Add GitHub token to checkout step

This commit adds `token` param to the checkout step.
The reason for that is to support pushing to GitHub protected branches within CI flow.

Updated checkout action to use 'v3'

.github/workflows/ci.yml

@@ -32,9 +32,10 @@ jobs:
         run: git config --global core.autocrlf false
 
       - name: Checkout current branch (full)
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
         with:
           fetch-depth: 0
+          token: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Setup Java (temurin@11)
         if: matrix.java == 'temurin@11'
@@ -95,9 +96,10 @@ jobs:
         run: git config --global core.autocrlf false
 
       - name: Checkout current branch (full)
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
         with:
           fetch-depth: 0
+          token: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Setup Java (temurin@11)
         if: matrix.java == 'temurin@11'

src/main/scala/sbtghactions/GenerativeKeys.scala

@@ -63,6 +63,8 @@ trait GenerativeKeys {
 
   lazy val githubWorkflowEnv = settingKey[Map[String, String]](s"A map of static environment variable assignments global to the workflow (default: { GITHUB_TOKEN: $${{ secrets.GITHUB_TOKEN }} })")
   lazy val githubWorkflowAddedJobs = settingKey[Seq[WorkflowJob]]("A list of additional jobs to add to the CI workflow (default: [])")
+
+  lazy val githubWorkflowToken = settingKey[String]("A token for checkout step (default: $${{ secrets.GITHUB_TOKEN }} )")
 }
 
 object GenerativeKeys extends GenerativeKeys

src/main/scala/sbtghactions/GenerativePlugin.scala

@@ -504,7 +504,10 @@ ${indent(jobs.map(compileJob(_, sbt)).mkString("\n\n"), 1)}
     githubWorkflowTargetPaths := Paths.None,
 
     githubWorkflowEnv := Map("GITHUB_TOKEN" -> s"$${{ secrets.GITHUB_TOKEN }}"),
-    githubWorkflowAddedJobs := Seq())
+    githubWorkflowAddedJobs := Seq(),
+
+    githubWorkflowToken := s"$${{ secrets.GITHUB_TOKEN }}"
+  )
 
   private lazy val internalTargetAggregation = settingKey[Seq[File]]("Aggregates target directories from all subprojects")
 
@@ -630,7 +633,7 @@ ${indent(jobs.map(compileJob(_, sbt)).mkString("\n\n"), 1)}
       }
 
       autoCrlfOpt :::
-        List(WorkflowStep.CheckoutFull) :::
+        List(WorkflowStep.CheckoutFull(githubWorkflowToken.value)) :::
         WorkflowStep.SetupJava(githubWorkflowJavaVersions.value.toList) :::
         githubWorkflowGeneratedCacheSteps.value.toList
     },

src/main/scala/sbtghactions/WorkflowStep.scala

@@ -25,12 +25,18 @@ sealed trait WorkflowStep extends Product with Serializable {
 
 object WorkflowStep {
 
-  val CheckoutFull: WorkflowStep = Use(
-    UseRef.Public("actions", "checkout", "v2"),
-    name = Some("Checkout current branch (full)"),
-    params = Map("fetch-depth" -> "0"))
+  def CheckoutFull(token: String): WorkflowStep = {
+    Use(
+      UseRef.Public("actions", "checkout", "v3"),
+      name = Some("Checkout current branch (full)"),
+      params = Map(
+        "fetch-depth" -> "0",
+        "token" -> token
+      )
+    )
+  }
 
-  val Checkout: WorkflowStep = Use(UseRef.Public("actions", "checkout", "v2"), name = Some("Checkout current branch (fast)"))
+  val Checkout: WorkflowStep = Use(UseRef.Public("actions", "checkout", "v3"), name = Some("Checkout current branch (fast)"))
 
   def SetupJava(versions: List[JavaSpec]): List[WorkflowStep] =
     versions map {

src/sbt-test/sbtghactions/check-and-regenerate/expected-ci.yml

@@ -35,9 +35,10 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
       - name: Checkout current branch (full)
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
         with:
           fetch-depth: 0
+          token: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Setup Java (temurin@11)
         if: matrix.java == 'temurin@11'
@@ -94,9 +95,10 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
       - name: Checkout current branch (full)
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
         with:
           fetch-depth: 0
+          token: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Setup Java (temurin@11)
         if: matrix.java == 'temurin@11'

src/sbt-test/sbtghactions/no-clean/.github/workflows/ci.yml

@@ -27,9 +27,10 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
       - name: Checkout current branch (full)
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
         with:
           fetch-depth: 0
+          token: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Setup Java (temurin@11)
         if: matrix.java == 'temurin@11'
@@ -77,9 +78,10 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
       - name: Checkout current branch (full)
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
         with:
           fetch-depth: 0
+          token: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Setup Java (temurin@11)
         if: matrix.java == 'temurin@11'

src/sbt-test/sbtghactions/non-existent-target/.github/workflows/ci.yml

@@ -27,9 +27,10 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
       - name: Checkout current branch (full)
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
         with:
           fetch-depth: 0
+          token: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Setup Java (temurin@11)
         if: matrix.java == 'temurin@11'
@@ -76,9 +77,10 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
       - name: Checkout current branch (full)
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
         with:
           fetch-depth: 0
+          token: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Setup Java (temurin@11)
         if: matrix.java == 'temurin@11'

src/sbt-test/sbtghactions/sbt-native-thin-client/.github/workflows/ci.yml

@@ -27,9 +27,10 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
       - name: Checkout current branch (full)
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
         with:
           fetch-depth: 0
+          token: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Setup Java (temurin@11)
         if: matrix.java == 'temurin@11'
@@ -93,9 +94,10 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
       - name: Checkout current branch (full)
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
         with:
           fetch-depth: 0
+          token: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Setup Java (temurin@11)
         if: matrix.java == 'temurin@11'

src/sbt-test/sbtghactions/suppressed-scala-version/expected-ci.yml

@@ -28,9 +28,10 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
       - name: Checkout current branch (full)
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
         with:
           fetch-depth: 0
+          token: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Setup Java (temurin@11)
         if: matrix.java == 'temurin@11'
@@ -78,9 +79,10 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
       - name: Checkout current branch (full)
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
         with:
           fetch-depth: 0
+          token: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Setup Java (temurin@11)
         if: matrix.java == 'temurin@11'

src/test/scala/sbtghactions/GenerativePluginSpec.scala

@@ -475,7 +475,7 @@ class GenerativePluginSpec extends Specification {
     - run: echo hello
 
     - name: Checkout current branch (fast)
-      uses: actions/checkout@v2"""
+      uses: actions/checkout@v3"""
     }
 
     "compile a job with one step and three oses" in {
@@ -639,7 +639,7 @@ class GenerativePluginSpec extends Specification {
     - run: echo $${{ matrix.test }}
 
     - name: Checkout current branch (fast)
-      uses: actions/checkout@v2"""
+      uses: actions/checkout@v3"""
     }
 
     "compile a job with extra runs-on labels" in {
@@ -838,7 +838,7 @@ class GenerativePluginSpec extends Specification {
     - run: echo hello
 
     - name: Checkout current branch (fast)
-      uses: actions/checkout@v2"""
+      uses: actions/checkout@v3"""
     }
   }