docs: Expand the GITHUB_TOKEN section (nektos#968)

* docs: Expand the GITHUB_TOKEN section * docs: Add a note on leaking GITHUB_TOKEN through shell history Co-authored-by: mergify[bot] <37929162+mergify[bot]@users.noreply.github.com>
xing · Jan 31, 2022 · b1f5963 · b1f5963
1 parent 4f8da0a
commit b1f5963
Showing 1 changed file with 11 additions and 1 deletion.
diff --git a/README.md b/README.md
@@ -202,7 +202,17 @@ It will save that information to `~/.actrc`, please refer to [Configuration](#co
   -W, --workflows string                 path to workflow file(s) (default "./.github/workflows/")
 ```
 
-In case you want to pass a value for `${{ github.token }}`, you should pass `GITHUB_TOKEN` as secret: `act -s GITHUB_TOKEN=[insert token or leave blank for secure input]`.
+## `GITHUB_TOKEN`
+
+Github [automatically provides](https://docs.github.com/en/actions/security-guides/automatic-token-authentication#about-the-github_token-secret) a `GITHUB_TOKEN` secret when running workflows inside Github.
+
+If your workflow depends on this token, you need to create a [personal access token](https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/creating-a-personal-access-token) and pass it to `act` as a secret:
+
+```bash
+act -s GITHUB_TOKEN=[insert token or leave blank for secure input]
+```
+
+**WARNING**: `GITHUB_TOKEN` will be logged in shell history if not inserted through secure input or (depending on your shell config) the command is prefixed with a whitespace.
 
 # Known Issues