Difference between github.token vs secrets.github_token?

Question

When configuring workflows for GitHub Actions there exists the option to pass a GitHub token to authenticate towards GitHub in the workflow.

I have seen both of the following ways to get said token:

github.token
secrets.github_token

Is there any functional difference between the two? Or are these simply two ways to get the same token?

Answer 1

Both are equivalent.

• github.token is the syntax from the Github context, which contains information about the workflow run and the event that triggered the run (source).

• secrets.github_token is the syntax referring to the GITHUB_TOKEN secret that GitHub automatically creates to use in your workflow. You can use the GITHUB_TOKEN to authenticate in a workflow run (source).

Note that these tokens have specific permissions, and that depending on what you want to do, you may need to create a Personal Access Token (PAT) and add it as a secret (ex: ACCESS_TOKEN) to use in your workflow.