Skip to content
Latchkey

How to Use actions/github-script for API Calls in GitHub Actions

actions/github-script gives you a pre-authenticated Octokit client so you can script API calls without wiring up tokens yourself.

Write JavaScript in the script: input. The github object is an authenticated Octokit, and context carries event data. Grant only the permissions the calls need.

Steps

  • Add actions/github-script@v7 and put JS in script:.
  • Call github.rest.* (REST) or github.graphql (GraphQL).
  • Grant matching permissions: (e.g. issues: write).

Workflow

.github/workflows/ci.yml
permissions:
  issues: write
jobs:
  triage:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/github-script@v7
        with:
          script: |
            await github.rest.issues.addLabels({
              owner: context.repo.owner,
              repo: context.repo.repo,
              issue_number: context.issue.number,
              labels: ['needs-triage']
            })

Gotchas

  • The built-in GITHUB_TOKEN cannot trigger further workflow runs; use a PAT if you need that.
  • Return a value to expose it as the step output result.

Related guides

Run this faster and cheaper on Latchkey managed runners. Start free →