diff --git a/.github/pull-request-size.yml b/.github/pull-request-size.yml index 4677f27..8b13789 100644 --- a/.github/pull-request-size.yml +++ b/.github/pull-request-size.yml @@ -1,44 +1 @@ -# Configuration for PR Size Labeler -# List of files to exclude from size calculation -# Files matching these patterns will not be considered when calculating PR size -exclude_files: - - "foo.bar" # Example: Exclude 'foo.bar' file - - "*.xyz" - -# Configuration for labeling based on the size of the Pull Request -# Each entry defines a size label, along with thresholds for diff and file count -label_configs: - # Configuration for 'extra small' PRs - - size: xs - diff: 25 # Threshold for the total lines of code changed (additions + deletions) - files: 1 # Threshold for the total number of files changed - labels: ["size/xs"] # Labels to be applied for this size - - # Configuration for 'small' PRs - - size: s - diff: 150 - files: 10 - labels: ["size/s"] - - # Configuration for 'medium' PRs - - size: m - diff: 600 - files: 25 - labels: ["size/m", "pairing-wanted"] - - # Configuration for 'large' PRs - - size: l - diff: 2500 - files: 50 - labels: ["size/l", "pairing-wanted"] - - # Configuration for 'extra large' PRs - - size: xl - diff: 5000 - files: 100 - labels: ["size/xl", "pairing-wanted"] - -# In case you don't want to count deleted lines and files into -# your size labels, you can change this to true: -added_lines_only: false \ No newline at end of file diff --git a/.sizewatcher.yml b/.sizewatcher.yml index e41576f..f2dbb91 100644 --- a/.sizewatcher.yml +++ b/.sizewatcher.yml @@ -1,66 +1,1232 @@ -report: - # to report a github commit status (will block PR if it fails) - # default: false - githubStatus: true - # to report a comment on the github PR - # default: true - githubComment: false - -# global thresholds when to warn or fail a build -# note that one failing or warning comparator is enough to fail or warn -# can be either -# - percentage: "50%" ("-10%" for size decrease) -# - absolute limit, as byte string: "10 MB", "5 KB" -# see https://www.npmjs.com/package/xbytes -# - absolute limit, as byte number: 1000000 -limits: - # when to fail - default: 100% - fail: 50% - # when to warn - default: 30% - warn: 10% - # below the ok limit you will get a cheers for making it notably smaller - # default: -10% - ok: -5% - -# configure individual comparators -# see list below for available comparators - use exact names as yaml keys -# by default all comparators run if they detect their content is present -comparators: - # set a comparator "false" to disable it - git: false - - # customize comparator - node_modules: - # specific limits - # same options as for the "limits" at the root - limits: - fail: 10 MB - warn: 9 MB - ok: 1 MB - - npm_package: - # `dir` is supported for all comparators that support it and - # specifies the relative directory inside the project inside which to run the comparator - dir: "sub/folder" - # can also be an array with multiple directories to check - dir: - - "sub/folder1" - - "folder2" - - # custom comparator (only active if configured) - custom: - - name: my artifact - # path to file or folder whose size should be measured - # path must be relative to repo root - # comparator only runs if that path exists - path: build/artifact - - # there can be multiple custom comparators - # name defaults to the path - # path can include glob patterns - - path: "artifact-*.tgz" - # run some custom build command before measuring - script: npm install - # limits can be configured as well - limits: - fail: 10 MB + +Skip to main content + +This article is also available in Simplified Chinese. + +GitHub Docs + +Home +GitHub Actions +GitHub Actions/Tutorials/ +Use GITHUB_TOKEN for authentication in workflows +Learn how to use the GITHUB_TOKEN to authenticate on behalf of GitHub Actions. + +In this article +This tutorial leads you through how to use the GITHUB_TOKEN for authentication in GitHub Actions workflows, including examples for passing the token to actions, making API requests, and configuring permissions for secure automation. + +For reference information, see Workflow syntax for GitHub Actions. + +Using the GITHUB_TOKEN in a workflow +You can use the GITHUB_TOKEN by using the standard syntax for referencing secrets: ${{ secrets.GITHUB_TOKEN }}. Examples of using the GITHUB_TOKEN include passing the token as an input to an action, or using it to make an authenticated GitHub API request. + +Important + +An action can access the GITHUB_TOKEN through the github.token context even if the workflow does not explicitly pass the GITHUB_TOKEN to the action. As a good security practice, you should always make sure that actions only have the minimum access they require by limiting the permissions granted to the GITHUB_TOKEN. For more information, see Workflow syntax for GitHub Actions. + +Example 1: passing the GITHUB_TOKEN as an input +This example workflow uses the GitHub CLI, which requires the GITHUB_TOKEN as the value for the GH_TOKEN input parameter: + +YAML +name: Open new issue +on: workflow_dispatch + +jobs: + open-issue: + runs-on: ubuntu-latest + permissions: + contents: read + issues: write + steps: + - run: | + gh issue --repo ${{ github.repository }} \ + create --title "Issue title" --body "Issue body" + env: + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} +Example 2: calling the REST API +You can use the GITHUB_TOKEN to make authenticated API calls. This example workflow creates an issue using the GitHub REST API: + +name: Create issue on commit + +on: [ push ] + +jobs: + create_issue: + runs-on: ubuntu-latest + permissions: + issues: write + steps: + - name: Create issue using REST API + run: | + curl --request POST \ + --url https://api.github.com/repos/${{ github.repository }}/issues \ + --header 'authorization: Bearer ${{ secrets.GITHUB_TOKEN }}' \ + --header 'content-type: application/json' \ + --data '{ + "title": "Automated issue for commit: ${{ github.sha }}", + "body": "This issue was automatically created by the GitHub Action workflow **${{ github.workflow }}**. \n\n The commit hash was: _${{ github.sha }}_." + }' \ + --fail +Modifying the permissions for the GITHUB_TOKEN +Use the permissions key in your workflow file to modify permissions for the GITHUB_TOKEN for an entire workflow or for individual jobs. This allows you to configure the minimum required permissions for a workflow or job. As a good security practice, you should grant the GITHUB_TOKEN the least required access. + +To see the list of permissions available for use and their parameterized names, see Managing your personal access tokens. + +The two workflow examples earlier in this article show the permissions key being used at the job level. + +Granting additional permissions +If you need a token that requires permissions that aren't available in the GITHUB_TOKEN, create a GitHub App and generate an installation access token within your workflow. For more information, see Making authenticated API requests with a GitHub App in a GitHub Actions workflow. Alternatively, you can create a personal access token, store it as a secret in your repository, and use the token in your workflow with the ${{ secrets.SECRET_NAME }} syntax. For more information, see Managing your personal access tokens and Using secrets in GitHub Actions. + +Next steps +GITHUB_TOKEN +Workflow syntax for GitHub Actions +Help and support +Did you find what you needed? + +Privacy policy +Help us make these docs great! +All GitHub docs are open source. See something that's wrong or unclear? Submit a pull request. + +Learn how to contribute + +Still need help? +Ask the GitHub community +Contact support +Legal +© 2026 GitHub, Inc. +Terms +Privacy +Status +Pricing +Expert services +Blog + + + +Skip to main content + +This article is also available in Simplified Chinese. + +GitHub Docs + +Home +GitHub Actions +GitHub Actions/Tutorials/ +Use GITHUB_TOKEN for authentication in workflows +Learn how to use the GITHUB_TOKEN to authenticate on behalf of GitHub Actions. + +In this article +This tutorial leads you through how to use the GITHUB_TOKEN for authentication in GitHub Actions workflows, including examples for passing the token to actions, making API requests, and configuring permissions for secure automation. + +For reference information, see Workflow syntax for GitHub Actions. + +Using the GITHUB_TOKEN in a workflow +You can use the GITHUB_TOKEN by using the standard syntax for referencing secrets: ${{ secrets.GITHUB_TOKEN }}. Examples of using the GITHUB_TOKEN include passing the token as an input to an action, or using it to make an authenticated GitHub API request. + +Important + +An action can access the GITHUB_TOKEN through the github.token context even if the workflow does not explicitly pass the GITHUB_TOKEN to the action. As a good security practice, you should always make sure that actions only have the minimum access they require by limiting the permissions granted to the GITHUB_TOKEN. For more information, see Workflow syntax for GitHub Actions. + +Example 1: passing the GITHUB_TOKEN as an input +This example workflow uses the GitHub CLI, which requires the GITHUB_TOKEN as the value for the GH_TOKEN input parameter: + +YAML +name: Open new issue +on: workflow_dispatch + +jobs: + open-issue: + runs-on: ubuntu-latest + permissions: + contents: read + issues: write + steps: + - run: | + gh issue --repo ${{ github.repository }} \ + create --title "Issue title" --body "Issue body" + env: + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} +Example 2: calling the REST API +You can use the GITHUB_TOKEN to make authenticated API calls. This example workflow creates an issue using the GitHub REST API: + +name: Create issue on commit + +on: [ push ] + +jobs: + create_issue: + runs-on: ubuntu-latest + permissions: + issues: write + steps: + - name: Create issue using REST API + run: | + curl --request POST \ + --url https://api.github.com/repos/${{ github.repository }}/issues \ + --header 'authorization: Bearer ${{ secrets.GITHUB_TOKEN }}' \ + --header 'content-type: application/json' \ + --data '{ + "title": "Automated issue for commit: ${{ github.sha }}", + "body": "This issue was automatically created by the GitHub Action workflow **${{ github.workflow }}**. \n\n The commit hash was: _${{ github.sha }}_." + }' \ + --fail +Modifying the permissions for the GITHUB_TOKEN +Use the permissions key in your workflow file to modify permissions for the GITHUB_TOKEN for an entire workflow or for individual jobs. This allows you to configure the minimum required permissions for a workflow or job. As a good security practice, you should grant the GITHUB_TOKEN the least required access. + +To see the list of permissions available for use and their parameterized names, see Managing your personal access tokens. + +The two workflow examples earlier in this article show the permissions key being used at the job level. + +Granting additional permissions +If you need a token that requires permissions that aren't available in the GITHUB_TOKEN, create a GitHub App and generate an installation access token within your workflow. For more information, see Making authenticated API requests with a GitHub App in a GitHub Actions workflow. Alternatively, you can create a personal access token, store it as a secret in your repository, and use the token in your workflow with the ${{ secrets.SECRET_NAME }} syntax. For more information, see Managing your personal access tokens and Using secrets in GitHub Actions. + +Next steps +GITHUB_TOKEN +Workflow syntax for GitHub Actions +Help and support +Did you find what you needed? + +Privacy policy +Help us make these docs great! +All GitHub docs are open source. See something that's wrong or unclear? Submit a pull request. + +Learn how to contribute + +Still need help? +Ask the GitHub community +Contact support +Legal +© 2026 GitHub, Inc. +Terms +Privacy +Status +Pricing +Expert services +Blog + + + +Skip to main content + +This article is also available in Simplified Chinese. + +GitHub Docs + +Home +GitHub Actions +GitHub Actions/Tutorials/ +Use GITHUB_TOKEN for authentication in workflows +Learn how to use the GITHUB_TOKEN to authenticate on behalf of GitHub Actions. + +In this article +This tutorial leads you through how to use the GITHUB_TOKEN for authentication in GitHub Actions workflows, including examples for passing the token to actions, making API requests, and configuring permissions for secure automation. + +For reference information, see Workflow syntax for GitHub Actions. + +Using the GITHUB_TOKEN in a workflow +You can use the GITHUB_TOKEN by using the standard syntax for referencing secrets: ${{ secrets.GITHUB_TOKEN }}. Examples of using the GITHUB_TOKEN include passing the token as an input to an action, or using it to make an authenticated GitHub API request. + +Important + +An action can access the GITHUB_TOKEN through the github.token context even if the workflow does not explicitly pass the GITHUB_TOKEN to the action. As a good security practice, you should always make sure that actions only have the minimum access they require by limiting the permissions granted to the GITHUB_TOKEN. For more information, see Workflow syntax for GitHub Actions. + +Example 1: passing the GITHUB_TOKEN as an input +This example workflow uses the GitHub CLI, which requires the GITHUB_TOKEN as the value for the GH_TOKEN input parameter: + +YAML +name: Open new issue +on: workflow_dispatch + +jobs: + open-issue: + runs-on: ubuntu-latest + permissions: + contents: