Skip to content

Standardize GitHub Actions authentication to use GITHUB_TOKEN#31

Merged
jfrench9 merged 3 commits intomainfrom
chore/cleanup-gha-auth
Feb 2, 2026
Merged

Standardize GitHub Actions authentication to use GITHUB_TOKEN#31
jfrench9 merged 3 commits intomainfrom
chore/cleanup-gha-auth

Conversation

@jfrench9
Copy link
Member

@jfrench9 jfrench9 commented Feb 2, 2026

Summary

This PR standardizes authentication across all GitHub Actions workflows by migrating from ACTIONS_TOKEN to the built-in GITHUB_TOKEN, simplifying setup and improving security.

Key Changes

  • Authentication Standardization: Updated 11 workflow files to use GITHUB_TOKEN instead of custom ACTIONS_TOKEN
  • Simplified Setup: Reduced complexity in bootstrap and setup scripts by removing custom token requirements
  • Improved Documentation: Enhanced setup documentation for GitHub Actions secrets configuration
  • Code Cleanup: Removed 33 lines of unnecessary configuration code across workflows

Benefits

  • Simplified Onboarding: No longer requires manual creation of personal access tokens for basic workflows
  • Enhanced Security: Leverages GitHub's automatically provided tokens with appropriate scoping
  • Reduced Maintenance: Eliminates token expiration and rotation concerns for standard operations
  • Consistent Configuration: Standardized authentication approach across all CI/CD pipelines

Breaking Changes

⚠️ Repository Setup Impact: Teams currently using ACTIONS_TOKEN will need to:

  1. Remove the ACTIONS_TOKEN secret from repository settings
  2. Ensure workflows have appropriate permissions configured
  3. Re-run setup scripts if using automated repository configuration

Files Modified

  • All workflow files in .github/workflows/ (11 files)
  • Setup scripts: bin/bootstrap.sh and bin/gha-setup.sh

Testing Notes for Reviewers

  • Verify all workflow files use consistent token references
  • Check that setup scripts no longer reference ACTIONS_TOKEN
  • Confirm documentation accurately reflects new setup process
  • Test bootstrap script runs without token-related errors

Browser Compatibility

No browser compatibility impact - this is a CI/CD infrastructure change only.

🤖 Generated with Claude Code

Branch Info:

  • Source: chore/cleanup-gha-auth
  • Target: main
  • Type: feature

Co-Authored-By: Claude noreply@anthropic.com

@jfrench9
chore: update GitHub Actions workflows to use GITHUB_TOKEN instead of…
3338792 
… ACTIONS_TOKEN

- Replaced instances of ACTIONS_TOKEN with GITHUB_TOKEN in various workflow files for improved security and consistency.
- Updated repository references to use github.repository for better flexibility.
- Removed unnecessary secrets declarations for ACTIONS_TOKEN in workflows.
@jfrench9
chore: enhance GitHub Actions workflows with improved token handling
254c47a 
- Updated workflows to use ACTIONS_TOKEN with fallback to GITHUB_TOKEN for better functionality and flexibility.
- Added checks and warnings regarding the use of ACTIONS_TOKEN to inform users of its benefits for PR and release automations.
- Removed unnecessary repository references in checkout steps for cleaner configuration.
@jfrench9
chore: improve documentation for GitHub Actions secrets setup
c94b953 
- Enhanced the setup_secrets function in gha-setup.sh to provide clearer instructions on using ACTIONS_TOKEN and ANTHROPIC_API_KEY.
- Added details on the required scopes and limitations of ACTIONS_TOKEN when not set.
- Streamlined the presentation of optional secrets for better user understanding.
@jfrench9 jfrench9 merged commit 421f8da into main Feb 2, 2026
3 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@jfrench9