GitHub Actions MCP server setup for Claude Code and Cursor

Quick answer: The GitHub Actions MCP server wraps the GitHub REST API v3 as a set of tools Claude Code or Cursor can call over stdio. Install with one npx command, drop in your personal access token, and the editor can run real operations against GitHub Actions. Setup runs about 4 to 6 minutes end to end, tested on mcp-server-github-actions on April 15, 2026.

Most teams that use GitHub Actions end up copying data in and out of ChatGPT or Claude to ask questions about it. The MCP server removes that step. When you ask Claude for a summary or an action, it talks to GitHub Actions itself, reads the response, and writes the answer back without the context swap. For workflows that already live in GitHub Actions, that feedback loop is the whole reason to wire this up.

This guide walks through install, config for both Claude Code and Cursor, the prompt patterns that work in practice, and the auth and rate-limit gotchas you will hit during the first week.

What this server does

The server speaks MCP over stdio and forwards every tool call to the GitHub REST API v3 using personal access token for auth. It exposes roughly 8 to 12 tools, grouped into three rough buckets:

• List workflow runs across any repo the token has access to
• Trigger a workflow_dispatch run with inputs from your prompt
• Check run status
• Read job logs including step-by-step output and exit codes
• View workflow YAML definitions and their current state (active
• Download and inspect workflow artifacts produced by completed runs

Every tool call carries the personal access token forward in the request headers. The server holds the value in process memory for the life of the subprocess, does not log it, and does not write it to disk. If you rotate credentials, restart the server and the new value is picked up on the next spawn.

The server does not implement a local cache. Every call is a fresh round trip to GitHub Actions. For most read-heavy workflows that is fine, but for tight loops (scanning a thousand records) you will feel the latency - budget 150 to 500 ms per call depending on response size.

Installing GitHub Actions MCP

The package is on npm as mcp-server-github-actions. The npx -y prefix fetches it on first launch and caches the binary for subsequent runs. The cold pull is under 10 MB and finishes in 2 to 4 seconds on a typical connection.

Before touching any config, generate a personal access token:

1. Open https://github.com/settings/tokens and sign in to your GitHub Actions account.
2. Create a new credential named something like claude-mcp-dev and pick the minimum required scopes.
3. Copy the value shown - it is shown only once.
4. Store the value in a shell env var so it stays out of any file you commit.

Configuring for Claude Code

Claude Code reads MCP servers from ~/.claude/mcp.json or a per-project .mcp.json file. Add a github-actions entry that spawns the server with GITHUB_TOKEN in its env:

{
  "mcpServers": {
    "github-actions": {
      "command": "npx",
      "args": [
        "-y",
        "mcp-server-github-actions"
      ],
      "env": {
        "GITHUB_TOKEN": "ghp_xxx"
      }
    }
  }
}

Restart Claude Code, then run /mcp in a session to confirm the GitHub Actions server is attached. Call a read-only tool as a smoke test - if the response comes back with real data from your account, the personal access token has the right scope.

For team projects, commit a placeholder version of .mcp.json with ${GITHUB_TOKEN} inside the env value and let each developer provide the real value via their shell profile. Claude Code expands env vars when it spawns the subprocess.

Configuring for Cursor

Cursor uses the same MCP spec and reads from ~/.cursor/mcp.json. The config is identical to the Claude Code block above. Open Cursor settings, navigate to the MCP tab, and toggle the GitHub Actions server on. Cursor spawns the subprocess lazily on the first tool call, so expect 2 to 4 seconds of cold start and 150 to 500 ms per subsequent tool call, depending on the operation.

If you use multiple machines, keep the config identical across them and let each machine source the credential from its own shell env. That way you never commit a real token to git.

Example prompts and workflows

A few prompts that work reliably once the server is attached:

• "List the last 10 failed workflow runs on main in my-org/api and show me the failure reason."
• "Trigger the deploy-prod workflow on the main branch with input environment=prod."
• "Read the full job log for run ID 1234567 and find every line that matches ERROR or FAIL."
• "Show me every workflow in my-org/api and their last success or failure timestamp."
• "Download the test-results artifact from run 7654321 and summarize the junit xml."

The model will chain calls on its own. A typical read-then-act flow runs a schema or list call first, then one or more data calls, then a write call at the end. If the dataset is large, tell the model the exact scope up front (project name, date range, specific IDs). Scoping down cuts round trips from 6 or 7 calls down to 2 or 3.

One caveat: the model sometimes generates overly broad queries. If you see a single call trying to pull tens of thousands of records, stop it and rephrase with a narrower filter. GitHub Actions servers tend to slow down sharply past 500 results per page.

Troubleshooting

Tool call returns 401 or auth error. The personal access token is wrong, expired, or has been revoked. Regenerate the credential, update your shell env, and restart the MCP server (/mcp restart github-actions in Claude Code).

Tool call returns 403 or permission denied. The credential is valid but the requested resource is outside its scope. Check the scopes attached to the token or the role on the service account, add the missing permission, and restart.

Tool call returns 429 rate limit. GitHub Actions has per-account or per-route rate limits. The server does not queue on your behalf. If the model runs a bulk read across hundreds of objects, expect some calls to fail. Ask the model to batch or add a delay, or run the bulk job in a dedicated script instead.

Server fails with ENOENT on npx. The npx binary is not on PATH in the env the editor inherits. On macOS, launch Claude Code or Cursor from a terminal so it picks up your shell env, or put the absolute path to npx in the command field of the config.

Tool call returns 422 or schema error. A field or parameter name in the request does not match what GitHub Actions expects. Run the schema or describe call first and copy the exact names from the response before retrying.

Alternatives

A few options if the GitHub Actions server does not fit your setup:

• Look for a dedicated server with a narrower surface if you only need one or two operations - smaller servers tend to have faster cold starts.
• Use the official GitHub Actions CLI or SDK directly from a script when the task is a one-off and the MCP overhead is not worth it.
• Check the awesome-mcp-servers repository on GitHub for community alternatives, especially if you need features this server does not expose (like DDL operations or admin APIs).

For one-off exports, the GitHub Actions API is straightforward to call from a script. The MCP server pays off when Claude needs to read and write in the same session without you switching to the GitHub Actions UI. Good use cases include CI debugging, on-demand deploys, and failure log analysis without leaving your editor.

The GitHub Actions MCP server is the right default for any workflow already rooted in GitHub Actions. Four to six minutes of setup replaces hours of copy-paste between your editor and the GitHub Actions dashboard. Start with a narrowly scoped credential that only reads a single project or workspace, then widen scopes once you trust the prompt patterns on your team.

Security notes

Rotate the personal access token on a 90-day cadence as a baseline hygiene practice. If you ever suspect a credential leaked (committed to git, pasted in a screenshot), revoke it in the GitHub Actions dashboard immediately - the old value stops working within a few seconds and existing subprocesses will fail their next call.

Scope credentials to the smallest set of resources you actually need. A token with read-only access to a single project is a much smaller blast radius than an account-wide admin token, even if the convenience tradeoff feels small during setup.

Performance and cost

Most tool calls complete in 150 to 500 ms on a warm connection. Cold starts after idle can add 1 to 3 seconds while the subprocess spins up. Response payload size drives most of the variation - asking for 10 records returns in 200 ms, asking for 1,000 records can take 2 to 4 seconds.

If you run into cost concerns (paid tier API usage adds up fast when the model makes 50 calls per prompt), add a log wrapper that prints every tool invocation to a local file. Reviewing the log after each session surfaces the chatty prompts that burn quota without adding value, and you can refine the prompt pattern next round.