Use GitHub token in install.sh if available (#2676)

README.md

@@ -392,6 +392,10 @@ to determine the latest version of `just` to install, and those API calls are
 rate-limited on a per-IP basis. To make `install.sh` more reliable in such
 circumstances, pass a specific tag to install with `--tag`.
 
+Another way to avoid rate-limiting is to pass a GitHub authentication token to
+`install.sh` as an environment variable named `GITHUB_TOKEN`, allowing it to
+authenticate its requests.
+
 [Releases](https://github.com/casey/just/releases) include a `SHA256SUM` file
 which can be used to verify the integrity of pre-built binary archives.
 

www/install.sh

@@ -1,11 +1,7 @@
-#!/usr/bin/env sh
+#!/usr/bin/env bash
 
 set -eu
 
-if [ -n "${GITHUB_ACTIONS-}" ]; then
-  set -x
-fi
-
 # Check pipefail support in a subshell, ignore if unsupported
 # shellcheck disable=SC3040
 (set -o pipefail 2> /dev/null) && set -o pipefail
@@ -55,10 +51,15 @@ download() {
   url="$1"
   output="$2"
 
+  args=()
+  if [ -n "${GITHUB_TOKEN+x}" ]; then
+    args+=(--header "Authorization: Bearer $GITHUB_TOKEN")
+  fi
+
   if command -v curl > /dev/null; then
-    curl --proto =https --tlsv1.2 -sSfL "$url" "-o$output"
+    curl --proto =https --tlsv1.2 -sSfL ${args[@]+"${args[@]}"} "$url" -o"$output"
   else
-    wget --https-only --secure-protocol=TLSv1_2 --quiet "$url" "-O$output"
+    wget --https-only --secure-protocol=TLSv1_2 --quiet ${args[@]+"${args[@]}"} "$url" -O"$output"
   fi
 }