skip to content
An anime girl with glasses

Use GITHUB_TOKEN to publish in GitHub Packages

/ 1 min read

The Problem

I am currently working on a monorepo setup which also includes a package used by other repositories in the (private) GitHub organization. We wanted to use the GITHUB_TOKEN in order to authenticate to the GitHub Packages and update / publish the package-

The GitHub docs propose that it is only possible to authenticate with a personal access token. This was not a solution for us.

Our solution to make it work with the GITHUB_TOKEN

name: <your-name>

on: push

    name: <your-job-name>
    runs-on: <your-runtime-environment e.g. ubuntu-latest>
      contents: read 
      packages: write # Allowing job permissions so that a package can actually be published
      - uses: actions/checkout@v3 # An action to checkout the needed repository
      - uses: actions/setup-node@v4 # An action to set up the node environment in the CD
          node-version: "<your-desired-node-version>"
          registry-url: "" # No need to add the auhToken or oganization name in the end
          # GitHub will handle that for you
          # Defaults to the user or organization that owns the workflow file
          scope: "@<name-of-your-org>" 
      - name: <your-name>
        run: npm install # or yarn install, depends on your setup
      - name:  <your-name>
        run: npm publish
          NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }}