From 84ab5d5f602d8d5edb79a68368f90dd89d722d1b Mon Sep 17 00:00:00 2001
From: Gabriel Torcat <87126387+gabr1elt@users.noreply.github.com>
Date: Fri, 24 Apr 2026 23:36:42 +0200
Subject: [PATCH] feat(env): improve GitHub Token handling (#77)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

* fix: stop `env.GITHUB_TOKEN` from overriding `github_token` input

Previously, `GITHUB_API_TOKEN` and `GITHUB_TOKEN` were resolved as
`env.GITHUB_TOKEN || inputs.github_token`, meaning the environment
variable took priority over the action input. On Forgejo/Gitea
runners, `GITHUB_TOKEN` is automatically set to a non-GitHub token,
which silently overrode any user-provided github_token input and
caused GitHub API calls to fail.

* Improve GitHub API token input handling

Updated GitHub API token handling to use fallback values.

* Clarify 'github_token' description in README

Reworded the description of the 'github_token' parameter for clarity.

* Fix formatting of GitHub token description in README

* Update README with GitHub API token precedence

Added note on GitHub API token precedence in README.

* Update README.md

---------

Co-authored-by: Maxim Slipenko <maxim@slipenko.com>
Co-authored-by: Orhun Parmaksız <orhunparmaksiz@gmail.com>
---
 README.md  | 9 ++++++++-
 action.yml | 5 ++---
 2 files changed, 10 insertions(+), 4 deletions(-)

diff --git a/README.md b/README.md
index 0a2b77e..1fdd6f0 100644
--- a/README.md
+++ b/README.md
@@ -9,7 +9,14 @@ This action generates a changelog based on your Git history using [git-cliff](ht
 - `version`: `git-cliff` version to use. (e.g. `"latest"`, `"v2.12.0"`)
 - `config`: Path of the configuration file. (Default: `"cliff.toml"`)
 - `args`: [Arguments](https://github.com/orhun/git-cliff#usage) to pass to git-cliff. (Default: `"-v"`)
-- `github_token`: The GitHub API token used to get `git-cliff` release information via the GitHub API to avoid rate limits. (Default: `${{ github.token }}`)
+- `github_token`: The GitHub API token used to download `git-cliff` and to authenticate git-cliff's [GitHub integration](https://git-cliff.org/docs/integration/github) (e.g. extracting usernames, contributors, PR links) to avoid rate limits. Requires a classic or fine-grained token without permissions.
+
+> [!NOTE]
+> GitHub API token order of precedence is as follows:
+>
+> 1. Input variable (`github_token`)
+> 2. Environment variable (`GITHUB_TOKEN`)
+> 3. GitHub context (default) (`${{ github.token }}`)
 
 ### Output variables
 
diff --git a/action.yml b/action.yml
index 9f8af37..37326d5 100644
--- a/action.yml
+++ b/action.yml
@@ -16,7 +16,6 @@ inputs:
   github_token:
     description: "GitHub API token"
     required: false
-    default: "${{ github.token }}"
 outputs:
   changelog:
     description: "output file"
@@ -37,14 +36,14 @@ runs:
         RUNNER_OS: ${{ runner.os }}
         RUNNER_ARCH: ${{ runner.arch }}
         VERSION: ${{ inputs.version }}
-        GITHUB_API_TOKEN: ${{ env.GITHUB_TOKEN || inputs.github_token }}
+        GITHUB_API_TOKEN: ${{ inputs.github_token || env.GITHUB_TOKEN || github.token }}
 
     - name: Run git-cliff
       id: run-git-cliff
       shell: bash
       run: ${GITHUB_ACTION_PATH}/run.sh --config=${{ inputs.config }} ${{ inputs.args }}
       env:
-        GITHUB_TOKEN: ${{ env.GITHUB_TOKEN || inputs.github_token }}
+        GITHUB_TOKEN: ${{ inputs.github_token || env.GITHUB_TOKEN || github.token }}
 
 branding:
   icon: "triangle"