diff --git a/content/actions/reference/authentication-in-a-workflow.md b/content/actions/reference/authentication-in-a-workflow.md index 770e1fb7cd..2bb391abf4 100644 --- a/content/actions/reference/authentication-in-a-workflow.md +++ b/content/actions/reference/authentication-in-a-workflow.md @@ -19,7 +19,7 @@ shortTitle: Authentication in a workflow ## About the `GITHUB_TOKEN` secret -{% data variables.product.prodname_dotcom %} automatically creates a `GITHUB_TOKEN` secret to use in your workflow. You can use the `GITHUB_TOKEN` to authenticate in a workflow run. +At the start of each workflow run, {% data variables.product.prodname_dotcom %} automatically creates a unique `GITHUB_TOKEN` secret to use in your workflow. You can use the `GITHUB_TOKEN` to authenticate in a workflow run. When you enable {% data variables.product.prodname_actions %}, {% data variables.product.prodname_dotcom %} installs a {% data variables.product.prodname_github_app %} on your repository. The `GITHUB_TOKEN` secret is a {% data variables.product.prodname_github_app %} installation access token. You can use the installation access token to authenticate on behalf of the {% data variables.product.prodname_github_app %} installed on your repository. The token's permissions are limited to the repository that contains your workflow. For more information, see "[Permissions for the `GITHUB_TOKEN`](#permissions-for-the-github_token)." diff --git a/content/actions/reference/workflow-commands-for-github-actions.md b/content/actions/reference/workflow-commands-for-github-actions.md index b05af3ee7c..dade5fc450 100644 --- a/content/actions/reference/workflow-commands-for-github-actions.md +++ b/content/actions/reference/workflow-commands-for-github-actions.md @@ -223,22 +223,36 @@ echo "::add-mask::$MY_NAME" Stops processing any workflow commands. This special command allows you to log anything without accidentally running a workflow command. For example, you could stop logging to output an entire script that has comments. -### Example stopping workflow commands +To stop the processing of workflow commands, pass a unique token to `stop-commands`. To resume processing workflow commands, pass the same token that you used to stop workflow commands. -``` bash -echo "::stop-commands::pause-logging" -``` +{% warning %} -To start workflow commands, pass the token that you used to stop workflow commands. +**Warning:** Make sure the token you're using is randomly generated and unique for each run. As demonstrated in the example below, you can generate a unique hash of your `github.token` for each run. + +{% endwarning %} `::{endtoken}::` -### Example starting workflow commands +### Example stopping and starting workflow commands -``` bash -echo "::pause-logging::" +{% raw %} + +```yaml +jobs: + workflow-command-job: + runs-on: ubuntu-latest + steps: + - name: disable workflow commands + run: | + echo '::warning:: this is a warning' + echo "::stop-commands::`echo -n ${{ github.token }} | sha256sum | head -c 64`" + echo '::warning:: this will NOT be a warning' + echo "::`echo -n ${{ github.token }} | sha256sum | head -c 64`::" + echo '::warning:: this is a warning again' ``` +{% endraw %} + ## Sending values to the pre and post actions You can use the `save-state` command to create environment variables for sharing with your workflow's `pre:` or `post:` actions. For example, you can create a file with the `pre:` action, pass the file location to the `main:` action, and then use the `post:` action to delete the file. Alternatively, you could create a file with the `main:` action, pass the file location to the `post:` action, and also use the `post:` action to delete the file.