Don't publish by default on github builds

• Version: 22.9.1

When setting up a new github actions build, it attempts to publish the result automatically to github by default. I only noticed this because I received an unexpected error at the end of my build:

  ⨯ GitHub Personal Access Token is not set, neither programmatically, nor using env "GH_TOKEN"

This was a normal branch build, not tagged or anything, which I’d never normally want to publish.

This behaviour is pretty surprising, and in many cases it’s a serious security risk if you don’t expect it when there’s github token in the environment for some other reason. Build output even in open source repos could easily contain secrets, especially when you’re first setting up a new build - it would be easy for this to accidentally publish your code signing keys, for example.

Also, this surprising behaviour isn’t documented - there’s no default value for publish listed on the config value or CLI arguments.

There’s been quite a few issues discussing this in the past, all now closed due to inactivity, e.g. https://github.com/electron-userland/electron-builder/issues/4546 and https://github.com/electron-userland/electron-builder/issues/1693. I think it’s pretty clear that this is causing confusion.

Are you be open to disabling this? I think it’s just a matter of making null the default value for publish config (that’s the current workaround for this behaviour). I’d be happy to put a PR together for this, if you’re open to that.

In general, I’d personally prefer to have electron-builder publish as a separate action, so I can build that into my CI workflow in more complex ways (e.g. testing a built distributable before it’s published) but that’s a separate question, and being able to opt-in with --publish is fine for now.