feat: include checkout in composite actions

vaind · claude · vaind · commit 6ca145ea23a1 · 2025-09-22T13:16:16.000+02:00
Move initial checkout step into both updater and danger composite actions to match behavior of original reusable workflows. Remove redundant checkout steps from test workflows since actions now handle this internally. 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>
diff --git a/.github/workflows/danger-workflow-tests.yml b/.github/workflows/danger-workflow-tests.yml
@@ -15,8 +15,6 @@ jobs:
   test-danger-pr-analysis:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
-
       - name: Run danger action
         id: danger
         uses: ./danger
diff --git a/.github/workflows/workflow-tests.yml b/.github/workflows/workflow-tests.yml
@@ -14,8 +14,6 @@ jobs:
   test-updater-pr-creation:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
-
       - name: Run updater action
         id: updater
         uses: ./updater
@@ -77,8 +75,6 @@ jobs:
   test-updater-no-changes:
     runs-on: macos-latest
     steps:
-      - uses: actions/checkout@v4
-
       - name: Run updater action
         id: updater
         uses: ./updater
diff --git a/danger/action.yml b/danger/action.yml
@@ -2,6 +2,12 @@ name: 'Danger JS'
 description: 'Runs DangerJS with a pre-configured set of rules on a Pull Request'
 author: 'Sentry'
 
+inputs:
+  api-token:
+    description: 'Token for the repo. Can be passed in using {{ secrets.GITHUB_TOKEN }}'
+    required: false
+    default: ${{ github.token }}
+
 outputs:
   outcome:
     description: 'Whether the Danger run finished successfully. Possible values are success, failure, cancelled, or skipped.'
@@ -13,6 +19,7 @@ runs:
     - name: Checkout repository
       uses: actions/checkout@v4
       with:
+        token: ${{ inputs.api-token }}
         fetch-depth: 0
 
     # Using a pre-built docker image in GitHub container registry instead of NPM to reduce possible attack vectors.
diff --git a/updater/action.yml b/updater/action.yml
@@ -49,6 +49,11 @@ outputs:
 runs:
   using: 'composite'
   steps:
+    - name: Checkout repository
+      uses: actions/checkout@v4
+      with:
+        token: ${{ inputs.api-token }}
+
     - name: Cancel Previous Runs
       uses: styfle/cancel-workflow-action@85880fa0301c86cca9da44039ee3bb12d3bedbfa # Tag: 0.12.1
       with:
@@ -260,4 +265,4 @@ runs:
 
           Auto-generated by a [dependency updater](https://github.com/getsentry/github-workflows/blob/main/updater/action.yml).
           ${{ env.TARGET_CHANGELOG }}
-        labels: dependencies
+        labels: dependencies
