feat: Add possiblity to set up access_token for pulling gh_actions release (#252)

tdudlak4918ab · web-flow · commit 3e4b87b03859 · 2026-04-06T21:45:12.000+02:00
At some cases, for example running github enterprise on-prem,
we should be able to define token for the public github url
which is used to pull the actions-runner latest release.
This new variable defaults to access_token value if not set.
Should be backward compatible for users using only public GH.

Signed-off-by: Tibor Dudlák &lt;Tibor.Dudlak@airbank.cz&gt;
diff --git a/README.md b/README.md
@@ -15,12 +15,12 @@ It supports Enterprise, Organization and Repository Runners.
 
 * The role requires a Personal Access Token to access GitHub. The token can be set as the `PERSONAL_ACCESS_TOKEN` environment variable.
 
-> **Note**  
+> **Note**
 > The token must have the `repo` scope (when creating a repo runner), the `admin:org` scope (when creating a runner for an organization),
 > or the `manage_runners:enterprise` scope (when creating an enterprise runner).
 > Personal Access Token for GitHub account can be created [here](https://github.com/settings/tokens).
 
-> **Warning**  
+> **Warning**
 > Never store your personal access token in the GitHub repository. Use [GitHub Secrets](https://help.github.com/en/actions/configuring-and-managing-workflows/creating-and-storing-encrypted-secrets) or a different secrets service.
 
 * Runner user has to be pre-created.
@@ -87,6 +87,9 @@ github_api_runners_per_page: 100
 # Personal Access Token for your GitHub account
 access_token: "{{ lookup('env', 'PERSONAL_ACCESS_TOKEN') }}"
 
+# Public github Access Token for the actions-runner release download
+public_gh_access_token: "{{ lookup('env', 'PUBLIC_GH_ACCESS_TOKEN') }}"
+
 # Is it the runner for organization or not?
 runner_org: false
 
diff --git a/defaults/main.yml b/defaults/main.yml
@@ -29,6 +29,9 @@ github_api_runners_per_page: 100
 # Personal Access Token for your GitHub account
 access_token: "{{ lookup('env', 'PERSONAL_ACCESS_TOKEN') }}"
 
+# Public github Access Token for the actions-runner release download
+public_gh_access_token: "{{ lookup('env', 'PUBLIC_GH_ACCESS_TOKEN') }}"
+
 # Is it the runner for organization or not?
 runner_org: false
 
diff --git a/tasks/collect_info.yml b/tasks/collect_info.yml
@@ -64,7 +64,7 @@
       ansible.builtin.uri:
         url: "https://api.github.com/repos/{{ runner_download_repository }}/releases/latest"
         headers:
-          Authorization: "token {{ access_token }}"
+          Authorization: "token {{ public_gh_access_token | default(access_token) }}"
           Content-Type: "application/json"
         method: GET
         return_content: true
