Home How to use gh auth login CLI Programmatically in GitHub Actions
Post
Cancel

How to use gh auth login CLI Programmatically in GitHub Actions

Overview

Quick post here since I have to search for this every time I try to use the gh cli in GitHub Actions. In order to use the gh cli, you typically have to run gh auth login to authenticate. If you are running this from an interactive session (ie: on your local machine), you are provided with some prompts to easily authenticate to GitHub.com or GitHub Enterprise Server. If you try to do this from an command in a GitHub Actions, the action will just stall out and you will have to cancel since gh auth login is intended to be done in an interactive session.

There is a gh auth login --with-token in the docs that provides an example for reading from a file, but if you’re running in a GitHub Action workflow, your ${{ secrets.GITHUB_TOKEN }} isn’t going to be a file.

Example 1 - gh auth login

Here’s an example GitHub Action sample for logging into the gh cli and using gh api to retrieve a repositories topics:

1
2
3
4
    steps:
    - run: |
        echo ${{ secrets.GITHUB_TOKEN }} | gh auth login --with-token
        gh api -X GET /repos/${{ GITHUB.REPOSITORY }}/topics --jq='.names'

Example 2 - env variable

However, there is another way. If you try to run a gh command without authenticating, you will see the following error message:

1
2
3
gh: To use GitHub CLI in a GitHub Actions workflow, set the GH_TOKEN environment variable. Example:
  env:
    GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}

If you are using the gh cli in multiple steps or jobs in a workflow, setting the GH_TOKEN as an env might be better:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
env:
  GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}

jobs:
  prebuild:
    runs-on: ubuntu-latest
    steps:
    - run: |
        gh api -X GET /repos/${{ GITHUB.REPOSITORY }}/topics --jq='.names'
  build:
    runs-on: ubuntu-latest
    steps:
    - run: |
        gh api -X GET /repos/${{ GITHUB.REPOSITORY }}/branches --jq='.[].name'

With this, you will notice you don’t have to run gh auth login at all.

You can alternatively use jobs.<job_id>.steps[*].env or jobs.<job_id>.env to set an environment variable for a particular step or job instead of the whole workflow, but this would have to be added to each step/job that you were running gh commands in.

This post is licensed under CC BY 4.0 by the author.

Migrate Azure DevOps Work Items to GitHub Issues

GitHub: Block Pull Requests if a Vulnerable Dependency is Added