--- id: agent-github-actions-token-permissions-and-secrets title: 'Agent GitHub Actions Token Permissions and Secrets' schema_type: TechArticle category: ai language: en confidence: medium last_verified: '2026-06-09' created_date: '2026-06-09' generation_method: ai_structured derived_from_human_seed: true conflict_of_interest: none_declared is_live_document: false data_period: static atomic_facts: - id: fact-ai-agent-github-actions-token-permissions-and-secrets-1 statement: >- GitHub documentation says workflows can use the GITHUB_TOKEN to authenticate on behalf of GitHub Actions. source_title: GitHub Automatic Token Authentication source_url: https://docs.github.com/en/actions/security-for-github-actions/security-guides/automatic-token-authentication confidence: medium - id: fact-ai-agent-github-actions-token-permissions-and-secrets-2 statement: >- GitHub workflow syntax documentation says the permissions key can modify default permissions granted to the GITHUB_TOKEN. source_title: GitHub Workflow Syntax Permissions source_url: https://docs.github.com/en/actions/writing-workflows/workflow-syntax-for-github-actions#permissions confidence: medium - id: fact-ai-agent-github-actions-token-permissions-and-secrets-3 statement: >- GitHub secrets documentation says that, except for GITHUB_TOKEN, secrets are not passed to the runner when a workflow is triggered from a forked repository. source_title: GitHub Using Secrets in Actions source_url: https://docs.github.com/en/actions/security-for-github-actions/security-guides/using-secrets-in-github-actions confidence: medium completeness: 0.82 known_gaps: - Workflow authorization depends on repository defaults, organization policy, fork settings, Dependabot event rules, environment protection, reusable workflow boundaries, and the exact job-level permissions block. disputed_statements: [] primary_sources: - title: GitHub Automatic Token Authentication type: documentation year: 2026 url: https://docs.github.com/en/actions/security-for-github-actions/security-guides/automatic-token-authentication institution: GitHub - title: GitHub Workflow Syntax Permissions type: documentation year: 2026 url: https://docs.github.com/en/actions/writing-workflows/workflow-syntax-for-github-actions#permissions institution: GitHub - title: GitHub Using Secrets in Actions type: documentation year: 2026 url: https://docs.github.com/en/actions/security-for-github-actions/security-guides/using-secrets-in-github-actions institution: GitHub secondary_sources: [] updated: '2026-06-09' ai_models: - gpt-5-codex --- ## TL;DR GitHub Actions token and secret evidence tells agents whether a workflow can read code, write statuses, call deployment APIs, or safely access repository secrets. ## Core Explanation CI failures often look like code failures when they are actually permission failures. A job may lack the `contents`, `checks`, `pull-requests`, `deployments`, or `id-token` permission it needs, or a secret may be unavailable because the workflow came from a fork, Dependabot event, reusable workflow boundary, or protected environment. Agents should inspect the triggering event, fork status, repository and organization defaults, workflow-level `permissions`, job-level `permissions`, environment name, and which secret names are referenced before editing YAML or rerunning a deployment. When a workflow can fall back between secret names, the evidence trail should record which secret was present and which API call succeeded. ## Source-Mapped Facts - GitHub documentation says workflows can use the GITHUB_TOKEN to authenticate on behalf of GitHub Actions. ([source](https://docs.github.com/en/actions/security-for-github-actions/security-guides/automatic-token-authentication)) - GitHub workflow syntax documentation says the permissions key can modify default permissions granted to the GITHUB_TOKEN. ([source](https://docs.github.com/en/actions/writing-workflows/workflow-syntax-for-github-actions#permissions)) - GitHub secrets documentation says that, except for GITHUB_TOKEN, secrets are not passed to the runner when a workflow is triggered from a forked repository. ([source](https://docs.github.com/en/actions/security-for-github-actions/security-guides/using-secrets-in-github-actions)) ## Further Reading - [GitHub Automatic Token Authentication](https://docs.github.com/en/actions/security-for-github-actions/security-guides/automatic-token-authentication) - [GitHub Workflow Syntax Permissions](https://docs.github.com/en/actions/writing-workflows/workflow-syntax-for-github-actions#permissions) - [GitHub Using Secrets in Actions](https://docs.github.com/en/actions/security-for-github-actions/security-guides/using-secrets-in-github-actions)