Shopify CLI authentication token not accepted in GitHub Actions CI (works locally)

Seth_Mak · July 24, 2025, 7:12am

When using a valid CLI authentication token (generated from the Partner Dashboard, starts with atkn_, 69 characters) in GitHub Actions CI, the Shopify CLI (v3.80.7) fails with the error:

Authorization is required to continue, but the current environment does not support interactive prompts.
To resolve this, specify credentials in your environment, or run the command in an interactive environment such as your local terminal.

The token is set as an environment secret (SHOPIFY_CLI_AUTH_TOKEN) in the correct environment.
The workflow passes the token as an environment variable to the deploy step.
The same token works perfectly when used locally with export SHOPIFY_CLI_AUTH_TOKEN=… and running shopify app deploy or shopify app info.
The debug step in CI confirms the token is present, correct, and not truncated.

Steps to Reproduce:

Generate a CLI authentication token from the Shopify Partner Dashboard.
Set it as an environment secret in GitHub Actions.
Reference it in the workflow as SHOPIFY_CLI_AUTH_TOKEN.
Run shopify app deploy --config=shopify.app.staging.toml --force --no-color in a GitHub Actions job.
Observe the error above.

Expected Behavior:

Shopify CLI should authenticate and deploy non-interactively in CI/CD, as documented.

Actual Behavior:

Shopify CLI fails with an authorization error, as if no token is present.

Environment:

Shopify CLI version: 3.80.7
GitHub Actions runner: ubuntu-latest
Token: Valid, starts with atkn_, works locally

Additional Info:

No repo-level secret conflict.
Environment-level secret is set and picked up by the workflow.
Token is not expired or revoked.
Manual deploy with the same token works.

gonzaloriestra · July 24, 2025, 7:24am

The env var should be SHOPIFY_CLI_PARTNERS_TOKEN. It’s probably working locally because you have a current session. You can reproduce it by running shopify auth logout and then shopify app deploy --force with that wrong env var.

You can find a guide to set up your CI/CD pipeline here: Deploy app components in a CD pipeline

Dylan · July 24, 2025, 12:47pm

@Seth_Mak

Did you also expose your app’s public key as SHOPIFY_API_KEY?

I believe that’s also necessary in addition to the private key.

Here’s the 3 env vars I define to my GH action:

SHOPIFY_API_KEY - my app’s public key
SHOPIFY_CLI_PARTNERS_TOKEN - my app’s private key
SHOPIFY_FLAG_FORCE - to invoke the -f flag via an environment variable (but using the CLI option will do the same thing)

My full GH step:

      - name: Deploy to Shopify
        run: |
          echo "🚀 Deploying to Shopify"

          # Build the app
          echo "Building Shopify app..."
          shopify app build

          # Deploy using production config
          echo "Deploying with production configuration..."
          shopify app deploy --config=shopify.app.toml

          echo "✅ Deployment completed successfully"
        env:
          SHOPIFY_CLI_PARTNERS_TOKEN: ${{ secrets.SHOPIFY_CLI_TOKEN }}
          SHOPIFY_API_KEY: **********************
          COMMIT_URL: ${{ github.server_url }}/${{ github.repository }}/commit/${{ github.sha }}
          SHOPIFY_FLAG_FORCE: true

Topic		Replies	Views
CI hydrogen env push pull Shopify CLI and Libraries hydrogen-commands	1	23	November 10, 2025
Authenticating non-shopify webhooks Authentication & Access oauth	7	93	January 16, 2025
Cannot use `shopify app dev`: "You are not authorized to use the CLI to develop in the provided store." Shopify CLI and Libraries app-commands	3	167	December 23, 2024
Is it possible to deploy to the next-gen dev stores with CI/CD Shopify App Store dev-stores	1	119	July 14, 2025
Shopify `auth login` triggers a logout Extensions admin-ui-extensions	3	143	May 20, 2025

Shopify CLI authentication token not accepted in GitHub Actions CI (works locally)

Related topics