Is there any limitation when using `GITHUB_TOKEN` from GitHub Actions secrets

Question

Is there any limitation when using `GITHUB_TOKEN` from GitHub Actions secrets

Closed this issue 2 months ago · 5 comments

We use this plugin to deploy GH pages, providing credentials like:

# https://ajoberstar.org/grgit/main/grgit-authentication.html#_environment_variables
GRGIT_USER: ${{ secrets.GITHUB_TOKEN }}

but there is an auth issue:

Execution failed for task ':gitPublishPush'.
You can use '--warning-mode all' to show the individual deprecation warnings and determine if they come from your own scripts or plugins.
> org.eclipse.jgit.api.errors.TransportException: https://github.com/GradleUp/shadow.git: not authorized

Everything worked well when I ran this task again on my local device with my personal token.

Is there anything I am missing?

See more details at:

Answer 1 · 2024-08-12T20:24:28.000Z

I'm not aware of any limitations using the Actions GITHUB_TOKEN outside of assigning permissions on the job (which I see you're already doing). Those GITHUB_TOKENs are equivalent to fine-grained tokens, so you may be able to do some testing on your local device with one of those and play around with settings.

I would have suspected that contents: write would be enough. The other one that stands out as potentially needed is pages: write.

Answer 2 · 2024-08-13T01:14:21.000Z

Thanks for your response!

I tried, in my case, we must declare GRGIT_USER and GRGIT_PASS, see

Answer 3 · 2024-08-13T02:59:16.000Z

Interesting, thanks for sharing the fix!

Answer 4 · 2024-08-13T03:24:15.000Z

Let me guess the reason, when using a token for GRGIT_USER we must ensure there is a Git user configured on the device, but it's not configured on GHA by default.

Answer 5 · 2024-08-13T22:11:00.000Z

I'm guessing that fine grained tokens like the GITHUB_TOKEN must be used as a password. I think I've seen x-github-token used in some other places. But maybe the user value is ignored by GitHub in this case.