🚸 use GitHub token by default (#61)

This PR adjusts the action so that it is no longer necessary to
explicitly specify the GitHub token to circumvent the API rate limit.
To this end, it simply passes the repository's GitHub token (available
via `${{ github.token }}`) as a default for the `github_token` action
input.

This is similar to how this is handled in, e.g.,
https://github.com/peter-evans/create-pull-request; specifically
[here](https://github.com/peter-evans/create-pull-request/blob/5354f85616108575685a73a0ddd2f67c26a441c3/action.yml#L4-L6).

.github/workflows/test-windows.yml

@@ -23,7 +23,5 @@ jobs:
           }
       - name: Setup uv
         uses: ./
-        with:
-          github-token: ${{ secrets.GITHUB_TOKEN }}
       - run: uv sync
         working-directory: __tests__\fixtures\uv-project

.github/workflows/test.yml

@@ -30,8 +30,6 @@ jobs:
       - uses: actions/checkout@v4
       - name: Install default version
         uses: ./
-        with:
-          github-token: ${{ secrets.GITHUB_TOKEN }}
       - run: uv sync
         working-directory: __tests__/fixtures/uv-project
   test-specific-version:
@@ -46,7 +44,6 @@ jobs:
         uses: ./
         with:
           version: ${{ matrix.uv-version }}
-          github-token: ${{ secrets.GITHUB_TOKEN }}
       - run: uv sync
         working-directory: __tests__/fixtures/uv-project
   test-checksum:
@@ -69,13 +66,14 @@ jobs:
         with:
           version: "0.3.2"
           checksum: ${{ matrix.checksum }}
-          github-token: ${{ secrets.GITHUB_TOKEN }}
-  test-without-github-token:
+  test-with-explicit-token:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v4
       - name: Install default version
         uses: ./
+        with:
+          github-token: ${{ secrets.GITHUB_TOKEN }}
       - run: uv sync
         working-directory: __tests__/fixtures/uv-project
   test-uvx:

README.md

@@ -17,7 +17,7 @@ Set up your GitHub Actions workflow with a specific version of [uv](https://docs
   - [Enable Caching](#enable-caching)
     - [Local cache path](#local-cache-path)
     - [Cache dependency glob](#cache-dependency-glob)
-  - [API rate limit](#api-rate-limit)
+  - [GitHub authentication token](#github-authentication-token)
 - [How it works](#how-it-works)
 - [FAQ](#faq)
 
@@ -127,24 +127,29 @@ changes. The glob matches files relative to the repository root.
 
 ```yaml
 - name: Define a list of cache dependency globs
-  uses: astral-sh/setup-uv@v1
+  uses: astral-sh/setup-uv@v2
   with:
     enable-cache: true
     cache-dependency-glob: |
       '**requirements*.txt'
       '**pyproject.toml'
 ```
 
-### API rate limit
+### GitHub authentication token
+
+This action uses the GitHub API to fetch the `uv` release artifacts. To avoid hitting the GitHub API
+rate limit too quickly, an authentication token can be provided via the `github-token` input. By
+default, the `GITHUB_TOKEN` secret is used, which is automatically provided by GitHub Actions.
 
-To avoid hitting the `API rate limit exceeded` error, supply a GitHub token via the `github-token`
-input.
+If the default
+[permissions for the GitHub token](https://docs.github.com/en/actions/security-for-github-actions/security-guides/automatic-token-authentication#permissions-for-the-github_token)
+are not sufficient, you can provide a custom GitHub token with the necessary permissions.
 
 ```yaml
-- name: Install uv and supply a GitHub token
+- name: Install the latest version of uv with a custom GitHub token
   uses: astral-sh/setup-uv@v2
   with:
-    github-token: ${{ secrets.GITHUB_TOKEN }}
+    github-token: ${{ secrets.CUSTOM_GITHUB_TOKEN }}
 ```
 
 ## How it works

action.yml

@@ -13,6 +13,7 @@ inputs:
       "Used to increase the rate limit when retrieving versions and downloading
       uv."
     required: false
+    default: ${{ github.token }}
   enable-cache:
     description: "Enable caching of the uv cache"
     default: "false"