GITHUB_TOKENisundefinedornull, preserving any existing token.Tests
New test:
does not clobber existing GITHUB_TOKEN from job-level env— setsprocess.env.GITHUB_TOKENto a PAT beforerun()and verifies it's preserved.All 45 tests pass.