read + issues: write + steps: + - run: | + gh issue --repo ${{ github.repository }} \ + create --title "Issue title" --body "Issue body" + env: + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} +Example 2: calling the REST API +You can use the GITHUB_TOKEN to make authenticated API calls. This example workflow creates an issue using the GitHub REST API: + +name: Create issue on commit + +on: [ push ] + +jobs: + create_issue: + runs-on: ubuntu-latest + permissions: + issues: write + steps: + - name: Create issue using REST API + run: | + curl --request POST \ + --url https://api.github.com/repos/${{ github.repository }}/issues \ + --header 'authorization: Bearer ${{ secrets.GITHUB_TOKEN }}' \ + --header 'content-type: application/json' \ + --data '{ + "title": "Automated issue for commit: ${{ github.sha }}", + "body": "This issue was automatically created by the GitHub Action workflow **${{ github.workflow }}**. \n\n The commit hash was: _${{ github.sha }}_." + }' \ + --fail +Modifying the permissions for the GITHUB_TOKEN +Use the permissions key in your workflow file to modify permissions for the GITHUB_TOKEN for an entire workflow or for individual jobs. This allows you to configure the minimum required permissions for a workflow or job. As a good security practice, you should grant the GITHUB_TOKEN the least required access. + +To see the list of permissions available for use and their parameterized names, see Managing your personal access tokens. + +The two workflow examples earlier in this article show the permissions key being used at the job level. + +Granting additional permissions +If you need a token that requires permissions that aren't available in the GITHUB_TOKEN, create a GitHub App and generate an installation access token within your workflow. For more information, see Making authenticated API requests with a GitHub App in a GitHub Actions workflow. Alternatively, you can create a personal access token, store it as a secret in your repository, and use the token in your workflow with the ${{ secrets.SECRET_NAME }} syntax. For more information, see Managing your personal access tokens and Using secrets in GitHub Actions. + +Next steps +GITHUB_TOKEN +Workflow syntax for GitHub Actions +Help and support +Did you find what you needed? + +Privacy policy +Help us make these docs great! +All GitHub docs are open source. See something that's wrong or unclear? Submit a pull request. + +Learn how to contribute + +Still need help? +Ask the GitHub community +Contact support +Legal +© 2026 GitHub, Inc. +Terms +Privacy +Status +Pricing +Expert services +Blog + + +Skip to main content + +This article is also available in Simplified Chinese. + +GitHub Docs + +Home +GitHub Actions +GitHub Actions/Tutorials/ +Use GITHUB_TOKEN for authentication in workflows +Learn how to use the GITHUB_TOKEN to authenticate on behalf of GitHub Actions. + +In this article +This tutorial leads you through how to use the GITHUB_TOKEN for authentication in GitHub Actions workflows, including examples for passing the token to actions, making API requests, and configuring permissions for secure automation. + +For reference information, see Workflow syntax for GitHub Actions. + +Using the GITHUB_TOKEN in a workflow +You can use the GITHUB_TOKEN by using the standard syntax for referencing secrets: ${{ secrets.GITHUB_TOKEN }}. Examples of using the GITHUB_TOKEN include passing the token as an input to an action, or using it to make an authenticated GitHub API request. + +Important + +An action can access the GITHUB_TOKEN through the github.token context even if the workflow does not explicitly pass the GITHUB_TOKEN to the action. As a good security practice, you should always make sure that actions only have the minimum access they require by limiting the permissions granted to the GITHUB_TOKEN. For more information, see Workflow syntax for GitHub Actions. + +Example 1: passing the GITHUB_TOKEN as an input +This example workflow uses the GitHub CLI, which requires the GITHUB_TOKEN as the value for the GH_TOKEN input parameter: + +YAML +name: Open new issue +on: workflow_dispatch + +jobs: + open-issue: + runs-on: ubuntu-latest + permissions: + contents: read + issues: write + steps: + - run: | + gh issue --repo ${{ github.repository }} \ + create --title "Issue title" --body "Issue body" + env: + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} +Example 2: calling the REST API +You can use the GITHUB_TOKEN to make authenticated API calls. This example workflow creates an issue using the GitHub REST API: + +name: Create issue on commit + +on: [ push ] + +jobs: + create_issue: + runs-on: ubuntu-latest + permissions: + issues: write + steps: + - name: Create issue using REST API + run: | + curl --request POST \ + --url https://api.github.com/repos/${{ github.repository }}/issues \ + --header 'authorization: Bearer ${{ secrets.GITHUB_TOKEN }}' \ + --header 'content-type: application/json' \ + --data '{ + "title": "Automated issue for commit: ${{ github.sha }}", + "body": "This issue was automatically created by the GitHub Action workflow **${{ github.workflow }}**. \n\n The commit hash was: _${{ github.sha }}_." + }' \ + --fail +Modifying the permissions for the GITHUB_TOKEN +Use the permissions key in your workflow file to modify permissions for the GITHUB_TOKEN for an entire workflow or for individual jobs. This allows you to configure the minimum required permissions for a workflow or job. As a good security practice, you should grant the GITHUB_TOKEN the least required access. + +To see the list of permissions available for use and their parameterized names, see Managing your personal access tokens. + +The two workflow examples earlier in this article show the permissions key being used at the job level. + +Granting additional permissions +If you need a token that requires permissions that aren't available in the GITHUB_TOKEN, create a GitHub App and generate an installation access token within your workflow. For more information, see Making authenticated API requests with a GitHub App in a GitHub Actions workflow. Alternatively, you can create a personal access token, store it as a secret in your repository, and use the token in your workflow with the ${{ secrets.SECRET_NAME }} syntax. For more information, see Managing your personal access tokens and Using secrets in GitHub Actions. + +Next steps +GITHUB_TOKEN +Workflow syntax for GitHub Actions +Help and support +Did you find what you needed? + +Privacy policy +Help us make these docs great! +All GitHub docs are open source. See something that's wrong or unclear? Submit a pull request. + +Learn how to contribute + +Still need help? +Ask the GitHub community +Contact support +Legal +© 2026 GitHub, Inc. +Terms +Privacy +Status +Pricing +Expert services +Blog + + + + +Skip to main content + +This article is also available in Simplified Chinese. + +GitHub Docs + +Home +GitHub Actions +GitHub Actions/Tutorials/ +Use GITHUB_TOKEN for authentication in workflows +Learn how to use the GITHUB_TOKEN to authenticate on behalf of GitHub Actions. + +In this article +This tutorial leads you through how to use the GITHUB_TOKEN for authentication in GitHub Actions workflows, including examples for passing the token to actions, making API requests, and configuring permissions for secure automation. + +For reference information, see Workflow syntax for GitHub Actions. + +Using the GITHUB_TOKEN in a workflow +You can use the GITHUB_TOKEN by using the standard syntax for referencing secrets: ${{ secrets.GITHUB_TOKEN }}. Examples of using the GITHUB_TOKEN include passing the token as an input to an action, or using it to make an authenticated GitHub API request. + +Important + +An action can access the GITHUB_TOKEN through the github.token context even if the workflow does not explicitly pass the GITHUB_TOKEN to the action. As a good security practice, you should always make sure that actions only have the minimum access they require by limiting the permissions granted to the GITHUB_TOKEN. For more information, see Workflow syntax for GitHub Actions. + +Example 1: passing the GITHUB_TOKEN as an input +This example workflow uses the GitHub CLI, which requires the GITHUB_TOKEN as the value for the GH_TOKEN input parameter: + +YAML +name: Open new issue +on: workflow_dispatch + +jobs: + open-issue: + runs-on: ubuntu-latest + permissions: + contents: read + issues: write + steps: + - run: | + gh issue --repo ${{ github.repository }} \ + create --title "Issue title" --body "Issue body" + env: + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} +Example 2: calling the REST API +You can use the GITHUB_TOKEN to make authenticated API calls. This example workflow creates an issue using the GitHub REST API: + +name: Create issue on commit + +on: [ push ] + +jobs: + create_issue: + runs-on: ubuntu-latest + permissions: + issues: write + steps: + - name: Create issue using REST API + run: | + curl --request POST \ + --url https://api.github.com/repos/${{ github.repository }}/issues \ + --header 'authorization: Bearer ${{ secrets.GITHUB_TOKEN }}' \ + --header 'content-type: application/json' \ + --data '{ + "title": "Automated issue for commit: ${{ github.sha }}", + "body": "This issue was automatically created by the GitHub Action workflow **${{ github.workflow }}**. \n\n The commit hash was: _${{ github.sha }}_." + }' \ + --fail +Modifying the permissions for the GITHUB_TOKEN +Use the permissions key in your workflow file to modify permissions for the GITHUB_TOKEN for an entire workflow or for individual jobs. This allows you to configure the minimum required permissions for a workflow or job. As a good security practice, you should grant the GITHUB_TOKEN the least required access. + +To see the list of permissions available for use and their parameterized names, see Managing your personal access tokens. + +The two workflow examples earlier in this article show the permissions key being used at the job level. + +Granting additional permissions +If you need a token that requires permissions that aren't available in the GITHUB_TOKEN, create a GitHub App and generate an installation access token within your workflow. For more information, see Making authenticated API requests with a GitHub App in a GitHub Actions workflow. Alternatively, you can create a personal access token, store it as a secret in your repository, and use the token in your workflow with the ${{ secrets.SECRET_NAME }} syntax. For more information, see Managing your personal access tokens and Using secrets in GitHub Actions. + +Next steps +GITHUB_TOKEN +Workflow syntax for GitHub Actions +Help and support +Did you find what you needed? + +Privacy policy +Help us make these docs great! +All GitHub docs are open source. See something that's wrong or unclear? Submit a pull request. + +Learn how to contribute + +Still need help? +Ask the GitHub community +Contact support +Legal +© 2026 GitHub, Inc. +Terms +Privacy +Status +Pricing +Expert services +Blog + + + +Skip to main content + +This article is also available in Simplified Chinese. + +GitHub Docs + +Home +GitHub Actions +GitHub Actions/Tutorials/ +Use GITHUB_TOKEN for authentication in workflows +Learn how to use the GITHUB_TOKEN to authenticate on behalf of GitHub Actions. + +In this article +This tutorial leads you through how to use the GITHUB_TOKEN for authentication in GitHub Actions workflows, including examples for passing the token to actions, making API requests, and configuring permissions for secure automation. + +For reference information, see Workflow syntax for GitHub Actions. + +Using the GITHUB_TOKEN in a workflow +You can use the GITHUB_TOKEN by using the standard syntax for referencing secrets: ${{ secrets.GITHUB_TOKEN }}. Examples of using the GITHUB_TOKEN include passing the token as an input to an action, or using it to make an authenticated GitHub API request. + +Important + +An action can access the GITHUB_TOKEN through the github.token context even if the workflow does not explicitly pass the GITHUB_TOKEN to the action. As a good security practice, you should always make sure that actions only have the minimum access they require by limiting the permissions granted to the GITHUB_TOKEN. For more information, see Workflow syntax for GitHub Actions. + +Example 1: passing the GITHUB_TOKEN as an input +This example workflow uses the GitHub CLI, which requires the GITHUB_TOKEN as the value for the GH_TOKEN input parameter: + +YAML +name: Open new issue +on: workflow_dispatch + +jobs: + open-issue: + runs-on: ubuntu-latest + permissions: + contents: read + issues: write + steps: + - run: | + gh issue --repo ${{ github.repository }} \ + create --title "Issue title" --body "Issue body" + env: + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} +Example 2: calling the REST API +You can use the GITHUB_TOKEN to make authenticated API calls. This example workflow creates an issue using the GitHub REST API: + +name: Create issue on commit + +on: [ push ] + +jobs: + create_issue: + runs-on: ubuntu-latest + permissions: + issues: write + steps: + - name: Create issue using REST API + run: | + curl --request POST \ + --url https://api.github.com/repos/${{ github.repository }}/issues \ + --header 'authorization: Bearer ${{ secrets.GITHUB_TOKEN }}' \ + --header 'content-type: application/json' \ + --data '{ + "title": "Automated issue for commit: ${{ github.sha }}", + "body": "This issue was automatically created by the GitHub Action workflow **${{ github.workflow }}**. \n\n The commit