Github personal access token in code deployed to github pages

I want to add my github personal access token(for authenticating github graphql api) to my code but github keeps removing it from developer settings as soon as it is deployed. i tried adding it as an environment variable by adding it to secrets and declaring it under env: in the github actions CI script and then called it in the code using process.env.PA_TOKEN but it stil doesn’t authenticate although i get a different error message in the console now saying Uncaught ReferenceError: process is not defined . What am i doing wrong?

Note: The token works fine locally before it is removed from developer settings after deployment

Adding the token to your code means you’re effectively publishing it, letting anyone act as you. There’s an automated process that revokes your token if it detects that.

Providing the token to a process running in the Actions workflow (as in, during the workflow) through a secret and environment variable should work, as long as it doesn’t get published from there.

See also: