Add support for GitHub Token

[SanjulaGanepola]

https://nektosact.com/usage/index.html#github_token

[SanjulaGanepola]

@ChristopherHX When I run the following command in Git Bash it works, but it fails using Command Prompt. When I run gh auth token alone, it can generate the token successfully. Any idea why?

Command:

act --workflows ".github/workflows/release.yaml" --secret GITHUB_TOKEN="$(gh auth token)"

Workflow:

name: Create GitHub Release

on:
  workflow_dispatch:

jobs:
  release:
    name: Create Release
    runs-on: ubuntu-latest
    steps:
      - name: Checkout Repository
        uses: actions/checkout@v4

      - name: Create GitHub Release
        uses: actions/create-release@v1
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        with:
          tag_name: ${{ github.ref_name }}
          release_name: Release ${{ github.ref_name }}
          draft: false
          prerelease: false

Output:

time="2025-02-08T15:32:13-05:00" level=info msg="Using docker host 'npipe:////./pipe/docker_engine', and daemon socket 'npipe:////./pipe/docker_engine'"
[Create GitHub Release/Create Release] 🚀  Start image=catthehacker/ubuntu:act-latest
[Create GitHub Release/Create Release]   🐳  docker pull image=catthehacker/ubuntu:act-latest platform= username= forcePull=true
[Create GitHub Release/Create Release] using DockerAuthConfig authentication for docker pull
[Create GitHub Release/Create Release]   🐳  docker create image=catthehacker/ubuntu:act-latest platform= entrypoint=["tail" "-f" "/dev/null"] cmd=[] network="host"
[Create GitHub Release/Create Release]   🐳  docker run image=catthehacker/ubuntu:act-latest platform= entrypoint=["tail" "-f" "/dev/null"] cmd=[] network="host"
[Create GitHub Release/Create Release]   🐳  docker exec cmd=[node --no-warnings -e console.log(process.execPath)] user= workdir=
[Create GitHub Release/Create Release]   ☁  git clone 'https://github.com/actions/create-release' # ref=v1
[Create GitHub Release/Create Release] Cleaning up container for job Create Release
[Create GitHub Release/Create Release] 🏁  Job succeeded
Error: authentication required

[SanjulaGanepola]

To implement better support for GitHub Token. I am thinking to always show GITHUB_TOKEN as a secret in the Settings view even if it is not found in a workflow:

In terms of generating a value, the user can:

• Manually enter a token in
• Manually enter in $(gh auth token). But if this does not work due to the issue above, I was thinking to just add a button to the right called Generate Token with GitHub CLI that would call the command alone and save the token as a secret.

@ChristopherHX What do you think?

[ChristopherHX]

Any idea why?

I still think this is a security bug called script injection, cmd does not support $(...) so it doesn't work.

YMMV, I think nektos/act#2651 is the way to go. (yes I just opened this as a backport to nektos)

Generate Token with GitHub CLI that would call the command alone and save the token as a secret.

You can just call this command before act, capture it's output and pass the secret to act without saving it. (.. and without having act doing it for your extension)

Only thing I failed was getting the ghes hostname for the auth token, without parsing the unfriendly output of gh auth status that appears to contact github/ghes and refresh token if required so I skipped that

am thinking to always show GITHUB_TOKEN as a secret in the Settings view even if it is not found in a workflow:

The first thing what came into my mind was, why doesn't the + button allow me to add an item to the list? Creating a secret file was not expected from my side / creating a file should have a (new if it is not already created) file button/ or not?

Otherwise yes a valid workaround

[ChristopherHX]

The GITHUB_TOKEN secret could also have an addition icon that it's value is auto generated by gh auth token if it is in PATH, otherwise allow a custom value