tripleee
commented
2 years ago https://securitylab.github.com/research/github-actions-preventing-pwn-requests/ explains the rationale for this. Untrusted code should not get access to the repository's secrets. I'll see if I can come up with a workaround.
The GH action on a pull request doesn't get access to the login token, so the test fails.