actions/ai-inference
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Separate out MCP token

Browse Source
This commit is contained in:
Sean Goedecke
2025-08-04 03:06:53 +00:00
parent fc8527d1d9
commit 419f171f16
5 changed files with 30 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
README.md
View File

@@ -168,11 +168,26 @@ steps:
token: ${{ secrets.USER_PAT }}
```
For enhanced security, you can use separate tokens for the AI inference endpoint
and the GitHub MCP server:
```yaml
steps:
- name: AI Inference with Separate MCP Token
id: inference
uses: actions/ai-inference@v1.2
with:
prompt: 'List my open pull requests and create a summary'
enable-github-mcp: true
token: ${{ secrets.AI_INFERENCE_TOKEN }}
github-mcp-token: ${{ secrets.GITHUB_MCP_TOKEN }}
```
When MCP is enabled, the AI model will have access to GitHub tools and can
perform actions like searching issues and PRs.
**Note:** For now, MCP integration cannot be used with the built-in token. You
must pass a GitHub PAT into `token:` instead.
**Note:** You can use the built-in `GITHUB_TOKEN`, or provide a separate GitHub
PAT via `github-mcp-token` for tighter security and permissions control.
## Inputs
@@ -191,6 +206,7 @@ the action:
| `endpoint` | The endpoint to use for inference. If you're running this as part of an org, you should probably use the org-specific Models endpoint | `https://models.github.ai/inference` |
| `max-tokens` | The max number of tokens to generate | 200 |
| `enable-github-mcp` | Enable Model Context Protocol integration with GitHub tools | `false` |
| `github-mcp-token` | Token to use for GitHub MCP server (defaults to the main token if not specified). Use a separate PAT for tighter security | `""` |
## Outputs

4
action.yml
View File

@@ -50,6 +50,10 @@ inputs:
description: Enable Model Context Protocol integration with GitHub tools
required: false
default: 'false'
github-mcp-token:
description: The token to use for GitHub MCP server (defaults to GITHUB_TOKEN if not specified)
required: false
default: ''
# Define your outputs here.
outputs:

4
dist/index.js generated vendored
View File

@@ -52130,13 +52130,15 @@ async function run() {
if (token === undefined) {
throw new Error('GITHUB_TOKEN is not set');
}
// Get GitHub MCP token (use dedicated token if provided, otherwise fall back to main token)
const githubMcpToken = coreExports.getInput('github-mcp-token') || token;
const endpoint = coreExports.getInput('endpoint');
// Build the inference request with pre-processed messages and response format
const inferenceRequest = buildInferenceRequest(promptConfig, systemPrompt, prompt, modelName, maxTokens, endpoint, token);
const enableMcp = coreExports.getBooleanInput('enable-github-mcp') || false;
let modelResponse = null;
if (enableMcp) {
const mcpClient = await connectToGitHubMCP(inferenceRequest.token);
const mcpClient = await connectToGitHubMCP(githubMcpToken);
if (mcpClient) {
modelResponse = await mcpInference(inferenceRequest, mcpClient);
}

2
dist/index.js.map generated vendored
View File

File diff suppressed because one or more lines are too long

5
src/main.ts
View File

@@ -49,6 +49,9 @@ export async function run(): Promise<void> {
throw new Error('GITHUB_TOKEN is not set')
}
// Get GitHub MCP token (use dedicated token if provided, otherwise fall back to main token)
const githubMcpToken = core.getInput('github-mcp-token') || token
const endpoint = core.getInput('endpoint')
// Build the inference request with pre-processed messages and response format
@@ -67,7 +70,7 @@ export async function run(): Promise<void> {
let modelResponse: string | null = null
if (enableMcp) {
const mcpClient = await connectToGitHubMCP(inferenceRequest.token)
const mcpClient = await connectToGitHubMCP(githubMcpToken)
if (mcpClient) {
modelResponse = await mcpInference(inferenceRequest, mcpClient)