我们经常发布文档更新,此页面的翻译可能仍在进行中。有关最新信息,请访问英文文档。如果此页面上的翻译有问题,请告诉我们

Authenticating with the GITHUB_TOKEN

GitHub provides a token that you can use to authenticate on behalf of GitHub 操作.

GitHub 操作 is available with GitHub Free, GitHub Pro, GitHub Team, and GitHub Enterprise Cloud. GitHub 操作 is unavailable for per-repository plans, which are legacy billing plans. For more information, see "GitHub's products."

Anyone with write access to a repository can create, read, and use secrets.

本文内容

About the GITHUB_TOKEN secret

GitHub 会自动创建 GITHUB_TOKEN 密码以在工作流程中使用。 You can use the GITHUB_TOKEN to authenticate in a workflow run.

When you enable GitHub 操作, GitHub installs a GitHub 应用程序 on your repository. The GITHUB_TOKEN secret is a GitHub 应用程序 installation access token. You can use the installation access token to authenticate on behalf of the GitHub 应用程序 installed on your repository. 令牌的权限仅限于包含您的工作流程的仓库。 For more information, see "Permissions for the GITHUB_TOKEN."

The installation access token expires after 60 minutes. GitHub fetches a token for each job, before the job begins.

Note: When a workflow run or its jobs are queued for more than one hour, the token may expire before the job starts.

Using the GITHUB_TOKEN in a workflow

To use the GITHUB_TOKEN secret, you must reference it in your workflow file. 使用令牌可能包括将令牌作为输入传递给需要该令牌的操作,或进行经过身份验证的 GitHub API 调用。

Example passing GITHUB_TOKEN as an input

This example workflow uses the labeler action, which requires the GITHUB_TOKEN as the value for the repo-token input parameter:

name: Pull request labeler
on:
- pull_request
jobs:
  triage:
    runs-on: ubuntu-latest
    steps:
    - uses: actions/labeler@v2
      with:
        repo-token: ${{ secrets.GITHUB_TOKEN }}

Example calling the REST API

You can use the GITHUB_TOKEN to make authenticated API calls. This example workflow creates an issue using the GitHub REST API:

name: Create issue on commit
on:
- push
jobs:
  create_commit:
    runs-on: ubuntu-latest
    steps:
    - name: Create issue using REST API
      run: |
        curl --request POST \
        --url https://api.github.com/repos/${{ github.repository }}/issues \
        --header 'authorization: Bearer ${{ secrets.GITHUB_TOKEN }}' \
        --header 'content-type: application/json' \
        --data '{
          "title": "Automated issue for commit: ${{ github.sha }}",
          "body": "This issue was automatically created by the GitHub Action workflow **${{ github.workflow }}**. \n\n The commit hash was: _${{ github.sha }}_."
          }'

Permissions for the GITHUB_TOKEN

有关 GitHub 应用程序 可通过各种权限访问的 API 端点的信息,请参阅 GitHub 开发者文档 中的“GitHub 应用程序 权限”。

权限 访问类型 通过复刻的仓库访问
检查 读/写 读取
内容 读/写 读取
部署 读/写 读取
议题 读/写 读取
元数据 读取 读取
读/写 读取
拉取请求 读/写 读取
仓库项目 读/写 读取
状态 读/写 读取

如果您需要的令牌需要 GITHUB_TOKEN 中未提供的权限,您可以创建个人访问令牌并将其设置为仓库中的密码:

  1. 使用或创建具有该仓库适当权限的令牌。 更多信息请参阅“创建命令行的个人访问令牌”。
  2. 添加令牌作为工作流程仓库中的密码,然后使用 ${{ secrets.SECRET_NAME }} 语法进行引用。 For more information, see "Creating and using encrypted secrets."

问问别人

找不到要找的内容?

联系我们