Ambiguous documentation for automatic token auth

[zefir-git]

Code of Conduct

• I have read and agree to the GitHub Docs project's Code of Conduct

What article on docs.github.com is affected?

https://docs.github.com/en/actions/security-for-github-actions/security-guides/automatic-token-authentication

What part(s) of the article would you like to see updated?

Fails to explain how (and whether at all) the token generated by the run will provide the GitHub token to steps that call actions that use a Docker image, such as:

runs:
  using: docker
  image: docker://…

It is unclear whether the GITHUB_TOKEN will be created as an env variable in the container, thus enabling Automatic token authentication (without manually passing the token as action input). Only using ${{ secrets.GITHUB_TOKEN }} and github.token is documented, which is not something that appears as something one can access in non-JavaScript actions.

Additional information

No response

[welcome]

Thanks for opening this issue. A GitHub docs team member should be by to give feedback soon. In the meantime, please check out the contributing guidelines.

[Sharra-writes]

Thanks for opening an issue! I'll get this triaged for review.

[github-actions]

A stale label has been added to this issue and it has been closed, because it has been open for 30 days with no activity. If you think this issue should remain open, please add a new comment.

[nike4949]

@zefir-git @Sharra-writes @docs-bot @topfunky @docs-bot @topfunky @mtodd @edward @jonmagic @trevrosen @clarkbw @mislav @