hash was: _${{ github.sha }}_." + }' \ + --fail +Modifying the permissions for the GITHUB_TOKEN +Use the permissions key in your workflow file to modify permissions for the GITHUB_TOKEN for an entire workflow or for individual jobs. This allows you to configure the minimum required permissions for a workflow or job. As a good security practice, you should grant the GITHUB_TOKEN the least required access. + +To see the list of permissions available for use and their parameterized names, see Managing your personal access tokens. + +The two workflow examples earlier in this article show the permissions key being used at the job level. + +Granting additional permissions +If you need a token that requires permissions that aren't available in the GITHUB_TOKEN, create a GitHub App and generate an installation access token within your workflow. For more information, see Making authenticated API requests with a GitHub App in a GitHub Actions workflow. Alternatively, you can create a personal access token, store it as a secret in your repository, and use the token in your workflow with the ${{ secrets.SECRET_NAME }} syntax. For more information, see Managing your personal access tokens and Using secrets in GitHub Actions. + +Next steps +GITHUB_TOKEN +Workflow syntax for GitHub Actions +Help and support +Did you find what you needed? + +Privacy policy +Help us make these docs great! +All GitHub docs are open source. See something that's wrong or unclear? Submit a pull request. + +Learn how to contribute + +Still need help? +Ask the GitHub community +Contact support +Legal +© 2026 GitHub, Inc. +Terms +Privacy +Status +Pricing +Expert services +Blog + + + +Skip to main content + +This article is also available in Simplified Chinese. + +GitHub Docs + +Home +GitHub Actions +GitHub Actions/Tutorials/ +Use GITHUB_TOKEN for authentication in workflows +Learn how to use the GITHUB_TOKEN to authenticate on behalf of GitHub Actions. + +In this article +This tutorial leads you through how to use the GITHUB_TOKEN for authentication in GitHub Actions workflows, including examples for passing the token to actions, making API requests, and configuring permissions for secure automation. + +For reference information, see Workflow syntax for GitHub Actions. + +Using the GITHUB_TOKEN in a workflow +You can use the GITHUB_TOKEN by using the standard syntax for referencing secrets: ${{ secrets.GITHUB_TOKEN }}. Examples of using the GITHUB_TOKEN include passing the token as an input to an action, or using it to make an authenticated GitHub API request. + +Important + +An action can access the GITHUB_TOKEN through the github.token context even if the workflow does not explicitly pass the GITHUB_TOKEN to the action. As a good security practice, you should always make sure that actions only have the minimum access they require by limiting the permissions granted to the GITHUB_TOKEN. For more information, see Workflow syntax for GitHub Actions. + +Example 1: passing the GITHUB_TOKEN as an input +This example workflow uses the GitHub CLI, which requires the GITHUB_TOKEN as the value for the GH_TOKEN input parameter: + +YAML +name: Open new issue +on: workflow_dispatch + +jobs: + open-issue: + runs-on: ubuntu-latest + permissions: + contents: read + issues: write + steps: + - run: | + gh issue --repo ${{ github.repository }} \ + create --title "Issue title" --body "Issue body" + env: + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} +Example 2: calling the REST API +You can use the GITHUB_TOKEN to make authenticated API calls. This example workflow creates an issue using the GitHub REST API: + +name: Create issue on commit + +on: [ push ] + +jobs: + create_issue: + runs-on: ubuntu-latest + permissions: + issues: write + steps: + - name: Create issue using REST API + run: | + curl --request POST \ + --url https://api.github.com/repos/${{ github.repository }}/issues \ + --header 'authorization: Bearer ${{ secrets.GITHUB_TOKEN }}' \ + --header 'content-type: application/json' \ + --data '{ + "title": "Automated issue for commit: ${{ github.sha }}", + "body": "This issue was automatically created by the GitHub Action workflow **${{ github.workflow }}**. \n\n The commit hash was: _${{ github.sha }}_." + }' \ + --fail +Modifying the permissions for the GITHUB_TOKEN +Use the permissions key in your workflow file to modify permissions for the GITHUB_TOKEN for an entire workflow or for individual jobs. This allows you to configure the minimum required permissions for a workflow or job. As a good security practice, you should grant the GITHUB_TOKEN the least required access. + +To see the list of permissions available for use and their parameterized names, see Managing your personal access tokens. + +The two workflow examples earlier in this article show the permissions key being used at the job level. + +Granting additional permissions +If you need a token that requires permissions that aren't available in the GITHUB_TOKEN, create a GitHub App and generate an installation access token within your workflow. For more information, see Making authenticated API requests with a GitHub App in a GitHub Actions workflow. Alternatively, you can create a personal access token, store it as a secret in your repository, and use the token in your workflow with the ${{ secrets.SECRET_NAME }} syntax. For more information, see Managing your personal access tokens and Using secrets in GitHub Actions. + +Next steps +GITHUB_TOKEN +Workflow syntax for GitHub Actions +Help and support +Did you find what you needed? + +Privacy policy +Help us make these docs great! +All GitHub docs are open source. See something that's wrong or unclear? Submit a pull request. + +Learn how to contribute + +Still need help? +Ask the GitHub community +Contact support +Legal +© 2026 GitHub, Inc. +Terms +Privacy +Status +Pricing +Expert services +Blog + + +Skip to main content + +This article is also available in Simplified Chinese. + +GitHub Docs + +Home +GitHub Actions +GitHub Actions/Tutorials/ +Use GITHUB_TOKEN for authentication in workflows +Learn how to use the GITHUB_TOKEN to authenticate on behalf of GitHub Actions. + +In this article +This tutorial leads you through how to use the GITHUB_TOKEN for authentication in GitHub Actions workflows, including examples for passing the token to actions, making API requests, and configuring permissions for secure automation. + +For reference information, see Workflow syntax for GitHub Actions. + +Using the GITHUB_TOKEN in a workflow +You can use the GITHUB_TOKEN by using the standard syntax for referencing secrets: ${{ secrets.GITHUB_TOKEN }}. Examples of using the GITHUB_TOKEN include passing the token as an input to an action, or using it to make an authenticated GitHub API request. + +Important + +An