docs: Expand the GITHUB_TOKEN section (#968)
* docs: Expand the GITHUB_TOKEN section * docs: Add a note on leaking GITHUB_TOKEN through shell history Co-authored-by: mergify[bot] <37929162+mergify[bot]@users.noreply.github.com>
This commit is contained in:
parent
4f8da0a51c
commit
b1f5963c86
1 changed files with 11 additions and 1 deletions
12
README.md
12
README.md
|
@ -202,7 +202,17 @@ It will save that information to `~/.actrc`, please refer to [Configuration](#co
|
||||||
-W, --workflows string path to workflow file(s) (default "./.github/workflows/")
|
-W, --workflows string path to workflow file(s) (default "./.github/workflows/")
|
||||||
```
|
```
|
||||||
|
|
||||||
In case you want to pass a value for `${{ github.token }}`, you should pass `GITHUB_TOKEN` as secret: `act -s GITHUB_TOKEN=[insert token or leave blank for secure input]`.
|
## `GITHUB_TOKEN`
|
||||||
|
|
||||||
|
Github [automatically provides](https://docs.github.com/en/actions/security-guides/automatic-token-authentication#about-the-github_token-secret) a `GITHUB_TOKEN` secret when running workflows inside Github.
|
||||||
|
|
||||||
|
If your workflow depends on this token, you need to create a [personal access token](https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/creating-a-personal-access-token) and pass it to `act` as a secret:
|
||||||
|
|
||||||
|
```bash
|
||||||
|
act -s GITHUB_TOKEN=[insert token or leave blank for secure input]
|
||||||
|
```
|
||||||
|
|
||||||
|
**WARNING**: `GITHUB_TOKEN` will be logged in shell history if not inserted through secure input or (depending on your shell config) the command is prefixed with a whitespace.
|
||||||
|
|
||||||
# Known Issues
|
# Known Issues
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue