📝 Edit page
➕ Add page
GitHub Token
A guide to using the secure auto-generated
GITHUB_TOKEN
token in workflows
About
- Generated automatically - GitHub creates this for you on an action run.
- You can use it in actions only - not for API requests.
- Read it in an action:
${{ secrets.GITHUB_TOKEN }}
- Docs
- Authenticating with the GitHub Token
-
GitHub automatically creates a
GITHUB_TOKEN
secret to use in your workflow. You can use the GITHUB_TOKEN to authenticate in a workflow run. - Includes use in REST API request (such as for Jekyll build), which not straightforward to set up from what I read before.
- See the Permissions section.
-
- Authenticating with the GitHub Token
Set access
By default, the token as read and write access but you can restrict this to read-only.
Go to the Settings section of your repo and then Actions.
Select one of:
- Read and write permissions
- Read repository contents permission
Use in workflow
The token will be available on each workflow run.
Use env
to set as environment variable.
e.g.
steps:
# ...
- name: Deploy
run: # ...
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
Or with
to set as an argument to an Action.
e.g.
steps:
# ...
- name: Deploy to GitHub Pages 🚀
uses: peaceiris/actions-gh-pages@v3
with:
github_token: ${{ secrets.GITHUB_TOKEN }}
publish_dir: public