For GitHub token storing, also mention usethis function?

[maelle]

https://usethis.r-lib.org/reference/github-token.html

[mpadge]

This is more a general issue on reconfiguring the currently hard-coded assumption that tokens are stored as local envvars. Need to implement the full range of possibilities via credentials. Thanks!

[maelle]

Right, even better!

[maelle]

Also, I was a bit put off when asked to only use one token (I had GITHUB_PAT & GITHUB_GRAPHQL_TOKEN), I wonder whether that's a documentation or code issue.

[mpadge]

It's a code issue - GitHub itself via the cli - which this package uses - exclusively uses "GITHUB_TOKEN" (and i was always opposed to "PAT" anyway, so like that i now have a clear justification for not using it). So once I address this issue, the token obtained from credentials or wherever will still need to be stored as an environment variable with that name. I'll make sure that's all documented (and will also likely simply re-map any tokens with alternative names to the expected one).

[assignUser]

@mpadge What ever you name that envvar, let me know so I can change the action to set the correct one :)

[mpadge]

You don't need to in an action - it will use the token associated with the repo, which is the default org token. Current code will work with any token which contains "GITHUB" - the code is here:

pkgcheck/R/github.R

Line 55 in f4f6591

get_gh_token <- function (token_name = "") {

The token associated with each repo in any action is always called "GITHUB_TOKEN", so will always be found.

[assignUser]

As far as I know (and experienced) the token is not automatically set as an env var but can be accessed from actions via ${{ secrets.GITHUB_TOKEN }} that;s why I set it here:
https://github.com/ropensci-review-tools/pkgcheck-action/blob/c1215a3a6a48fbf6a853e47f29e3bcd221f5fd2f/action.yaml#L20
But as long as you keep checking GITHUB_TOKEN everything is ok :D

[mpadge]

The proper way to set and use it is illustrated in r-lib/actions/pr-push here - each repo has a repo-token, which can be accessed like in the pr-commands workflow here:

pkgcheck/.github/workflows/pr-commands.yaml

Line 43 in f4f6591

repo-token: ${{ secrets.GITHUB_TOKEN }}

(The "GITHUB_PAT" line in that workflow is only because those r-lib/acions workflows haven't yet been updated to v2.)

[assignUser]

For a javasctript-action this is the right way but with a 'composite'-type action it is not possible to pass anything to the docker container via arguments/inputs, just files or envvars (which in our case is only set for that step).

And using a 'docker'-type action (which is distinct in that you have to do everything within the container and can't use e.g.actions/upload-artifact) would mean manually implementing artifact upload etc. via a js client within the container... which I'd rather not 😁

[mpadge]

Hm, yeah right ... There are some other, longer-term visions for what we want and need from a containerised action here. I've sent you an email with a link for the two of us to chat a bit more about this. Really appreciate all the thought and input here!