Skip to content
Latchkey

Gitea Actions GITHUB_TOKEN / GITEA_TOKEN not available in CI

Gitea Actions injects an automatic token you reference as ${{ secrets.GITHUB_TOKEN }} (also exposed as GITEA_TOKEN). If a step reads a bare env var, or expects broader scope than the per-job token has, calls to the instance API fail with unauthorized.

What this error means

A step that pushes, comments, or calls the Gitea API fails with 401/403, or the token variable is empty because it was not read from the secrets context.

Gitea Actions
Error: Resource not accessible by integration
# or an empty token because the step used $GITHUB_TOKEN without:
env:
  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

Common causes

The token is not referenced through the secrets context

A step reads a plain env var that was never set, instead of ${{ secrets.GITHUB_TOKEN }}, so it is empty.

The automatic token lacks the needed permission

The per-job token has limited scope; an operation beyond it returns not accessible / unauthorized.

How to fix it

Reference the token via the secrets context

  1. Set the env var from ${{ secrets.GITHUB_TOKEN }} (or GITEA_TOKEN).
  2. Use that env var in the step that calls the API.
  3. Re-run and confirm the call authenticates.
.gitea/workflows/ci.yml
steps:
  - run: gitea-cli ...
    env:
      GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

Use a PAT for operations beyond the auto token

If the automatic token is too limited, store a personal access token as a secret and use it for that step.

.gitea/workflows/ci.yml
env:
  GITEA_TOKEN: ${{ secrets.CI_PAT }}

How to prevent it

  • Always inject the token from the secrets context, never assume it in env.
  • Use the automatic token for in-repo actions; a PAT for cross-repo.
  • Grant least privilege to any PAT you store.

Related guides

Tired of flaky CI? Latchkey auto-heals failed jobs and retries them for you. Start free →