Adds the token to Action, adds required detector

action.yml

@@ -1,6 +1,10 @@
 name: 'Example Dependency Submission Action'
 description: 'Example action using the dependency-submission-toolkit and npm'
 inputs:
+  token:
+    description: "GitHub Personal Access Token (PAT). Defaults to PAT provided by Action runner"
+    required: false
+    default: ${{ github.token }}
   npm-package-directory:
     description: 'NPM package directory (directory with package.json)'
     required: true

example/action-dist/index.js

@@ -9982,7 +9982,11 @@ function main() {
         }
         const npmPackage = JSON.parse(prodPackages.stdout);
         const buildTarget = createBuildTarget(npmPackage);
-        const snapshot = new dependency_submission_toolkit_1.Snapshot();
+        const snapshot = new dependency_submission_toolkit_1.Snapshot({
+            name: 'example NPM detector',
+            url: 'https://github.com/github/dependency-submission-toolkit/tree/main/example',
+            version: '0.0.1'
+        });
         snapshot.addManifest(buildTarget);
         (0, dependency_submission_toolkit_1.submitSnapshot)(snapshot);
     });
@@ -10309,6 +10313,7 @@ const packageurl_js_1 = __nccwpck_require__(9727);
 /**
  * Package is module that can be depended upon in manifest or build target. A
  * package is what you would download from a registry like NPM.
+ * We consider all packages that are defined in the [Package URL spec](https://github.com/package-url/purl-spec/blob/1eae1e95d81fddf8ae7f06b4dfc7b5b5be0cc3e2/PURL-TYPES.rst) as being valid package types.
  */
 class Package {
     /**
@@ -10445,14 +10450,14 @@ class Snapshot {
     /**
      * All construor parameters of a Snapshot are optional, but can be specified for specific overrides
      *
+     * @param {Detector} detector
      * @param {Context} context
      * @param {Job} job
-     * @param {Detector} detector
      * @param {Metadata} metadata
      * @param {Date} date
      * @param {number} version
      */
-    constructor(context = github.context, job, detector, metadata, date = new Date(), version = 0) {
+    constructor(detector, context = github.context, job, metadata, date = new Date(), version = 0) {
         this.detector = detector;
         this.metadata = metadata;
         this.version = version;
@@ -10492,7 +10497,7 @@ function submitSnapshot(snapshot, context = github.context) {
         core.notice('Submitting snapshot...');
         core.notice(snapshot.prettyJSON());
         const repo = context.repo;
-        const githubToken = core.getInput('token');
+        const githubToken = core.getInput('token') || core.getIDToken;
         const octokit = new rest_1.Octokit({
             auth: githubToken
         });

example/npm-detector.ts

@@ -117,7 +117,11 @@ export async function main() {
   }
   const npmPackage = JSON.parse(prodPackages.stdout) as NpmPackage
   const buildTarget = createBuildTarget(npmPackage)
-  const snapshot = new Snapshot()
+  const snapshot = new Snapshot({
+    name: 'example NPM detector',
+    url: 'https://github.com/github/dependency-submission-toolkit/tree/main/example',
+    version: '0.0.1'
+  })
   snapshot.addManifest(buildTarget)
   submitSnapshot(snapshot)
 }

package.json

@@ -15,7 +15,7 @@
     "package": "ncc build --source-map --license licenses.txt",
     "test": "jest src",
     "test:watch": "jest --watch src",
-    "all": "npm run test && npm run format && npm run lint && npm run build && npm run package && npm run all:example",
+    "all": "npm run build && npm run format && npm run lint && npm run test && npm run package && npm run all:example",
     "all:example": "npm -w example run all"
   },
   "repository": {

src/snapshot.test.ts

@@ -31,13 +31,13 @@ context.ref = 'foo/bar/baz'
 describe('Snapshot', () => {
   it('renders expected JSON', () => {
     const snapshot = new Snapshot(
-      context,
-      { id: 42, correlator: 'test' },
       {
         name: 'test detector',
         url: 'https://github.com/github/dependency-submission-toolkit',
         version: '0.0.1'
       },
+      context,
+      { id: 42, correlator: 'test' },
       new Metadata().set('hello', 'snapshot'),
       new Date('2022-06-04T05:07:06.457Z')
     )

src/snapshot.ts

@@ -84,7 +84,7 @@ export class Snapshot {
   /**
    * @type {Detector}
    */
-  detector?: Detector
+  detector: Detector
   /**
    * @type {Metadata}
    */
@@ -93,17 +93,17 @@ export class Snapshot {
   /**
    * All construor parameters of a Snapshot are optional, but can be specified for specific overrides
    *
+   * @param {Detector} detector
    * @param {Context} context
    * @param {Job} job
-   * @param {Detector} detector
    * @param {Metadata} metadata
    * @param {Date} date
    * @param {number} version
    */
   constructor(
+    detector: Detector,
     context: Context = github.context,
     job?: Job,
-    detector?: Detector,
     metadata?: Metadata,
     date: Date = new Date(),
     version: number = 0
@@ -152,7 +152,7 @@ export async function submitSnapshot(
   core.notice(snapshot.prettyJSON())
 
   const repo = context.repo
-  const githubToken = core.getInput('token')
+  const githubToken = core.getInput('token') || core.getIDToken
   const octokit = new Octokit({
     auth: githubToken
   })