From 829117bd2eb5f175e2da1de358aec89c40a29c35 Mon Sep 17 00:00:00 2001
From: Tiago Pascoal <tspascoal@github.com>
Date: Wed, 21 Jun 2023 11:03:46 +0100
Subject: [PATCH] Use repository owner for scope by default

If scope parameter wasn't passed it used empty by default.

This means a token would be returned for the first installation id on the list.

If the app had a single install this would work fine, otherwise the user will get a token scope to an owner that he didn't meant to
---
 README.md  | 1 +
 action.yml | 2 +-
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/README.md b/README.md
index e7203fa..18e8f20 100644
--- a/README.md
+++ b/README.md
@@ -26,6 +26,7 @@ You will need to provide the GitHub App ID and private key. The action will then
     with:
       app_id: ${{ secrets.APP_ID }}
       private_key: ${{ secrets.APP_PRIVATE_KEY }}
+      # scope: '' # The scope for the returned token. the owner of the repo (org or account) uses current repository owner by default
 
   - name: Checkout private repo
     uses: actions/checkout@v2
diff --git a/action.yml b/action.yml
index 5d1c149..bb2834e 100644
--- a/action.yml
+++ b/action.yml
@@ -11,7 +11,7 @@ inputs:
   scope:
     required: false
     description: 'Scope of installation account'
-    default: ''
+    default: '${{ github.repository_owner }}'
 outputs:
   token:
     description: 'Github Token for App installation'