Github token lifetime? #25699

jherico · 2019-11-10T18:13:31Z

jherico
Nov 10, 2019

I’m working on a workflow with a fairly long build and I’m seeing failures in code designed to interact with the PR (adding a comment with a link to the build result) at the end of the build.

I’m running the workflow on Mac and PC and both flows use the same python script set up with the same environment variables in order to upload the build to S3 and then post a comment on the PR.

The Mac build takes about a half hour and completes fine. The PC build takes about 1 hour and 15 minutes before it runs the script at which point the script throws an exception:

401 {“message”: “Bad credentials”, “documentation_url”: “https://developer.github.com/v3”}

If I alter the build so it skips some of the longer duration components (and thus completes in less than an hour) it runs fine. So I’m guessing that the token created for the workflow only has a lifetime of about an hour? Github workflows are allowed to run for up to 6 hours though, so it seems like the token lifetime should be at least that long.

Answered by boegel

Nov 10, 2019

Indeed, the token expires after 1 hour. From https://help.github.com/en/actions/automating-your-workflow-with-github-actions/authenticating-with-the-github_token:

“The GITHUB_TOKEN secret is a GitHub App installation access token.”

and

“The installation access token expires after 60 minutes.”

View full answer

boegel · 2019-11-10T18:39:56Z

boegel
Nov 10, 2019

Indeed, the token expires after 1 hour. From https://help.github.com/en/actions/automating-your-workflow-with-github-actions/authenticating-with-the-github_token:

“The GITHUB_TOKEN secret is a GitHub App installation access token.”

and

“The installation access token expires after 60 minutes.”

0 replies

MikeDombo · 2020-03-30T20:05:57Z

MikeDombo
Mar 30, 2020

So it expires at an hour, is there any workaround for this? I too want a long-ish running task to then comment or create an issue, but I’m getting the 401 error. What options do I have?

0 replies

Shchvova · 2020-04-03T14:59:33Z

Shchvova
Apr 3, 2020

Only workaround I found is to create personal access token, add it to secrets (say, PAT), and use ${{ secrets.PAT }} instead:

- name: Create Release
        id: create_release
        uses: actions/create-release@v1
        env:
          GITHUB_TOKEN: ${{ secrets.PAT }}
        with:
          tag_name: ${{ github.ref }}
          ....

But this is suboptimal, since it actions would be from your name, not from name of the bot.

0 replies

francisfuzz · 2020-08-10T17:59:22Z

francisfuzz
Aug 10, 2020

mikedombo:

So it expires at an hour, is there any workaround for this? I too want a long-ish running task to then comment or create an issue, but I’m getting the 401 error. What options do I have?

@mikedombo - That’s a great question. I think it’s worth mentioning that the Authenticating with the GITHUB_TOKEN: About the GITHUB_TOKEN secret article recently updated with this note:

Before each job begins, GitHub fetches an installation access token for the job. The token expires when the job is finished.

Given this documented behavior, you could create a workflow with many jobs, where each job cites the GITHUB_TOKEN in an environment variable. I’m wondering if that would help with what you’re looking to accomplish?

0 replies

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Community

Github token lifetime? #25699

{{title}}

Replies: 4 comments

{{title}}

{{title}}

{{title}}

{{title}}

Select a reply

GitHub Community

Github token lifetime? #25699

jherico Nov 10, 2019

Replies: 4 comments

boegel Nov 10, 2019

MikeDombo Mar 30, 2020

Shchvova Apr 3, 2020

francisfuzz Aug 10, 2020

jherico
Nov 10, 2019

boegel
Nov 10, 2019

MikeDombo
Mar 30, 2020

Shchvova
Apr 3, 2020

francisfuzz
Aug 10, 2020