Tweets by javapedia.net

Maven / GitHub Actions Interview Questions

What is the GITHUB_TOKEN and what permissions does it have?

GITHUB_TOKEN is a short-lived, automatically generated token that GitHub injects into every workflow run. It is scoped to the repository where the workflow runs, expires when the job finishes, and requires no manual secret configuration. You access it via ${{ secrets.GITHUB_TOKEN }} or the environment variable $GITHUB_TOKEN.

By default the token is granted a set of permissions that cover the most common CI needs. The default permission level depends on your repository settings (either "permissive" or "restricted"). With the permissive default, common grants include:

contents: read — read source code and releases
pull-requests: write — add comments, labels, and review status to PRs
packages: write — push container images to GitHub Container Registry (GHCR)
statuses: write — post commit statuses (used by CI checks)

Best practice is to declare minimum required permissions explicitly in the workflow, both at the workflow level and at the job level:

permissions:
  contents: read        # default; be explicit

jobs:
  release:
    permissions:
      contents: write   # needed to create a GitHub Release
      packages: write   # needed to push to GHCR
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - run: gh release create v1.0 --generate-notes
        env:
          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}

Setting permissions: {} (all read) at the workflow level and then granting specific write permissions only to the jobs that need them is the principle of least privilege. GITHUB_TOKEN cannot access resources outside the repository that triggered the workflow; for cross-repo operations you need a Personal Access Token (PAT) or a GitHub App token.

How long is a GITHUB_TOKEN valid? 24 hours

✗ Try again — not quite right.

Only for the duration of the job that uses it

✓ Well done — that is correct!

30 days like a standard PAT

✗ Try again — not quite right.

Until manually revoked in repository settings

✗ Try again — not quite right.

Can GITHUB_TOKEN be used to access resources in a different repository than the one running the workflow? Yes, if the other repo is in the same organisation

✗ Try again — not quite right.

No, it is scoped only to the triggering repository

✓ Well done — that is correct!

Yes, with contents: read permission granted

✗ Try again — not quite right.

Yes, but only for reading public repositories

✗ Try again — not quite right.

Invest now in Acorns!!! 🚀 Join Acorns and get your $5 bonus!

Invest now in Acorns!!! 🚀
Join Acorns and get your $5 bonus!

Earn passively and while sleeping

Acorns is a micro-investing app that automatically invests your "spare change" from daily purchases into diversified, expert-built portfolios of ETFs. It is designed for beginners, allowing you to start investing with as little as $5. The service automates saving and investing. Disclosure: I may receive a referral bonus.

Invest now!!! Get Free equity stock (US, UK only)!

Use Robinhood app to invest in stocks. It is safe and secure. Use the Referral link to claim your free stock when you sign up!.

The Robinhood app makes it easy to trade stocks, crypto and more.

Webull! Receive free stock by signing up using the link: Webull signup.

More Related questions...

What is GitHub Actions and what problems does it solve? What are the key components of GitHub Actions — workflows, jobs, steps, actions, and runners? How is a GitHub Actions workflow file structured, and where must it be placed? What are workflow triggers (on:) and which event types does GitHub Actions support? What is the difference between push, pull_request, and workflow_dispatch triggers? What are jobs in GitHub Actions, and how do they run in parallel by default? What are steps, and what is the difference between run: and uses: in a step? What are runners, and what is the difference between GitHub-hosted and self-hosted runners? What is the GitHub Actions Marketplace and how do you find and use actions from it? How do you use the actions/checkout action and what does it do? How do you pass environment variables and secrets to a GitHub Actions workflow? What is the difference between the env:, secrets:, and vars: contexts in GitHub Actions? How do you cache dependencies in GitHub Actions using actions/cache? How do you use matrix builds in GitHub Actions to test across multiple environments? How do you control job execution order in GitHub Actions using needs:? How do you share data between steps within a job using step outputs? How do you share build artifacts between jobs using actions/upload-artifact and actions/download-artifact? What are reusable workflows in GitHub Actions and how do you call them? What are composite actions and when should you choose them over reusable workflows? How do you set up a Docker container service for integration tests using services: in GitHub Actions? How do you use conditional steps with if: in GitHub Actions? What are the key GitHub Actions expression contexts and what information does each provide? How do you use concurrency groups to cancel outdated workflow runs in GitHub Actions? What is the GITHUB_TOKEN and what permissions does it have? How do you trigger one GitHub Actions workflow from another using workflow_run? How do you write a custom JavaScript action for GitHub Actions? How do you write a custom Docker container action for GitHub Actions? How do you implement a complete CI/CD pipeline for a container image in GitHub Actions — build, push to a registry, and deploy? How do you implement path filtering so a workflow only runs when specific files change? How do you debug failing GitHub Actions workflows — enabling debug logging and using tmate? How do you implement branch protection rules with required GitHub Actions status checks? How do you handle large monorepos with multiple services in GitHub Actions? What are OpenID Connect (OIDC) tokens in GitHub Actions and how do they replace long-lived cloud credentials? How do you prevent secret exposure and follow security hardening best practices in GitHub Actions? What are the key differences between GitHub Actions, Jenkins, and GitLab CI?

Show more question and Answers...

GitOps Interview Questions

Comments & Discussions

Maven Interview questions 43 Maven Interview questions II 46 Gradle interview questions 31 GIT Interview Questions 46 DEVOPS Interview questions 4 Jenkins Interview questions 22 AppDynamics Interview questions 8 Ansible Interview questions 1 GitHub Actions Interview Questions 35 GitOps Interview Questions 35

Recently added...

How does Argo CD's sync process work — desired state vs live state?

How does image automation work in Flux for continuous delivery?

How does GitOps improve security and auditability compared to script-based deployments?

What is Argo CD and how does it implement GitOps?

What is Flux CD and how does it differ from Argo CD?

How do you handle multiple environments (dev/staging/prod) in a GitOps repo?

What is the 'single source of truth' principle in GitOps?

What is declarative infrastructure and why does GitOps require it?

What is drift detection and how does a GitOps operator handle drift?

What is the difference between GitOps and Infrastructure as Code (IaC)?

What are Argo CD Applications and ApplicationSets?

How do you structure a GitOps repository — app-of-apps, environment folders, overlays?

How does Flux's source-controller and kustomize-controller work together?

How do you manage secrets in a GitOps workflow — Sealed Secrets, SOPS, External Secrets Operator?

What is GitOps and what core principles does it define?

How does GitOps differ from traditional CI/CD pipelines?

What are the two GitOps deployment models: push-based vs pull-based?

What is a GitOps operator and what role does it play?

What Git branching strategies are commonly used with GitOps?

What are Argo CD sync policies — automated vs manual — and sync waves?

	Interviews Questions Java Spring Hibernate Maven Testing API BigData Web DataStructures AI Database MuleESB Cloud Scala Tools	About Javapedia.net Javapedia.net is for Java and J2EE developers, technologist and college students who prepare of interview. Also this site includes many practical examples. This site is developed using J2EE technologies by Steve Antony, a senior Developer/lead at one of the logistics based company.
	contact: javatutorials2016[at]gmail[dot]com
Kindly consider donating for maintaining this website. Thanks.
	Copyright © 2026, javapedia.net, all rights reserved. privacy policy.