I'm running Github actions workflow in a private repo, and it pushes changes in a public repo. I'm providing my GitHub token in the private repo for the workflow github actions. Will my token leak in my public repo .git?
Can somebody clarify this? I'm don't have knowledge of security things :(
The Automatic token authentication page uses a
GITHUB_TOKEN
secret, which should, as its name suggests, remains... a secret.So you should not need to use your own GitHub token, only the one generated by GitHub Action.