Secrets in a github repo shouldn't start with GITHUB_

Question

Secrets in a github repo shouldn't start with GITHUB_

AlyaGomaa opened this issue 2 years ago · 3 comments

i guess GITHUB_TOKEN in README.md should be changed

Answer 1 · 2023-01-28T00:15:59.000Z

GitHub provides a token that you can use to authenticate on behalf of GitHub Actions. At the start of each workflow run, GitHub automatically creates a unique GITHUB_TOKEN secret to use in your workflow. You can use the GITHUB_TOKEN to authenticate in a workflow run.

You can use the GITHUB_TOKEN by using the standard syntax for referencing secrets: ${{ secrets.GITHUB_TOKEN }}. Examples of using the GITHUB_TOKEN include passing the token as an input to an action, or using it to make an authenticated GitHub API request.

Usage example:

name: Pull request labeler
on: [ pull_request ]

jobs:
  triage:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/labeler@v4
        with:
          repo-token: ${{ secrets.GITHUB_TOKEN }}

You can find more information here: https://docs.github.com/en/actions/security-guides/automatic-token-authentication

Answer 2 · 2023-06-28T11:19:38.000Z

oh ok,
reading this in the readme gave me the impression that all secrets can start with GITHUB_ which is not true I guess?
thank you!

Answer 3 · 2023-06-29T23:58:46.000Z

Yepp this is the only exception.