Authentication and billing options
When you run CLI de Copilot in a GitHub Actions workflow, you can authenticate using either a personal access token (PAT) or the built-in GITHUB_TOKEN.
-
Using a PAT: The workflow authenticates as the user who created the PAT. AI credits are drawn from that user's Copilot seat entitlements, and their license determines which models and features are available. This works in any repository but introduces operational and security risks for organizations running automations at scale.
-
Using
GITHUB_TOKEN: The workflow authenticates as an installation, with no individual user associated with the request. How AI credits are billed depends on where the workflow runs:- In a personally-owned repository, usage is billed to the repository owner's Copilot seat.
- In an organization-owned repository, usage is metered directly to the organization. This requires the "Allow use of CLI de Copilot billed to the organization" policy to be enabled by an organization owner.
Using GITHUB_TOKEN in an organization-owned repository is the recommended approach for automations. Each workflow run receives a short-lived, scoped token generated by GitHub Actions, so no long-lived credentials need to be stored or rotated.
Note that this policy is separate from your Copilot licensing setup. Enterprises that issue licenses through a dedicated organization and do their work in other organizations do not need Copilot licensing enabled in the working organization, only the policy.
Controlling cost
When usage is billed directly to the organization, user-level Copilot budgets are not considered, because the cost is not attributed to any individual user. To manage spend for CLI de Copilot usage billed this way, you can:
- Configure cost centers for the relevant organizations. Cost centers allow cost attribution to groups of organizations, and budgets can be applied to cost centers. See Centros de costo.
- Monitor Copilot usage from your organization's billing and usage dashboards to track consumption over time.
Security considerations
Running CLI de Copilot in automated workflows introduces security risks that are independent of which authentication method you use. Because CLI de Copilot is an agentic tool that can read and modify repository contents, a compromised or misconfigured workflow can cause unintended changes.
To reduce risk:
- Use GitHub Agentic Workflows rather than invoking CLI de Copilot directly in
runsteps. Agentic Workflows are designed with guardrails for automated use. - Follow the principle of least privilege when setting workflow permissions.
- Review workflow triggers carefully. Workflows that run on pull request events from forks are at higher risk of prompt injection.
Next steps
To learn how to set up CLI de Copilot with GITHUB_TOKEN in a GitHub Actions workflow, see Using Copilot CLI in GitHub Actions with GITHUB_TOKEN.