Is there any limitation when using `GITHUB_TOKEN` from GitHub Actions secrets
Goooler opened this issue · 5 comments
We use this plugin to deploy GH pages, providing credentials like:
# https://ajoberstar.org/grgit/main/grgit-authentication.html#_environment_variables
GRGIT_USER: ${{ secrets.GITHUB_TOKEN }}
but there is an auth issue:
Execution failed for task ':gitPublishPush'.
You can use '--warning-mode all' to show the individual deprecation warnings and determine if they come from your own scripts or plugins.
> org.eclipse.jgit.api.errors.TransportException: https://github.com/GradleUp/shadow.git: not authorized
Everything worked well when I ran this task again on my local device with my personal token.
Is there anything I am missing?
See more details at:
- https://github.com/GradleUp/shadow/actions/runs/10296332607/job/28497520608
- https://github.com/GradleUp/shadow/blob/8ffe309dd2327f396d9f969371c554381bb66ba9/.github/workflows/release.yml#L28-L33
- https://github.com/GradleUp/shadow/blob/3b399392a3707bae78f74cb599c8c6534664430d/gradle/ghPages.gradle#L3-L17
I'm not aware of any limitations using the Actions GITHUB_TOKEN
outside of assigning permissions on the job (which I see you're already doing). Those GITHUB_TOKEN
s are equivalent to fine-grained tokens, so you may be able to do some testing on your local device with one of those and play around with settings.
I would have suspected that contents: write
would be enough. The other one that stands out as potentially needed is pages: write
.
Thanks for your response!
I tried, in my case, we must declare GRGIT_USER
and GRGIT_PASS
, see
Interesting, thanks for sharing the fix!
Let me guess the reason, when using a token for GRGIT_USER
we must ensure there is a Git user configured on the device, but it's not configured on GHA by default.
I'm guessing that fine grained tokens like the GITHUB_TOKEN must be used as a password. I think I've seen x-github-token
used in some other places. But maybe the user value is ignored by GitHub in this case.