Every action that runs has access to a GITHUB_TOKEN environment variable that can be used to interact with the API. The token has read and write (but not admin) repository app permissions by default.Note, forks do not normally have access to secrets in the actions environment.
Full article