33

When configuring workflows for GitHub Actions there exists the option to pass a GitHub token to authenticate towards GitHub in the workflow.

I have seen both of the following ways to get said token:

github.token
secrets.github_token

Is there any functional difference between the two? Or are these simply two ways to get the same token?

Improve this question
1

3 Answers 3

Reset to default
36

Both are equivalent.

  • github.token is the syntax from the Github context, which contains information about the workflow run and the event that triggered the run (source).

  • secrets.github_token is the syntax referring to the GITHUB_TOKEN secret that GitHub automatically creates to use in your workflow. You can use the GITHUB_TOKEN to authenticate in a workflow run (source).

Note that these tokens have specific permissions, and that depending on what you want to do, you may need to create a Personal Access Token (PAT) and add it as a secret (ex: ACCESS_TOKEN) to use in your workflow.

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

A quick note: the github context and the secrets context aren't always available at the same time, so one might need to use one over the other.
One more note about "aren't always available at the same time" as @wheeler mentioned. One case is that secrets is available in workflows but not in actions by default. As the official doc says, "To make a secret available to an action, you must set the secret as an input or environment variable in the workflow file.". Or if you don't need any PAT, just use gitHub.token in actions when needed.
11

Apparently they are the same:

github.token string A token to authenticate on behalf of the GitHub App installed on your repository. This is functionally equivalent to the GITHUB_TOKEN secret. For more information, see "Automatic token authentication."

Source: https://docs.github.com/en/actions/learn-github-actions/contexts#github-context

Improve this answer

Comments

7

The difference between github.token and secrets.github_token is that github.token can be used as a default input for action:

name: Example action
inputs:
  token:
    description: GitHub token
    default: ${{ github.token }}

So that you don't need to declare the token like this:

steps:
  - name: Example action
    uses: actions/example@v1
    with:
      token: ${{ github.token }} # You can remove this and it will still work

While secrets.github_token cannot be used as a default input for action:

name: Example action
inputs:
  token:
    description: GitHub token
    default: ${{ secrets.github_token }} # This will not work
Improve this answer

1 Comment

This!!! Thanks Mouse! took me hours to fix. I wish documented, I wonder why...

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.