docs: Expand the GITHUB_TOKEN section (#968)

* docs: Expand the GITHUB_TOKEN section

* docs: Add a note on leaking GITHUB_TOKEN through shell history

Co-authored-by: mergify[bot] <37929162+mergify[bot]@users.noreply.github.com>
This commit is contained in:
Gissur Þórhallsson 2022-01-31 21:19:22 +00:00 committed by GitHub
parent 4f8da0a51c
commit b1f5963c86
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23

View file

@ -202,7 +202,17 @@ It will save that information to `~/.actrc`, please refer to [Configuration](#co
-W, --workflows string path to workflow file(s) (default "./.github/workflows/") -W, --workflows string path to workflow file(s) (default "./.github/workflows/")
``` ```
In case you want to pass a value for `${{ github.token }}`, you should pass `GITHUB_TOKEN` as secret: `act -s GITHUB_TOKEN=[insert token or leave blank for secure input]`. ## `GITHUB_TOKEN`
Github [automatically provides](https://docs.github.com/en/actions/security-guides/automatic-token-authentication#about-the-github_token-secret) a `GITHUB_TOKEN` secret when running workflows inside Github.
If your workflow depends on this token, you need to create a [personal access token](https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/creating-a-personal-access-token) and pass it to `act` as a secret:
```bash
act -s GITHUB_TOKEN=[insert token or leave blank for secure input]
```
**WARNING**: `GITHUB_TOKEN` will be logged in shell history if not inserted through secure input or (depending on your shell config) the command is prefixed with a whitespace.
# Known Issues # Known Issues