action can access the GITHUB_TOKEN through the github.token context even if the workflow does not explicitly pass the GITHUB_TOKEN to the action. As a good security practice, you should always make sure that actions only have the minimum access they require by limiting the permissions granted to the GITHUB_TOKEN. For more information, see Workflow syntax for GitHub Actions. + +Example 1: passing the GITHUB_TOKEN as an input +This example workflow uses the GitHub CLI, which requires the GITHUB_TOKEN as the value for the GH_TOKEN input parameter: + +YAML +name: Open new issue +on: workflow_dispatch + +jobs: + open-issue: + runs-on: ubuntu-latest + permissions: + contents: read + issues: write + steps: + - run: | + gh issue --repo ${{ github.repository }} \ + create --title "Issue title" --body "Issue body" + env: + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} +Example 2: calling the REST API +You can use the GITHUB_TOKEN to make authenticated API calls. This example workflow creates an issue using the GitHub REST API: + +name: Create issue on commit + +on: [ push ] + +jobs: + create_issue: + runs-on: ubuntu-latest + permissions: + issues: write + steps: + - name: Create issue using REST API + run: | + curl --request POST \ + --url https://api.github.com/repos/${{ github.repository }}/issues \ + --header 'authorization: Bearer ${{ secrets.GITHUB_TOKEN }}' \ + --header 'content-type: application/json' \ + --data '{ + "title": "Automated issue for commit: ${{ github.sha }}", + "body": "This issue was automatically created by the GitHub Action workflow **${{ github.workflow }}**. \n\n The commit hash was: _${{ github.sha }}_." + }' \ + --fail +Modifying the permissions for the GITHUB_TOKEN +Use the permissions key in your workflow file to modify permissions for the GITHUB_TOKEN for an entire workflow or for individual jobs. This allows you to configure the minimum required permissions for a workflow or job. As a good security practice, you should grant the GITHUB_TOKEN the least required access. + +To see the list of permissions available for use and their parameterized names, see Managing your personal access tokens. + +The two workflow examples earlier in this article show the permissions key being used at the job level. + +Granting additional permissions +If you need a token that requires permissions that aren't available in the GITHUB_TOKEN, create a GitHub App and generate an installation access token within your workflow. For more information, see Making authenticated API requests with a GitHub App in a GitHub Actions workflow. Alternatively, you can create a personal access token, store it as a secret in your repository, and use the token in your workflow with the ${{ secrets.SECRET_NAME }} syntax. For more information, see Managing your personal access tokens and Using secrets in GitHub Actions. + +Next steps +GITHUB_TOKEN +Workflow syntax for GitHub Actions +Help and support +Did you find what you needed? + +Privacy policy +Help us make these docs great! +All GitHub docs are open source. See something that's wrong or unclear? Submit a pull request. + +Learn how to contribute + +Still need help? +Ask the GitHub community +Contact support +Legal +© 2026 GitHub, Inc. +Terms +Privacy +Status +Pricing +Expert services +Blog + + + +Skip to main content + +This article is also available in Simplified Chinese. + +GitHub Docs + +Home +GitHub Actions +GitHub Actions/Tutorials/ +Use GITHUB_TOKEN for authentication in workflows +Learn how to use the GITHUB_TOKEN to authenticate on behalf of GitHub Actions. + +In this article +This tutorial leads you through how to use the GITHUB_TOKEN for authentication in GitHub Actions workflows, including examples for passing the token to actions, making API requests, and configuring permissions for secure automation. + +For reference information, see Workflow syntax for GitHub Actions. + +Using the GITHUB_TOKEN in a workflow +You can use the GITHUB_TOKEN by using the standard syntax for referencing secrets: ${{ secrets.GITHUB_TOKEN }}. Examples of using the GITHUB_TOKEN include passing the token as an input to an action, or using it to make an authenticated GitHub API request. + +Important + +An action can access the GITHUB_TOKEN through the github.token context even if the workflow does not explicitly pass the GITHUB_TOKEN to the action. As a good security practice, you should always make sure that actions only have the minimum access they require by limiting the permissions granted to the GITHUB_TOKEN. For more information, see Workflow syntax for GitHub Actions. + +Example 1: passing the GITHUB_TOKEN as an input +This example workflow uses the GitHub CLI, which requires the GITHUB_TOKEN as the value for the GH_TOKEN input parameter: + +YAML +name: Open new issue +on: workflow_dispatch + +jobs: + open-issue: + runs-on: ubuntu-latest + permissions: + contents: read + issues: write + steps: + - run: | + gh issue --repo ${{ github.repository }} \ + create --title "Issue title" --body "Issue body" + env: + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} +Example 2: calling the REST API +You can use the GITHUB_TOKEN to make authenticated API calls. This example workflow creates an issue using the GitHub REST API: + +name: Create issue on commit + +on: [ push ] + +jobs: + create_issue: + runs-on: ubuntu-latest + permissions: + issues: write + steps: + - name: Create issue using REST API + run: | + curl --request POST \ + --url https://api.github.com/repos/${{ github.repository }}/issues \ + --header 'authorization: Bearer ${{ secrets.GITHUB_TOKEN }}' \ + --header 'content-type: application/json' \ + --data '{ + "title": "Automated issue for commit: ${{ github.sha }}", + "body": "This issue was automatically created by the GitHub Action workflow **${{ github.workflow }}**. \n\n The commit hash was: _${{ github.sha }}_." + }' \ + --fail +Modifying the permissions for the GITHUB_TOKEN +Use the permissions key in your workflow file to modify permissions for the GITHUB_TOKEN for an entire workflow or for individual jobs. This allows you to configure the minimum required permissions for a workflow or job. As a good security practice, you should grant the GITHUB_TOKEN the least required access. + +To see the list of permissions available for use and their parameterized names, see Managing your personal access tokens. + +The two workflow examples earlier in this article show the permissions key being used at the job level. + +Granting additional permissions +If you need a token that requires permissions that aren't available in the GITHUB_TOKEN, create a GitHub App and generate an installation access token within your workflow. For more information, see Making authenticated API requests with a GitHub App in a GitHub Actions