diff --git a/.github/workflows/Action-Test.yml b/.github/workflows/Action-Test.yml index 891c862..b0297cf 100644 --- a/.github/workflows/Action-Test.yml +++ b/.github/workflows/Action-Test.yml @@ -109,3 +109,31 @@ jobs: } Write-Host "Prerelease check passed: '$installed' contains a prerelease segment." } + + ActionTestAnonymous: + strategy: + fail-fast: false + matrix: + os: [ubuntu-latest, windows-latest, macOS-latest] + runs-on: ${{ matrix.os }} + name: '${{ matrix.os }} - [anonymous]' + steps: + - name: Checkout repo + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + with: + persist-credentials: false + + - name: Action-Test (anonymous) + uses: ./ + with: + Token: '' + + - name: Verify installed version + shell: pwsh + run: | + $installed = ($PSVersionTable.PSVersion).ToString() + Write-Host "Installed PowerShell version: $installed" + if ([string]::IsNullOrWhiteSpace($installed)) { + throw "Failed: PowerShell version could not be determined after anonymous install." + } + Write-Host "Anonymous install succeeded with version: $installed" diff --git a/README.md b/README.md index 106f70a..b58887a 100644 --- a/README.md +++ b/README.md @@ -44,16 +44,36 @@ jobs: Prerelease: true ``` +### Using a custom token or anonymous API access + +```yaml + # Use a custom PAT to avoid rate limits + - name: Install PowerShell (custom token) + uses: PSModule/install-powershell@v1 + with: + Token: ${{ secrets.MY_GITHUB_PAT }} + + # Use anonymous (unauthenticated) API access + - name: Install PowerShell (anonymous) + uses: PSModule/install-powershell@v1 + with: + Token: '' +``` + ## Inputs | Input | Required | Default | Description | | ----- | -------- | ------- | ----------- | | `Version` | `false` | `latest` | Desired PowerShell Core version (e.g. `7.4.1`, `7.6.0-preview.6`). Use `latest` to install the newest stable release (or newest prerelease when `Prerelease` is `true`). | | `Prerelease` | `false` | `false` | Install a prerelease version. When `true` and `Version` is `latest`, resolves to the latest prerelease. Similar to `-Prerelease` on `Install-PSResource`. | +| `Token` | `false` | `${{ github.token }}` | GitHub token used for API calls when resolving the `latest` version. Pass a custom PAT to avoid rate limits, or an empty string (`''`) to make fully unauthenticated (anonymous) API calls. | ## Secrets This action does **not** require any secrets. +By default it authenticates to the GitHub API using the built-in `github.token`. +You can override this by setting the `Token` input to a custom PAT, or to an empty +string (`''`) for fully unauthenticated (anonymous) API access. ## Outputs diff --git a/action.yml b/action.yml index c6dd2d3..e58f4fb 100644 --- a/action.yml +++ b/action.yml @@ -23,6 +23,13 @@ inputs: Similar to the `-Prerelease` switch on `Install-PSResource`. required: false default: 'false' + Token: + description: | + GitHub token used for GitHub API calls (e.g. resolving `latest` version). + Defaults to the built-in `github.token`. Pass a custom PAT to avoid rate + limits, or an empty string (`''`) to make fully unauthenticated API calls. + required: false + default: ${{ github.token }} runs: using: composite @@ -34,7 +41,7 @@ runs: env: REQUESTED_VERSION: ${{ inputs.Version }} PRERELEASE: ${{ inputs.Prerelease }} - GITHUB_TOKEN: ${{ github.token }} + GITHUB_TOKEN: ${{ inputs.Token }} run: | # zizmor: ignore[github-env] GITHUB_PATH writes use hardcoded install dirs, not user input # Install-PowerShell @@ -42,6 +49,12 @@ runs: echo "Requested version: [$REQUESTED_VERSION]" echo "Prerelease: [$PRERELEASE]" + # Build auth header conditionally — omit when GITHUB_TOKEN is empty (anonymous access) + AUTH_HEADER=() + if [[ -n "$GITHUB_TOKEN" ]]; then + AUTH_HEADER=(-H "Authorization: Bearer $GITHUB_TOKEN") + fi + # Only resolve to latest version if explicitly set to 'latest' (case-insensitive) case "${REQUESTED_VERSION:-}" in [Ll][Aa][Tt][Ee][Ss][Tt]) @@ -49,7 +62,7 @@ runs: REQUESTED_VERSION=$( curl -s -f \ -H "Accept: application/vnd.github+json" \ - -H "Authorization: Bearer $GITHUB_TOKEN" \ + "${AUTH_HEADER[@]}" \ -H "X-GitHub-Api-Version: 2022-11-28" \ 'https://api.github.com/repos/PowerShell/PowerShell/releases?per_page=100' | jq -r '[.[] | select(.prerelease == true)] | (.[0].tag_name // empty)' | sed 's/^v//' @@ -63,7 +76,7 @@ runs: REQUESTED_VERSION=$( curl -s -f \ -H "Accept: application/vnd.github+json" \ - -H "Authorization: Bearer $GITHUB_TOKEN" \ + "${AUTH_HEADER[@]}" \ -H "X-GitHub-Api-Version: 2022-11-28" \ https://api.github.com/repos/PowerShell/PowerShell/releases/latest | jq -r '.tag_name' | sed 's/^v//' @@ -101,7 +114,7 @@ runs: RELEASE_JSON=$( curl -s -f \ -H "Accept: application/vnd.github+json" \ - -H "Authorization: Bearer $GITHUB_TOKEN" \ + "${AUTH_HEADER[@]}" \ -H "X-GitHub-Api-Version: 2022-11-28" \ "https://api.github.com/repos/PowerShell/PowerShell/releases/tags/v${REQUESTED_VERSION}" ) @@ -222,7 +235,7 @@ runs: env: REQUESTED_VERSION: ${{ inputs.Version }} PRERELEASE: ${{ inputs.Prerelease }} - GITHUB_TOKEN: ${{ github.token }} + GITHUB_TOKEN: ${{ inputs.Token }} run: | # zizmor: ignore[github-env] GITHUB_PATH writes use hardcoded install dirs, not user input # Install-PowerShell @@ -230,6 +243,12 @@ runs: echo "Requested version: [$REQUESTED_VERSION]" echo "Prerelease: [$PRERELEASE]" + # Build auth header conditionally — omit when GITHUB_TOKEN is empty (anonymous access) + AUTH_HEADER=() + if [[ -n "$GITHUB_TOKEN" ]]; then + AUTH_HEADER=(-H "Authorization: Bearer $GITHUB_TOKEN") + fi + # Only resolve to latest version if explicitly set to 'latest' (case-insensitive) case "${REQUESTED_VERSION:-}" in [Ll][Aa][Tt][Ee][Ss][Tt]) @@ -237,7 +256,7 @@ runs: REQUESTED_VERSION=$( curl -s -f \ -H "Accept: application/vnd.github+json" \ - -H "Authorization: Bearer $GITHUB_TOKEN" \ + "${AUTH_HEADER[@]}" \ -H "X-GitHub-Api-Version: 2022-11-28" \ 'https://api.github.com/repos/PowerShell/PowerShell/releases?per_page=100' | jq -r '[.[] | select(.prerelease == true)] | (.[0].tag_name // empty)' | sed 's/^v//' @@ -251,7 +270,7 @@ runs: REQUESTED_VERSION=$( curl -s -f \ -H "Accept: application/vnd.github+json" \ - -H "Authorization: Bearer $GITHUB_TOKEN" \ + "${AUTH_HEADER[@]}" \ -H "X-GitHub-Api-Version: 2022-11-28" \ https://api.github.com/repos/PowerShell/PowerShell/releases/latest | jq -r '.tag_name' | sed 's/^v//' @@ -321,7 +340,7 @@ runs: env: REQUESTED_VERSION: ${{ inputs.Version }} PRERELEASE: ${{ inputs.Prerelease }} - GITHUB_TOKEN: ${{ github.token }} + GITHUB_TOKEN: ${{ inputs.Token }} run: | # zizmor: ignore[github-env] GITHUB_PATH writes use hardcoded install dirs, not user input # Install-PowerShell @@ -333,9 +352,11 @@ runs: if ($req -and $req.Trim().ToLower() -eq 'latest') { $headers = @{ 'Accept' = 'application/vnd.github+json' - 'Authorization' = "Bearer $($env:GITHUB_TOKEN)" 'X-GitHub-Api-Version' = '2022-11-28' } + if ($env:GITHUB_TOKEN) { + $headers['Authorization'] = "Bearer $($env:GITHUB_TOKEN)" + } if ($env:PRERELEASE -eq 'true') { $releases = Invoke-RestMethod -Uri 'https://api.github.com/repos/PowerShell/PowerShell/releases?per_page=100' -Headers $headers $latestRelease = $releases | Where-Object { $_.prerelease -eq $true } | Select-Object -First 1