Code of Conduct
What article on docs.github.com is affected?
https://docs.github.com/en/actions/security-for-github-actions/security-guides/automatic-token-authentication
What part(s) of the article would you like to see updated?
Fails to explain how (and whether at all) the token generated by the run will provide the GitHub token to steps that call actions that use a Docker image, such as:
runs:
using: docker
image: docker://…
It is unclear whether the GITHUB_TOKEN will be created as an env variable in the container, thus enabling Automatic token authentication (without manually passing the token as action input). Only using ${{ secrets.GITHUB_TOKEN }} and github.token is documented, which is not something that appears as something one can access in non-JavaScript actions.
Additional information
No response
Code of Conduct
What article on docs.github.com is affected?
https://docs.github.com/en/actions/security-for-github-actions/security-guides/automatic-token-authentication
What part(s) of the article would you like to see updated?
Fails to explain how (and whether at all) the token generated by the run will provide the GitHub token to steps that call actions that use a Docker image, such as:
It is unclear whether the
GITHUB_TOKENwill be created as an env variable in the container, thus enabling Automatic token authentication (without manually passing the token as action input). Only using${{ secrets.GITHUB_TOKEN }}andgithub.tokenis documented, which is not something that appears as something one can access in non-JavaScript actions.Additional information
No response