workflow. Alternatively, you can create a personal access token, store it as a secret in your repository, and use the token in your workflow with the ${{ secrets.SECRET_NAME }} syntax. For more information, see Managing your personal access tokens and Using secrets in GitHub Actions. + +Next steps +GITHUB_TOKEN +Workflow syntax for GitHub Actions +Help and support +Did you find what you needed? + +Privacy policy +Help us make these docs great! +All GitHub docs are open source. See something that's wrong or unclear? Submit a pull request. + +Learn how to contribute + +Still need help? +Ask the GitHub community +Contact support +Legal +© 2026 GitHub, Inc. +Terms +Privacy +Status +Pricing +Expert services +Blog + + + +Skip to main content + +This article is also available in Simplified Chinese. + +GitHub Docs + +Home +GitHub Actions +GitHub Actions/Tutorials/ +Use GITHUB_TOKEN for authentication in workflows +Learn how to use the GITHUB_TOKEN to authenticate on behalf of GitHub Actions. + +In this article +This tutorial leads you through how to use the GITHUB_TOKEN for authentication in GitHub Actions workflows, including examples for passing the token to actions, making API requests, and configuring permissions for secure automation. + +For reference information, see Workflow syntax for GitHub Actions. + +Using the GITHUB_TOKEN in a workflow +You can use the GITHUB_TOKEN by using the standard syntax for referencing secrets: ${{ secrets.GITHUB_TOKEN }}. Examples of using the GITHUB_TOKEN include passing the token as an input to an action, or using it to make an authenticated GitHub API request. + +Important + +An action can access the GITHUB_TOKEN through the github.token context even if the workflow does not explicitly pass the GITHUB_TOKEN to the action. As a good security practice, you should always make sure that actions only have the minimum access they require by limiting the permissions granted to the GITHUB_TOKEN. For more information, see Workflow syntax for GitHub Actions. + +Example 1: passing the GITHUB_TOKEN as an input +This example workflow uses the GitHub CLI, which requires the GITHUB_TOKEN as the value for the GH_TOKEN input parameter: + +YAML +name: Open new issue +on: workflow_dispatch + +jobs: + open-issue: + runs-on: ubuntu-latest + permissions: + contents: read + issues: write + steps: + - run: | + gh issue --repo ${{ github.repository }} \ + create --title "Issue title" --body "Issue body" + env: + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} +Example 2: calling the REST API +You can use the GITHUB_TOKEN to make authenticated API calls. This example workflow creates an issue using the GitHub REST API: + +name: Create issue on commit + +on: [ push ] + +jobs: + create_issue: + runs-on: ubuntu-latest + permissions: + issues: write + steps: + - name: Create issue using REST API + run: | + curl --request POST \ + --url https://api.github.com/repos/${{ github.repository }}/issues \ + --header 'authorization: Bearer ${{ secrets.GITHUB_TOKEN }}' \ + --header 'content-type: application/json' \ + --data '{ + "title": "Automated issue for commit: ${{ github.sha }}", + "body": "This issue was automatically created by the GitHub Action workflow **${{ github.workflow }}**. \n\n The commit hash was: _${{ github.sha }}_." + }' \ + --fail +Modifying the permissions for the GITHUB_TOKEN +Use the permissions key in your workflow file to modify permissions for the GITHUB_TOKEN for an entire workflow or for individual jobs. This allows you to configure the minimum required permissions for a workflow or job. As a good security practice, you should grant the GITHUB_TOKEN the least required access. + +To see the list of permissions available for use and their parameterized names, see Managing your personal access tokens. + +The two workflow examples earlier in this article show the permissions key being used at the job level. + +Granting additional permissions +If you need a token that requires permissions that aren't available in the GITHUB_TOKEN, create a GitHub App and generate an installation access token within your workflow. For more information, see Making authenticated API requests with a GitHub App in a GitHub Actions workflow. Alternatively, you can create a personal access token, store it as a secret in your repository, and use the token in your workflow with the ${{ secrets.SECRET_NAME }} syntax. For more information, see Managing your personal access tokens and Using secrets in GitHub Actions. + +Next steps +GITHUB_TOKEN +Workflow syntax for GitHub Actions +Help and support +Did you find what you needed? + +Privacy policy +Help us make these docs great! +All GitHub docs are open source. See something that's wrong or unclear? Submit a pull request. + +Learn how to contribute + +Still need help? +Ask the GitHub community +Contact support +Legal +© 2026 GitHub, Inc. +Terms +Privacy +Status +Pricing +Expert services +Blog + + + +Skip to main content + +This article is also available in Simplified Chinese. + +GitHub Docs + +Home +GitHub Actions +GitHub Actions/Tutorials/ +Use GITHUB_TOKEN for authentication in workflows +Learn how to use the GITHUB_TOKEN to authenticate on behalf of GitHub Actions. + +In this article +This tutorial leads you through how to use the GITHUB_TOKEN for authentication in GitHub Actions workflows, including examples for passing the token to actions, making API requests, and configuring permissions for secure automation. + +For reference information, see Workflow syntax for GitHub Actions. + +Using the GITHUB_TOKEN in a workflow +You can use the GITHUB_TOKEN by using the standard syntax for referencing secrets: ${{ secrets.GITHUB_TOKEN }}. Examples of using the GITHUB_TOKEN include passing the token as an input to an action, or using it to make an authenticated GitHub API request. + +Important + +An action can access the GITHUB_TOKEN through the github.token context even if the workflow does not explicitly pass the GITHUB_TOKEN to the action. As a good security practice, you should always make sure that actions only have the minimum access they require by limiting the permissions granted to the GITHUB_TOKEN. For more information, see Workflow syntax for GitHub Actions. + +Example 1: passing the GITHUB_TOKEN as an input +This example workflow uses the GitHub CLI, which requires the GITHUB_TOKEN as the value for the GH_TOKEN input parameter: + +YAML +name: Open new issue +on: workflow_dispatch + +jobs: + open-issue: + runs-on: ubuntu-latest + permissions: + contents: read + issues: write + steps: + - run: | + gh issue --repo ${{ github.repository }} \ + create --title "Issue title" --body "Issue body" + env: + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} +Example 2: calling the REST API +You can use the GITHUB_TOKEN to make