Last Reviewed: 2025-12-10
Authenticate Terminus in a GitHub Actions Pipeline
Learn how to authenticate Terminus in a GitHub Actions CI pipeline without receiving errors.
This section provides information on how to to authenticate Terminus in a GitHub Actions CI pipeline without receiving errors and avoiding authentication rate limits.
Caching Authentication for GitHub Actions
You can use the example script in this section for a full start-to-finish Terminus authentication in GitHub Actions.
This pipeline does the following:
- Uses the
ubuntu:latestDocker image. - Updates the system and installs necessary tools like PHP, curl, perl, sudo, and Git before the script stages.
- Defines a cache for the Terminus binary. The pipeline system will save and restore the cache for subsequent runs.
- Determines the latest release of Terminus from the GitHub API and stores it in the
TERMINUS_RELEASEvariable. - Creates a directory for Terminus, downloads it into that directory, makes it executable, and then creates a symbolic link to it in
/usr/local/binso that you can run it from anywhere. - Ensures there is a valid Terminus session populated in the encrypted cache.
- Checks that Terminus is authenticated with
terminus auth:whoami.
Information:
Note
Before you use this script:
- Add a Pantheon account machine token to your GitHub environment (preferred) or repository secrets named
TERMINUS_TOKEN. (Always store production secrets in a GitHub "Environment" that restricts which branches can deploy to it, and protect those branches with rules including code reviews and security tests).