GH Action accessing personal access token for GPR?

I’m trying to authenticate with GPR in a Github action.

My GPR is authenticated with a Personal access token.

I’m using this action to authenticate with GPR:

Currently, the action fails with authentication errors.

But won’t the action need my Personal access token for it succeed?

I’ve upgraded my account so Private repos can access org level secrets.
But how is it possible for an action to access a Personal access token?

Ok, I’ve just found this conversation

Looks like this is what my problem is


Yes, the root cause is related to the GITHUB_TOKEN.
In the docs “About the GITHUB_TOKEN secret”, you can see this description:

The token’s permissions are limited to the repository that contains your workflow.

When you use the GITHUB_TOKEN to authenticate in your workflow:

  1. You can use it to access all the packages in current repository.

  2. You can use it to access the public packages in other public repositories.

  3. You can’t use it to access the private packages in other repositories. You need to create a personal access token (PAT) with more permissions. Of course, the authenticated user of this PAT must have at lease the read access for all the packages (include private) in other repositories.