Frecuentemente publicamos actualizaciones de nuestra documentación. Es posible que la traducción de esta página esté en curso. Para conocer la información más actual, visita la documentación en inglés. Si existe un problema con las traducciones en esta página, por favor infórmanos.

Authentication in a workflow

GitHub provides a token that you can use to authenticate on behalf of GitHub Actions.

GitHub Actions se encuentra disponible con GitHub Free, GitHub Pro, GitHub Free para organizaciones, GitHub Team, GitHub Enterprise Cloud, y GitHub One. GitHub Actions no se encuentra disponible para repositorios privados que pertenezcan a cuentas que utilicen planes tradicionales por repositorio. Para obtener más información, consulta la sección "Productos de GitHub".

En este artículo

¿Te ayudó este documento?

Help us make these docs great!

All GitHub docs are open source. See something that's wrong or unclear? Submit a pull request.

Make a contribution

O, learn how to contribute.

Anyone with write access to a repository can create, read, and use secrets.

About the GITHUB_TOKEN secret

GitHub automatically creates a GITHUB_TOKEN secret to use in your workflow. You can use the GITHUB_TOKEN to authenticate in a workflow run.

When you enable GitHub Actions, GitHub installs a App GitHub on your repository. The GITHUB_TOKEN secret is a App GitHub installation access token. You can use the installation access token to authenticate on behalf of the App GitHub installed on your repository. The token's permissions are limited to the repository that contains your workflow. For more information, see "Permissions for the GITHUB_TOKEN."

Before each job begins, GitHub fetches an installation access token for the job. The token expires when the job is finished.

The token is also available in the github.token context. For more information, see "Context and expression syntax for GitHub Actions."

Using the GITHUB_TOKEN in a workflow

To use the GITHUB_TOKEN secret, you must reference it in your workflow file. Using a token might include passing the token as an input to an action that requires it, or making authenticated GitHub API calls.

Cuando utilizas el GITHUB_TOKEN del repositorio para realizar tareas por parte de la app de GitHub Actions, los eventos que GITHUB_TOKEN desencadena no crearán una ejecución de flujo de trabajo. Esto impide que crees ejecuciones de flujo de trabajo recursivas por accidente. Por ejemplo, si un flujo de trabajo sube código utilizando el GITHUB_TOKEN del repositorio, no se ejecutará un nuevo flujo de trabajo aún si el repositorio contiene alguno configurado para ejecutarse cuando ocurran eventos de subida de información.

Example passing GITHUB_TOKEN as an input

This example workflow uses the labeler action, which requires the GITHUB_TOKEN as the value for the repo-token input parameter:

name: Pull request labeler
on:
- pull_request
jobs:
  triage:
    runs-on: ubuntu-latest
    steps:
    - uses: actions/labeler@v2
      with:
        repo-token: ${{ secrets.GITHUB_TOKEN }}

Example calling the REST API

You can use the GITHUB_TOKEN to make authenticated API calls. This example workflow creates an issue using the GitHub REST API:

name: Create issue on commit
on:
- push
jobs:
  create_commit:
    runs-on: ubuntu-latest
    steps:
    - name: Create issue using REST API
      run: |
        curl --request POST \
        --url https://api.github.com/repos/${{ github.repository }}/issues \
        --header 'authorization: Bearer ${{ secrets.GITHUB_TOKEN }}' \
        --header 'content-type: application/json' \
        --data '{
          "title": "Automated issue for commit: ${{ github.sha }}",
          "body": "This issue was automatically created by the GitHub Action workflow **${{ github.workflow }}**. \n\n The commit hash was: _${{ github.sha }}_."
          }'

Permissions for the GITHUB_TOKEN

For information about the API endpoints GitHub Apps can access with each permission, see "App GitHub Permissions."

PermissionAccess typeAccess by forked repos
actionsread/writeread
checksread/writeread
contentsread/writeread
deploymentsread/writeread
issuesread/writeread
metadatareadread
packagesread/writeread
pull requestsread/writeread
repository projectsread/writeread
statusesread/writeread

If you need a token that requires permissions that aren't available in the GITHUB_TOKEN, you can create a personal access token and set it as a secret in your repository:

  1. Use or create a token with the appropriate permissions for that repository. For more information, see "Creating a personal access token."
  2. Add the token as a secret in your workflow's repository, and refer to it using the ${{ secrets.SECRET_NAME }} syntax. For more information, see "Creating and using encrypted secrets."

¿Te ayudó este documento?

Help us make these docs great!

All GitHub docs are open source. See something that's wrong or unclear? Submit a pull request.

Make a contribution

O, learn how to contribute.