[BUG]: SCOOP_GH_TOKEN does not get respected

[CEbbinghaus]

Prerequisites

• [X] I have written a descriptive issue title.
• [X] I have searched all issues/PRs to ensure it has not already been reported or fixed.
• [X] I have verified that I am using the latest version of Scoop and corresponding bucket.

Package Name

none

Expected/Current Behaviour

Expected behaviour is that checkver.ps1 uses the SCOOP_GH_TOKEN env variable to fetch remote packages that require authentication to get to

Steps to Reproduce

* Create Scoop bucket with Autoupdate
* Add package manifest for private repository
* Add Auto update actions workflow 
* Add SCOOP_GH_TOKEN to secrets and set it as Environment variable
* Run Workflow

Possible Solution

Maybe the checkver.ps1 script doesn't properly work with CI environment variables?

Scoop and Buckets Version

Current Scoop version:
v0.2.4 - Released at 2022-08-08

### Scoop Config

```console
No config as this is a CI job

PowerShell Version

pwsh so Probably Powershell core 7

Additional Softwares

No response

[niheaven]

Use GITHUB_TOKEN that mentioned in README.

https://github.com/ScoopInstaller/GithubActions#available-environment-variables

[CEbbinghaus]

Wrong token... the GITHUB_TOKEN is for the local repository but this is getting releases from other repositories. GITHUB_TOKEN is specified too its just that the SCOOP_GH_TOKEN isn't being respected.

on:
  workflow_dispatch:
  schedule:
  - cron: '0 0 * * *'

name: Updater
jobs:
  update:
    name: Auto Update
    runs-on: windows-latest
    steps:
    - uses: actions/checkout@main
    - name: Update Packages
      uses: ScoopInstaller/GithubActions@main
      env:
        SCOOP_GH_TOKEN: ${{ secrets.PAT_TOKEN }}
        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        SKIP_UPDATED: '1'
        THROW_ERROR: '0'

here is the workflow file for reference

[niheaven]

https://github.com/ScoopInstaller/Scoop/blob/4a31bd330244f7f89f16208cdddda3f9edac2d65/bin/checkver.ps1#L136-L149

https://github.com/ScoopInstaller/Scoop/blob/4a31bd330244f7f89f16208cdddda3f9edac2d65/bin/checkver.ps1#L178-L183

checkver supports GITHUB_TOKEN, and could you give a wrong CI workflow URL?

[CEbbinghaus]

Not public sorry so I cannot send a link to the wrong CI workflow. But in the logs it says:

Your branch is up to date with 'origin/main'.
Package1: The remote server returned an error: (404) Not Found.
URL https://api.github.com/repos/Org/Package1/releases/latest is not valid
Package2: The remote server returned an error: (404) Not Found.
URL https://api.github.com/repos/Org/Package2/releases/latest is not valid

(note the url's are only representative)

Also note that the token only has access to a single repository but this is a bucket that has to update based on other private repositories.

Since the App has access to a single repo, the token's permissions are limited to the repository that contains your workflow [^1]

Neither of the links prove that checkver supports GITHUB_TOKEN. in Checkver.ps1#182 It uses $GitHubToken which comes from the Get-GitHubToken function defined in lib/core.ps1#1088-1090 which clearly uses the $env:SCOOP_GH_TOKEN that I am using

[^1]: The GITHUB_TOKEN in GitHub Actions

[niheaven]

Convertion is here:

https://github.com/ScoopInstaller/GithubActions/blob/bb7b1030a83bc3496b96f3513520747850d3e21f/src/Action/Scheduled.psm1#L26

This action assigns GITHUB_TOKEN to SCOOP_GH_TOKEN.

[CEbbinghaus]

Still a problem since now its overriding a token that has access to all repositories with one that has only access to a single repo

[CEbbinghaus]

^ Created PR fixing the problem

[CEbbinghaus]

Closed since #18 was merged