GitHub Copilot CLI GitHub Actions integration now uses GITHUB_TOKEN
GitHub Copilot CLI can now authenticate with GitHub Actions using the built-in GITHUB_TOKEN, eliminating the need for Personal Access Tokens (PATs). This change reduces operational overhead and security risks associated with managing PATs for large-scale automations. AI credits are billed directly to the organization when used in organization-owned repositories, requiring a specific Copilot policy to be enabled and the `copilot-requests: write` permission. Users must update to a recent version of Copilot CLI to utilize this feature.
- →Copilot CLI uses GITHUB_TOKEN for GitHub Actions
- →Organization billing for Copilot CLI in GitHub Actions
- →Cost management for organization-billed Copilot CLI usage
- →Version requirement for GITHUB_TOKEN integration
Features (1) ›
- Copilot CLI uses GITHUB_TOKEN for GitHub Actions
GitHub Copilot CLI no longer requires a Personal Access Token (PAT) when running in GitHub Actions. It now utilizes the built-in GITHUB_TOKEN for authentication, simplifying setup and enhancing security by removing the need to manage long-lived PATs.
Enhancements (1) ›
- Organization billing for Copilot CLI in GitHub Actions
AI credits consumed by Copilot CLI in organization-owned repositories are now billed directly to the organization. This feature requires enabling the “Allow use of Copilot CLI billed to the organization” Copilot policy and granting workflows the `copilot-requests: write` permission.
Notes (2) ›
- Cost management for organization-billed Copilot CLI usage
When billing is handled by the organization, user-level budgets are not applicable. Organizations can manage spend by configuring cost centers, monitoring usage dashboards, and setting session limits for AI credit consumption.
- Version requirement for GITHUB_TOKEN integration
To use the new GITHUB_TOKEN authentication in GitHub Actions, users must update to a recent version of Copilot CLI. This can be done via `copilot update` or by reinstalling with `npm install -g @github/copilot`.
https://github.blog/changelog/2026-07-02-copilot-cli-no-longer-needs-a-personal-access-token-in-github-actions