How to verify that it is GITHUB_TOKEN?

I verify whether it is secret.GITHUB_TOKEN by using my_token === process.env.ACTIONS_RUNTIME_TOKEN.

But it returns false, How can I verify the token is GITHUB_TOKEN ?

@yi-Xu-0100,

There is no any default environment variable named “ACTIONS_RUNTIME_TOKEN” for the GITHUB_TOKEN secret.
If you want to access the GITHUB_TOKEN secret via an environment variable, you need to map it as an environment variable in the workflow.
For example:

env:
  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} 

The GITHUB_TOKEN secret has the following usage limitation:

To verify whether a token is the GITHUB_TOKEN, you can use above points.
For example, use the token in a workflow to trigger another workflow, such as push commits, execute the API “Create a workflow dispatch event” or “Create a repository dispatch event”, etc… If the operation completed successfully but the workflow is not triggered, the token is the GITHUB_TOKEN.

@brightran,
:heart:Thanks for your reply! But I just do not want to make any trigger for operation to verify the token. I want to check the permission of the token, just like the Can I check the permissions of a token. Is there any solution for this question? :thinking:

1 Like

@yi-Xu-0100,

As I mentioned in that topic, we seem have no available methods to list all the access scopes of a token.

1 Like