Merge pull request #350 from karlhorky/patch-1

benschwarz · web-flow · commit 105a5b2117a1 · 2025-09-04T11:12:54.000+10:00
Remove `GITHUB_TOKEN` from readme examples
diff --git a/README.md b/README.md
@@ -55,10 +55,6 @@ jobs:
 
       - name: Compress PR Images
         uses: calibreapp/image-actions@main
-        with:
-          # `GITHUB_TOKEN` is automatically generated by GitHub and scoped only to the repository that is currently running the action. By default, the action can’t update Pull Requests initiated from forked repositories.
-          # See https://docs.github.com/en/actions/reference/authentication-in-a-workflow and https://help.github.com/en/articles/virtual-environments-for-github-actions#token-permissions
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
 ```
 
 2. Open a Pull Request with new or updated imagery. Image Actions will optimise images, and commit them to your branch:
@@ -153,7 +149,6 @@ jobs:
         id: calibre
         uses: calibreapp/image-actions@main
         with:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           compressOnly: true
       - name: Create New Pull Request If Needed
         if: steps.calibre.outputs.markdown != ''
@@ -171,6 +166,15 @@ By default, GitHub Actions do not have permission to alter forked repositories.
 
 1. **Replace the default `GITHUB_TOKEN` with a [Personal Access Token (PAT)](https://help.github.com/en/actions/configuring-and-managing-workflows/authenticating-with-the-github_token#permissions-for-the-github_token) which does have permission to access forked repositories.** Be aware that this introduces potential security concerns (which is why it not available by default).
 
+```yml
+      - name: Compress PR Images
+        uses: calibreapp/image-actions@main
+        with:
+          # `GITHUB_TOKEN` is automatically generated by GitHub and scoped only to the repository that is currently running the action. By default, the action can’t update Pull Requests initiated from forked repositories.
+          # See https://docs.github.com/en/actions/reference/authentication-in-a-workflow and https://help.github.com/en/articles/virtual-environments-for-github-actions#token-permissions
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+```
+
 2. **Run Image Actions only for Pull Requests in the current repository.** This approach is advised when not using Personal Access Tokens (PATs) to avoid wasting time and compute for compressions that will not be committed. Use the following configuration to check if a Pull Request belongs to the repository:
 
 ```yml
@@ -202,7 +206,6 @@ jobs:
         id: calibre
         uses: calibreapp/image-actions@main
         with:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           compressOnly: true
       - name: Create New Pull Request If Needed
         if: steps.calibre.outputs.markdown != ''
@@ -265,7 +268,6 @@ jobs:
         id: calibre
         uses: calibreapp/image-actions@main
         with:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           # For non-Pull Requests, run in compressOnly mode and we'll PR after.
           compressOnly: ${{ github.event_name != 'pull_request' }}
       - name: Create Pull Request
@@ -304,3 +306,4 @@ Happy to hear you’re interested in contributing to Image Actions! Please find
 This project is licensed under a [GNU General Public License](LICENSE).
 
 
+
