CURL fails on workflow but succeeds locally

Hello!

I’m trying to create a workflow that will trigger a Github Pages build daily for my personal blog.

I have two triggers for the workflow:

  • One scheduled (once a day)
  • One manual, triggered directly in Actions UI

For this, I have created a PAT (called PAGES_TOKEN) with all repo permissions.

My workflow file is the following:

name: Build

on:
  workflow_dispatch:
  schedule:
    - cron: '0 15 * * *' # Runs every day at 3pm GMT (4pm CEST)

jobs:
  build-pages:
    runs-on: ubuntu-20.04
    steps:
      - name: Trigger GitHub pages rebuild
        run: |
          curl --fail --request POST --header "Authorization: Bearer $USER_TOKEN" --url "https://api.github.com/repos/${{ github.repository }}/pages/builds"
        env:
          USER_TOKEN: ${{ secrets.PAGES_TOKEN }}

Every time I trigger a manual build in actions UI against the master branch I get a 401 error back:

However, if I run the exact same CURL command locally, replacing the $USER_TOKEN by the actual token secret, the requests succeeds with a status QUEUED.

Am I missing something in my workflow setup?

Thanks in advance for any hint!

The documentation on token scopes says to use tokens with token, not Bearer. That has worked for me so far:

curl --header "Authorization: token $USER_TOKEN" # ...

Thanks, but Bearer works just fine as well :slightly_smiling_face:

Turns out the problem was a misunderstanding from my side:

While PATs are created in the GH account context, they need to be added as a secret to the repository to be used on workflows.

Adding a secret to the repo with the PAT secret solved the problem.

Thanks!