authenticated API calls. This example workflow creates an issue using the GitHub REST API: + +name: Create issue on commit + +on: [ push ] + +jobs: + create_issue: + runs-on: ubuntu-latest + permissions: + issues: write + steps: + - name: Create issue using REST API + run: | + curl --request POST \ + --url https://api.github.com/repos/${{ github.repository }}/issues \ + --header 'authorization: Bearer ${{ secrets.GITHUB_TOKEN }}' \ + --header 'content-type: application/json' \ + --data '{ + "title": "Automated issue for commit: ${{ github.sha }}", + "body": "This issue was automatically created by the GitHub Action workflow **${{ github.workflow }}**. \n\n The commit hash was: _${{ github.sha }}_." + }' \ + --fail +Modifying the permissions for the GITHUB_TOKEN +Use the permissions key in your workflow file to modify permissions for the GITHUB_TOKEN for an entire workflow or for individual jobs. This allows you to configure the minimum required permissions for a workflow or job. As a good security practice, you should grant the GITHUB_TOKEN the least required access. + +To see the list of permissions available for use and their parameterized names, see Managing your personal access tokens. + +The two workflow examples earlier in this article show the permissions key being used at the job level. + +Granting additional permissions +If you need a token that requires permissions that aren't available in the GITHUB_TOKEN, create a GitHub App and generate an installation access token within your workflow. For more information, see Making authenticated API requests with a GitHub App in a GitHub Actions workflow. Alternatively, you can create a personal access token, store it as a secret in your repository, and use the token in your workflow with the ${{ secrets.SECRET_NAME }} syntax. For more information, see Managing your personal access tokens and Using secrets in GitHub Actions. + +Next steps +GITHUB_TOKEN +Workflow syntax for GitHub Actions +Help and support +Did you find what you needed? + +Privacy policy +Help us make these docs great! +All GitHub docs are open source. See something that's wrong or unclear? Submit a pull request. + +Learn how to contribute + +Still need help? +Ask the GitHub community +Contact support +Legal +© 2026 GitHub, Inc. +Terms +Privacy +Status +Pricing +Expert services +Blog + + +Skip to main content + +This article is also available in Simplified Chinese. + +GitHub Docs + +Home +GitHub Actions +GitHub Actions/Tutorials/ +Use GITHUB_TOKEN for authentication in workflows +Learn how to use the GITHUB_TOKEN to authenticate on behalf of GitHub Actions. + +In this article +This tutorial leads you through how to use the GITHUB_TOKEN for authentication in GitHub Actions workflows, including examples for passing the token to actions, making API requests, and configuring permissions for secure automation. + +For reference information, see Workflow syntax for GitHub Actions. + +Using the GITHUB_TOKEN in a workflow +You can use the GITHUB_TOKEN by using the standard syntax for referencing secrets: ${{ secrets.GITHUB_TOKEN }}. Examples of using the GITHUB_TOKEN include passing the token as an input to an action, or using it to make an authenticated GitHub API request. + +Important + +An action can access the GITHUB_TOKEN through the github.token context even if the workflow does not explicitly pass the GITHUB_TOKEN to the action. As a good security practice, you should always make sure that actions only have the minimum access they require by limiting the permissions granted to the GITHUB_TOKEN. For more information, see Workflow syntax for GitHub Actions. + +Example 1: passing the GITHUB_TOKEN as an input +This example workflow uses the GitHub CLI, which requires the GITHUB_TOKEN as the value for the GH_TOKEN input parameter: + +YAML +name: Open new issue +on: workflow_dispatch + +jobs: + open-issue: + runs-on: ubuntu-latest + permissions: + contents: read + issues: write + steps: + - run: | + gh issue --repo ${{ github.repository }} \ + create --title "Issue title" --body "Issue body" + env: + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} +Example 2: calling the REST API +You can use the GITHUB_TOKEN to make authenticated API calls. This example workflow creates an issue using the GitHub REST API: + +name: Create issue on commit + +on: [ push ] + +jobs: + create_issue: + runs-on: ubuntu-latest + permissions: + issues: write + steps: + - name: Create issue using REST API + run: | + curl --request POST \ + --url https://api.github.com/repos/${{ github.repository }}/issues \ + --header 'authorization: Bearer ${{ secrets.GITHUB_TOKEN }}' \ + --header 'content-type: application/json' \ + --data '{ + "title": "Automated issue for commit: ${{ github.sha }}", + "body": "This issue was automatically created by the GitHub Action workflow **${{ github.workflow }}**. \n\n The commit hash was: _${{ github.sha }}_." + }' \ + --fail +Modifying the permissions for the GITHUB_TOKEN +Use the permissions key in your workflow file to modify permissions for the GITHUB_TOKEN for an entire workflow or for individual jobs. This allows you to configure the minimum required permissions for a workflow or job. As a good security practice, you should grant the GITHUB_TOKEN the least required access. + +To see the list of permissions available for use and their parameterized names, see Managing your personal access tokens. + +The two workflow examples earlier in this article show the permissions key being used at the job level. + +Granting additional permissions +If you need a token that requires permissions that aren't available in the GITHUB_TOKEN, create a GitHub App and generate an installation access token within your workflow. For more information, see Making authenticated API requests with a GitHub App in a GitHub Actions workflow. Alternatively, you can create a personal access token, store it as a secret in your repository, and use the token in your workflow with the ${{ secrets.SECRET_NAME }} syntax. For more information, see Managing your personal access tokens and Using secrets in GitHub Actions. + +Next steps +GITHUB_TOKEN +Workflow syntax for GitHub Actions +Help and support +Did you find what you needed? + +Privacy policy +Help us make these docs great! +All GitHub docs are open source. See something that's wrong or unclear? Submit a pull request. + +Learn how to contribute + +Still need help? +Ask the GitHub community +Contact support +Legal +© 2026 GitHub, Inc. +Terms +Privacy +Status +Pricing +Expert services +Blog diff --git "a/hutb_downloader - \345\211\257\346\234\254.exe" "b/hutb_downloader - \345\211\257\346\234\254.exe" new file mode 100644 index 0000000..e1fef22 Binary files /dev/null and "b/hutb_downloader - \345\211\257\346\234\254.exe" differ