act "GITHUB_TOKEN not set" running Actions locally
On GitHub, each job receives an automatic GITHUB_TOKEN. act does not generate one, so any step that calls the GitHub API sees an empty or missing token and fails with a 401 or "not set" error. You provide the token yourself.
What this error means
A step using the GitHub API fails with "Bad credentials", "401 Unauthorized", or a message that GITHUB_TOKEN / secrets.GITHUB_TOKEN is empty under act.
Error: HttpError: Bad credentials
Error: Unhandled error: HttpError: Bad credentials (401)Common causes
act does not auto-provision GITHUB_TOKEN
The automatic token is a GitHub-hosted feature; locally the secret is empty unless you pass it in.
The step calls the GitHub API
Actions like create-release or the gh CLI need a real token, which is absent by default under act.
How to fix it
Pass a token with -s
Supply a personal access token (a gh token works) as the GITHUB_TOKEN secret.
act -s GITHUB_TOKEN="$(gh auth token)" -j releaseLoad it from a .secrets file
Keep the token in a gitignored .secrets file that act reads automatically.
GITHUB_TOKEN=ghp_your_token_hereHow to prevent it
- Provide GITHUB_TOKEN whenever a step touches the GitHub API.
- Store it in a gitignored
.secretsfile for repeatable local runs. - Grant the token only the scopes the workflow actually needs.