labeler icon indicating copy to clipboard operation
labeler copied to clipboard
verified publisher icon actions

API Token

Open GregTheGreek opened this issue 6 years ago • 2 comments

What permissions should be supplied to the api token? Very vague in the readme.

GregTheGreek avatar Sep 12 '19 00:09 GregTheGreek

Hi Greg - I'm not sure that I understand your question. You should be literally using ${{ secrets.GITHUB_TOKEN }}, which is the expansion syntax to use the GITHUB_TOKEN secret which is populated for you. There's no need to create an additional token.

Note, however that the GITHUB_TOKEN has read-only privileges on a fork, so you'll run into issue #12 if you are accepting pull requests from forks.

ethomson avatar Oct 15 '19 11:10 ethomson

@ethomson Why do users need to pass the GITHUB_TOKEN to the action, don't actions already have access to the token?

At least this was my understanding after reading the "important" section:

https://docs.github.com/en/actions/reference/authentication-in-a-workflow#using-the-github_token-in-a-workflow

An action can access the GITHUB_TOKEN through the github.token context even if the workflow does not explicitly pass the GITHUB_TOKEN to the action.

mfridman avatar Jul 22 '21 19:07 mfridman

Hello everyone! The required permissions are specified in the README file. I’m closing the issue. Please let us know if you have any concerns.

MaksimZhukov avatar Dec 12 '22 06:12 MaksimZhukov